Privacy Policy
Privacy Policy
1. Introduction
This Privacy Policy explains how Bradly Enterprises Limited (“Bradly,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit bradly.co.nz (the “Site”), book a consultation, subscribe to our newsletter, or otherwise interact with us.
This policy is designed to comply with:
- The EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR (together, the “GDPR”)
- The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the “CCPA”)
- The New Zealand Privacy Act 2020
If you do not agree with this policy, please do not use the Site.
2. Who we are (Data Controller)
For the purposes of the GDPR, the data controller is:
Email: privacy [at] bradly [dot] co [dot] nz
Operated by: Gabriel Bradly
We have not appointed a Data Protection Officer because we are not required to do so under Article 37 GDPR. For any privacy questions, please contact us using the details in Section 14.
3. Information we collect
3.1 Information you provide to us
When you complete the contact form, book a consultation, or subscribe to our newsletter, we may collect:
- First name and last name
- Email address
- The content of any message you send us through the contact form
- Scheduling information (date and time of the booked consultation, time zone) if you book a call
3.2 Information collected automatically
When you visit the Site, we and our service providers automatically collect certain information through cookies, pixels, and similar technologies, including:
- IP address (which may be truncated or anonymised by our analytics provider)
- Device and browser type, operating system, screen resolution, and language
- Pages visited, time on page, referring and exit pages, clickstream data
- Approximate geographic location derived from IP address
- Unique identifiers used by analytics and advertising services
- Date and timestamp of access
We use Google Analytics to analyse this information. See Section 6 (Cookies and Tracking Technologies) and our separate Cookie Policy.
3.3 Information from third-party platforms
Where you interact with our advertisements on Google Ads, Meta Platforms (Facebook/Instagram), Reddit, or LinkedIn, those platforms may share aggregated campaign data with us and set cookies on your device enabling us to retarget you with our advertisements across the web. See Section 6.
4. How we use your information — and our legal bases (GDPR)
We use personal information for the following purposes:
| Purpose | Legal basis under GDPR |
|---|---|
| Responding to enquiries submitted via the contact form | Pre-contractual steps (Art. 6(1)(b)) and our legitimate interests in responding to you (Art. 6(1)(f)) |
| Scheduling and conducting booked consultations | Performance of, or pre-contractual steps toward, a contract (Art. 6(1)(b)) |
| Sending newsletters and marketing communications you have subscribed to | Your consent (Art. 6(1)(a)) |
| Operating, securing, and improving the Site | Our legitimate interests in running an effective website (Art. 6(1)(f)) |
| Website analytics — understanding how visitors use the Site | Your consent for non-essential cookies (Art. 6(1)(a)), where required |
| Online advertising and remarketing on third-party platforms | Your consent (Art. 6(1)(a)) |
| Detecting and preventing fraud, abuse, and security incidents | Our legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
You may withdraw consent at any time (see Section 9). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
5. CCPA notice (California residents)
This section provides additional information for California residents under the CCPA. Defined terms have the meanings given in the CCPA.
5.1 Categories of personal information collected
In the past 12 months we have collected the following categories of personal information:
| CCPA Category | Examples | Collected? |
|---|---|---|
| A. Identifiers | Name, email address, IP address, online identifiers, cookie IDs | Yes |
| B. Customer records (Cal. Civ. Code §1798.80(e)) | Name, contact details | Yes |
| F. Internet/electronic network activity | Browsing history on our Site, interaction with ads | Yes |
| G. Geolocation | Approximate location from IP address | Yes |
| K. Inferences | Profiles drawn from your activity (primarily by ad platforms) | Yes |
| Sensitive personal information (as defined by the CCPA) | — | No |
We do not knowingly collect or process sensitive personal information.
5.2 Sources
- Directly from you (forms, newsletter sign-ups, consultation bookings)
- Automatically from your device (cookies, pixels, analytics tags)
- From our advertising and analytics partners
5.3 Business and commercial purposes
We use this information for the purposes described in Section 4 — responding to enquiries, scheduling consultations, sending requested communications, operating and improving the Site, analytics, advertising, and security.
5.4 Sale or sharing of personal information
We do not sell personal information in exchange for money.
However, under the CCPA, “sharing” includes disclosing personal information for cross-context behavioural advertising — targeted advertising shown to you across non-affiliated sites. Our use of advertising and remarketing cookies from Google Ads, Meta Platforms, Reddit, and LinkedIn falls within this definition.
