Privacy Policy
Last updated: 22 April 2026
This Privacy Policy explains how Rossi Enterprises Limited trading as The Professional Builder (“The Professional Builder”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you visit https://theprofessionalbuilder.com/ or use any of our programs, memberships, or services (collectively, the “Service”).
We operate across New Zealand, Australia, the United Kingdom, the United States, and Canada. This policy is designed to meet the requirements of the privacy laws applicable in each of those markets, including the New Zealand Privacy Act 2020, the Australian Privacy Act 1988 (and Australian Privacy Principles), the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the California Consumer Privacy Act (CCPA) as amended by the CPRA, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25).
Please read this policy carefully. By using the Service, you acknowledge that you have read and understood how we handle your personal information.
1. Who We Are and How to Contact Us
The data controller (or equivalent under applicable law) for personal information collected through the Service is:
Rossi Enterprises Limited
Trading as The Professional Builder
Level 5, 393 Khyber Pass Road
Newmarket, Auckland
New Zealand
Phone: +64 9 368 1036
Contact: https://theprofessionalbuilder.com/contact
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us using the details above.
2. Information We Collect
2.1 Information You Provide to Us
We collect information you provide directly when you:
- Register for an account or enrol in a program or membership
- Make a purchase or payment
- Fill out a form, survey, or application
- Subscribe to our email communications or SMS messaging
- Participate in coaching sessions, webinars, or events
- Contact us for support or with an enquiry
This information may include:
- Name and contact details (email address, phone number, postal address)
- Business information (company name, role, location)
- Payment and billing information (processed securely via our payment processors — we do not store full card details)
- Account credentials
- Communications you send us and records of your interactions with our team
- Programme participation and engagement data
2.2 Information Collected Automatically
When you visit our website, we and our third-party partners automatically collect certain technical information, including:
- IP address and approximate location data
- Browser type and version
- Device type and operating system
- Pages visited, time spent, and navigation paths on our Site
- Referring URLs (how you arrived at our Site)
- Cookie identifiers and similar tracking data (see Section 5)
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social media platforms (if you engage with our paid advertising or pages)
- Payment processors (transaction confirmation data)
- Referral partners or affiliates who direct you to our Service
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Lawful Basis (where applicable) |
|---|---|
| To provide, manage, and deliver our programs, memberships, and services | Contract performance |
| To process payments and manage billing | Contract performance |
| To create and manage your account | Contract performance |
| To send you service-related communications (receipts, updates, reminders) | Contract performance / Legitimate interests |
| To send marketing communications and promotions (where you have opted in) | Consent |
| To send SMS messages (appointment reminders, membership updates, offers) | Consent |
| To improve and develop our Site, programs, and services | Legitimate interests |
| To display personalised advertising on third-party platforms | Consent (via cookie preferences) |
| To analyse website usage and measure marketing effectiveness | Consent (via cookie preferences) / Legitimate interests |
| To comply with legal obligations | Legal obligation |
| To protect against fraud and ensure security | Legitimate interests / Legal obligation |
| To resolve disputes and enforce our Terms and Conditions | Legitimate interests / Legal obligation |
Where we rely on legitimate interests as our lawful basis, we have assessed that our interests are not overridden by your privacy rights. You may object to processing based on legitimate interests — see Section 9 for details.
Where we rely on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
4. Data Sharing and Third-Party Processors
4.1 We Do Not Sell Your Personal Data
We do not sell your personal identification information to third parties for their own marketing purposes.
4.2 Sharing for Advertising Purposes (CCPA Notice)
We use advertising tools including the Meta Pixel (Facebook/Instagram) and Google Ads on our website. These tools may share certain data about your website activity with Meta Platforms Inc. and Google LLC for the purposes of delivering targeted advertising. Under the California Consumer Privacy Act (CCPA/CPRA), this may constitute “sharing” personal information for cross-context behavioural advertising. California residents have the right to opt out of this sharing — see Section 9.4.
