The Strictly Coffee Company 2020 Ltd (t/a Strictly Coffee Roasters) operates https://strictlycoffee.co.nz/. We are committed to upholding our obligations under the Privacy Act 2020. This policy sets out how we will collect, use, and store any personal information we collect from you, either online through our website or our Roastery/Brew Bar. Personal information means information about an identifiable individual (being a natural person, not a corporate body), as defined in the Privacy Act 2020.
By using our website, you are deemed to have accepted this policy and the terms on which we use your personal information. If you do not agree to these terms, you must not use our website or order goods from us.
It is your responsibility to maintain the security of your password and log-in details and to take steps to disable your account or update your password immediately upon becoming aware of any likely breach of security. You will remain liable for all use being made of your account whether authorised by you or not up to the point at which you tell us of any unauthorised use. We may, from time to time, employ various security measures of our choice to protect any information being transmitted to or via the facilities. Any security measures in place will be readily identifiable from the facilities from time to time. In transmitting information you are deemed to have approved and accepted such security measures (if any) as are then in use.
What information we collect
When you make an online purchase from us, or enter into a subscription with us, we collect your name, billing and delivery address, telephone number, email address from you in connection with the items you have ordered. If you set up an online account with us, we will store your password. If you sign up to receive our email newsletter, we will store your email address using third party software. Access to this database is limited to our staff only.
We also collect personal information in connection with your use of our loyalty and rewards referral schemes to enable us to administer, and you to use, the scheme.
Purpose of collecting personal information
We process your personal information for the purpose of enabling the use of the website and performing our contract(s) with you, i.e. the sale and purchase of goods from us and through your use of our website(s). The personal information we collect is for these purposes. If any personal information is being collected for any other purpose, such as to contact you for marketing purposes, you will be made aware that this is the purpose for which the information is collected when we request the information.
How we collect personal information/data
We primarily collect your personal information when you provide it to us, i.e. visiting our website or our Roastery, to buy goods. Where you buy our goods, you will provide us with personal data on checkout. All credit and debit card, and other necessary and relevant financial information we need to collect in order to process your order is handled either through Shopify, PayPal or Stripe (as shown on the payment page on checkout). Each of these organisations process limited amounts of your personal data, they are all PCI DSS Level 1 compliant (ensuring encryption of all of your data they process) and their privacy policies are available online. We do not store any personal credit or debit card details at any time, other than the last 4 digits of your credit or debit card.
We also collect information when you correspond with us at any time. Where we correspond with you in connection with your order, details of that correspondence will be stored within our Email Support Inbox.
We will not sell any of your personal information to third parties. When you visit our website, we use Google Analytics (and other web analytics services) to place text files on your device to help us analyse how you use the website. This includes details of the pages and products you view, your clickstreams, and other device and technical information (including your IP address). The information generated by these files will be transmitted to third parties such as Google, Facebook, Instagram and other social media platforms that you may use on the same device, from time to time. This is used to provide you with targeted advertising of our products through those platforms and show other products of ours that you may be interested in (based on your use of our website) through other platforms you use. You can change your preferences regarding this at any time through Cookies Opt-in.
We will not disclose personal information to another person or agency unless we believe on reasonable grounds:
- the disclosure is directly related to the purposes for which the personal information was collected;
- the personal information is publicly available and disclosure is not unfair or unreasonable;
- you have authorised the disclosure;
- the personal information will be used in a form where you are not identifiable; or
- non-compliance is necessary as set out in the Privacy Act.
We will only disclose personal information to a foreign person or entity where one of the following applies:
- you authorise it after being expressly informed that the foreign person or entity may not be required to protect the information in a way that provides comparable safeguards to the Privacy Act;
- the foreign person or entity is carrying on business in New Zealand and we reasonably believe the foreign person or entity is subject to the Privacy Act;
- we reasonably believe the foreign person or entity is subject to laws that provide comparable safeguards to the Privacy Act.
Personal information, such as your name, address, email address, and telephone number may be provided to our third party couriers so that they can deliver our goods to you.
We will provide you with the means to alter and update contact details and some other personal information at any time. You agree to ensure the information you provide to us is accurate, up to date, and not misleading.
Where we hold your personal information, you are entitled to request correction of the information and request that a statement of correction be attached to the personal information. We are not required to change the personal information if we disagree with the correction, however, the “correction” will be attached to the personal information. If you request such a correction we will inform you of the action taken as a result of the request.
A cookie is a small file that can be placed onto your device to help us identify and remember you. It’s sent to your browser and saved locally on your device.
Cookies are also used on our website to gather usage statistics for Google Analytics, we do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search. We use Google Analytics to collect information about how people use this site – for example, what you click on, how long you spend on the site and how you got here. Unless you do so, your use of the website will be deemed to have consented to the processing of personal information about you by us and third parties in this way.
The majority of current web browsing software accepts cookies automatically but you have the power to remove and disable them via the options in your browser. This action may impair your experience on our website and many others around the internet.
We take all reasonable steps to ensure the personal information we collect is protected by security safeguards against loss, unauthorised access and disclosure or any other misuse.
For information requests or complaints please contact
Malina Daulton firstname.lastname@example.org
You have the right to request access to your personal information. We may require you to verify your identity before we provide any personal information to you. We will respond to you within 20 working days and will process your request for your personal information in accordance with the Privacy Act.
We will not keep personal information for longer than required by lawful purposes or by law.
If there is a breach of privacy involving your personal information, we will comply with any legal obligations in the Privacy Act. If there is a notifiable privacy breach, one which has caused or is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and the affected people (unless an exception applies).
Updating this policy