Vibeshine
Legal

Privacy Policy

This document explains how Vibeshine collects, uses, stores, and protects personal data when you visit our website or use our office comfort coaching services.

Last updated:

1. Data Controller

The data controller responsible for your personal information is:

Vibeshine
Porirua City Centre, Porirua 5022, New Zealand
Phone: +64 22 437 7025
Email: assist@vibeshine.world
Website: https://vibeshine.world

As the data controller, we determine the purposes and means of processing personal data collected through our website and coaching services. We are committed to handling your information transparently and in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) where it applies to our processing activities, and the New Zealand Privacy Act 2020.

2. Scope of This Policy

This Privacy Policy applies to all personal data processed by Vibeshine in connection with:

  • Visits to our website at vibeshine.world and its subpages
  • Submissions through our contact form
  • Enrolment in coaching sessions, workshops, and educational programs
  • Communications via email, telephone, or other channels initiated by you
  • Cookie and similar tracking technologies used on our website

This policy does not apply to third-party websites that may be linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

3. Personal Data We Collect

3.1 Information You Provide Directly

When you interact with us, you may voluntarily provide the following categories of personal data:

  • Identity data: Your full name as submitted through our contact form or booking process
  • Contact data: Email address, telephone number, and postal address if provided
  • Communication data: The content of messages, inquiries, and feedback you send to us
  • Consent records: Your agreement to data processing terms, including GDPR consent checkbox submissions
  • Booking data: Session preferences, workspace descriptions, and scheduling information shared during coaching enrolment

3.2 Information Collected Automatically

When you browse our website, certain technical data may be collected automatically through cookies and server logs, subject to your cookie preferences:

  • Device data: Browser type, operating system, device category, and screen resolution
  • Usage data: Pages visited, time spent on pages, referral source, and navigation paths
  • Network data: IP address (anonymised where analytics cookies are declined), approximate geographic region
  • Cookie preference data: Your choices regarding analytics and marketing cookies, stored in local storage

3.3 Information We Do Not Collect

We do not intentionally collect special categories of personal data as defined under GDPR Article 9, including data concerning health conditions, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Our office comfort coaching services are educational in nature and do not require disclosure of medical information.

Under the GDPR, we process personal data only when a lawful basis applies. The following bases are relevant to our activities:

  • Consent (Article 6(1)(a)): When you submit our contact form, accept non-essential cookies, or opt in to marketing communications, we process your data based on your freely given, specific, informed consent. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Contractual necessity (Article 6(1)(b)): When you book a coaching session or purchase an educational program, we process data necessary to perform our agreement with you, including scheduling, delivery, and payment administration.
  • Legitimate interests (Article 6(1)(f)): We may process data for purposes such as improving our website, preventing fraud, and ensuring network security, where our interests do not override your fundamental rights and freedoms.
  • Legal obligation (Article 6(1)(c)): We may retain certain records to comply with tax, accounting, or regulatory requirements under New Zealand law.

5. Purposes of Data Usage

We use personal data exclusively for the following purposes:

  • Responding to inquiries submitted through our contact form or email
  • Scheduling, delivering, and following up on coaching sessions and workshops
  • Providing access to educational resources and structured programs
  • Processing payments and issuing invoices for paid services
  • Sending service-related communications, such as appointment confirmations and session summaries
  • Analysing website usage to improve content and user experience, only when analytics cookies are accepted
  • Maintaining the security and integrity of our website and systems
  • Complying with legal obligations and responding to lawful requests from authorities

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

  • Contact form submissions: Retained for twelve (12) months from the date of submission, unless an ongoing client relationship is established
  • Client coaching records: Retained for three (3) years after the final session to support follow-up inquiries and quality assurance
  • Payment and invoicing records: Retained for seven (7) years in accordance with New Zealand tax record-keeping requirements
  • Cookie consent preferences: Stored in your browser's local storage until you clear it or change your preferences
  • Server log files: Retained for ninety (90) days for security monitoring purposes
  • Marketing communications data: Retained until you unsubscribe or withdraw consent, plus thirty (30) days for processing the withdrawal

When retention periods expire, personal data is securely deleted or anonymised so that it can no longer be associated with you.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients, strictly for the purposes described in this policy:

  • Hosting providers: Our website is hosted on secure servers that process technical data necessary for site delivery
  • Email service providers: Used to send and receive communications related to your inquiries and bookings
  • Payment processors: When you purchase a paid service, payment data is handled by PCI-compliant third-party processors; we do not store full card details on our servers
  • Analytics providers: Only when you accept analytics cookies, anonymised usage data may be processed by analytics tools
  • Legal and regulatory bodies: When required by applicable law, court order, or governmental authority

All third-party processors are bound by data processing agreements that require them to protect your data and process it only according to our instructions.

8. International Data Transfers

Our primary operations and data storage are located in New Zealand. If personal data is transferred to countries outside the European Economic Area (EEA) or New Zealand, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries recognised as providing adequate data protection
  • Binding corporate rules or equivalent mechanisms where applicable

You may request information about the specific safeguards applied to international transfers by contacting us using the details in Section 13.

9. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Access controls limiting personal data access to authorised personnel only
  • Regular review of security practices and software updates
  • Secure storage of client records with password protection and encrypted backups
  • Staff training on data protection principles and confidentiality obligations
  • Incident response procedures for detecting, reporting, and addressing data breaches

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly notifying affected individuals and relevant authorities in the event of a breach as required by law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where there is no compelling reason for continued processing
  • Right to restriction: Request that we limit processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint: File a complaint with a supervisory authority, such as the Office of the Privacy Commissioner in New Zealand or your local data protection authority in the EEA

To exercise any of these rights, contact us at assist@vibeshine.world. We will respond within thirty (30) days, or inform you if an extension is needed. We may request verification of your identity before processing certain requests.

11. Children's Privacy

Our website and services are intended for adults aged eighteen (18) and over. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this page periodically.

13. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Vibeshine — Privacy Enquiries
Porirua City Centre, Porirua 5022, New Zealand
Phone: +64 22 437 7025
Email: assist@vibeshine.world

We aim to acknowledge privacy-related inquiries within five (5) business days and provide a substantive response within thirty (30) days.