Luminousboost

Privacy Policy

Last updated: 28 May 2026 · Applies in Aotearoa New Zealand

This Privacy Policy explains how Luminousboost ("we", "us") collects, uses, stores, and discloses personal information when you use luminousboost.world and our workplace fitness break services. We comply with the Privacy Act 2020 and the Information Privacy Principles (IPPs).

Agency contact

Luminousboost
174 Kendal Avenue, Burnside, Christchurch 8053, New Zealand
Email: callme@luminousboost.world
Phone: +64 3 357 8979

What we collect

  • Identity and contact details: name, email, phone, organisation.
  • Enquiry and booking information: messages, preferred session times, site access notes.
  • Technical data: IP address, browser type, device identifiers, cookie data where permitted.
  • Payment and invoicing data: billing contact, transaction references (not full card numbers stored by us).

Why we collect it

To respond to enquiries, deliver programmes, issue invoices, improve our website (with consent where required), meet legal obligations, and protect our legitimate business interests where consistent with the IPPs.

How we collect it

Directly from you via forms, email, or phone; automatically through cookies and logs where enabled; and from your employer when they book on behalf of a team (with appropriate authority).

Storage and retention

  • Enquiries: up to 24 months after last contact unless a contract continues.
  • Contract and tax records: up to seven years as required by New Zealand law.
  • Server logs: up to 90 days unless needed for security investigation.
  • Cookie preferences: stored on your device until cleared.

Security

We use HTTPS, access controls, staff confidentiality expectations, and supplier agreements. No system is perfectly secure; please use strong credentials for any portals we provide.

Disclosure to third parties

We may share information with hosting, email, analytics (if consented), and payment providers who process data on our instructions. We do not sell personal information.

Overseas disclosure

Some suppliers may store data outside New Zealand. Before disclosure we assess whether comparable safeguards exist or take reasonable steps to ensure the recipient protects information in line with the Privacy Act 2020.

Notifiable privacy breaches

If a privacy breach is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as required by law.

Marketing communications

Commercial electronic messages are sent only with consent or as permitted under the Unsolicited Electronic Messages Act 2007. You may opt out using the unsubscribe method in each message or by contacting us.

Your rights

You may request access to and correction of your personal information. Contact us with enough detail to identify you. If we decline a request, we will explain why where permitted. You may complain to the Office of the Privacy Commissioner: privacy.org.nz.

European and UK visitors

Where GDPR or UK GDPR applies additionally, you may have further rights including erasure, restriction, portability, and objection. Contact us to exercise those rights.

Children

Services target workplaces and are not directed at under-16s. Contact us if you believe we hold a child's information in error.

Changes

We may update this policy and change the date above. Material changes will be noted on the website.