We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
1. WHO WE ARE
Comvita UK Limited is a wholly owned subsidiary of Comvita Limited, a company domiciled in New Zealand, and listed on the New Zealand Stock Exchange (“NZX”).
2. INFORMATION WE MAY COLLECT AND HOW WE USE IT
2.1. Comvita collects the following information about you when you use the Website (including Comvita’s social media pages):
2.1.1. Information that you provide to us. We may collect personal information (for example your name, email address and postal address) when you enter these into our website to buy a product or register for our newsletter;
2.1.2. Limited financial that you provide when placing orders through the Website (we receive card type, last 4 digits of the card number and expiry date from our third-party payment provider);
2.1.3. Social media and our website: information transmitted by your computer when you use the Website and/or Social Media. This may include your IP address browser data and information we receive from cookies (please see section 5 below).
2.1.4. Surveys and competitions: From time-to-time we may request information via surveys or competitions. Participation in these surveys or competitions is completely voluntary. Information requests may include contact information (such as your name and email address), and demographic information (such as your postcode and age). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this Website.
2.1.5. Comments, reviews and posts on social media. Comvita may collect personal information (for example, your name, email address, social media identifier and the contents of your comment, review or post) when you leave a comment, post a review or send a post via Social Media or otherwise provide information on Social Media.
2.2. We may use this information in the following ways:
2.2.1. to provide our service(s) to you as a user of the Website and/or Social Media, including enhancing your user experience;
2.2.2. to process and fulfil your orders for our products;
2.2.3. to provide you with newsletters and other information about special offers or features of the Website and/or Social Media which we think may be of interest to you and for related marketing purposes, if you have submitted your contact details to us for these purposes or otherwise provided your consent for us to do so;
2.2.4. for marketing third party products and services to you, if you have provided your consent for this;
2.2.5. to ensure that content from the Website and/or Social Media is presented in the most effective manner for you and your computer;
2.2.6. to notify you about changes to our products and/or the Website and/or Social Media;
2.2.7. to notify you about product recalls; and
2.2.8. when managing and maintaining the Website and/or Social Media.
2.3. We do not collect any ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).; Nor do we collect any information about criminal convictions and offences.
3. INFORMATION DISCLOSURE TO THIRD PARTIES
3.1. We may disclose your personal information as follows:
3.1.1. for marketing purposes, provided your consent has been given and has not been withdrawn, with the third parties mentioned when we seek consent;
3.1.2. to Social Media partners for identifying other people like you, who may also be interested in our products, provided your consent has been given (for further details, please see the section 10 “SOCIAL MEDIA” below).
3.1.3. to service providers who manage aspects of our operations and make them more efficient (for example third parties who provide support services to the Website and/or Social Media, payment providers and delivery agents;
3.1.4. to our insurers, brokers and external auditors;
3.1.6. if we are under a duty to disclose or share your personal data to comply with any legal obligation, or in order to enforce or apply our Website Terms and Conditions and other agreements, including the terms and conditions of use of any social media platform; or
3.1.7. to protect the rights, property, or safety of Comvita or Website and/or Social Media users (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
3.2. We only allow third parties to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. One way we achieve this is by placing contractual obligations on third parties governing the use of personal data that we provide them with.
3.3. We will share personal information with law enforcement or other authorities if required by applicable law.
4. YOUR RIGHTS – MARKETING
4.1. You will only receive marketing communications from us and/or third parties if you have consented to this when you provided your contact details to us (or if you have otherwise submitted your consent to us for these purposes).
4.2. You have the right to ask us not to use your personal data for marketing purposes. You can request that you stop receiving information from us at any time by contacting us at the details set out below (please see section 15 “CONTACT”).
5. IP ADDRESSES AND COOKIES
5.1. We may collect information about your computer including your IP address, operating system and browser type for system administration and to report aggregated information. This is statistical data about your browsing actions and patterns and does not identify you individually.
5.5. For further details, please refer to our cookies policy on our Website.
6. DATA STORAGE – WHERE YOUR PERSONAL DATA IS HELD
6.1. All information you provide to us is stored on our secure servers and those of our group of companies, service providers and agents.
