We will never sell any of your personal data to a third party. However, we do need to share your data with certain establishments that we work with to provide the service and shopping experience that you are used to, such as:
- Companies that make sure your order is completed and arrives at your door, such as payment service providers, our warehouses, order fulfilment, order packers, franking machine providers and courier delivery companies.
- Marketing agencies and affiliate programme providers.
- Suppliers that are printers, email service providers, customer service support providers, personalisation, data cleansing providers and media partners.
- Police and other law enforcement agencies.
- Tax authorities, sales tax information providers and tax compliance advisers
- Marketplaces where you can place an order.
Examples of these establishments are:
- Torque, Online Distribution NZ, Clipper Poland, NLS
- Dot Digital, Mimecast, 8X8, Zendesk, Appamondo
- Hermes, TNT, FedEx, Royal Mail, DHL, Collect+, Canada Post
- Sorted, WN Direct, Newgistics, Aramex, Rebound, Spring, ASDA
- Pindar, DPS, Jamm, Jarius, Quad, TaxJar, KPMG, Avalara
- Google, Bing
- Facebook, Twitter, Instagram
- Rakuten, Affiliate Window, Effiliation, , Sitespect, Rokt, Mention Me
- Sub2, BounceX, Fresh Address, REad Group, Marin, Connextity
- Amazon, eBay, C-Discount, TradeMe, Allegro, Catch!
Additionally, we may disclose your personal information:
- If we sell or buy any business or assets or are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
International Transfers: We may transfer your personal information to our subsidiaries or third-party suppliers, delegates or agents which may be situated outside of the European Economic Area (“EEA”) if required for the purposes described in this Privacy Statement such as administering Membership Cards/Discount Cards.
This may involve the transfer of your personal information to countries outside your home country or region, including outside the European Economic Area if that is your region, which may have a different level of data protection from your home country.
We will only transfer your personal information outside the EEA where either:
(a) the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or
(b) we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators, such as the EU style model clauses. Some US providers may also be certified under the EU-US Privacy Shield which confirms they have appropriate measures in place to ensure the protection of your data, or
(c) the transfer meets one of the requirements under Article 49 of the GDPR.
Privacy of Children and Special Categories of Personal data: We do not knowingly collect personal data from anyone under the age of 16. We do not knowingly obtain any Special categories of personal data about our customers, such as information about health or medical conditions, race or religious beliefs. We regularly cleanse our data and would remove anyone flagged as deceased from receiving any marketing communications from us.
If we are made aware that we have received information from anyone under the age of 16 or entailing special categories of personal data in violation of this policy statement, we will immediately ensure that they do not receive marketing communications from us and will take steps to remove them from our database.