Personal data

Privacy policy

Grozelonphodar explains what we collect when you browse, book, or talk to us, how long we keep it, who can see it, and what you can ask us to do. We write in everyday language so you can compare this text with our cookies policy and return policy without guessing at legal code words.

Viewed on
  • Controller details
  • Your rights
  • Security
  • Complaints

1. Data controller and ways to write to us

Grozelonphodar of 277 Broadway, Newmarket, Auckland 1023, New Zealand, is the data controller for information described here when you use this public website, our reception desk, and related email. If we ever share controller duties with a partner for a co-hosted event, we will point you to a one-page addendum and name the other party before you are committed.

2. Principles that guide us

We aim for data minimisation, which means we ask only what we need to schedule a visit, run the pool, meet accounting rules, and keep people safe. We also aim for transparency: if we cannot answer a clear question you ask about a record, we will say so, rather than guess.

No special-category guessing. We do not use this public site to collect detailed health data for generic browsing. If you choose to type optional notes in a form, you control what is written. We store your words only to respond and to make your visit work as you described, not to build a profile of labels about you for unrelated use.

3. Categories of information we may hold

Identity and contact: name, email, phone, and similar lines you type in our contact form or hand to reception. Booking and session context: time windows, lane or programme names, and short operational notes, such as which coach was on shift. Attendance and payment: references from bank transfers or card authorisations made through a processor, not a full number stored on a sticky note. Technical: IP address, user agent, and, if you consented, cookie identifiers as in the cookies page. We may also hold a secure note if you said you needed step-free access to the change room, so we can route you without repeating the detail each time, unless you ask us to remove it.

4. Why we are allowed to process (legal bases)

Where a contract is forming or running, for example a prepaid pack, we use contract-related processing. For optional marketing messages you clearly opted into, we use consent, which you can take back. For some pool safety, accounting, and tax duties, we use legal obligation. For improving web structure and for mild fraud checking on the contact form, we may use legitimate interest, with balancing tests on file, available on request in redacted form so personal names of other visitors stay private.

5. How we use the data, in plain order

We respond to you, schedule lanes, run reception, and keep internal shift notes. We compile aggregate statistics, such as how many visits occurred in a month, without singling you out. We do not buy bulk email lists to cold-contact strangers through this product line. We may send operational mail if a maintenance window moves your time; that is not marketing if it is a factual schedule change about something you already bought or booked.

6. When others see data

We use a small set of service providers, such as payment handling, website hosting, and email delivery. We sign data processing or similar terms, we limit their access, and we check that they are not allowed to resell the list. If the law or a valid court order compels us to disclose, we will review the demand with our advisers, notify you where the law allows, and only share the narrowest slice we must.

7. How long we keep what

As a default, we keep form and message threads for up to two years from the last non-automated reply, unless a warranty, dispute, or tax matter needs longer. We keep tax and banking evidence for the period New Zealand rules require, often seven years for core records, after which we delete or de-identify where practicable. If you use a one-off day pass, we may keep a shorter subset that proves payment without keeping every line of a casual chat, unless you ask us to keep a particular record until an issue is finished.

8. Security measures, proportionate to risk

We use access controls, role-based accounts, secure transport to this site, offline backups in locked storage where applicable, and staff instructions not to take photos of the booking screen. When two-factor authentication is available on a system we use, we turn it on for administrator roles. We review vendor incidents publicised in the market and, if a supplier has a reportable breach that touches our data, we will follow the timeline your law expects for your notification.

9. Your rights, depending on the law of your home country

You may be able to access, correct, delete, object, restrict, port, or appeal automated decisions, within the limits of the law. We answer requests without delay and within a month for many cases, with a possible two-month extension for large archives, in which case we will tell you why. You may have a no-fee first request, with reasonable fees for repeated copies, if our regulator allows. If we refuse, we will give reasons and tell you about review paths.

10. If data moves across borders

Some cloud or email services process data in another region. We rely on the mechanisms approved at the time, such as standard contractual clauses, adequacy decisions, or local equivalents. You can request a copy of the summary we keep for staff training, and we can point to public vendor terms that match what we use in practice, without exposing another customer’s name.

11. Questions and formal complaints

If you are in New Zealand, you can contact the Office of the Privacy Commissioner. If you are in the EEA, UK, or Canada, you may have a local body we name in a separate sheet if the rule set requires. We prefer to deal with you directly first, because most routine mix-ups of spellings, duplicate bookings, or export requests can be fixed in a week without escalation.

12. Online advertising, analytics, and conversion measurement

Where you allow analytics or marketing cookies and similar tools through our cookie settings, we or our service providers may process limited technical data to measure how this website is used, to improve content, and in some cases to show or measure the effectiveness of online advertising that links to this domain. We do not use this public site to sell lists of personal data to data brokers, and we configure vendors to respect regional requirements where the tools support it. You may withdraw consent for non-essential tools at any time as described in the cookies policy, understanding that some measurement may still appear in aggregate form that does not identify you as an individual.

If we use conversion tags or similar for advertising platforms (for example, to understand whether a visit followed from an ad), we only deploy them in line with your cookie choices, and we keep contracts with processors that set limits on their use and retention. Nothing in this section changes your statutory rights; it explains how a modern, consent-based site may connect to ad measurement in a way that is transparent to visitors in New Zealand and elsewhere.

13. How to reach the controller for privacy

Write to the address above, email ask@grozelonphodar.world, or call +64 9 978 9400 during the hours we publish at reception. If you represent another organisation, include your file reference in the subject so we can route it. The date above in the hero is generated when you open this page, so you know which copy of the world’s calendar you were reading; internal version logs may add a sub-version for staff, which does not change your statutory rights if the substance of the policy did not change.