Privacy policy
How personal information is handled
This is a structured draft for development and compliance review. It is not ready for publication as legal advice.
Draft status: the final privacy policy must be reviewed against the live data flow, service providers, legal entity, retention rules and New Zealand privacy requirements.
Information we collect
The website may collect contact details, general eligibility responses, enquiry preferences, consent records, campaign information and technical information needed to operate and secure the service. The public lead form should not request detailed medical histories.
Why we collect it
Information may be used to respond to enquiries, explain Quick Life, administer customer support, prevent misuse, meet legal obligations and improve website performance.
Who may receive it
Access should be limited to authorised staff, contracted service providers and other recipients permitted or required by law. The final policy must accurately identify any insurer, adviser, distributor or technology provider involved.
Storage and security
The planned system uses an Express API and Supabase PostgreSQL for leads, with a custom read-only admin dashboard. Production locations, retention periods, backups and cross-border disclosures must be confirmed before launch.
Access and correction
People may request access to personal information held about them and ask for corrections, subject to applicable New Zealand privacy law.
Marketing choices
Consent to receive marketing should be optional and separate from consent to be contacted about a specific enquiry. Every commercial message should provide a working unsubscribe method.
Contacting the privacy officer
The final policy must provide the verified privacy contact details and explain how a person can raise a privacy concern.
