Privacy Policy

How Beautglow collects, uses, and protects your personal information.

Last updated:

1. Introduction

Beautglow ("we", "us", or "our") operates the website beautglow.world and provides general informational content about nutrition balance programs. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, with whom we may share it, and what rights you have regarding your information. This policy applies to all visitors and users of our website, as well as individuals who contact us, purchase our educational products, or participate in our programs.

We comply with the General Data Protection Regulation (GDPR) for individuals in the European Economic Area, the UK GDPR for individuals in the United Kingdom, and the Privacy Act 2020 of New Zealand for individuals in New Zealand. Where local laws provide additional protections, we apply the higher standard.

2. Data Controller Information

The data controller responsible for your personal data is:

Beautglow
22 Raumati Road, Raumati Beach 5032, New Zealand
Email: assist@beautglow.world
Phone: +64 4 297 9222

For any privacy-related inquiries, data subject requests, or concerns about how your information is handled, please contact us using the details above. We will respond to all legitimate requests within the timeframes required by applicable law, typically within 30 days for GDPR requests and 20 working days under the New Zealand Privacy Act.

3. Personal Data We Collect

We collect personal data only when it is necessary for the purposes described in this policy. The categories of data we may collect include:

3.1 Information You Provide Directly

  • Contact form data: Your name, email address, and message content when you submit an inquiry through our contact form.
  • Account and enrollment data: Name, email address, billing address, and payment information when you purchase educational products or enroll in programs.
  • Communication records: Content of emails, phone call notes, and other correspondence you have with our team.
  • Consent records: Your cookie preferences, GDPR consent checkbox confirmations, and marketing opt-in or opt-out choices.
  • Program participation data: Responses to educational worksheets, self-assessment reflections, and optional survey feedback submitted during program engagement.

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
  • Usage data: Pages visited, time spent on pages, click patterns, scroll depth, and navigation paths within the website.
  • Cookie data: Information stored through cookies and similar technologies as described in our Cookie Policy.

3.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health diagnoses, medical records, genetic information, biometric data, or information about racial or ethnic origin, political opinions, religious beliefs, or sexual orientation. Our programs are educational in nature and we do not request clinical health information. If you voluntarily share health-related details in a message, we will treat that information with heightened care and retain it only as long as necessary to respond to your inquiry.

4. Purposes of Data Processing

We process your personal data for the following specific purposes, each supported by a lawful basis under applicable data protection legislation:

  • Responding to inquiries: To read, process, and reply to messages submitted through our contact form or received via email or phone. Lawful basis: legitimate interest in operating our business and responding to customer communications; consent where you have provided it via the GDPR checkbox on our contact form.
  • Delivering educational products and programs: To process enrollments, provide access to purchased materials, schedule educational guidance sessions, and manage program participation. Lawful basis: performance of a contract.
  • Processing payments: To handle billing, invoicing, and refund requests. Lawful basis: performance of a contract and legal obligation for financial record-keeping.
  • Website operation and security: To maintain website functionality, prevent fraud, protect against unauthorised access, and ensure the security of our systems. Lawful basis: legitimate interest in maintaining a secure and functional website.
  • Analytics and improvement: To understand how visitors use our website, identify areas for improvement, and optimise content delivery. Lawful basis: consent (for analytics cookies) or legitimate interest (for aggregated, anonymised data).
  • Marketing communications: To send informational updates about programs, workshops, and educational content where you have opted in. Lawful basis: consent. You may withdraw consent at any time.
  • Legal compliance: To comply with applicable laws, regulations, court orders, or governmental requests. Lawful basis: legal obligation.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

  • Contact form submissions: Retained for 24 months from the date of submission, unless an ongoing client relationship develops, in which case data is retained for the duration of the relationship plus 24 months.
  • Client and enrollment records: Retained for 7 years from the date of last transaction, in accordance with New Zealand tax and financial record-keeping requirements.
  • Payment and billing data: Retained for 7 years as required by financial regulations.
  • Cookie consent preferences: Retained for 12 months, after which we will request renewed consent.
  • Analytics data: Aggregated analytics data is retained for 26 months. Individual-level analytics data is anonymised or deleted after 14 months.
  • Marketing consent records: Retained for as long as you remain subscribed, plus 12 months after unsubscribing to demonstrate compliance with consent requirements.
  • Server logs and security records: Retained for 90 days unless required for an ongoing security investigation.

When retention periods expire, we securely delete or anonymise your personal data so that it can no longer be associated with you.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your data with the following categories of recipients, solely for the purposes described in this policy:

  • Payment processors: To securely process transactions for program enrollments and product purchases. These processors operate under their own privacy policies and are contractually required to protect your data.
  • Email service providers: To deliver transactional emails, program materials, and marketing communications you have consented to receive.
  • Website hosting and infrastructure providers: To host our website and store data on secure servers. Our hosting infrastructure uses HTTPS encryption and is located in jurisdictions with adequate data protection standards.
  • Analytics providers: Where you have consented to analytics cookies, anonymised usage data may be processed by analytics services to help us understand website performance.
  • Legal and regulatory authorities: Where required by law, court order, or to protect our legal rights, we may disclose personal data to relevant authorities.

All third-party service providers are bound by data processing agreements that require them to process your data only on our instructions, implement appropriate security measures, and comply with applicable data protection laws.

If personal data is transferred outside the European Economic Area or New Zealand, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequacy decisions.

7. Security Measures

We implement technical and organisational measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website, preventing interception of data in transit.
  • Secure server infrastructure with firewalls, intrusion detection systems, and regular security updates.
  • Access controls limiting personal data access to authorised team members who require it for their role.
  • Password policies and multi-factor authentication for administrative accounts.
  • Regular backups stored in encrypted form with restricted access.
  • Employee training on data protection practices and confidentiality obligations.
  • Incident response procedures to detect, report, and address data breaches in accordance with legal notification requirements.

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong passwords for any accounts and to contact us immediately if you suspect unauthorised access to your information.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with a supervisory authority. In New Zealand, this is the Office of the Privacy Commissioner. In the EU, contact your local data protection authority.

To exercise any of these rights, contact us at assist@beautglow.world with sufficient detail to identify you and specify the right you wish to exercise. We may request verification of your identity before processing your request. We will respond within the timeframe required by applicable law.

9. Children's Privacy

Our website and programs are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16 years of age without verifiable parental consent. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. Parents or guardians who believe their child has provided personal data to us should contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Beautglow
22 Raumati Road, Raumati Beach 5032, New Zealand
Email: assist@beautglow.world
Phone: +64 4 297 9222