You have the right to opt out of this sharing at any time:
- Click “Cookie Settings” on our Site (powered by Cookiebot) and disable the Marketing category
- Send a request to the email in Section 14 with the subject line “Do Not Sell or Share”
We honour Global Privacy Control (GPC) signals received from California-based browsers as a valid opt-out of sharing.
We do not knowingly sell or share the personal information of consumers under 16 years of age.
5.5 Retention
We retain each category of personal information for the periods set out in Section 10, or for as long as needed for the purposes described, whichever is shorter.
5.6 Your CCPA rights
See Section 9.2.
6. Cookies and tracking technologies
This section is a summary. Full details, including the list of individual cookies, are in our separate Cookie Policy (below).
6.1 Categories of cookies we use
Strictly necessary cookies — Required for the Site to function (e.g., security, load balancing, remembering your cookie choices). These do not require consent.
Analytics cookies — Used to understand how visitors interact with the Site, set primarily by Google Analytics. We set these only with your consent.
Advertising and remarketing cookies — Set by Google Ads, Meta Platforms (Facebook/Instagram Pixel), Reddit Pixel, and LinkedIn Insight Tag, to enable remarketing and measure ad campaign effectiveness. We set these only with your consent.
6.2 Managing your cookies
You can manage your preferences at any time using the Cookie Settings link on our Site, which is powered by Cookiebot. You can also disable cookies through your browser settings, although some Site features may not function as intended.
6.3 Do Not Track
Our Site does not respond to “Do Not Track” browser signals. We do honour Global Privacy Control (GPC) signals as described in Section 5.4.
7. How we share your information
We share personal information with the following categories of recipients:
- Service providers and sub-processors acting on our behalf, including:
- Vercel Inc. — website hosting
- Kit (formerly ConvertKit) — newsletter delivery
- Calendly LLC — consultation booking and scheduling
- Cookiebot (by Usercentrics) — cookie consent management
- Google LLC — Google Analytics
- Advertising platforms — Google, Meta Platforms, Reddit, LinkedIn — for the purposes described in Section 6 and only where you have consented
- Professional advisers — accountants, lawyers, insurers, where reasonably necessary
- Regulators, law enforcement, and courts — where required by law or to establish, exercise, or defend legal rights
- A successor entity — in the event of a merger, acquisition, restructuring, or sale of business assets, subject to the recipient honouring this policy
Service providers are bound by contract to process personal information only on our instructions and to safeguard it appropriately.
8. International data transfers
We are based in New Zealand. New Zealand has been recognised by the European Commission as providing an adequate level of data protection (Commission Decision 2013/65/EU).
Several of our service providers (including Google, Meta, Reddit, LinkedIn, Vercel, Kit, Calendly, and Cookiebot) are based in or process data in the United States or other countries outside the EEA, UK, or New Zealand.
Where personal data is transferred from the EEA or UK to a country without an adequacy decision, we rely on appropriate safeguards under Article 46 GDPR, including:
- Standard Contractual Clauses (the European Commission’s 2021 SCCs and the UK International Data Transfer Addendum)
- The transfer mechanisms our service providers maintain as data importers
- Supplementary measures where required following a transfer impact assessment
You may request further information about the safeguards we use by contacting us.
9. Your rights
9.1 Rights under GDPR (EEA, UK, and Switzerland)
You have the following rights, subject to applicable conditions and exceptions:
- Access — request a copy of the personal information we hold about you
- Rectification — have inaccurate or incomplete information corrected
- Erasure — request deletion of your personal information (“right to be forgotten”)
- Restriction — limit how we process your personal information
- Portability — receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller
- Object — object to processing based on our legitimate interests, including direct marketing (which you may object to at any time)
- Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal
- Not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects — we do not carry out such decision-making
- Lodge a complaint with your local supervisory authority. For the UK this is the Information Commissioner’s Office. A list of EU supervisory authorities is available at edpb.europa.eu.
To exercise any of these rights, contact us using the details in Section 14. We will respond within one month, with a possible extension of two further months for complex requests, and will tell you if any extension applies.
