33 Victoria Street East, Auckland 1010 +64 9 377 1333
Quiphraldhar

Transparency & trust

Privacy policy

This page explains how Quiphraldhar handles personal data when you browse quiphraldhar.world, send a message, or interact with optional tools. We align our practices with the EU General Data Protection Regulation (GDPR) and with transparency expectations common in the Netherlands and wider Europe, while operating from New Zealand.

Scope and audience

This policy applies to visitors, enquirers, and clients who use our website or related communication channels. It does not cover third-party sites that we link to; those services have their own policies. If you access our site from the European Economic Area, the United Kingdom, or Switzerland, you benefit from the rights described below, subject to local law.

We describe our processing in plain language. Where a word has a specific legal meaning under GDPR, we use it in that sense.

Data controller

The controller responsible for personal data is Quiphraldhar, registered for business operations at 33 Victoria Street East, Auckland 1010, New Zealand.

You can reach our privacy contact at assist@quiphraldhar.world or by telephone on +64 9 377 1333. For postal correspondence, use the street address above and mark the envelope “Privacy”.

Categories of personal data

Depending on how you use our services, we may process:

  • Identity and contact data: name, email address, phone number if you provide it, and the text of messages you send.
  • Technical data: IP address, browser type and version, time zone, operating system, device category, approximate region derived from network data, and referrer URL.
  • Usage data: pages viewed, approximate scroll or interaction patterns where analytics cookies are enabled and you consent.
  • Preference data: cookie choices stored in your browser’s local storage.
  • Service records: booking references, scheduling notes, or correspondence logs if you purchase or schedule a service.

We do not ask you to submit sensitive categories of data (such as health information) through our general contact form. If you voluntarily include such information, we will only use it to respond to your request and will limit access accordingly.

Purposes and lawful bases

We process personal data only where a lawful basis applies under GDPR Article 6:

  • Contract and pre-contract steps: responding to enquiries, preparing quotes, delivering booked sessions, and invoicing.
  • Legitimate interests: securing the website, detecting abuse, improving navigation and content structure, and internal reporting in aggregated form, balanced against your rights.
  • Legal obligation: retaining records where tax or company law requires.
  • Consent: optional analytics cookies, optional marketing cookies, and any newsletter or similar channel where you explicitly opt in.

Where consent is the basis, you may withdraw it at any time without affecting processing that occurred before withdrawal. Withdrawing consent may limit certain site features.

Advertising measurement

If you enable marketing cookies in our cookie preferences, we may use tags that measure visits from online advertising (for example, search or display campaigns). They help us understand in aggregated form whether someone arrived from an ad and whether they used the contact form. We do not sell personal data. Platforms that process data on our behalf operate under their own terms and privacy notices. You can withdraw consent at any time via Cookie preferences.

Retention periods

We keep data only as long as necessary for the purposes above:

  • Contact form and email enquiries: up to twenty-four months after the last message in a thread, unless a longer period is needed for unresolved disputes or legal claims.
  • Client records relating to services: up to seven years where required for accounting and tax compliance in New Zealand, or shorter if the law permits and the matter is closed.
  • Server and security logs: up to twelve months, unless a security incident requires an extended hold.
  • Cookie preference keys: until you clear site data or we bump the storage version key.
  • Anonymised analytics aggregates: may be retained without a fixed end date if the data cannot identify you.

When retention ends, we delete or irreversibly anonymise data where technically feasible.

Recipients and processors

We may share personal data with:

  • Hosting and infrastructure providers that store or transmit website content.
  • Email and messaging providers that deliver messages to us or to you.
  • Analytics or marketing partners only where you have enabled the relevant cookies.
  • Professional advisers such as lawyers or accountants when required by law or to protect our rights.

We select processors who offer written commitments to confidentiality, security, and compliance with GDPR where applicable. A list of main processor categories is available on request.

International transfers

Our primary operations are in New Zealand. The European Commission recognises New Zealand as providing adequate protection for personal data transferred from the EEA. If we transfer data to other countries or use tools hosted in other regions, we will rely on adequacy decisions, standard contractual clauses approved by the European Commission, or other appropriate safeguards.

You may request further information about specific transfer mechanisms by contacting us using the details above.

Security measures

We implement technical and organisational measures proportionate to the risk, including:

  • Transport encryption (HTTPS) for website access where supported by your browser.
  • Access controls and authentication for staff accounts.
  • Regular software updates and monitoring for unusual activity.
  • Minimisation of data in internal systems and deletion schedules.

No online transmission is completely secure. We encourage you to use strong passwords and avoid sending confidential information by email unless you accept the residual risks.

Your rights

Depending on your location and the facts of processing, you may have the right to:

  • Access a copy of your personal data.
  • Rectify inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests or for direct marketing.
  • Data portability for data you provided where processing is automated and based on consent or contract.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with a supervisory authority in your country of residence.

To exercise a right, email us with a description of your request. We may ask for reasonable identity verification. We respond within one month in most cases, or inform you of an extension where permitted by law.

Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely on an automated basis. If that changes, we will update this policy and provide a meaningful explanation before such processing begins.

Children

The website is not directed at children under sixteen. We do not knowingly collect personal data from children. If you believe we have received data from a child, contact us and we will delete it promptly where we can verify the request.

Changes to this policy

We may update this policy to reflect legal, technical, or organisational changes. Material updates will be signposted on the website for a reasonable period. The hero date shown at the top of this page is generated automatically when you load it and reflects today’s calendar date for your reference; archived versions of the policy text may be available on request.

Contact and supervisory authorities

For privacy questions: assist@quiphraldhar.world, +64 9 377 1333, 33 Victoria Street East, Auckland 1010, New Zealand.

If you are in the EU, you may also contact your local data protection authority. The European Data Protection Board lists contact details at national level.