SECTION 1 – what information do we collect from you?
When you purchase something from our store, as part of the buying and selling process, we collect the following Personal Information from you:
- your name, date of birth, email address, delivery address, and phone number
- billing information, credit card number and whether you are a participant in our Loyalty Programme
- details of the products purchased
When you create an account we collect your name, email address, delivery address and phone number. You must also set a password.
There may also be other voluntary information that we ask for when completing the forms to create an account, join the Loyalty Programme, place an order for products, sign up to be a product tester and sign up to receive marketing materials.
This information is used for communicating with you and responding to your requests, to enable us to provide our products to you, and to arrange for the delivery of our products to you.
When you browse our store, we also automatically receive certain information including “cookies” and your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
With the exception of cookies that are strictly necessary for the website to function, providing your Personal Information to us is voluntary. However, if the Personal Information we request is not provided to us, we will not (depending on the context) be able to supply the products ordered to you, provide the Loyalty Programme discount or create an account for you.
SECTION 2 – how do we collect your personal information?
We collect your Personal Information when you provide it to us, such as when you sign up for an account or to receive marketing communications, when you make an enquiry with us, when you add items to your online cart, and when you confirm a product order. We also collect your Personal Information through your use of our website.
SECTION 3 – how do we use your personal information and what legal bases do we rely upon?
We collect, use and disclose your Personal Information only where we have a legal basis to do so. The purposes for which we will process your Personal Information, and the legal bases we rely upon, are as follows:
To fulfil your order, including for the purposes of confirming your order, delivering the products ordered to you, responding to returns or any queries in relation to your order, and operating our Loyalty Programme
Performance of our Terms of Service
To create and manage a customer account
Performance of our Terms of Service
To communicate with you or answer your queries, outside of an order process (and excluding marketing communications, see below)
Our legitimate interest in providing customer service and notifying you of important or relevant developments
To send you and then process customer satisfaction / feedback surveys
Our legitimate interest in understanding the customer experience in order to make improvements to it (either for you personally or for all customers)
Collecting Personal Information via non-essential cookies and similar technologies
Collecting Personal Information via essential cookies and similar technologies
Our legitimate interest in providing a functional and secure browsing experience
Compliance with a legal obligation
Sending you marketing and promotional materials, including special offers, discounts, market research etc.
Our legitimate interest in promoting our products and services to you (where you are purchasing or considering purchasing products and we provide you with an opportunity to opt-out of marketing when your Personal Information is collected)
Analysing our customer data, including profiling customer shopping behaviours and use of this website
Our legitimate interest in understanding how our customers use this website in order to develop and improve our products and services
Enforce our Terms of Service and our legal rights
Our legitimate interest in protecting our business and its reputation, as well as establishing, exercising or defending our legal rights
Comply with requests from law enforcement and other government agencies
Compliance with a legal obligation
Our legitimate interest in assisting law enforcement and other government agencies in the performance of their duties
We may collect, use and disclose your Personal Information for any other purposes permitted by applicable law, or with your consent.
SECTION 6 – THIRD PARTY SERVICES
In addition to Shopify (see Section 9), we use third-party service providers to facilitate your payment for an order, to deliver the products you order to you and to send many of our marketing communications.
The third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us, subject to our instructions. We will not authorise any of these other third parties to use your Personal Information for their own purposes, except where it is necessary for the third party to enforce its legal rights, or to comply with its legal obligations.
If you choose a direct payment gateway to complete your purchase, then your credit card data is stored only with the third party payment gateway. It is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 – Disclosure to third parties
In addition to our disclosures made to third party services providers in the course of our business with you, we may also disclose your Personal Information for the following purposes:
- Within the Ethique group of companies, as necessary to provide our products and services to you, or for other purposes described in Section 3.
- To enforce our Terms of Service
- Where required by law such as to comply with a subpoena or similar legal process
- When we believe on reasonable grounds that disclosure is necessary to protect our property, legal rights, your safety or the safety of others
- In order for us, or other authorised agencies (such as credit card and payment facility providers) to detect, investigate, prevent or address fraud, security or technical issues
- To respond to a government or regulator request to which we are obliged by law to respond, or where we are otherwise permitted to respond under applicable laws
- To a potential or actual third party purchaser of our business or assets if, in the future, we sell or transfer some or all of our business or assets to a third party.
- To any third party with your prior consent.
We may also share in aggregate, statistical form, non-personal information (or, where permitted by law, Personal Information) regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers
SECTION 8 – international transfers
Ethique is a New Zealand headquartered company. In order to process your order and to communicate with you, your Personal Information must be transferred to and processed in New Zealand.
New Zealand is recognised by the UK Government and the European Commission as providing an adequate level of protection for Personal Information.
