Privacy Policy

Privacy statement under the Privacy Act 2020 (New Zealand)

Last updated: 20 June 2026

This document is our public privacy statement under the Privacy Act 2020 (New Zealand). It explains how Cleanseenergy Walking Club ("we", "us", or "our"), operating the website at cleanseenergy.world, collects, uses, stores, and protects personal information when you browse our site, join group walks, or contact us about routes and events in Wellington, New Zealand.

We are an agency for the purposes of the Privacy Act 2020. We are committed to handling personal data responsibly and in compliance with the Act's Information Privacy Principles (IPPs), including IPP 3A (in force from 1 May 2026), the mandatory notifiable privacy breach scheme in Part 6 of the Act, and — where applicable — the General Data Protection Regulation (GDPR) for visitors located in the European Economic Area (EEA), United Kingdom, or Switzerland.

1. Who We Are (Data Controller)

The data controller responsible for your personal information is:

• Organisation: Cleanseenergy Walking Club
• Address: Parking lot 133 Tory Street, Te Aro, Wellington 6011, New Zealand
• Email: assist@cleanseenergy.world
• Phone: +64 4 384 6825

For privacy-related enquiries, please contact us using the details above. We will respond within a reasonable timeframe and, where GDPR applies, within one month unless an extension is permitted by law.

2. Scope of This Policy

This policy applies to personal information collected through:

• Our website (including contact forms, walk calendar pages, and cookie preferences)
• Email, telephone, and in-person communications about club walks and events
• Registration or sign-up for group walks, buddy programmes, or community litter-pick outings

It does not cover third-party websites linked from our pages. Those sites have their own privacy policies.

3. Information Privacy Principles (NZ Privacy Act 2020)

Under the Privacy Act 2020, agencies in New Zealand must comply with thirteen Information Privacy Principles (IPPs). We align our practices with these principles, including:

• IPP 1 — Purpose of collection: We collect personal information only for lawful purposes connected with our walking club activities.
• IPP 2 — Source of personal information: We collect information directly from you where possible, or from publicly available sources only when relevant and permitted.
• IPP 3 — What to tell an individual: We inform you about why we collect data, who will receive it, and your rights (as described in this policy).
• IPP 3A — Indirect collection (from 1 May 2026): Where we collect personal information indirectly (for example, through server logs, cookies, or analytics tools), we describe that collection in this statement and our Cookie Policy, and comply with notification requirements before using the information or within a reasonable period after collection.
• IPP 4 — Manner of collection: Information is collected fairly and not in an unreasonably intrusive way.
• IPP 5 — Storage and security: We take reasonable safeguards against loss, misuse, and unauthorised access.
• IPP 6 — Access to personal information: You may request access to personal information we hold about you.
• IPP 7 — Correction of personal information: You may ask us to correct inaccurate, incomplete, or misleading information.
• IPP 8 — Accuracy: We take reasonable steps to ensure information is accurate, up to date, and complete before use.
• IPP 9 — Retention: We retain information only as long as necessary for the purposes for which it was collected.
• IPP 10 — Limits on use: We use personal information only for the purpose for which it was collected, or a directly related purpose, unless an exception applies.
• IPP 11 — Limits on disclosure: We do not disclose personal information except as described in this policy or as required by law.
• IPP 12 — Unique identifiers: We assign unique identifiers (such as member reference numbers or pseudonymous analytics IDs) only when reasonably necessary and do not adopt identifiers assigned by another agency unless authorised by law or agreed with you.
• IPP 13 — Disclosing information outside New Zealand: If we transfer data outside New Zealand, we comply with IPP 13 by ensuring the recipient is subject to comparable safeguards, using contractual protections, or relying on permitted exceptions in Schedule 5 of the Privacy Act 2020.

4. Notification at Collection (IPP 3 and 3A)

When we collect personal information from you directly — for example, through our contact form — we notify you at or before the time of collection of:

• Our identity and contact details (see Section 1)
• The fact that information is being collected and the purposes of collection
• The intended recipients or classes of recipients (including hosting and email service providers)
• Whether provision is mandatory or voluntary, and consequences if you do not provide it
• Your rights of access and correction under IPPs 6 and 7
• That the contact form requires your explicit consent to processing, as indicated by the GDPR consent checkbox

Contact form: Name, email, and message are required to respond to your enquiry. If you do not provide this information, we cannot process your request.