6.2. Where we have given you (or where you have chosen) a password or other data which enables you to access certain parts of our Website, you are responsible for keeping this password and any other identifier confidential and we strongly recommend that you do not share your password or other identifier with anyone. Furthermore, we strongly recommend that you do not use the same password for any other service or website.
6.4. Our group of companies and our service providers may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see section 8 “Transferring your personal information out of the EEA”.
6.6. We use strict procedures and security features to prevent unauthorised access. Agents or contractors who, while providing services to Comvita, have access to information which you give to us are required to keep that information secure and confidential and are not permitted to use it for any purpose other than to carry out the services which they are performing for Comvita. However, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
7. FOR HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
7.1 If you choose to create an account, we will keep your personal information for as long as your account is open. If you don’t have an account, or choose to close your account, we will keep some of your information until 8 years have passed since we last provided product for you. We consider 8 years to be an appropriate retention period because it is as long as is necessary for us to:
7.1.1. respond to any questions, complaints or claims made by you or on your behalf;
7.1.2. show that we treated you fairly;
7.1.3. keep records required by law; and
7.1.4. satisfy any accounting or reporting requirements.
7.2. We will not retain your personal information for longer than necessary for the purposes set out in this policy.
7.3. When it is no longer necessary to retain your personal information, we will delete or anonymise it.
7.4. In some circumstances you can ask us to delete your data: see section 11 ”YOUR RIGHTS”.
8. TRANSFERRING YOUR PERSONAL INFORMATION OUT OF THE EEA
8.1. To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
8.1.1. with our offices outside the EEA (including but not limited to our parent company in New Zealand);
8.1.2. with our service providers located outside the EEA; and
8.1.3. if you are based outside the EEA.
8.2. These transfers are subject to special rules under European and UK data protection law and whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring any such transfer out of the EEA complies with data protection law and all personal information will be secure.
We do not disclose identifiable information about individuals to our advertisers or sponsors, but we may provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' and sponsors’ wishes by displaying their advertisement to that target audience.
10. SOCIAL MEDIA
10.1. We work with trusted third parties, including social network sites like Facebook, Twitter, YouTube, Google+, and with application developers who specialise in social media so we can connect to your social networks. All these companies operate third party sites. We provide access to our Social Media to third parties and business partners so we can generate interest in our products and services among members of your social networks and to allow you to share product and service interests with friends in your network.
10.2. We cannot control how your data is collected, stored, used or shared by Third Party Sites or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a third-party site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt-out of sharing such information. Comvita is not responsible for how these third parties may use information collected from or about you.
11. YOUR RIGHTS
11.1. You have the following rights, which you can exercise free of charge:
Access The right to be provided a copy of your personal information and check that we are lawfully processing it.
Rectification The right to require us to correct any mistakes in your personal information, though we may need to verify the accuracy of the new data you provide to us.
To be forgotten The right to require us to delete your personal information – where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to processing (see below). Note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Restriction of processing The right to require us to restrict processing of your personal information in the following scenarios:
if you want us to establish the data’s accuracy;
where our use of the data is unlawful but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Data portability the right to receive the personal information you provided to us in a structured, commonly used and machine-readable format and / or to transmit that data to a third party, in certain situations. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
To object The right to object:
At any time to your personal information being processed for direct marketing (including profiling):
In certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly affects you.
To withdraw consent at any time This only arises where we are relying on your consent to process your personal data. However, this will not affect the lawfulness of any processing before you withdraw consent.
If you would like to access any of these rights, please email or write to us at the details provided below (see section 15 “CONTACT”) explaining what right you want to exercise and the information to which your request relates. Please be sure to provide enough information to identify you (e.g. your full name, address, email address and/or any order reference number). Please also provide us with proof of your identity and address (for example, a copy of your passport or recent utility bill).
12. INFORMATION ACCESS
You have a right to access information held about you and you can do this by emailing firstname.lastname@example.org. We will endeavour to send you the information (as held by us) within 30 days. You can also request us to correct any factual inaccuracies in that information or delete any of that information from our records.
13. HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information; however, in the event that we are unable to do so, the General Data Protection Regulation gives you the right to the supervisory body in the EEA state in which you live work, or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted online at www.ico.org.uk/concerns or alternatively by telephone on 0303 123 1113.
14. CHANGES TO THIS PRIVACY NOTICE