Privacy Policy
This Privacy Policy explains how Vibrantpower (“we”, “us”) collects, uses, stores, and shares personal information when you visit vibrantpower.world, book studio time, or correspond with our team in Ōtautahi Christchurch, Aotearoa New Zealand.
1. Who we are (agency)
Agency: Vibrantpower. Postal address: 174 Kendal Avenue, Burnside, Christchurch 8053, New Zealand. Email contactuse@vibrantpower.world. Telephone +64 3 357 8979.
2. New Zealand law we follow
We comply with the Privacy Act 2020 and its Information Privacy Principles (IPPs), which govern how New Zealand agencies collect, store, use, and disclose personal information. We also respect the Unsolicited Electronic Messages Act 2007 for commercial electronic messages where it applies.
3. Categories of personal information
- Identity and contact: name, email address, phone number if supplied, postal details you choose to share.
- Communication content: messages submitted through forms or email threads.
- Programme notes: handwritten or typed observations captured during coaching with separate written consent.
- Technical metadata: IP address, user agent, and timestamps collected by infrastructure providers (for example hosting logs) when you access the site.
- Preference data: cookie and localStorage selections stored on your device.
4. Purposes of collection
We collect personal information only for lawful purposes connected to our functions, including: responding to enquiries, delivering booked programmes, invoicing in NZD (including GST where applicable), maintaining security, improving studio operations, and meeting legal obligations (for example tax and record-keeping).
5. Lawful bases (NZ and overseas visitors)
For visitors in the European Economic Area or United Kingdom we describe compatible lawful bases under the UK/EU GDPR (such as contract, legal obligation, legitimate interests, or consent) in correspondence when relevant. For New Zealand residents, the Privacy Act 2020 IPPs are your primary framework alongside any contractual terms you sign.
6. Disclosure to processors and overseas recipients
We use vetted subprocessors (for example hosting, email delivery, scheduling tools) under written terms requiring confidentiality and reasonable security. Where information is stored or accessed from overseas, we assess whether safeguards required by the Privacy Act 2020 are met (for example contractual protections comparable to those recognised by the Privacy Commissioner).
7. Security
We apply access controls, encrypted transport (HTTPS), least-privilege accounts, and periodic review of access to shared drives that may hold participant information.
8. Retention
Enquiry records: up to twenty-four months unless a longer period is justified by an open dispute. Financial records: seven years where Inland Revenue rules require. Session notes: destroyed or anonymised twelve months after your final visit unless you request earlier deletion and no overriding legal duty exists.
9. Notifiable privacy breaches
If a privacy breach is likely to cause serious harm, we will assess notification obligations under Part 6 of the Privacy Act 2020 and notify affected individuals and the Office of the Privacy Commissioner where required.
10. Your rights (New Zealand)
You may request access to, and correction of, personal information we hold about you. You may complain to us first, then to the Office of the Privacy Commissioner (privacy.org.nz). Some GDPR-style rights may also apply if you are in the EU/UK; we will respond in line with applicable law.
11. Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects.
12. Children and young people
Our services target adults. If you believe a young person submitted information without appropriate guardian involvement, contact us and we will delete proportionate records where the law allows.
13. Changes
Updates appear on this page with a revised effective date.
Effective date: 11 May 2026.