Last Updated 8 July 2023
We respect your right to privacy and are committed to safeguarding the privacy and data security of our customers and website visitors. We adhere to the New Zealand Privacy Act 2020 and where required by law, the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act.
What kind of information do we collect?
We collect information related to your orders, including the products you purchase, the quantities, pricing details, shipping address, and any special instructions or preferences you provide. This information is necessary to fulfill your orders, communicate with you regarding your purchases, and provide customer support.
When you visit our Site, we automatically collect certain information about your device, that may include information about your IP address, time zone, location, device type and model and/or some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or services that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
Social Media Platforms and Testimonials
We may collect and use personal information shared on social media platforms for the purpose of client testimonials. Your testimonial or review may include personal information such as your first name, initials, or general geographic location. However, we are committed to protecting your privacy, and we will take reasonable steps to ensure that any personal information shared in testimonials or reviews is anonymised or used with your explicit consent.
Do not track
Please note that we do not alter our data collection and usage practices when we detect a do not track signal.
How do we collect your information?
You directly provide us with almost all the information that will collect except for device information and cookies. We collect information from you in many ways including when you:
a) Enquire with any of our Services;
b) Sign up to our newsletters;
c) Interact with our Platforms
d) Make an order with us;
e) Purchase our Services;
f) Enquire about our Services;
g) Provide testimonials or feedback;
h) Use or view our Site.
How do we use your information?
We use the order information that we collect to fulfil any orders placed through our Site, including processing your payment information, arranging for shipping, and providing you with invoices and order confirmations.
Additionally, we use this order information to communicate with you, screen our orders for potential risk or fraud and when in line with the preferences you have shared with us, provide you with information or advertising relating to our Services.
We use device information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site. For example, by generating analytics about how our customers browse and interact with the Site and emails, to better understand our customers’ interests and site usage patterns and what type of content may help to encourage those visits.
We will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose. If we need to use your information for an unrelated purpose, we will seek your consent.
We take appropriate measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. We implement industry-standard security practices and regularly review our systems to ensure your data is securely stored.
Please note that the transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of data transmitted to our website or through electronic communication channels. Any transmission is at your own risk.
Disclosure of your information
We may disclose your personal information to third-party service providers who assist us in operating our business and providing our services, such as payment processors and IT support providers. These service providers are authorised to use your personal information only as necessary to provide their respective services to us.
We may also disclose your information if required to do so by law.
Email Newsletters and Text Newsletter Updates
By subscribing to our email newsletters and text newsletter updates, you consent to receive periodic communications from us regarding our latest products, promotions, news, and other relevant information. We may use the information you provide during the subscription process to personalise and tailor these communications to your preferences. With text newsletters we track clicks to find out which links in the newsletter were clicked on.
If you no longer wish to receive these communications, you may opt out of receiving this information by contracting us via email or by following the unsubscribe instructions at the bottom of the emails sent to you. All emails sent contain a link to unsubscribe or to modify your profile. You may unsubscribe to any newsletter at any time or modify your profile. Opting out of these communications will not affect transactional emails related to your purchases or other important notifications.
If you have voluntarily provided a testimonial or review on our social media platforms, you understand and agree that your testimonial or review may be used for promotional or marketing purposes on our website, social media platforms, advertisements, or any other promotional materials. We may use your testimonial or review in its entirety or in part, and we reserve the right to edit or modify it for clarity, length, or any other necessary purpose.
You retain the right to withdraw your consent for the use of your testimonial or review at any time. To do so, please contact us at email@example.com. We will promptly remove or anonymise your testimonial or review from our promotional materials, as applicable.
How do we store your data?
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
To keep your personal data secure, we have chosen a secure web hosting service, Rocketspark.com which is SSL certificate encrypted.
We also store personal information (except credit card information which is encrypted) on our local secure networks, all of which are password protected.
When you make a purchase on our website, we do not store or retain complete credit card information, such as credit card numbers, expiration dates, or CVV codes. Instead, we rely on the secure payment processing services of our trusted third-party payment processor, Stripe.
Please note that while we do not store credit card information, we may retain certain transaction details provided by Stripe, such as the transaction amount, date, and confirmation status, for accounting, record-keeping, and customer service purposes. These stored transaction details do not include sensitive credit card information.