Where information is collected indirectly through cookies, server logs, or embedded third-party content (such as maps), we describe that collection in this statement and our Cookie Policy. Non-essential cookies are activated only after you provide consent through our cookie banner.

5. GDPR Lawful Bases (Where Applicable)

If GDPR applies to our processing of your data, we rely on the following lawful bases:

• Consent: For optional analytics and marketing cookies, newsletter sign-ups, and contact form submissions where you tick a consent box.
• Contract: To respond to your enquiries, confirm walk attendance, or manage participation you have requested.
• Legitimate interests: To operate and improve our walking club website, ensure event safety, prevent fraud, and communicate about scheduled walks — balanced against your rights and freedoms.
• Legal obligation: To comply with applicable laws, court orders, or regulatory requests.

6. Personal Information We Collect

Depending on how you interact with us, we may collect:

• Identity and contact data: Name, email address, phone number, and messages you send via our contact form.
• Walk participation data: Walks you register for, preferred meeting points, fitness level notes you voluntarily provide, and buddy-system pairing details.
• Technical data: IP address, browser type, device information, pages visited, and referral URLs (primarily through cookies — see our Cookie Policy).
• Communication records: Copies of emails and correspondence related to routes, cancellations, or safety notices.

We do not intentionally collect sensitive personal information (such as health diagnoses or medical records). If you share health-related information voluntarily (for example, noting a mobility consideration for a walk), we treat it with extra care and use it only to support your participation.

7. How We Collect Information

• Directly from you when you complete forms, email us, call us, or attend a walk and provide details.
• Automatically through cookies and similar technologies when you use our website (with your consent where required).
• From walk leaders or volunteers who record attendance for safety and communication purposes.

8. Purposes of Processing (IPP 1 and 10)

We use personal information to:

• Respond to enquiries about joining walks, routes, and meeting points in Wellington
• Publish and manage our walk calendar and send relevant updates about cancellations or weather changes
• Pair newcomers with buddy walk leaders for their first outings
• Operate, secure, and improve our website and user experience
• Analyse aggregated website usage (with consent) to understand which pages about Everyday Movement, social walks, or eco routes are most helpful
• Comply with legal obligations and protect the rights and safety of members and the public
• Send optional newsletters or event announcements (with consent, and with an unsubscribe option)

We will not use your personal information for a purpose other than the purpose for which it was collected, unless we believe on reasonable grounds that the new use is directly related to the original purpose, you authorise the new use, or the new use is permitted by law (IPP 10).

9. Cookies and Similar Technologies

Our website uses cookies to remember your cookie preferences and, with your consent, for analytics and marketing. For full details on cookie categories, retention, and how to manage choices via our cookie banner, please read our Cookie Policy.

10. Sharing and Disclosure (IPP 11)

We do not sell your personal information. Before disclosing personal information to another person or organisation, we take reasonable steps to ensure the recipient will protect it in line with the IPPs (IPP 11). We may share data with:

• Service providers: Hosting providers, email delivery services, and analytics platforms that process data on our instructions under contractual confidentiality and security obligations.
• Walk volunteers and leaders: Limited contact details necessary to welcome you at a meeting point or manage safety on a route.
• Legal and regulatory authorities: When required by law, court order, or to protect vital interests.

Where personal information is disclosed overseas (for example, to cloud servers or analytics providers located outside New Zealand), we comply with IPP 13 by ensuring the recipient country has adequate protection, using contractual data protection clauses, or relying on permitted exceptions under Schedule 5 of the Privacy Act 2020. You may contact us for further information about overseas recipients and safeguards we rely on.

11. Data Retention (IPP 9)

We retain personal information only for as long as necessary to fulfil the purposes described in this policy:

• Contact form submissions: Up to 24 months after our last meaningful communication, unless a longer period is needed for dispute resolution.
• Walk registration records: For the duration of the event season plus 12 months for safety and organisational records.
• Marketing consents: Until you withdraw consent or unsubscribe.
• Server logs: Up to 90 days, unless required longer for security investigation.
• Cookie consent preferences: Stored locally in your browser until you clear site data.
• Cookie and analytics data: As specified in our Cookie Policy, typically between 6 and 26 months depending on the cookie type and your consent choices.
• Legal and accounting records: As required by applicable New Zealand law (including tax and record-keeping obligations where relevant).

