Vibrantactive
Legal

Privacy Policy

This Privacy Policy explains how Vibrantactive collects, uses, stores, and protects your personal information when you visit our website or use our services.

Last updated: GDPR Compliant

1. Data Controller

The data controller responsible for your personal information is:

Vibrantactive
140 Otaihanga Road, Otaihanga 5036, New Zealand
Phone: +64 27 812 9619
Email: hello@vibrantactive.world
Website: https://vibrantactive.world

As the data controller, we determine the purposes and means of processing your personal data. We are committed to handling your information transparently and in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) where it applies to our processing activities, and the New Zealand Privacy Act 2020.

2. Information We Collect

We collect personal information only when it is necessary for the purposes described in this policy. The categories of data we may collect include:

2.1 Information You Provide Directly

  • Contact form submissions: Your name, email address, and message content when you submit an inquiry through our contact form.
  • Consultation requests: Details about your activity preferences, goals, and scheduling availability when you request a guidance session.
  • Purchase information: Name, email, billing address, and payment details when you purchase programs or educational products.
  • Communication records: Content of emails, phone conversations, and other correspondence with our team.

2.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage data: Pages visited, time spent on pages, referral source, click patterns, and navigation paths within our website.
  • Cookie data: Preferences stored through cookies and similar technologies as described in our Cookie Policy.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, medical diagnoses, financial account numbers beyond what payment processors require, or government identification numbers. Our nature fitness programs are non-medical, and we do not request health-related information through our website forms.

Under the GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you submit our contact form, accept cookies, or opt in to marketing communications, you provide explicit consent for the specified processing activities. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Contractual necessity: When processing is required to fulfil a contract with you, such as delivering a purchased program or responding to a service request you initiated.
  • Legitimate interests: For website security, fraud prevention, service improvement, and internal analytics where these interests are not overridden by your rights and freedoms.
  • Legal obligation: When we are required to retain or disclose information to comply with applicable laws, regulations, or court orders.

4. Purpose of Data Usage

We use your personal information exclusively for the following purposes:

  • Responding to inquiries submitted through our contact form or email
  • Scheduling and conducting guidance consultations
  • Delivering purchased programs, educational materials, and related services
  • Processing payments and managing billing records
  • Sending transactional communications such as order confirmations and service updates
  • Improving our website functionality and user experience through aggregated analytics
  • Maintaining website security and preventing unauthorised access
  • Complying with legal and regulatory requirements
  • Sending marketing communications only where you have provided explicit opt-in consent

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Retention Period

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Contact form inquiries: Retained for 24 months from the date of submission, unless an ongoing client relationship develops.
  • Client and purchase records: Retained for 7 years from the date of the last transaction to comply with New Zealand tax and accounting requirements.
  • Consultation notes: Retained for 36 months from the session date, then securely deleted unless you become an active program participant.
  • Marketing consent records: Retained for the duration of your subscription plus 12 months after opt-out for compliance verification.
  • Analytics data: Aggregated and anonymised after 26 months; raw logs deleted after 14 months.
  • Cookie preference data: Stored locally on your device until you clear browser data or change preferences.

When retention periods expire, we securely delete or anonymise your data using industry-standard methods.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties. We may share data with the following categories of recipients under strict contractual safeguards:

  • Hosting providers: Our website is hosted on secure servers that process technical data necessary for site delivery.
  • Payment processors: Third-party payment services handle transaction data in accordance with PCI DSS standards. We do not store complete payment card details on our servers.
  • Email service providers: Used to deliver transactional and opt-in marketing communications.
  • Analytics providers: Only when you have consented to analytics cookies, and only in anonymised or pseudonymised form where possible.
  • Legal authorities: When required by law, court order, or to protect our legal rights and the safety of our users.

All third-party processors are bound by data processing agreements that require them to protect your information and process it only according to our instructions.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Secure server infrastructure with regular security updates and patches
  • Access controls limiting personal data access to authorised personnel only
  • Password policies and multi-factor authentication for administrative accounts
  • Regular review of data processing activities and security practices
  • Secure deletion procedures for data that has exceeded retention periods
  • Employee training on data protection responsibilities and incident response

While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and exercise caution when sharing personal information online.

8. Your Rights Under GDPR and Applicable Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
  • Right to lodge a complaint: File a complaint with a supervisory authority, such as the Office of the Privacy Commissioner in New Zealand or your local data protection authority in the European Economic Area.

To exercise any of these rights, contact us using the details in Section 12. We will respond within 30 days of receiving a verifiable request. We may need to verify your identity before processing your request.

9. International Data Transfers

Our primary operations and data storage are located in New Zealand. If you access our website from outside New Zealand, your data may be transferred to and processed in New Zealand or other countries where our service providers operate. Where transfers occur to countries without an adequacy decision under the GDPR, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this policy regularly.

12. Contact Us About Privacy

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a privacy concern, contact us at:

Vibrantactive — Privacy Enquiries
140 Otaihanga Road, Otaihanga 5036, New Zealand
Email: hello@vibrantactive.world
Phone: +64 27 812 9619

We aim to acknowledge privacy-related inquiries within 5 business days and resolve them within 30 days.