We retain order-related information, including purchase history, shipping details, and customer preferences, for a reasonable period necessary to fulfil your orders, handle returns or exchanges, and provide after-sales support.
We retain device information, such as IP addresses and technical identifiers, for a limited period to analyse website performance, improve our services, and ensure the security of our website against unauthorized access or fraudulent activities.
If you have subscribed to our email newsletters or text newsletter updates, we will retain your contact information until you choose to unsubscribe or request removal from our mailing list. Upon unsubscribing, we will promptly remove your information from our active subscriber list.
We retain any other relevant personal information you provide to us as long as necessary to fulfil the purposes for which it was collected, address any inquiries or requests, and comply with legal obligations.
Maintaining data quality and accuracy
It is important to us to maintain the quality of the personal information that we hold. We take reasonable steps to make sure that your personal information is accurate, complete and up-to-date.
If you find that your personal information held by us is not up to date or is inaccurate, please advise us and we will amend it, where appropriate.
Third Party Links
Our Site may contain links to other websites of interest. Once you have used these links to leave our Site, you should note that we do not have any control over that other website. We are not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our Site, to read the privacy statements of each website that collects personal identifiable information.
We take the security of your personal information seriously and have implemented reasonable measures to protect it from unauthorised access, loss, or disclosure. However, in the event of a data breach that compromises the security of your personal information, we will take immediate action to mitigate the impact and comply with applicable laws and regulations.
In the unfortunate event of a data breach, we will:
Promptly assess the extent of the breach: We will conduct a thorough investigation to determine the scope and nature of the breach, identifying the affected systems, data types, and the potential risk to individuals.
Notify affected individuals: If we determine that the data breach poses a significant risk of harm to your rights and freedoms, we will notify you promptly, providing clear and transparent information about the breach, the potential consequences, and the actions you can take to mitigate any potential risks.
Engage relevant authorities: If required by applicable laws and regulations, we will report the data breach to the appropriate supervisory authorities and cooperate fully in their investigations.
Take necessary steps to secure and remedy the breach: We will take immediate action to contain the breach, prevent further unauthorised access, and restore the security and integrity of our systems. This may include, but is not limited to, implementing additional security measures, conducting forensic analysis, and cooperating with law enforcement agencies.
Provide support and assistance: In the event of a data breach, we are committed to providing support and assistance to affected individuals. This may include guidance on steps to protect your personal information, information about available resources for identity theft protection, and any other relevant support measures to help mitigate the impact of the breach.
If you suspect or become aware of any unauthorised access, loss, or disclosure of your personal information, please contact us immediately using the provided contact details.
Please note that while we implement reasonable security measures, no method of data transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.
By using our website and providing your personal information, you acknowledge and understand the inherent risks associated with data transmission over the internet and agree that we are not liable for any unauthorised access, loss, or disclosure of your personal information beyond our reasonable control.
You have the right to access personal information we hold about you and ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
We note that we are processing your information to provide our Services to you, or otherwise to pursue our legitimate business interests listed above.
We would like to make sure you are fully aware of all your data protection rights.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion or removal of their personal data when certain conditions are met, such as when the data is no longer necessary, consent is withdrawn, or processing is based on legitimate interests.
Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction. You can do so by contacting us using the information provided at the end of this policy.
The right to erasure: You have the right to request us to restrict the processing of your personal data, under certain conditions.
The right to data portability: You have the right to request us to transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Right to Information and Access: You have the right to be informed about the collection, use, and processing of your personal data. You also have the right to request access to the personal data we hold about you. We may charge you a small fee for this service.
Right to Restriction of Processing: Under certain circumstances, you have the right to request the restriction of the processing of your personal data. If you would like to exercise this right, please contact us using the information provided at the end of this policy.
Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. If you wish to exercise this right or request the transfer of your data to another organisation, please contact us using the information provided at the end of this policy.
Right not to be Subject to Automated Decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, if these decisions significantly affect them. Some exceptions apply, such as when the decision is necessary for a contract or authorised by law.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. If you wish to object to the processing of your data, please contact us using the information provided at the end of this policy.
Right to Lodge a Complaint: If you believe that your privacy rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority, such as the data protection authority in your country or the Office of the Privacy Commissioner in New Zealand.
If you make a request, we have 30 days to respond to you. If you would like to exercise these rights, please contact us, using the details below.
How to contact us