When information is no longer required, we take reasonable steps to securely delete or anonymise it (IPP 9).

12. Security (IPP 5)

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption, secure hosting environments, access controls, and volunteer guidance on handling member data. No method of transmission over the internet is completely secure; we encourage you to avoid sending sensitive health information through the contact form unless necessary.

13. Your Rights (IPPs 6 and 7)

Access and correction under the Privacy Act 2020

Under the Privacy Act 2020, you have the right to:

• Request access to personal information we hold about you (IPP 6)
• Request correction of personal information if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading (IPP 7)

To make a request, contact us at assist@cleanseenergy.world with sufficient detail to identify you and the information concerned. We will respond within 20 working days, or inform you if an extension is required under the Act. We may need to verify your identity before releasing information. In limited circumstances permitted by the Privacy Act 2020, we may refuse access or correction; if so, we will explain the reasons and your options, including complaint to the Privacy Commissioner.

Before using personal information, we take reasonable steps to ensure it is accurate, up to date, complete, relevant, and not misleading (IPP 8).

Under the GDPR (where applicable)

You may also have the right to:

• Data portability — receive your data in a structured, commonly used format
• Restriction of processing in certain circumstances
• Object to processing based on legitimate interests or for direct marketing
• Erasure ("right to be forgotten") where grounds under Article 17 GDPR apply
• Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects
• Lodge a complaint with a supervisory authority in your EU/EEA country of residence

To exercise GDPR rights, contact us using the details above. You may withdraw consent at any time where processing is consent-based, without affecting the lawfulness of processing before withdrawal.

14. Electronic Marketing (Unsolicited Electronic Messages Act 2007)

We do not send commercial electronic messages (including email or SMS marketing) without your consent, in accordance with the Unsolicited Electronic Messages Act 2007 (UEMA). Messages sent in direct response to your contact form enquiry relate to your request and are not unsolicited marketing.

If we send optional newsletters or event announcements, we will:

• Obtain your consent before adding you to a mailing list
• Clearly identify Cleanseenergy Walking Club as the sender
• Include accurate contact information for our organisation
• Provide a functional unsubscribe mechanism in each message

Marketing cookies described in our Cookie Policy are activated only with your consent and are separate from email marketing consent.

15. Notifiable Privacy Breaches (Part 6, Privacy Act 2020)

If a privacy breach occurs that is likely to cause serious harm to affected individuals (as assessed under the Privacy Act 2020), or is likely to result in a risk to your rights and freedoms under GDPR, we will:

• Take immediate steps to contain the breach and mitigate harm
• Notify the Office of the Privacy Commissioner as soon as practicable where the breach is notifiable under Part 6 of the Privacy Act 2020
• Notify affected individuals where required, describing the nature of the breach and recommended steps
• Document the breach, our response, and remedial actions

We maintain internal procedures to assess, contain, investigate, and respond to privacy breaches, and to notify affected individuals where required.

16. Children's Privacy

Our website is intended for a general audience and is not directed at children under 16. We do not knowingly collect personal information from children without appropriate parental or guardian authority. Minors attending group walks must be accompanied by a parent or legal guardian unless prior written consent is arranged with us. If you believe we have collected information from a child without proper authority, please contact us and we will take steps to delete it.

17. Complaints

We welcome the opportunity to resolve concerns directly. Please contact us first using the details in Section 1.

If you remain unsatisfied, you may lodge a complaint with:

• Office of the Privacy Commissioner (New Zealand): www.privacy.org.nz — phone 0800 803 909
• Your local GDPR supervisory authority (if you are in the EEA, UK, or Switzerland)

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top will indicate the latest revision. Material changes will be highlighted on our website where appropriate. Continued use of the site after changes constitutes acceptance of the updated policy, subject to your rights under applicable law.

19. Contact Us

For privacy questions, access requests, or corrections:

• Email: assist@cleanseenergy.world
• Phone: +64 4 384 6825
• Post: Parking lot 133 Tory Street, Te Aro, Wellington 6011, New Zealand

Related documents: Cookie Policy | Terms of Use