Privacy Policy

Stunningkneesear publishes general informational content about hydration routines, reminder timing, and behavioural coaching. Personal data processing supports scheduling, billing where relevant, customer service, security monitoring, and statutory obligations. We do not use this website to deliver clinical diagnosis, prescribe fluid intake for medical conditions, or infer health outcomes.

If you believe information here intersects with regulated health services in your jurisdiction, pause before submitting sensitive details and consult an appropriately licensed professional. Where voluntary disclosures include special-category information, we minimise retention and segregate access.

The data controller is Stunningkneesear, reachable at Albany Mega Centre, 140 Don McKinnon Drive, Auckland 0632, New Zealand. Primary correspondence for privacy requests flows through online@stunningkneesear.world. Telephone enquiries may be initiated via +64 9 941 4906; complex requests are confirmed in writing to maintain an audit-friendly trail.

Where processing occurs jointly with a collaborating facilitator under a co-branded workshop, contracts specify independent-controller versus joint-controller responsibilities before marketing materials go live.

We aim to collect the minimum information necessary for each interaction. The inventory below is illustrative; not every category applies to every visitor.

• Information you submit through web forms, email signatures, or handwritten intake sheets transcribed with consent.
• Calendar integrations you authorise for scheduling automation.
• Payment services that relay confirmation tokens rather than full card numbers.
• Infrastructure providers that generate standard server logs.
• Referral partners who introduce you with explicit permission to share limited contact details.

Lawful bases depend on context. Where GDPR applies, we document the primary basis below. Where New Zealand law applies without an identical taxonomy, we rely on comparable grounds such as authorised purpose and reasonable expectation.

Legitimate interest balancing

Before relying on legitimate interests for outbound operational mail or aggregated analytics, we weigh your expectations against our need to maintain service reliability. You may object by emailing the privacy inbox; we pause processing unless compelling grounds override your interests.

Processors receive instructions through data-processing agreements describing confidentiality, subprocessors, and deletion timelines. Categories include secure email providers, calendar middleware, accounting suites, and encrypted backup storage.

We do not sell personal information as a standalone commodity. Any future disclosure to acquirers during a business transfer would be preceded by diligence reviews and user notification consistent with applicable law.

Cloud tooling may store encrypted replicas outside New Zealand or the European Economic Area. When GDPR applies, we implement Standard Contractual Clauses, supplementary technical measures such as encryption at rest, and transfer impact assessments documented internally.

No stack eliminates risk entirely. Report suspected unauthorised access immediately using the contact strip at the end of this policy.

• Access: Obtain a copy of personal data we maintain subject to statutory exemptions.
• Rectification: Correct outdated mailing addresses or spelling errors within reasonable timelines.
• Erasure: Request deletion where continued processing lacks justification, acknowledging overlapping duties such as accounting retention.
• Restriction: Pause certain processing while disputes resolve.
• Portability: Receive structured machine-readable exports where technically feasible.
• Objection: Object to legitimate-interest processing tied to direct outreach.

We do not deploy automated decision-making that produces legal or similarly significant effects. Analytics dashboards summarise aggregate traffic and remain disconnected from individual profiling for adjudication.

Offerings target adults balancing professional schedules. If you believe a minor submitted data without guardian oversight, notify us promptly so we can delete records not required for lawful defence.

Optional campaigns honour granular consent captured through forms or cookie banners. Each marketing email includes unsubscribe mechanics processed within ten business days unless technical backlog requires transparent communication.

Suspected breaches trigger containment, logging, impact assessment, regulator notification where thresholds trigger, and affected individual advisories when high risk exists. Post-incident reviews inform policy revisions.

We encourage informal resolution first. EU residents may contact their supervisory authority without prejudice to judicial remedies. New Zealand residents may engage the Office of the Privacy Commissioner after exhausting reasonable dialogue with our team.

Material updates revise this page and, where appropriate, summarise modifications via email to active clients. Continued use after conspicuous posting constitutes acknowledgement unless fresh consent is legally mandated.