Security and Privacy

Security and Privacy Policy

1. Outline

1.1   This Privacy policy, which is subject to the Privacy Act and IPPs, regulates how we collect, use and disclose personal information

1.2   Amendment. We may change, vary or modify all or part of this Privacy Policy at any time in our sole discretion. It is your responsibility to check this Privacy Policy periodically for changes. If we adopt a new Privacy Policy:

1.2.1   We will post the new Privacy Policy on the Platform; and
1.2.2   It will then apply through your acceptance of it by subsequent or continued use of the Platform and/or our Services


2. Purpose

2.1  Primary Purpose. We collect your personal information to lawfully carry out our functions and activities and provide you our Service (Primary Purpose)

2.2  Related Purpose. In addition to the Primary Purpose, we may use the personal information we collect and you consent to us using your personal information to (Related purposes) :

2.2.1  provide you with information about the Services you requested and any other services and events you may be interested in;
2.2.2  personalise and customise your experiences with us;
2.2.3  help us review, manage and enhance our Services and develop insights used in reports or other content developed by us;
2.2.4  communicate with you, including by email, mobile and in-application notifications;
2.2.5  communicate with you in the event of a product recall;
2.2.6  conduct surveys or promotions;
2.2.7  to process payments and administer your account, including to send you account related reminders;
2.2.8  to enable third party providers to fulfil their role;
2.2.9  investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms; or
2.2.10  as required or permitted by any law.


3. What We Collect

3.1  Personal information we collect about you may include identification information such as your name, address, password, email address, mobile phone number and usage data from our Services. All of your financial and payment information will be managed by a third party provider. We will not collect any of your financial or payment information apart from information regarding the transaction date, amount paid, payment method and relevant invoice information.

3.2  In cases where we may need to manually process a credit card refund, additional payment or charge, we recommend that you provide your information to our staff verbally. Any written information required to complete manual transactions is securely destroyed as soon as the transaction is complete.

3.3  We will only collect, hold, use or disclose your sensitive information with your consent.


4. How We Collect

4.1  How we collect. Your personal information may be collected:

4.1.1  when you complete an application, consent, purchase, account sign-up or similar form via our Platform or otherwise;
4.1.2  when you contact us to make a query or request;
4.1.3  when you submit your email address to our mailing list or otherwise interact with the Platform;
4.1.4  when you participate in one of our Services, competitions or surveys;
4.1.5  when you make a request for sponsorship;
4.1.6  from those who request our Services on your behalf;
4.1.7  from publicly available information;
4.1.8  from government regulators, law enforcement agencies and other government entities;
4.1.9  from business contacts, external service providers and suppliers; or
4.1.10  by other means reasonably necessary.

4.2  Third party collection. If we collect any personal information about you from someone other than you, to the extent not already set out in this Privacy Policy, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such personal information. We do not purchase mailing lists from any third party.

4.3  Authority. If you provide us with the personal information of another individual, without limiting any other provision of this Privacy Policy, you acknowledge and agree that the other individual:

4.3.1  has authorised you to provide their personal information to us; and
4.3.2  consents to us using their personal information in order for us to provide our Services.

4.4  Unsolicited information. If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will, within a reasonable period, destroy or de-identify such information received.

4.5  Anonymity. If you would like to access any of our Services on an anonymous basis we will take reasonable steps to comply with your request, however:

4.5.1  you may be precluded from taking advantage of some of our Services; and
4.5.2  we will require you to identify yourself if we are required by law to deal with individuals who have identified themselves; or it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.

4.6  Destruction. Subject to a legal requirement to the contrary, we will destroy or de-identify your personal information if:

4.6.1  the purpose for which we collected the personal information from you no longer exists or applies, which includes if your account remains inactive for a sufficient period of time for us to determine it is no longer in use;
4.6.2  you delete your account; or
4.6.3  you request us to destroy your personal information.


5. Use

5.1  Primary use. We will only use and disclose your personal information:

5.1.1  for purposes which are related to the Primary Purpose; or
5.1.2  if we otherwise get your consent to do so, in accordance with this Privacy Policy and the Privacy Act.

5.2  We will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.

5.3  We will not sell, trade, rent or licence your personal information to third parties.

5.4  Direct marketing. We will offer you a choice as to whether you want to receive direct marketing communications about services. If you choose not to receive these communications, we will not use your personal information for this purpose.

5.5  We will otherwise only use or disclose your personal information for the purposes of direct marketing if:

5.5.1  we collected the information from you;
5.5.2  it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
5.5.3  we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
5.5.4  you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.

5.6  You may opt out of receiving such communications by:

5.6.1  checking the relevant box on the form used to collect your personal information;
5.6.2  clicking a link on the email communication sent to you; or
5.6.3  contacting us using our contact details below.




6. Disclosure

6.1  How we disclose. We may disclose personal information and you consent to us disclosing such personal information to:

6.1.1  third parties engaged by us to perform functions or provide Services on our behalf including delivery companies, mailing houses and IP service providers;
6.1.2  our professional advisors, including our accountants, auditors and lawyers;
6.1.3  financial institutions for Related purposes;
6.1.4  persons authorised by you to receive information held by us, including to those individuals that you authorise us to provide information to via the Platform;
6.1.5  a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law; or
6.1.6  a party to a transaction involving the sale of our business or its assets.

