Privacy Policy

Last updated: 28 May 2026

1. Who we are (agency)

Skeletalnew is the agency responsible for personal information we collect. We are based at 181 Woodham Road, Avonside, Christchurch 8061, New Zealand.

Contact: connect@skeletalnew.world · +64 27 239 8972

2. Application of law

This policy is prepared in accordance with the Privacy Act 2020 (New Zealand), its Information Privacy Principles (IPPs), and related guidance from the Office of the Privacy Commissioner (OPC). Where you are in the European Economic Area or United Kingdom, we also respect applicable GDPR rights for cross-border processing.

3. Information we collect

• Contact details: name, email, phone when you enquire or subscribe.
• Communications: message content and support history.
• Account data: login identifiers, preferences, subscription status.
• Technical data: IP address, browser type, device information, pages visited.
• Cookies: identifiers where you consent — see our Cookies Policy.

We collect information directly from you, automatically through the website, and from payment processors where you purchase services.

4. Purposes of collection (IPP 1–4)

We collect personal information only for lawful purposes connected with our functions, including:

• responding to enquiries and providing micro-break services;
• billing, account management, and customer support;
• improving website security and usability (analytics only with consent);
• complying with legal and tax obligations;
• sending marketing communications only where you have given express consent (Unsolicited Electronic Messages Act 2007).

We will not require information that is not necessary for the purpose (IPP 1). Where practicable, you may interact anonymously, but we may be unable to provide services without contact details.

5. Use and disclosure (IPP 10–11)

We use information only for the purposes collected, or directly related purposes you would reasonably expect. We may disclose information to:

• hosting, email, analytics, and payment providers under contract;
• professional advisers bound by confidentiality;
• regulators or courts when required by New Zealand law.

We do not sell personal information. Overseas disclosure occurs only where IPP 12 safeguards apply (e.g. comparable privacy standards or your authorisation).

6. Storage and retention

Data is stored in New Zealand or with cloud providers that meet our security requirements. Retention periods:

• Enquiries: up to 24 months unless a client relationship continues.
• Financial records: seven years where required by tax law.
• Analytics: aggregated or deleted within 26 months.
• Cookie preferences: stored on your device until cleared.

When no longer needed, information is securely deleted or de-identified (IPP 9).

7. Security (IPP 5)

We use TLS encryption, access controls, staff training, and periodic review of systems. No online transmission is completely secure; please use strong passwords for accounts.

8. Your rights

Under the Privacy Act 2020 you may:

• Access personal information we hold about you (IPP 6);
• Correct information that is inaccurate, incomplete, or misleading (IPP 7);
• Withdraw consent for optional processing such as marketing or analytics;
• Complain to us, and if unresolved, to the Office of the Privacy Commissioner: www.privacy.org.nz.

We will respond to access or correction requests within 20 working days unless an extension applies under the Act.

9. Children

Our services target adults in workplace contexts. We do not knowingly collect information from anyone under 16 without parental consent.

10. Notifiable privacy breaches

If a privacy breach causes serious harm, we will notify the OPC and affected individuals as required by Part 6 of the Privacy Act 2020.

11. Changes

We may update this policy and will publish the new version here with an updated date. Material changes may be notified by email where appropriate.