4.3 Service Providers
We share personal information with trusted third-party service providers who assist us in operating the Service. These providers are authorised to use your information only as necessary to provide services to us and are bound by confidentiality and data protection obligations. Our current service providers include:
| Provider | Purpose | Location |
|---|---|---|
| Stripe / PayPal | Payment processing | United States |
| HubSpot / ActiveCampaign / Mailchimp | CRM and email marketing | United States |
| Zoom / Microsoft Teams / Google Meet | Coaching sessions and webinars | United States |
| Google Analytics | Website analytics | United States |
| Meta (Facebook/Instagram) | Advertising and retargeting | United States |
| Website hosting provider | Site hosting and infrastructure | [Insert location] |
4.4 Legal Disclosure
We may disclose your personal information if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.5 Business Transfers
If we are involved in a merger, acquisition, or sale of all or part of our business, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Site before your information is transferred and becomes subject to a different privacy policy.
5. Cookies and Tracking Technologies
5.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. We also use similar technologies such as pixels, web beacons, and local storage.
5.2 Categories of Cookies We Use
| Category | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Essential for the Site to function (e.g., session management, security). Cannot be disabled. | No |
| Analytics | Help us understand how visitors use the Site (e.g., Google Analytics). Data is aggregated and used to improve our Service. | Yes |
| Functional | Remember your preferences and settings to improve your experience. | Yes |
| Advertising & Targeting | Used by us and our advertising partners (Meta, Google) to deliver relevant ads on other platforms and measure their effectiveness. Includes the Meta Pixel and Google Ads tags. | Yes |
5.3 Managing Your Cookie Preferences
Where required by law — including for users in the UK, Canada, and other jurisdictions with cookie consent requirements — we will request your consent before placing non-essential cookies via a cookie consent banner when you first visit our Site.
You can also manage cookies by:
- Adjusting your browser settings to refuse or delete cookies (note: this may affect Site functionality)
- Opting out of Google Analytics tracking via Google’s opt-out tool
- Managing your Meta ad preferences via Facebook Ad Settings
- Using the opt-out links at the Network Advertising Initiative
6. International Data Transfers
We are based in New Zealand. Because we use service providers located primarily in the United States (including Stripe, PayPal, HubSpot, Mailchimp, ActiveCampaign, Zoom, Google, and Meta), your personal information will be transferred to and processed in countries outside your country of residence.
Where we transfer personal data from the United Kingdom or European Economic Area to countries not recognised as providing an adequate level of protection, we use appropriate safeguards, including Standard Contractual Clauses approved by the UK Information Commissioner’s Office or the European Commission.
Where we transfer personal information from Australia, we take reasonable steps to ensure overseas recipients handle the information in a manner consistent with the Australian Privacy Principles.
Where we transfer personal information from New Zealand, we comply with Information Privacy Principle 12 of the Privacy Act 2020, ensuring equivalent protection is in place before transferring data overseas.
Where we transfer personal information from Canada, we ensure contractual or other means provide comparable protection to that available under PIPEDA.
By using the Service, you acknowledge that your personal information may be transferred internationally as described in this section. To obtain more information about the safeguards we have in place for international transfers, please contact us.
7. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes set out in this policy, and in accordance with applicable legal obligations. The following are our general retention guidelines:
| Data Type | Retention Period |
|---|---|
| Account and membership data | Duration of your account, plus 7 years after closure (for legal and tax compliance) |
| Transaction and billing records | 7 years from the date of transaction (tax and accounting obligations) |
| Marketing preferences and consent records | Until you withdraw consent, plus 3 years thereafter (for compliance records) |
| Support and correspondence records | 3 years from last interaction |
| Website analytics data | 26 months (Google Analytics default retention) |
| Technical logs | 12 months |
When personal information is no longer required, we will securely delete or anonymise it.
8. How We Protect Your Information
We implement appropriate technical and organisational security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Secure access controls and authentication requirements
- Limiting access to personal information to employees and contractors who need it to perform their functions
- Using reputable third-party payment processors (Stripe/PayPal) who maintain PCI-DSS compliance — we do not store full payment card details
- Regular review of our security practices
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
9. Your Privacy Rights
Depending on where you are located, you may have the following rights regarding your personal information. To exercise any of these rights, please contact us via our contact page. We will respond within 30 days (or as required by applicable law).
9.1 Rights Available to All Users
- Right of access: Request a copy of the personal information we hold about you.
- Right to correction: Request that inaccurate or incomplete information be corrected.
- Right to withdraw consent: Where we process your data based on consent (including marketing and SMS communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to opt out of marketing: Unsubscribe from email communications at any time using the unsubscribe link in any email, or by contacting us. For SMS, text STOP to +61 483 953 255.