9.2 Rights under the CCPA (California residents)
You have the right to:
- Know — request the categories and specific pieces of personal information we have collected, used, disclosed, or shared about you in the past 12 months, the sources, purposes, and recipients
- Delete — request deletion of personal information we have collected from you, subject to legal exceptions
- Correct — request correction of inaccurate personal information
- Opt out of the sale or sharing of personal information — see Section 5.4
- Limit use of sensitive personal information — we do not collect sensitive personal information
- Non-discrimination — we will not deny services, charge a different price, or provide a different level of quality because you exercised a CCPA right
To submit a Know, Delete, or Correct request, email us using the details in Section 14. We will verify your identity before responding by matching the information you provide against what we hold. Authorised agents may submit requests on your behalf with valid written authority.
We will respond to verifiable requests within 45 days, with a possible 45-day extension where reasonably necessary.
9.3 Rights under the New Zealand Privacy Act 2020
If you are in New Zealand, you have the right to access and request correction of personal information we hold about you. You may also complain to the Office of the Privacy Commissioner.
10. Data retention
We retain personal information only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements:
| Category | Retention period |
|---|---|
| Contact form enquiries | 24 months from last contact, unless an ongoing client relationship requires longer retention |
| Newsletter subscribers | Until you unsubscribe or request deletion |
| Consultation booking records | 24 months from the booking date |
| Google Analytics data | 14 months (as configured in Google Analytics) |
| Advertising platform data | As determined by the relevant platform, typically up to 540 days |
| Records required for tax, accounting, or legal purposes | 7 years (as required by New Zealand law) |
When retention periods expire, we will delete or anonymise the relevant personal information.
11. Security
We implement reasonable technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (HTTPS), access controls, and reliance on reputable hosting and service providers with their own security programs.
No system is 100% secure. While we work to protect your personal information, we cannot guarantee its absolute security. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities where required by law.
12. Children’s privacy
The Site is a business-to-business service and is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. The “Last Updated” date at the top reflects the date of the most recent changes. Material changes will be communicated through a notice on the Site or, where appropriate, by email. We encourage you to review this policy periodically.
14. Contact us
For any questions, requests, or complaints regarding this Privacy Policy or our handling of your personal information:
Orewa, Auckland 0931
New Zealand
Email: privacy [at] bradly [dot] co [dot] nz
Cookie Policy
1. About this Cookie Policy
This Cookie Policy explains how Bradly Enterprises Limited (“Bradly,” “we,” “us,” or “our”) uses cookies and similar tracking technologies on bradly.co.nz (the “Site”). It should be read alongside our Privacy Policy, which explains how we handle personal information more generally.
By clicking “Accept all” on our cookie banner, you consent to our use of all cookies. You can change your choices at any time using the Cookie Settings link in the footer of our Site.
2. What are cookies?
Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device, remember your preferences, and collect information about how you use the site.
We also use similar technologies — pixels, web beacons, tags, and SDKs — which work in much the same way. In this policy, we refer to all of these collectively as “cookies.”
Cookies set by us are called first-party cookies. Cookies set by other organisations (for example, Google or Meta) are called third-party cookies.
3. Categories of cookies we use
We classify cookies into the following categories, in line with the Cookiebot consent framework deployed on our Site:
3.1 Strictly necessary cookies
These cookies are essential for the Site to function — for example, security, load balancing, and remembering your cookie consent choices. They cannot be switched off. No consent is required for these cookies, and they are not used for analytics or advertising.
3.2 Preference cookies
These cookies allow the Site to remember choices you make (such as language). They are not used for tracking. We use these only with your consent.
3.3 Statistics / analytics cookies
These cookies help us understand how visitors interact with the Site by collecting and reporting information anonymously or pseudonymously. We use Google Analytics for this purpose. Data collected may include IP address (truncated), device information, pages visited, time spent, and referral source.
We use these cookies only with your consent. Learn more: policies.google.com/privacy.
3.4 Marketing / advertising cookies
These cookies are used to track visitors across websites and build a profile to display relevant advertisements. They enable us to:
- Show our advertisements to people who have previously visited our Site (remarketing)
- Measure the performance of our advertising campaigns
- Reach new audiences similar to our existing visitors
These cookies are set by the following providers. We use them only with your consent:
| Provider | Purpose | Privacy policy |
|---|---|---|
| Google Ads | Conversion tracking, remarketing | policies.google.com/technologies/ads |
| Meta Platforms (Facebook/Instagram Pixel) | Conversion tracking, remarketing, audience building | facebook.com/policy |
| Reddit Pixel | Conversion tracking, remarketing | reddit.com/policies/privacy |
| LinkedIn Insight Tag | Conversion tracking, remarketing, audience building | linkedin.com/legal/privacy |
Under the California Consumer Privacy Act (CCPA), our use of these advertising cookies for cross-context behavioural advertising constitutes “sharing” of personal information. California residents have the right to opt out — see Section 5 of our Privacy Policy.
