Purpose & Scope
These guidelines seek to ensure that personal information managed by Villa Maria is handled in a way that is legally compliant, ethical and adheres to industry best practice.
Personal information is any information about an identifiable individual. For the purpose of these guidelines, “the Company”, “we”, “our”, or “us” means the New Zealand privately owned company; Villa Maria Estate Limited and extends to include any related entities.
Where local legislation, regulations or governing authorities differ in the application and or interpretation of privacy requirements when capturing personal information, those rulings shall supersede those set out in these guidelines. Villa Maria will update these guidelines when our information handling practices change, or when required. Any revised guidelines will take effect when it is published on our website.
Privacy obligations relating to staff are addressed separately within Villa Maria internal policies.
1. The kinds of personal information we collect
The information collected by Villa Maria will depend on the products, services or information you ask us to provide to you, and the nature of the dealings you have with us. This will include (but is not limited to) information to confirm your identity, date of birth and contact details such as your physical address, mailing address, email and contact phone numbers. In establishing a customer relationship, additional information related to bank accounts, credit information and reference checks will often be requested.
By providing Villa Maria with your personal information, you consent to us using and disclosing it for the purposes set out in these guidelines. We rely on your consent as the basis for our use of your personal information. You can remove your consent at any time by contacting us using the contact details in section 9.
2. How we collect personal information
Where we can, we will collect information directly from you. Such information is collected in a number of ways including but not limited to:
- When you make an enquiry, complete an application or request an order, or enter into a promotion.
- Through your communication with us which may include emails, letters, phone conversations, meetings, or other correspondence between you and our representatives.
- Through other interactions with our websites, social media or direct marketing material.
- When you otherwise interact with Villa Maria or disclose personal information to us.
As well as collecting information directly from you, where required, we also collect information from third parties in circumstances where we have your consent or are legally required to do so.
3. Cookies and how we use them
The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website and the next website visited. We may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising.
If you want to prevent cookies being used, you can change your browser settings to disable cookies. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.
4. How we store and secure personal information
We keep your hard-copy or electronic records on our secured premises and systems or offsite using trusted third parties. We use third-party service providers to store and process our data, support the sale of our products to you and support our website. Our security safeguards include:
- Staff education: We train and regularly remind our staff of their obligations with regard to your information.
- Taking precautions with overseas transfers and third parties: When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place. See further details at section 8.
- System security: When you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. We limit access by requiring use of passwords.
- Destroying data when no longer required: Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
- Credit Card Information: Where credit card information is required, our processes for recording, managing and using credit card details are designed in alignment with global PCI Security Standards.
We only store your personal information for as long as necessary for the purpose it was collected for.
5. The purposes we collect, store, use and disclose personal information
We collect, use, disclose, store and retain your personal information so that we can carry out our business activities and functions and provide you with our products and services.
The purposes for which we collect, store, use and disclose personal and credit-related information is so that we can:
- establish your identity and assess applications for our products and services;
- enable you to purchase our products and services; and manage and deliver your order;
- send you marketing information and communications from us, and allow you to participate in promotions;
- manage our relationship with you, including responding to any requests for service from you;
- manage our risks and help identify and investigate illegal activity, such as fraud;
- conduct and improve our businesses and improve customer experience;
- to update our records and ensure contact details are up to date; and/or
- comply with our legal obligations and assist government and law enforcement agencies or regulators where required.
6. Your rights in respect of personal information
If you wish to seek access to the personal information we may hold about you, please contact our Privacy Officer using the contact details set out below. Where we hold information that you are entitled to access, we will try to provide you with a suitable and secure means of accessing it such as via direct email or courier.
Where you are not entitled to access personal information under the Privacy Act, for example if it would breach or have the potential to breach another individual’s privacy rights, we will provide a reason for the refusal.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Depending on the nature of the changes requested, we may ask for further confirmation of identity and/or that the request is submitted in writing for audit and compliance purposes.
If you are in the United Kingdom or European Union, you may have the following additional data protection rights:
- the right to request we erase your personal information in certain circumstances;
- the right to request that we restrict the processing of your personal information and the right to object to our processing of your personal information in certain circumstances; and
- the right to request that we transfer your personal information we have collected to another organisation or directly to you, in certain circumstances.
7. Complaints process
If you believe that we have breached, or potentially breached our privacy obligations, please contact the Privacy Officer in the first instance using the contact details set out below. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.
We will endeavour to resolve your concerns however if you feel we have not addressed your concerns, you may contact the relevant supervisory authority. If you are based in the United Kingdom you can contact to the Information Commissioner’s Office. Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113.
8. Disclosure to third parties and recipients based overseas
We may disclose your personal or credit-related information to third parties where this is permitted by New Zealand or international laws or for any of the purposes mentioned in section 5 or where we are legally required to.
In particular, third parties we share personal information with may include:
- Parties to whom we outsource certain functions. We use third-party service providers to store and process our data, support the sale of our products to you and support our website
- Third parties who help us deliver and manage our products and services
- Auditors, compliance regulators, government agencies and departments.
- Any other third party with your prior authorisation for such disclosure.
Some of the third parties we share information with may be located in countries other than New Zealand, the United Kingdom or the European Union. This may mean that your personal information is disclosed outside of the country you are based in. Our contracts with all third parties we disclose personal information to require those parties to protect all personal information with safeguards required under applicable law.
9. Contact us
Phone: +64 9 255 0660
Post: PO Box 43046 Mangere, Auckland 2153, New Zealand