9.2 Additional Rights for UK and EEA Users (UK GDPR)
If you are located in the United Kingdom or European Economic Area, you also have the right to:
- Erasure (“right to be forgotten”): Request deletion of your personal data where it is no longer necessary, or where you have withdrawn consent and no other lawful basis applies.
- Data portability: Receive a copy of your personal data in a structured, machine-readable format, and request that it be transferred to another controller where technically feasible.
- Restriction of processing: Request that we restrict processing of your data in certain circumstances (e.g., while a dispute is being resolved).
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decision-making: The right not to be subject to a decision based solely on automated processing that produces significant legal effects, and to request human review of such decisions.
- Right to complain: Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have mishandled your personal data.
9.3 Additional Rights for Australian Users
If you are located in Australia, you have the right to access and correct your personal information under the Australian Privacy Act 1988. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are dissatisfied with our handling of your personal information.
9.4 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
- Right to know: Request details about the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we have shared it.
- Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information we hold about you.
- Right to opt out of sharing: We use advertising tools (Meta Pixel, Google Ads) that may constitute “sharing” your personal information for cross-context behavioural advertising under the CPRA. To opt out of this sharing, you may: (a) adjust your cookie preferences via our cookie consent settings; (b) use the opt-out links provided in Section 5.3; or (c) contact us directly.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
- Right to limit use of sensitive personal information: To the extent we collect sensitive personal information as defined by the CPRA, you may request that we limit its use to what is necessary to provide the Service.
To exercise your California rights, please contact us via our contact page. We will verify your identity before processing your request.
9.5 Additional Rights for Canadian Users (PIPEDA and Quebec Law 25)
If you are located in Canada, you have the right to access and correct your personal information under PIPEDA. Quebec residents also have rights under Law 25, including the right to data portability and the right to de-indexing of personal information made publicly available.
You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Note that withdrawal of consent may limit our ability to provide certain services to you.
You may lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca, or with your applicable provincial privacy commissioner.
9.6 Additional Rights for New Zealand Users
If you are located in New Zealand, you have the right to access and request correction of personal information we hold about you under the Privacy Act 2020. You may also lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz.
10. SMS Messaging Programme
We operate an SMS messaging programme through which we may send you appointment reminders, membership updates, responses to your enquiries, and marketing communications. We only send SMS messages where you have provided explicit opt-in consent.
To opt out: Text STOP to +61 483 953 255 at any time. You will receive a confirmation and no further messages will be sent.
For help: Reply HELP, call +64 9 368 1036, or visit our contact page.
Message and data rates may apply. Message frequency varies. Contact your wireless provider for plan details. Carriers are not liable for delayed or undelivered messages.
Canadian users: We comply with Canada’s Anti-Spam Legislation (CASL). We will only send commercial electronic messages to Canadian residents where we have express or implied consent as defined under CASL, and we will always include an unsubscribe mechanism in each message.
Your SMS opt-in data and consent will not be shared with third parties for their own marketing or promotional purposes. This data may be shared with our SMS service providers solely to enable message delivery.
11. Data Breaches
In the event of a data breach that is likely to result in serious harm to affected individuals, we will take prompt action to contain the breach and assess the risk. We will notify relevant regulatory authorities and affected individuals in accordance with applicable law, including:
- New Zealand: Notification to the Privacy Commissioner and affected individuals as soon as practicable under the Privacy Act 2020.
- Australia: Notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals under the Notifiable Data Breaches scheme.
- United Kingdom: Notification to the Information Commissioner’s Office (ICO) within 72 hours where feasible, and to affected individuals where there is high risk to their rights and freedoms.
- Canada: Notification to the Office of the Privacy Commissioner and affected individuals as soon as feasible under PIPEDA.
- United States: Notification to affected individuals and relevant state authorities within the timeframes required by applicable state law.
12. Children’s Privacy
The Service is intended for business owners and professionals and is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will promptly delete it.
13. Third-Party Links
Our Site may contain links to third-party websites or services. This Privacy Policy applies only to our Service. We have no control over and are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make a material change, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or by a notice on our Site.
We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acknowledgement of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:
The Professional Builder
Rossi Enterprises Limited
Level 5, 393 Khyber Pass Road
Newmarket, Auckland
New Zealand
Phone: +64 9 368 1036
Contact form: https://theprofessionalbuilder.com/contact
We aim to respond to all privacy-related enquiries within 30 days.
This Privacy Policy was last updated on 22 April 2026.