4. The specific cookies we use
A complete, up-to-date list of every cookie used on this Site — including its name, provider, purpose, type, and expiration — is automatically maintained and published by Cookiebot in our cookie banner. To view the full list:
- Click Cookie Settings in the footer of our Site, or
- Open the cookie banner and select Show details
We have chosen Cookiebot because the list updates automatically whenever a new cookie is added to the Site, so the information you see is always current.
5. How to manage your cookies
5.1 Using our cookie banner
The easiest way to manage your preferences is via our Cookiebot banner. When you first visit the Site, you can choose to accept all cookies, reject all non-essential cookies, or customise your preferences by category. You can change your choices at any time by clicking Cookie Settings in the footer.
5.2 Through your browser
Most browsers allow you to block or delete cookies. The location of these settings differs by browser:
- Chrome: support.google.com/chrome/answer/95647
- Firefox: support.mozilla.org
- Safari: support.apple.com
- Edge: support.microsoft.com
Note that blocking strictly necessary cookies through your browser may prevent parts of the Site from working properly.
5.3 Opting out of advertising cookies at the source
You can opt out of personalised advertising at the source for several major platforms:
- Google: adssettings.google.com
- Meta: facebook.com/settings?tab=ads
- LinkedIn: linkedin.com/psettings/advertising
- Network Advertising Initiative (industry-wide): optout.networkadvertising.org
- Digital Advertising Alliance (US): optout.aboutads.info
- Your Online Choices (EU): youronlinechoices.eu
5.4 Global Privacy Control (GPC)
If your browser sends a Global Privacy Control signal, we treat it as a valid request to opt out of “sharing” under the CCPA. Most major browsers and privacy extensions support GPC.
6. Changes to this Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, regulation, or our business practices. The “Last Updated” date at the top reflects the most recent revision. The list of specific cookies in the Cookiebot banner is updated automatically and may change more frequently than this policy.
7. Contact us
Orewa, Auckland 0931
New Zealand
Email: privacy [at] bradly [dot] co [dot] nz
Notice at Collection (CCPA)
Effective Date: 20 May 2026
This Notice at Collection is provided under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA”). It summarises what personal information Bradly Enterprises Limited collects through bradly.co.nz (the “Site”) and what your rights are. For the full picture, please read the Privacy Policy above.
Categories of personal information we collect
- Identifiers — name, email address, IP address, online identifiers, cookie IDs
- Customer records — name and contact details you submit through forms or bookings
- Internet or other electronic network activity — pages visited, time on site, interaction with our ads
- Geolocation — approximate location derived from your IP address
- Inferences — profiles drawn from your activity, primarily by our advertising partners
We do not collect Sensitive Personal Information.
Purposes for which we collect and use this information
- Responding to enquiries and scheduling consultations
- Sending newsletters you have subscribed to
- Operating, securing, and improving the Site
- Website analytics (Google Analytics)
- Advertising and remarketing (Google Ads, Meta, Reddit, LinkedIn)
- Detecting fraud and abuse
- Complying with legal obligations
Sale and sharing
We do not sell personal information for money.
We do “share” personal information for cross-context behavioural advertising — that is, we allow advertising platforms (Google, Meta, Reddit, LinkedIn) to set cookies that let us retarget you with our ads on those platforms after you visit our Site. Under the CCPA, this counts as “sharing.”
- Clicking Cookie Settings in the footer of our Site and disabling the Marketing category, or
- Sending us an email at privacy [at] bradly [dot] co [dot] nz with the subject line “Do Not Sell or Share.”
We also honour Global Privacy Control (GPC) browser signals as a valid opt-out request.
How long we keep your information
Retention periods vary by category and are set out in full in Section 10 of the Privacy Policy. In summary: contact form enquiries are kept for 24 months from last contact; newsletter data until you unsubscribe; Google Analytics data for 14 months; tax and accounting records for 7 years as required by New Zealand law.
Your CCPA rights
If you are a California resident, you have the right to know, delete, correct, opt out of sharing, and not be discriminated against for exercising these rights. To submit a request, email us using the address below. We will verify your identity before responding.
Contact
Email: privacy [at] bradly [dot] co [dot] nz