In this policy we refer to Glaamp as "we", "us", "our" or "Group".
By using our website, mobile site, apps or services, participating in our database, promotions, or interacting with our Customer Service, you acknowledge that your personal information will be treated as described in this policy.
This policy explains the following:
- Personal information
- Types of personal information we collect
- Collection of personal information
- If we are not able to collect personal information
- Use of personal information
- Use of personal information for Marketing
- Disclousure of personal information
- Disclousure of personal information outside of New Zealand
- Protection of personal informtation
- Right to access or correct your personal information
- Complaints about a breach of privacy
1. PERSONAL INFORMATION
In this policy, "personal information" means the same as it does in the Privacy Act 2020 ("Privacy Act"). In general terms, this includes any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, address, contact details (including phone numbers and email addresses), images of you, your biometric data and financial information, including your payment information. If the information we collect personally identifies you, or you are reasonably identifiable from it (for example, if we combine seemingly anonymous data with other personal information we hold about you), then the information is considered personal information.
2. TYPES OF PERSONAL INFORMATION WE COLLECT
We may collect the following types of personal information:
Mailing or street address,
Age or birth date,
Profession, occupation or job title,
Proof of identity, such as a driver’s licence number
Personal information that is available through social media
Details of the products and services you have purchased from us (including payment information and tokenised card data) or which you have enquired about or showed interest in, together with any additional information necessary to deliver those products and services and to respond to your enquiries
Any additional personal information that you provide to us directly or indirectly through our websites, apps or through our representatives, through use of our services or otherwise; and
Information you provide to us through our customer contact centre or customer surveys, or that is publicly available.
3. COLLECTION OF PERSONAL INFORMATION
We do this in a variety of ways, including when you:
- Purchase products or services from us
- Access and use our websites, apps and communications, including registration details and information relating to your use of the website and the services, such as the content you access (for example, we collect data relating to the products you have viewed, or the search queries you input, and whether you have opened emails or other communications we have sent you)
- Interact with us through live chat on our websites
- Interact with us through any of our loyalty programmes
- Call, email or interact with our Customer Service Representatives, whether in store or at our Contact Centres, for example, when you return goods to us or when you collect goods under our click and collect service
- Complete an application for a product or service
- Enter promotions that we run or facilitate
- Interact with us on social media
You acknowledge and authorise us to also collect personal information about you from publicly available sources and third parties, including:
- Third party companies such as other retailers (for the purpose of preventing criminal behaviour),
- Mailing lists
- Contractors and business partners
- Suppliers or manufacturers
In some cases, we may purchase second party data from any of the categories of third parties listed above. Where we do so, we seek appropriate warranties from those third parties that they have the necessary consents and authorisations to sell and disclose any personal information contained in those datasets to us for our own business purposes. Any personal information we collect from third parties for the purposes identified in this policy may be combined with other information we hold about you,
4. IF WE ARE NOT ABLE TO COLLECT PERSONAL INFORMATION
If you choose not to provide us with the personal information described within this policy, then:
We may not be able to provide you with the product or services you have requested, either to the same standard or at all
We may not be able to provide you with information about products or services that you may want, including information about discounts, sales or special promotions
We may not be able to tailor our content, website and communications for your preferences
5. USE OF PERSONAL INFORMATION
The primary purpose for which we collect information about you is to enable us to perform our business activities and to provide the best possible customer service.
We collect, hold, use and disclose your personal information for the following purposes:
To provide products and services to you
To provide you with information or advice about existing and new products and services
To manage product or service warranties or guarantees, including product or safety recalls
To communicate with you and process your requests, including to interact with you via social media
To manage and enhance our products and services
To provide you with, operate and manage our loyalty programmes
To personalise and customise your experience with us and the other businesses within Glaamp and to tailor how we market our products and services to you based on your purchase history and shopping preferences
To provide you with access to secure areas of our websites, apps or notices about updates to the functionality of our websites
To conduct competitions or promotions, either ourselves or on behalf of selected third parties
To verify your identity and/or enable you to create and use a payment identity (e.g. through the use of digital wallets)
To provide to third parties if you have authorised us to do so
To conduct analysis and insights across our Group businesses,
To conduct business processing functions for the operation of our websites or our business, for our administrative, marketing, promotional, planning, product/service development, quality control and research purposes, or those of our contractors or external service providers
To create aggregated and anonymised datasets of customer derived information for commercial purposes
To investigate if we have reason to suspect a breach of any of our terms and conditions or any suspected unlawful activity
To help prevent fraud and unlawful activity
To link previous actions that you have taken on our websites or in our stores with historic data that we have collected but have not been able to identify as yours. For example, tokenised payment card data and device identification data
As otherwise required or permitted by any law (including the Privacy Act)
Your personal information will be held for us in the data centres, platforms and systems of our third-party service providers, some of which may be located outside of New Zealand.
Your personal information will not be shared, sold, rented or disclosed other than as described within this policy or as required or permitted by any law (including the Privacy Act).
To recognise your computer or device and greet you each time you visit our websites, without bothering you with a request to register or log-in
To keep track of products or services you view, so that we can send you, directly or through third parties, news about those products or services or other similar or related products or services from across the Group that we think you may be interested in
To measure traffic patterns, to determine which areas of our websites have been visited, and to measure transaction patterns in the aggregate
To research our users' habits so that we can improve our products and services
To operate our websites efficiently with a high level of functionality
To measure the effectiveness of our marketing initiatives
To learn about your preferences so that we can present you with web content and advertising that is relevant to you
To measure the number of advertising referrals we have received to our websites from other websites
To produce data on web traffic and customer web activity through our website or apps
7. USE OF PERSONAL INFORMATION FOR MARKETING
We use personal information to provide you with information or advice about our existing and new products and services or those of other Glaamp businesses. We also use it to conduct promotions on our own behalf and on behalf of selected third parties.
