Privacy Policy

How Glowmmwashal collects, uses, and protects your personal information.

Last updated:

1. Who We Are

Glowmmwashal ("we", "us", "our") is the agency responsible for your personal information under the Privacy Act 2020 (New Zealand). For visitors in the European Economic Area, we act as the data controller under the General Data Protection Regulation (GDPR).

Glowmmwashal
Bold Head Road, RD 1, Ross 7885, New Zealand
Email: helpcenter@glowmmwashal.world
Phone: +64 3 755 4250

2. Scope and Purpose

This Privacy Policy describes how we collect, use, store, disclose, and protect personal information when you visit our website at glowmmwashal.world or contact us through our forms. We comply with the Privacy Act 2020, the Information Privacy Principles (IPPs), and other applicable New Zealand law. Where GDPR applies to you, we also comply with its requirements.

3. What Personal Information We Collect

3.1 Information You Provide

When you use our contact form, we may collect:

  • Your name
  • Your email address
  • The content of your message
  • Your consent to our processing of your personal information

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address (anonymised where practicable)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent on pages
  • Cookie consent choices stored in localStorage

We collect this information only where necessary for the purposes described below and, for non-essential analytics or marketing technologies, only after you have given consent through our cookie banner.

4. How We Use Your Information

We use personal information for the following purposes:

  • Responding to your enquiries and messages
  • Operating, maintaining, and improving our website
  • Understanding website usage with analytics tools, only where you have consented
  • Measuring advertising performance, only where you have consented
  • Protecting the security of our website and preventing misuse
  • Meeting legal and regulatory obligations

We will not use your personal information for a purpose other than the purpose for which it was collected, except as permitted by the Privacy Act 2020 or with your authorisation.

5. Legal Basis for Processing

5.1 New Zealand

Under the Privacy Act 2020, we may collect and use personal information where:

  • It is necessary for a purpose connected with our functions or activities and you would reasonably expect us to collect it (IPP 1 and IPP 10)
  • You have authorised the collection or use
  • It is necessary to comply with a legal obligation
  • It is necessary to protect your vital interests or those of another person

5.2 European Economic Area

Where GDPR applies, we rely on:

  • Consent (Art. 6(1)(a)): When you submit the contact form, accept non-essential cookies, or otherwise opt in
  • Legitimate interests (Art. 6(1)(f)): For website security, fraud prevention, and service improvement where consent is not required
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law

6. Notification of Collection

In accordance with IPP 3, we aim to make you aware that personal information is being collected, the purpose of collection, and who will receive it. This Privacy Policy, our cookie banner, and the consent checkbox on our contact form provide that notice. If you have questions about what we collect, contact us using the details above.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, in line with IPP 9:

  • Contact form data: Up to 24 months from your last communication, unless a longer period is required by law
  • Analytics data: Up to 26 months, only if you have consented to analytics cookies
  • Cookie consent records: Up to 12 months in localStorage on your device
  • Server logs: Up to 90 days for security and troubleshooting

When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

8. Disclosure and Overseas Transfers

We do not sell your personal information. We may disclose information to:

  • Service providers who assist with website hosting, email delivery, analytics, or advertising measurement, under contractual obligations to protect your information
  • Law enforcement or regulatory authorities when required by New Zealand law

Some service providers may store or process information outside New Zealand. Before disclosing personal information overseas, we assess whether the recipient will protect it in a way that is comparable to the protections under the Privacy Act 2020, as required by IPP 12. Where GDPR applies, we use appropriate safeguards such as Standard Contractual Clauses where required.

9. Security

In accordance with IPP 5, we take reasonable safeguards to protect personal information from loss, unauthorised access, use, modification, or disclosure. Measures include:

  • HTTPS encryption for data transmitted through our website
  • Access controls limiting data access to authorised personnel
  • Regular review of our security practices
  • Secure storage with encryption at rest where applicable

10. Accuracy

Under IPP 8, we take reasonable steps to ensure personal information is accurate, up to date, complete, relevant, and not misleading before use or disclosure. Please let us know if your details change or if you believe information we hold about you is incorrect.

11. Your Rights

11.1 Under the Privacy Act 2020

You have the right to:

  • Access: Request access to personal information we hold about you (IPP 6)
  • Correction: Request correction of personal information you believe is incorrect (IPP 7)
  • Withdraw consent: Withdraw consent for optional processing such as analytics or marketing cookies at any time through our cookie banner or by contacting us
  • Complain: Make a complaint to us or to the Office of the Privacy Commissioner if you believe we have interfered with your privacy

We will respond to access and correction requests within 20 working days, as required by the Privacy Act 2020, unless an extension applies. We may need to verify your identity before releasing information.

11.2 Under GDPR (where applicable)

If GDPR applies to you, you may also have the right to erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. You may lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at helpcenter@glowmmwashal.world.

12. Privacy Complaints

If you have a privacy concern, please contact us first so we can try to resolve it. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner:

13. Notifiable Privacy Breaches

If a privacy breach has caused or is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as required under the Privacy Act 2020.

14. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe we have collected information from a child, please contact us immediately.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page shows when it was last revised. Material changes will be posted on this page. We encourage you to review this policy periodically.

16. Contact

For any questions regarding this Privacy Policy or your personal data, please contact:

Glowmmwashal
Bold Head Road, RD 1, Ross 7885, New Zealand
Email: helpcenter@glowmmwashal.world
Phone: +64 3 755 4250