Who we are
Lovelysyyoungeo operates as the trading name for our nutrition-planning information desk. Our registered postal address is 180 Lambton Quay, Wellington Central, Wellington 6011, New Zealand. Telephone: +64 4 472 6356. Privacy messages: service@lovelysyyoungeo.world.
We are the data controller for personal data described here unless a separate controller arrangement is disclosed in writing (for example, a co-branded resource where another organisation takes primary responsibility).
Entity role
We decide why and how personal data is processed for our website, marketing where consent applies, and customer care.
Supervisory dialogue
We maintain notes of privacy queries and regulator correspondence for accountability, stored under access controls.
Scope & informational purpose
The public-facing website explains everyday nutrition planning ideas in non-clinical language. Articles, worksheets, and challenges do not replace advice from doctors, dietitians, or other professionals. Privacy documentation covers visitors who read pages, visitors who email us, customers who buy educational downloads, and subscribers who opt in to updates when that programme is available.
Personal data helps us organize reliable replies. It does not decide whether someone is “healthy,” and we do not build secret health scores from browsing alone.
Data categories
Depending on how you engage with us, we may process the following logical categories:
- Identity data: name, salutation, role title when you provide it for business context.
- Contact data: email address, telephone number, postal address for billing or shipping if applicable.
- Account or transaction data: purchase references, timestamps, currency, items ordered, GST details when law requires collection.
- Communications: free-text messages, attachments metadata (we discourage clinical attachments), and internal tags that route a thread.
- Technical data: IP address, approximate region derived from IP, browser version, device type, operating system, referring URL, pages visited, time on page when logs are enabled.
- Preference data: marketing opt-ins, newsletter frequency selections, cookie consent logs stored locally or on our servers where implemented.
- Support diagnostics: screenshots you send voluntarily, crash identifiers from PDF readers only if you attach them.
How data reaches us
Most information comes directly from you when forms are submitted, emails are written, or checkout flows are completed. We may also receive limited contact verification signals from payment partners (such as partial card brand information, never full card numbers on our servers) and aggregated performance metrics from advertising platforms if you have opted in to marketing cookies.
Information we never solicit
Please avoid sending full medical records, precise dietary prescriptions from clinicians, or government identifiers unless a specific project explicitly requires them under contract. If such information arrives unexpectedly, we minimise retention and delete when no legal obligation requires keeping it.
Purposes & legal bases
Where GDPR applies, we rely on the following bases:
- Contract — processing needed to fulfil a purchase, deliver a downloadable planner, or respond to a paid briefing when those services are active.
- Legitimate interests — securing our infrastructure, understanding which articles are read in aggregate, preventing fraud, training staff on anonymised message patterns, and improving layout legibility.
- Legal obligation — retaining tax and invoicing evidence, cooperating with lawful requests from regulators or courts.
- Consent — optional analytics cookies, marketing emails, and certain promotional experiments where we have no overriding legitimate interest.
New Zealand’s Privacy Act 2020 does not use identical vocabulary, yet we map our practices in good faith so international readers can predict behaviour.
Measurement & cookies
Cookies and similar storage support security, consent memory, and—only after permission—analytics or marketing features. Detailed naming, lifetimes, and vendor categories appear in the Cookie Policy. You may reopen the cookie controls at any time by clearing site data in your browser and reloading the banner, or by writing to us for manual guidance.
Sharing & processors
We share personal data with service providers who help deliver the site: managed hosting, DNS, transactional email, customer helpdesk tooling, accounting ledgers, and optional analytics stacks authorised under your preferences. Each vendor is bound by data-processing terms requiring confidentiality and appropriate technical measures.
We do not sell personal information for money. If business transfers occur (such as merger), we will inform you when the law expects notice and continue to honour this policy until an updated notice is published.
International transfers
Some processors host data outside New Zealand. When recipients are in countries without adequacy decisions, we rely on standard contractual clauses, supplementary technical safeguards such as encryption in transit, and vendor assessments documented internally.
Retention overview
Schedules vary by data type. The table summarises typical horizons; legal holds may extend periods when disputes arise.
Security measures
We combine transport encryption (TLS), least-privilege accounts, multi-factor authentication for administrators, segregated staging environments, periodic credential rotation, and offline backups encrypted at rest. Employees receive privacy refreshers covering phishing resistance and safe handling of purchaser lists.
Despite diligence, no online service is immune to attack. If a breach likely harms individuals, we will notify affected people and regulators within timeframes required by applicable law.
Your privacy rights
Depending on your location you may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent. EU and UK residents may escalate to a supervisory authority; New Zealand residents may contact the Office of the Privacy Commissioner. We respond within statutory windows, usually not exceeding thirty days, and may ask for reasonable identity confirmation.
Children & guardians
Content targets adults planning household meals. We do not knowingly collect data from anyone under sixteen without verifiable guardian permission. If you believe we received a child’s data in error, contact us promptly for deletion.
Automated decisions
We do not use fully automated processing that produces legal or similarly significant effects concerning you. Recommendation ordering on the site is editorial, not personalised profiling.
Policy updates
When we revise this policy, we update the version date, place a summary on the home page when changes are material, and archive prior copies for internal reference. Continued use after notice constitutes acceptance except where consent is expressly required for new processing.
Direct privacy questions to service@lovelysyyoungeo.world with “Privacy request” in the subject. For postal correspondence, cite the Lambton Quay address above. We appreciate the opportunity to resolve concerns before formal escalation.