Some of our service providers may process your Personal Information in countries outside of the UK, EEA and New Zealand, such as the United States of America. In these cases, we will ensure that our contracts with those service providers contain appropriate safeguards for your Personal Information, such as the EU or UK standard contractual clauses. You have a right to contact us for more information about these safeguards we have put in place (including a copy of relevant contractual commitments).
Please also note that your Personal Information is processed by Shopify in Canada, as explained in the next section.
SECTION 9 – Shopify Plus
Our store is hosted on Shopify Plus which is provided by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products to you.
Your Personal Information collected through this website is disclosed to Shopify and stored in Shopify’s data storage, databases and the general Shopify application. They store your Personal Information in compliance with industry standards.
Shopify also collects your Personal Information for the purposes set out in their Privacy Statement. You can view their Privacy Statement here: https://www.shopify.com/legal/privacy. In summary, this information is collected when you access our online store, place a product order, or sign up for an account with us. Personal Information collected by Shopify is used to provide us with their e-commerce services, such as processing orders, authenticating and processing payments, screening for fraudulent transactions, improving the services Shopify offers and, if you have opted in to Shopify Pay, to pre-fill your checkout information and to offer you customised advertising.
Shopify may also share your Personal Information with third parties where it is necessary to prevent or take action against illegal activity, where you have violated Shopify’s Terms of Service, where it is necessary to comply with any legal obligations, or where we have authorised the transfer of your Personal Information to other third parties (such as payment gateways). For full details, please review the Shopify Privacy Statement here: https://www.shopify.com/legal/privacy.
For more insight, you may also want to read Shopify’s Terms of Service found here https://www.shopify.com/legal/terms.
SECTION 10 – retention of your Personal Information
We will retain your Personal Information for the duration of your relationship with us (including where you hold an active account with us), as needed to provide you with our products (including where you have consented to receiving marketing communications).
Once you are no longer an active customer, we will only retain Personal Information if necessary to comply with our legal obligations, resolve disputes, or enforce our Terms of Service.
If you wish to cancel your account, please contact us at email@example.com.
SECTION 9 – SECURITY
To protect your Personal Information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
The security of your information depends in part on the security of the computer you use to communicate with us (including using an up-to-date browser and appropriate anti-virus software), and the steps you take to protect the confidentiality of your account information, including your password.
SECTION 10 – cookies and similar technologies
Like most sites, this website stores or retrieves information on your browser in the form of cookies (and we may also use related technologies such as beacons, tags and scripts). Cookies are small text files that are placed on your computer or mobile device by websites that you visit. The information stored or retrieved by cookies might be about you, your preferences or your device and is mostly used to make the site work as you expect it to.
Cookies may be either "persistent" cookies or "session" cookies. This website uses both persistent and session cookies:
- A persistent cookie will not be automatically deleted when the browser is closed but is stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). This allows us to remember things about you (such as your preferences) between browsing sessions.
- A session cookie is stored temporarily during a browsing session and will expire at the end of the user session, when the web browser is closed.
- Essential – this includes the use of any cookies that are necessary in order to transmit information over an electronic communications network (and therefore make it possible for you to view the website), as well as any cookies that are strictly necessary in order to make the website function (for example, remembering information input into a webform during a browsing session, or remembering items placed in your shopping cart). This includes cookies used to comply legal obligations which apply to our website, such as our obligation to take appropriate steps to secure Personal Information input into the website. It is not possible for you to control our use of essential cookies.
- Personalisation – cookies used to remember your preferences (such as login details, language, font size, privacy settings and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the website or browse from one page to another.
- Analytics – cookies used to collect information about your use of the website in order to understand how users interact with the website, and then make changes in order to improve the website for all users.
- Advertising – cookies used to serve advertising based on your internet activity and to track the success of our advertisements across the web. These cookies may also be set through our site by our advertising partners.
We have listed the cookies we use here:
When you first navigate to our website, you are asked to provide your consent to cookies.
As well as using the pop-up consent mechanism, you can control acceptance of cookies by modifying your Internet browser preferences.
SECTION 12 – RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Subject to certain exemptions, and in some cases dependent upon the legal basis we rely upon (see Section 3), you have certain rights in relation to your Personal Information. These include rights:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer a portable copy of your personal information
- To object to the processing of personal information (where it is based on our ‘legitimate interests’)
- To prevent us from using your Personal Information for direct marketing purposes – the easiest way to exercise this right is to click on the ‘unsubscribe’ link in our emails
- To obtain a copy of Personal Information safeguards used for transfers outside your jurisdiction
- To lodge a complaint with your local supervisory authority. You can also contact the New Zealand Office of the Privacy Commissioner at http://www.privacy.co.nz.
We may ask you for additional information to confirm your identity and for security purposes, before complying with your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting our Privacy Compliance Officer at firstname.lastname@example.org or at Unit 15, 3 Stark Drive, Wigram, Christchurch, South Island, New Zealand, 8042.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.