Refreshyouthan
Legal

Privacy Policy

This Privacy Policy explains how Refreshyouthan collects, uses, stores, and protects your personal information when you visit our website or use our services.

Last updated:

1. Data Controller Information

The data controller responsible for your personal information is:

Refreshyouthan
3 Beach Street, Queenstown 9300, New Zealand
Email: admin@refreshyouthan.world
Phone: +64 3 441 3222

For any privacy-related inquiries, please contact us using the details above. We aim to respond to all privacy requests within thirty days of receipt.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through the website refreshyouthan.world, including data submitted via contact forms, cookie interactions, programme enrolment processes, and any other communication channels operated by Refreshyouthan. This policy is designed to comply with the General Data Protection Regulation (GDPR) for visitors from the European Economic Area, the Privacy Act 2020 of New Zealand, and other applicable international privacy legislation.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website and services.

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

When you contact us through our website form, enrol in a programme, or communicate with us by email or phone, we may collect the following personal data:

  • Full name
  • Email address
  • Telephone number (if provided)
  • Message content and inquiry details
  • Programme preferences and scheduling information
  • Payment and billing information (processed through secure third-party payment providers)
  • Consent records, including timestamps of privacy policy acceptance

3.2 Information Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Referring website URL
  • Pages visited and time spent on each page
  • Date and time of visit
  • Device type and screen resolution

For detailed information about cookies and tracking technologies, please refer to our Cookie Policy.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under GDPR and equivalent frameworks:

  • Consent: When you submit a contact form, accept cookies (beyond strictly necessary), or opt in to marketing communications, you provide explicit consent for us to process your data for the stated purposes.
  • Contractual necessity: When you enrol in a programme or purchase an educational product, processing is necessary to fulfil our contractual obligations to you.
  • Legitimate interests: We may process data to improve our website, prevent fraud, ensure security, and analyse usage patterns, provided these interests do not override your fundamental rights and freedoms.
  • Legal obligation: We may retain certain data to comply with tax, accounting, or other legal requirements under New Zealand law.

5. Purposes of Data Processing

We use your personal data exclusively for the following purposes:

  • Responding to your inquiries and providing customer support
  • Processing programme enrolments and delivering educational services
  • Sending transactional communications related to your purchases or bookings
  • Improving our website functionality and user experience
  • Conducting anonymised analytics to understand visitor behaviour
  • Complying with legal and regulatory obligations
  • Protecting the security and integrity of our website and services
  • Sending marketing communications only where you have provided explicit consent

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods include:

  • Contact form submissions: Retained for twenty-four months from the date of submission, unless an ongoing business relationship exists.
  • Programme enrolment records: Retained for seven years from the date of last interaction, in accordance with New Zealand tax and accounting requirements.
  • Payment records: Retained for seven years as required by financial regulations.
  • Cookie consent records: Retained for thirteen months from the date of consent or rejection.
  • Analytics data: Anonymised and aggregated data may be retained indefinitely for statistical purposes.
  • Marketing consent records: Retained until consent is withdrawn, plus an additional twelve months for audit purposes.

When retention periods expire, personal data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share your information with the following categories of recipients, strictly for the purposes described in this policy:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that assist in operating our website and delivering services. All service providers are bound by data processing agreements requiring them to protect your data.
  • Legal authorities: When required by law, court order, or governmental regulation, we may disclose personal data to competent authorities.
  • Professional advisors: Accountants, legal counsel, or auditors who require access to data for legitimate business purposes, subject to confidentiality obligations.

Where data is transferred outside the European Economic Area or New Zealand, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Secure hosting infrastructure with regular security updates and monitoring
  • Access controls limiting personal data access to authorised personnel only
  • Regular review and updating of security practices and policies
  • Employee training on data protection and privacy best practices
  • Incident response procedures for potential data breaches

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of any data breach within seventy-two hours where required by law.

9. Your Rights Under GDPR and Applicable Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request limitation of processing in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with a supervisory authority, such as the Office of the Privacy Commissioner in New Zealand or your local data protection authority in the EEA.

To exercise any of these rights, please contact us at admin@refreshyouthan.world. We will respond within thirty days and may request verification of your identity before processing your request.

10. Children's Privacy

Our website and services are intended for adults aged eighteen and over. We do not knowingly collect personal data from individuals under the age of eighteen. If we become aware that we have collected personal data from a minor without parental consent, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you through our website or by email. We encourage you to review this policy regularly to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact:

Refreshyouthan — Privacy Team
3 Beach Street, Queenstown 9300, New Zealand
Email: admin@refreshyouthan.world
Phone: +64 3 441 3222