This policy seeks to ensure that personal information managed by the Company is handled in a way that is legally compliant, ethical and adheres to industry best practice.
Personal information is in general terms, any information about an identifiable individual.
This policy is for customers of the Company. For the purpose of this policy, “the Company”, “we”, “our”, or “us” means the New Zealand privately owned company; Villa Maria Estate Limited, and extends to include any related entities where they engage directly with customers.
Where local legislation, regulations or governing authorities differ in the application and or interpretation of privacy requirements, those rulings shall supersede those set out in this policy. The Company will update this policy when our information handling practices change, or when required. Any revised policy will take effect when it is published on our website.
Privacy obligations relating to staff are addressed separately within Villa Maria internal policies.
- The kinds of personal information we collect
The information collected by the Company will depend on the products, services or information you ask us to provide to you, and the nature of the dealings you have with us. This will include (but is not limited to) information to confirm your identity, date of birth and contact details such as your physical address, mailing address, email and contact phone numbers. In establishing a customer relationship additional information related to bank accounts, credit information and reference checks will often be requested.
By providing the Company with your personal information, you consent to us using and disclosing it for the purposes set out in this policy.
- How we collect personal information
Where we can, we will collect information directly from you. Such information is collected in a number of ways including but not limited to:
- When you make an enquiry, complete an application or request an order.
- Through your communication with us which may include emails, letters, phone conversations, meetings, or other correspondence between you and our representatives.
- Through other interactions with our websites, social media or direct marketing material.
- When you otherwise interact with the Company or disclose personal information to it.
As well as collecting information directly from you, where required, we also collect information from third parties in circumstances where we have your consent, are legally required to do so or permissible business
requirement to do so. Examples of third parties include credit reporting agencies, law enforcement agencies and other government entities.
- Cookies and how we use them
The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website and the next website visited. We may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising.
If you want to prevent cookies being used, you can change your browser settings to disable cookies. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.
- How we store and secure personal information
We keep your hard-copy or electronic records on our secured premises and systems or offsite using trusted third parties. Our security safeguards include:
- Staff education
We train and regularly remind our staff of their obligations with regard to your information.
- Taking precautions with overseas transfers and third parties
When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place.
- System security
When you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. We limit access by requiring use of passwords.
- Destroying data when no longer required
Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
- Credit Card Information
Where credit card information is required, our processes for recording, managing and using credit card details are designed in alignment with global PCI Security Standards.
- The purposes we collect, store, use and disclose personal information
We collect, use, disclose, store and retain your personal information so that we can carry out our business activities and functions and to provide you with our services. The type of information about you that we will collect, use, disclose, store and retain will depend on our relationship with you, the types of products or services you request from us and our legal obligations.
The purposes for which we collect, store, use and disclose personal and credit-related information is so that we can:
- establish your identity and assess applications for products and services;
- provide products and services to you;
- send information and communications requested by you;
- manage our relationship with you;
- manage our risks and help identify and investigate illegal activity, such as fraud;
- conduct and improve our businesses and improve customer experience;
- to update our records and ensure contact details are up to date; and/or
- comply with our legal obligations and assist government and law enforcement agencies or regulators where required.
- Access and correction of personal information
If you wish to seek access to the personal information we may hold about you, please contact our Privacy Officer using the contact details set out below. Where we hold information that you are entitled to access, we will try to provide you with a suitable and secure means of accessing it such as via direct email or courier.
Where you are not entitled to access personal information under the Privacy Act, for example if it would breach or have the potential to breach another individual’s privacy rights, we will provide a reason for the refusal.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Depending on the nature of the changes requested, we may ask for further confirmation of identity and/or that the request is submitted in writing for audit and compliance purposes.
- Complaints process
If you believe that we have breached, or potentially breached our privacy obligations, please contact the Privacy Officer in the first instance using the contact details set out below. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.
- Disclosure to third parties
We may disclose your personal or credit-related information with third parties where this is permitted by law or for any of the purposes mentioned in section 5. Third parties include:
- Parties to whom we outsource certain functions (e.g. financial institutions).
- Auditors, compliance regulators, government agencies and departments.
- Any other third party with your prior authorisation for such disclosure.
- Contact us
Phone: +64 9 255 0660, Extn: 890
Post: PO Box 43046 Mangere, Auckland 2153, New Zealand
You may also request a transcript of your information here.