Legal

Privacy Policy

This document explains how Spineherb collects, uses, stores, and protects your personal data. Last updated: 13 May 2026

This Privacy Policy applies to all visitors and users of spineherb.world operated by Spineherb. By using this website, you acknowledge this policy. If you do not agree, please discontinue use of the website.

1. Data Controller

The data controller responsible for your personal information is:

Spineherb
45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand
Phone: +64 800 742 762
Email: online@spineherb.world

2. Data We Collect

We collect personal data in the following circumstances:

Contact Form Submissions

  • Full name
  • Email address
  • Message content
  • Timestamp of submission
  • GDPR consent record

Automatic Technical Data

  • IP address (anonymized where applicable)
  • Browser type and version
  • Device type and operating system
  • Pages visited and duration of visits
  • Referral source (how you arrived at the site)

Cookie Data

Cookie-related data is collected subject to your consent preferences. See Section 9 and our Cookie Policy for full details.

3. Purpose of Processing

We process personal data for the following purposes:

  • To respond to enquiries submitted through the contact form
  • To provide information about our meal planning services and educational resources
  • To manage scheduling and follow-up communications for consultations
  • To analyze website usage and improve the user experience (analytics only with consent)
  • To comply with legal and regulatory obligations

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR) and in compliance with the New Zealand Privacy Act 2020:

  • Consent (Art. 6(1)(a) GDPR): For marketing cookies and any optional communications you opt into
  • Contract (Art. 6(1)(b) GDPR): To respond to service enquiries and fulfill consultation requests
  • Legitimate Interests (Art. 6(1)(f) GDPR): For website security, fraud prevention, and basic analytics
  • Legal Obligation (Art. 6(1)(c) GDPR): Where required to comply with applicable laws

For New Zealand residents, we comply with the Privacy Act 2020 and the 13 Information Privacy Principles (IPPs).

5. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form data: Retained for up to 24 months from the date of submission, or until you request deletion
  • Consultation records: Retained for up to 36 months following the conclusion of a consultation engagement
  • Analytics data: Retained for up to 26 months in anonymized or aggregated form
  • Cookie consent records: Retained for up to 12 months
  • Legal/financial records: Retained as required by applicable New Zealand and international law, typically 7 years

After the retention period expires, data is securely deleted or anonymized.

6. Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting prior lawful processing

To exercise any of these rights, contact us at online@spineherb.world. We will respond within 30 days. You also have the right to lodge a complaint with your relevant data protection authority.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

  • Service Providers: Trusted third-party vendors (e.g., hosting, email delivery) who process data solely on our behalf under data processing agreements
  • Legal Requirements: Disclosure to authorities when required by law, court order, or to protect our legal rights
  • Business Transfers: In the event of a merger or acquisition, with appropriate protections in place

Any third-party providers we use are required to maintain appropriate security standards and process data only as instructed.

8. Security Measures

We implement technical and organizational measures to protect your personal data, including:

  • HTTPS encryption across all website pages
  • Secure server infrastructure with access controls
  • Regular review of data handling practices
  • Limited internal access to personal data on a need-to-know basis

While we apply reasonable security measures, no data transmission or storage system is entirely secure. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

9. Cookies

Our website uses cookies and similar tracking technologies. Cookie usage is subject to your consent (except for strictly necessary cookies). Please review our Cookie Policy for detailed information on the types of cookies used, their purpose, and how to manage your preferences.

10. Contact and Complaints

For any questions regarding this Privacy Policy or your personal data, contact us:

Spineherb
45A Paul Matthews Road, Rosedale, Auckland 0632, New Zealand
Phone: +64 800 742 762
Email: online@spineherb.world

If you are unsatisfied with our response, you may contact the relevant data protection supervisory authority in your jurisdiction.