Personal Information is information relating to an individual that can be used to identify an individual or which is linked to an identified individual.
SECTION 1 – what information do we collect from you?
When you purchase a product from our site, as part of the buying and selling process, we collect the following Personal Information from you:
your name, date of birth, email address, delivery address, and phone number
billing information, credit card number.
When you create an account we collect your name, email address, delivery address and phone number. If you sign up to our Client Loyalty Programme we collect your name, email address, phone number, gender, and date of birth. In each case you must also set a password.
There may also be other voluntary information that we ask for when completing the forms to create an account, join the Client Loyalty Programme, place an order for products, sign up to be a product tester and sign up to receive marketing materials.
This information is used for communicating with you and responding to your requests, to enable us to provide our products to you, and to arrange for the delivery of our products to you.
When you browse our store, we also automatically receive certain information including “cookies” and your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Providing your Personal Information to us is voluntary. However, if the Personal Information we request is not provided to us, we may not be able to supply the products ordered to you, provide the exclusive benefits of our Client Loyalty Programme or create an account for you.
SECTION 2 – how do we collect your personal information?
We collect your Personal Information when you provide it to us, such as when you sign up for an account, the Client Loyalty Programme or to receive marketing communications, when you make an enquiry with us, when you add items to your online cart, and when you confirm a product order. We also collect your Personal Information through your use of our website, and as otherwise permitted by the New Zealand Privacy Act 1993 (Privacy Act).
We also use social media services such as Facebook, Twitter, Instagram, Pinterest and Google Plus. These services may be linked to our website through the use of social media buttons. Your use of these third party services is entirely optional. We may collect and use any information that you make public when you use any such third party social media service for the purposes of our business. All such third party services are governed by the privacy policies and/or practices of those services providers, for which we are not responsible. If you do not wish to provide your Personal Information to any of those third parties, or make information publically available, you should not use their particular service.
SECTION 3 - how do we obtain your CONSENT?
When you provide us with Personal Information in the course of using our website, such as to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you are consenting to our collecting it and using it for that reason.
If we ask for your Personal Information for a secondary reason, such as to send you marketing communications, we will either ask you directly for your express consent, or, if obtaining your express consent is not required by any relevant law, provide you with an opportunity to say no.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you by contacting us at hello@henrysskincare(dot)com. You may also opt out of marketing emails by using the unsubscribe functionality within those emails.
SECTION 4 – how do we use your personal information?
We collect, use and disclose your Personal Information only where we have a legal basis to do so. We will collect, use and disclose your Personal Information where it is necessary to fulfil your order, including for the purposes of confirming your order, delivering the products ordered to you, and responding to returns or any queries in relation to your order.
If you have provided your consent in accordance with the relevant law or if consent is not required by any relevant law, we will collect, use and disclose your Personal Information for the purposes of sending you marketing material (such as newsletters and promotions) or to advertise our products to you on third party websites such as Facebook.
We will collect, use and disclose your Personal Information where it is necessary for the purposes of our legitimate interests in:
administering your account (if you create one), and any participation in our Loyalty Programme, including providing you with information in relation to your account or Client Loyalty Programme participation.
conducting our business, including managing and analysing our customer data and improving your experience on our website.
undertaking customer surveys
SECTION 5 – Shopify
Our website is hosted on Shopify which is provided by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products to you.
Your Personal Information collected through this website is disclosed to Shopify and stored in Shopify’s data storage, databases and the general Shopify application. They store your Personal Information in compliance with industry standards.
Shopify also collects your Personal Information for the purposes set out in their Privacy Statement. You can view their Privacy Statement here: https://www.shopify.com/legal/privacy. In summary, this information is collected when you access our online store, place a product order, or sign up for an account with us. Personal Information collected by Shopify is used to provide us with their e-commerce services, such as processing orders, authenticating and processing payments, screening for fraudulent transactions, improving the services Shopify offers and, if you have opted in to Shopify Pay, to pre-fill your checkout information and to offer you customised advertising.
Shopify may also share your Personal Information with third parties where it is necessary to prevent or take action against illegal activity, where you have violated Shopify’s Terms of Service, where it is necessary to comply with any legal obligations, or where we have authorised the transfer of your Personal Information to other third parties (such as payment gateways). For full details, please review the Shopify Privacy Statement here: https://www.shopify.com/legal/privacy.
For more insight, you may also want to read Shopify’s Terms of Service found here https://www.shopify.com/legal/terms.
SECTION 6 – OTHER THIRD PARTY SERVICES
We use other third-party service providers to facilitate your payment for an order, to deliver the products you order to you and to send many of our marketing communications.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
These third parties may be based outside of New Zealand and Australia and may be based in countries without privacy laws as comprehensive as in your country of residence. If you are resident within the EU, these countries may not have an adequacy decision made in relation to them by the European Commission.
If you elect to proceed with a transaction using our online store and this website, then your Personal Information may become subject to the laws of the jurisdiction(s) in which the third party or its facilities are located.
We will not authorise any of these other third parties to use your Personal Information for their own purposes, except where it is necessary for the third party to enforce its legal rights, or to comply with its legal obligations.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your Personal Information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. If you choose a direct payment gateway to complete your purchase, then your credit card data is stored only with the third party payment gateway. It is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 – Disclosure to third parties
In addition to our disclosures made to third party services providers in the course of our business with you, we may also disclose your Personal Information for the following purposes:
To enforce our Terms of Service
Where required by law such as to comply with a subpoena or similar legal process
When we believe on reasonable grounds that disclosure is necessary to protect our property, legal rights, your safety or the safety of others
In order for us, or other authorised agencies (such as credit card and payment facility providers) to detect, investigate, prevent or address fraud, security or technical issues
To respond to a government request to which we are obliged by law to respond, or where the Privacy Act permits us to respond
To carry out the matters described in the section below, headed How Do We Manage Your Personal Information?
To any third party with your prior consent.
SECTION 8 – how do we manage your personal information?
We will retain your Personal Information for the duration of your relationship with us (including where you hold an active account with us), as needed to provide you with our products (including where you have consented to receiving marketing communications), or to meet any legal obligations we may have to retain your Personal Information. We will not hold your Personal Information for longer than is reasonably required for the lawful purpose for which the information was collected.
If you wish to cancel your account, request that we delete your Personal Information, request that we no longer use your information to provide you with marketing communications, or withdraw your consent to use your Personal Information, please contact us at info@henrysskincare(dot)com. We will only retain Personal Information is such a case as is necessary to comply with our legal obligations, resolve disputes, or enforce our Terms of Service.
SECTION 9 – SECURITY and cookies
To protect your Personal Information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
SECTION 10 - AGE OF CONSENT
By using this website, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this website.
If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 12 – ACCESS TO YOUR PERSONAL INFORMATION
You have the ability to seek access to your Personal Information and to ask for it to be corrected if you think it is wrong. If you would like to access, correct, amend or delete any Personal Information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org If you contact us to access or change your Personal Information, we may ask you to verify your identity and specify what Personal Information you require access to.
Where a dispute arises between you and us, you are able to contact the New Zealand Office of the Privacy Commissioner at http://www.privacy.co.nz.
For EU residents where GDPR applies, you have the right to restrict processing, to object to processing, and of data portability as set out in the GDPR. You may also lodge a complaint with the relevant GDPR supervisory authority.