Principle 1 – Purpose of Collecting Personal Data
An organisation should only gather personal data when it has a lawful reason that directly relates to its functions or services, and only if that data is genuinely needed. This principle is about limiting the amount of information collected.
When requesting details from individuals, always question the purpose. Do not ask for identifiers such as names or phone numbers unless they are strictly necessary. If the information is not essential to fulfilling your organisation’s activities, it should not be collected.
Principle 2 – How We Protect Your Personal Information
1. Website Security
- Our website may include links to external sites that we do not control.
- Sharing information online always carries some risk.
- We take reasonable steps to keep our website hosting and operations secure.
- You should also take precautions, such as:
- Ensuring you are on a secure server.
- Looking for the padlock or unbroken key icon in your browser.
- Checking that the website address begins with https (not just http).
2. Credit Card Protection
- We comply with the Payment Card Industry Data Security Standard (PCI DSS), which applies to organisations handling payment card data.
- This ensures secure processing whenever we store or handle credit/debit card details.
- Customers should still remain cautious when shopping online.
- Never provide card details via email or through our website’s contact form, as these methods are not encrypted.
3. Safeguarding Personal Information
We protect your personal data from misuse, loss, or unauthorised access by:
- Securing our offices, records, and databases.
- Using technical measures such as passwords, backups, and anti-virus protection.
- Training staff and enforcing internal security policies.
- Keeping your personal details accurate and up to date.
- Destroying or de-identifying personal information once it is no longer needed.
4. Data Storage
- Personal data is kept only as long as it is required for business purposes or by law.
- Most information is stored in electronic databases, sometimes managed by third-party providers.
- In some cases, hard copies are stored in physical facilities.
- When data is no longer needed, it is securely destroyed or de-identified.
Principle 3 – Cookies and Related Technologies
- We use cookies and similar tools to gather information about how you interact with our website so we can provide a better, more personalised shopping experience.
- Cookies are small files stored on your device that allow our site to recognise your browser or device. We use both:
- Session cookies – which expire once you close your browser.
- Persistent cookies – which stay on your device until you delete them.
- These cookies collect details such as your device’s IP address and track browsing behaviour (like the pages you visit). In certain cases, the data collected through cookies may be linked with other information that identifies you as the user.
Principle 4 – Changes to Our Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be posted on this page with the revised effective date.
We encourage you to review this policy regularly so that you remain informed about how we protect your personal information. Continued use of our services after any changes indicates your acceptance of the updated policy.
Principle 5 – Manner of Collection
Manner of collection states that personal information must be collected in a way that is lawful and seen as fair and reasonable in the circumstances.
What is fair depends a lot on the circumstances like the individual concerned (age and capacity) and the natural sensitivity of the information. Note that threatening, coercive, or misleading behaviour when collecting information from an individual could well be considered unfair.
If you break the law when collecting information, then you have collected information unlawfully.
What is fair also depends on the circumstances, such as the purpose for collection, the degree to which the collection intrudes on privacy, and the time and place it was collected.
You need to take particular care when collecting information from children and young people. It may not be fair to collect information from children in the same manner as you would from an adult. You may need to take special care with the information of young people to address any power imbalance, and to obtain their genuine consent for the collection (or the authorisation) of their family/whānau.