6.2  Overseas disclosure. We do not currently disclose personal information overseas except to freight forwarders and customs clearance brokers if your order is to be shipped internationally. Nevertheless, we may in some circumstances or the future send your personal information to other overseas recipients to enable us provide you our Services. We will inform you of the locations of such recipients as applicable.

6.3  Our third party payment gateway provider may disclose your personal information overseas. Please refer to the privacy policies of the third party payment gateway provider for information regarding how they will use, disclose and manage your personal information.

6.4  If we send your personal information to overseas recipients, we will take reasonable measures to protect your personal information such as ensuring all information is de-identified where appropriate before being transmitted. However, you acknowledge and agree that if we disclose your personal information to overseas recipients, we are not obliged to take reasonable steps to ensure overseas recipients of your personal information comply with the Privacy Act and the IPPs.


7. Access and Correction

7.1  Access. If you require access to your personal information, please contact us using our contact details below. You are required to put your request in writing and provide proof of identity.

7.2  We are not obliged to allow access to your personal information if:

7.2.1  it would pose a serious threat to the life, health or safety of any individual or to the public;
7.2.2  it would have an unreasonable impact on the privacy of other individuals;
7.2.3  the request for access is frivolous or vexatious;
7.2.4  it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
7.2.5  it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
7.2.6  it would be unlawful;
7.2.7  denying access is required or authorised by or under a New Zealand law or a court/tribunal order;
7.2.8  we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
7.2.9  it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
7.2.10  it would reveal commercially sensitive information.

7.3  If you make a request for access to personal information, we will:

7.3.1  respond to your request within 14 days or otherwise within a reasonable period; and
7.3.2  if reasonable and practicable, give access to the personal information as requested.

7.4  If we refuse to give access to the personal information, we will give you a written notice that sets out at a minimum:

7.4.1  our reasons for the refusal (to the extent it is reasonable to do so); and
7.4.2  the mechanisms available to complain about the refusal.

7.5  Correction. We request that you keep your personal information as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can:

7.5.1  contact us using our contact details below and we will correct or update your personal information; or

7.6  If you otherwise make a request for us to correct your personal information, we will:

7.6.1  respond to your request within 14 days or otherwise within a reasonable period; and
7.6.2  if reasonable and practicable, correct the information as requested.

7.7  If we refuse a request to correct personal information, we will:

7.7.1  give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
7.7.2  take reasonable steps to include a note with your personal information of the fact that we refused to correct it.


8. Security and Protection

8.1  In relation to all personal information, we will take all reasonable steps to:

8.1.1  ensure that the personal information we collect is accurate, up to date and complete;
8.1.2  ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
8.1.3  protect personal information from misuse, loss or unauthorised access and disclosure.

8.2  We require staff and service providers to respect the confidentiality of personal information. We store your personal information on a secure server behind a firewall and use procedures including IP Blocking, whitelisting, and other security software and encrypted databases accessible only by authorised personnel to protect your personal information from unauthorized access, destruction, use, modification or disclosure. We will require any third party payment gateway provider to process any payment transactions through a PCI compliant payment gateway.

8.3  Please contact us immediately if you become aware of or suspect any misuse or loss of your personal information.


9. Complaints

9.1  If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or consider that we have breached the Privacy Act or IPPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving the complaint.

9.2  Once the complaint has been received, we may resolve the matter in a number of ways:

9.2.1  Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
9.2.2  Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
9.2.3  Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
9.2.4  Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.

9.3  After investigating the complaint, we will give you a written notice about our decision.

9.4  You are free to lodge a complaint directly with the Office of the Privacy Commissioner (OPC) online, by mail, fax or email. For more information please visit the OPC website at privacy.org.nz.


10. Contact

10.1  Please forward all correspondence in respect of this Privacy Policy to:
Privacy Officer
Zilco NZ Ltd
PO Box 19808
Woolston 8241
New Zealand
Fax: (03) 381 0276
Email: sales@zilco.co.nz


11. Interpretations and Definitions

11.1  Personal pronouns: Except where the context otherwise provides or requires:

11.1.1  the terms we, us or our refers to Zilco NZ Limited; and
11.1.2  the terms you or your refers to a user of the Platform and/or a customer to whom we provide the Services.

11.2  Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.

11.3  Defined terms: In this Privacy Policy unless otherwise provided, the following terms shall have their meaning as specified:
IPPs means any of the Information Privacy Principles set out in Section 6 of the Privacy Act.
Platforms means all or any of the relevant platforms, electronic interfaces and websites that are owned, provided and/or operated from time to time by us, regardless of how those websites are accessed by users (including via the internet, mobile phone, mobile applications or any other device or other means).
Privacy Act means the Privacy Act 1993 as amended from time to time.
Privacy Policy means this privacy policy as amended from time to time.
Services means our development and sales of equestrian and related products and other services that we provide from time to time.