Section 1 – what information do we collect from you?
When you purchase something from our store, as part of the buying and selling process, we collect the following Personal Information from you:
- Your name, date of birth, email address, delivery address, and phone number.
- Billing information, credit card number and whether you are a participant in our Loyalty Programme
- Products purchased
When you create an account we collect your name, email address, delivery address and phone number. If you sign up to our Loyalty Programme we collect your name, email address, phone number, and date of birth. In each case you must also set a password.
There may also be other voluntary information that we ask for when completing the forms to create an account, an order for products, sign up to be a product tester and sign up to receive marketing materials.
This information is used for communicating with you and responding to your requests, to enable us to provide our products to you, and to arrange for the delivery of our products to you. If the Personal Information we request is not provided to us, we may not be able to supply the products ordered to you or create an account for you.
When you browse our store, we also automatically receive certain information including “cookies” and your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Section 2 – how do we collect your personal information?
We collect your Personal Information when you provide it to us, such as when you sign up for an account, the Loyalty Programme or to receive marketing communications, when you make an enquiry with us, when you add items to your online cart, and when you confirm a product order. We also collect your Personal Information through your use of our website, and as otherwise permitted by the New Zealand Privacy Act 1993 (Privacy Act).
We also use social media services such as Facebook, Instagram, Twitter, Pinterest, Tik Tok, Snapchat and Google Plus. These services may be linked to our website through the use of social media buttons. Your use of these third party services is entirely optional. We may collect and use any information that you make public when you use any such third party social media service for the purposes of our business. All such third party services are governed by the privacy policies and/or practices of those services providers, for which we are not responsible. If you do not wish to provide your Personal Information to any of those third parties, or make information publicly available, you should not use their particular service.
Section 3 - how do we obtain your consent?
When you provide us with Personal Information in the course of using our website, such as to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you are consenting to our collecting it and using it for that reason.
If we ask for your Personal Information for a secondary reason, such as to send you marketing communications, we will either ask you directly for your express consent, or, if obtaining your express consent is not required by any relevant law, provide you with an opportunity to say no.
You may opt out of marketing emails by using the unsubscribe functionality within those emails.
Section 4 – how do we use your personal information?
We collect, use and disclose your Personal Information only where we have a legal basis to do so. We will collect, use and disclose your Personal Information where it is necessary to fulfil your order, including for the purposes of confirming your order, delivering the products ordered to you, and responding to returns or any queries in relation to your order.
If you have provided your consent in accordance with the relevant law or if consent is not required by any relevant law, we will collect, use and disclose your Personal Information for the purposes of sending you marketing material (such as newsletters and promotions) or to advertise our products to you on third party websites such as Instagram or Google. We will collect, use and disclose your Personal Information where it is necessary for the purposes of our legitimate interests in:
- Administering your account (if you create one), and any participation in our Loyalty Programme, including providing you with information in relation to your account or Loyalty Programme participation.
- Communicating with you if you sign up to be a product tester.
- Conducting our business, including managing, and analysing our customer data and improving your experience on our website.
- Undertaking customer surveys.
We will collect, use and disclose your Personal Information where it is necessary for us to comply with our legal obligations or if you violate our Terms of Service.
We may collect, use and disclose your Personal Information for any of the above purposes, in any circumstances authorised by the Privacy Act, or in any other manner with your consent.
Section 5 – Shopify
Our store is hosted on Shopify which is provided by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products to you.
Your Personal Information collected through this website is disclosed to Shopify and stored in Shopify’s data storage, databases and the general Shopify application. They store your Personal Information in compliance with industry standards.
Shopify also collects your Personal Information for the purposes set out in their Privacy Statement. You can view their Privacy Statement here: https://www.shopify.com/legal/privacy. In summary, this information is collected when you access our online store, place a product order, or sign up for an account with us. Personal Information collected by Shopify is used to provide us with their e-commerce services, such as processing orders, authenticating and processing payments, screening for fraudulent transactions, improving the services Shopify offers and, if you have opted in to Shopify Pay, to pre-fill your checkout information and to offer you customised advertising.
Shopify may also share your Personal Information with third parties where it is necessary to prevent or take action against illegal activity, where you have violated Shopify’s Terms of Service, where it is necessary to comply with any legal obligations, or where we have authorised the transfer of your Personal Information to other third parties (such as payment gateways). For full details, please review the Shopify Privacy Statement here:
https://www.shopify.com/legal/privacy. For more insight, you may also want to read Shopify’s Terms of Service found here https://www.shopify.com/legal/terms.
Section 6 – Other third party services
We use other third-party service providers to facilitate your payment for an order, to deliver the products you order to you and to send many of our marketing communications.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
These third parties may be based outside of New Zealand and may be based in countries without privacy laws as comprehensive as in your country of residence. If you are resident within the EU, these countries may not have an adequacy decision made in relation to them by the European Commission.
If you elect to proceed with a transaction using our online store and this website, then your Personal Information may become subject to the laws of the jurisdiction(s) in which the third party or its facilities are located.
We will not authorise any of these other third parties to use your Personal Information for their own purposes, except where it is necessary for the third party to enforce its legal rights, or to comply with its legal obligations.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your Personal Information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
If you choose a direct payment gateway to complete your purchase, then your credit card data is stored only with the third party payment gateway. It is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Section 7 – Disclosure to third parties
In addition to our disclosures made to third party services providers in the course of our business with you, we may also disclose your Personal Information for the following purposes:
- To enforce our Terms of Service.
- Where required by law such as to comply with a subpoena or similar legal process.
- When we believe on reasonable grounds that disclosure is necessary to protect our property, legal rights, your safety or the safety of others.
- In order for us, or other authorised agencies (such as credit card and payment facility providers) to detect, investigate, prevent or address fraud, security or technical issues.
- To respond to a government request to which we are obliged by law to respond, or where the Privacy Act permits us to respond.
- To carry out the matters described in the section below, headed How Do We Manage Your Personal Information?
- To any third party with your prior consent.
Section 8 – How do we manage your personal information?
We will retain your Personal Information for the duration of your relationship with us (including where you hold an active account with us), as needed to provide you with our products (including where you have consented to receiving marketing communications), or to meet any legal obligations we may have to retain your Personal Information. We will not hold your Personal Information for longer than is reasonably required for the lawful purpose for which the information was collected.
If you wish to cancel your account, request that we delete your Personal Information, request that we no longer use your information to provide you with marketing communications, or withdraw your consent to use your Personal Information, please contact us at firstname.lastname@example.org. We will only retain Personal Information is such a case as is necessary to comply with our legal obligations, resolve disputes, or enforce our Terms of Service.
Section 9 – Security and cookies
To protect your Personal Information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
- Google Analytics
- Shopify Cookies
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Section 10 – Age of consent
By using this website, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this website.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Section 12 – Access to your personal information
You have the ability to seek access to your Personal Information and to ask for it to be corrected if you think it is wrong. If you would like to access, correct, amend or delete any Personal Information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com
If you contact us to access or change your Personal Information, we may ask you to verify your identity and specify what Personal Information you require access to.
Where a dispute arises between you and us, you are able to contact the New Zealand Office of the Privacy Commissioner at http://www.privacy.co.nz.
Where GDPR applies, you have the right to restrict processing, to object to processing, and of data portability as set out in the GDPR. You may also lodge a complaint with the relevant GDPR supervisory authority.