If at any stage, you no longer wish to receive these marketing communications you may unsubscribe by using the link in any promotional email, logging into your account and changing your preferences or contacting us at email@example.com
Please note that if you unsubscribe from any of our marketing databases, you may still receive important product and service-related communications from us.
We will not collect usage data or target advertisements based on the following market categories:
Membership of a political association
Religious beliefs or affiliations
Membership of a trade union
Sexual preferences or practice
We will not create categories designed to target children under the age of 18 years (however, this does not prevent us from marketing children's products to a general audience).
Third party advertisers may purchase advertising products from us that enable them to target particular types of users of our network, for advertisements served both on our network and also on third party websites.
We will not provide any personal information to an advertiser or any other third party without your express consent or in accordance with this policy. However, we reserve the right to collate, provide and sell aggregated and anonymised datasets from customer derived information to third parties for their own commercial purposes, provided that the data contained in those datasets does not specifically identify you or any other individual. Although we take all reasonable steps to ensure these datasets do not identify any individual, including requiring recipients to comply with all applicable laws in relation to their use of any dataset, we cannot guarantee that a third party will not try to combine the data contained in these datasets with other information that the third party may hold about individuals in an attempt to identify an individual.
If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please contact us at firstname.lastname@example.org.
If you are using one of our mobile applications and you have notifications turned on, you are agreeing to accept notifications from us even when the mobile application is not running. Your notification preferences can be configured in the application's settings.
9. DISCLOSURE OF PERSONAL INFORMATION
We may share your personal information across businesses within Glaamp:
For the operation of our websites and our business
For the specific purpose of fulfilling requests by you
To provide products and services to you
To undertake customer analytics and insights to better understand our joint customer base, to tailor marketing material and campaigns, to undertake and perform remarketing across our retail brands and paid media platforms, and to develop aggregated and anonymised customer datasets to supply and/or sell to third parties;
- Where we are permitted to under the Privacy Act
- As otherwise detailed in this policy
Where we engage third parties to undertake services for us or on our behalf, we may provide those third parties with some of your personal information if it is required to fulfil those services and only to the extent required to fulfil those services. Examples of such third party providers may include, but is not limited to:
Service providers such as web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, photographic analysers, data entry service providers, electronic network administrators, debt collectors, and professional advisers such as accountants, solicitors, business advisors and consultants
Software providers such as customer relationship management and accounting software
Suppliers, business partners or joint venture entities or partners who we engage or partner with to perform certain services or functions on our behalf
Sponsors, or promoters of any competition that you have entered into that we conduct or promote
Specific third parties authorised by you to receive information held by us
We may also disclose your personal information to manufacturers or suppliers of products or services for product warranty or guarantee fulfilment purposes, to facilitate repair of a product or where the manufacturer or supplier has advised that they need to contact you for any issues related to the quality or safety of the product or service you have purchased.
Where we transfer personal information outside of Glaamp, we contractually require any third party to take reasonable steps to protect your information against unauthorised use or disclosure in accordance with the requirements of the Privacy Act. In some cases these third party service providers may be located overseas, for example we store personal information in secure servers based in Australia.
In addition to the above, we disclose personal information to facilitate court proceedings; enforce or apply our terms and conditions; or protect our or your rights, property, or safety and the rights, property and safety of our users, or others, and where we reasonably believe that disclosure is necessary. Government agencies with statutory roles enabling them to request data from us include the Police, Inland Revenue and the Ministry of Business, Innovation and Employment.
10. DISCLOSURE OF PERSONAL INFORMATION OUTSIDE OF NEW ZEALAND
If we disclose personal information to a third party outside of New Zealand for any of the purposes listed above, and that third party uses the personal information for their own purposes, we will ensure that third party is subject to privacy laws that are comparable to the Privacy Act or is otherwise required to protect the personal information in a way that provides comparable safeguards to those in the Privacy Act.
11. PROTECTION OF PERSONAL INFORMATION
We take reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access or modification. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
12. RIGHT TO ACCESS OR CORRECT YOUR PERSONAL INFORMATION
You may request access to any personal information we hold about you at any time by contacting us at email@example.com.
Your request will be processed in accordance with the Privacy Act.
If you make an access request, we will ask you to verify your identity. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it breaches legal professional privilege. If that happens, in most circumstances we will give you written reasons for any refusal.
We may charge a reasonable fee for making your personal information available to you or providing you with copies of it.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may ask us to amend it. We will consider if the information requires amendment and will not charge for making any amendments. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it. Registered users of our websites and apps can access and update their user details online. We request that you keep your information as current as possible so that we have the most accurate and up to date information available to us.
13. COMPLAINTS ABOUT A BREACH OF PRIVACY
If you believe that we have breached this policy or the Privacy Act or you have any questions or concerns about this policy, please contact us using the contact information below and provide details of the incident so that we can investigate it.
We have a formal procedure for investigating and dealing with complaints. Once the Privacy Officer receives a complaint the Privacy Officer will commence an investigation with the relevant business unit. The investigator will endeavour to determine the nature of any breach and how it occurred.
We may contact you during the process to seek further clarification if necessary. If a breach is found, the Privacy Officer will escalate the matter to management so that the process can be rectified to help prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation. We will endeavour to resolve all investigations within a reasonable time.
We will treat your requests or complaints confidentially.
You can contact our Privacy Officer by email at firstname.lastname@example.org