This Notice contains the following definitions used throughout:
|Healthspan||Healthspan Limited and its affiliates and subsidiaries from time to time|
|The Notice||The Privacy Notice|
|Personal Data||Any information that is related to an identified or identifiable natural person|
|Site/Website||Healthspan Elite New Zealand: www.healthspanelite.nz|
Healthspan Limited is committed to safeguarding your personal privacy. This Notice is designed to help you understand how we use the data entrusted with us and your data subject rights.
Healthspan is registered as a Data Controller with the Office of the Data Protection Commissioner in Guernsey (01481 742074, https://odpa.gg/).
How Do We Collect Personal Information?
Whenever you use our Site, complete an application form, contact Healthspan electronically, or purchase online products offered by Healthspan, Healthspan will collect Personal Information to process your order and for analysing and marketing purposes.
What Personal Information Do We Collect And Why?
When purchasing goods from Healthspan, you are entering into a contract with us. Upon registering online, we will request you to provide the following personal details:
- Your name
- Email address
Upon purchasing, you will be required to provide:
- A delivery address
- A billing address
- A contact number (optional)
- Email address
If you raise a query, request or a complaint via Healthspan’s social media channels, we will record your social media handle. We use this only to correspond with you and resolve the relevant issue.
If you order as a guest, and you have previously purchased from us, we may consolidate your orders against one customer number for customer service, fraud prevention, marketing and analytic reasons.
Your data will be kept for a period of 10 years after your last interaction with us. We need to keep transaction information for auditing and statutory reporting purposes for this period, however we can remove you from our marketing database at your request.
Credit Or Debit Cards
Healthspan does not process, transmit or store credit or debit card information. All card payments are securely processed by our payment gateway provider CyberSource which then provides Healthspan with a token (expiry date and last four digits) to take future payments or apply refunds.
What Do We Do With Your Data?
Data protection law stipulates that we can use and share your Personal Data only where we have grounds to do so. Healthspan relies on one or more of the following legal grounds:
- Contract – to fulfil and provide services related to your order(s).
- Consent – where you agree to us using your information in a stipulated way, e.g. for providing you with marketing content via email.
- Legitimate Interests – where it is reasonable and fair to expect us to process your data in this way, and there is minimal impact on your rights and freedoms, e.g. for marketing or fraud prevention.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. where required by a government authority.
Further to the above, please see the list of the ways that we may use your Personal Information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are:
|What we use your Personal Information for||Healthspan’s legal basis||Our explanation of Healthspan’s legitimate interests|
|Process, pack and dispatch your orders, including service communications such as order notifications, changes to subscription deliveries and dispatch confirmation.||Fulfilling a contract||N/A|
|Undertake Website personalisation and administration.||Legitimate interest||Developing products, services, applications, and designs that attract and retain customers. Improving customer interaction with our Sites. Defining types of customers for new products or services.|
|Email marketing communications informing you of special offers, promotions, new lines, and sales.||Consent||N/A|
|Mail marketing communications informing you of special offers, promotions, new lines, and sales.||Legitimate interest||Developing products, services, applications, and designs that attract and retain customers.|
|Service enhancement notifications, such as changes to our Website and new services that may be of interest to you.||Legitimate interest||Developing products, services, applications, and designs that attract and retain customers. Improving customer interaction with our Sites.|
|Marketing communications informing you of special offers, promotions, competitions, new lines, sales, advice, and information across various marketing channels including online advertising and social media Sites.||Consent||N/A|
|Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||Legitimate interest||Developing products, services, applications, and designs that attract and retain customers. Improving customer interaction with our Sites.|
|Maintaining and developing systems, network, and data security.||Legitimate interest||To provide improved offers and services, and to maintain the safety and confidentiality of your information.|
|Logistics planning, demand forecasting, management information and research.||Legitimate interest||We use information about shopping habits, products bought and volumes, to help us respond to demand, ensure the right products get to the right areas and to help us plan our ranges.|
|Your Order History & product purchases||Legal obligation,Legitimate interest||For financial reporting, VAT, and auditing purposes; batch recall if required, marketing and analytics.|
|Call recordings||Legitimate interest||For quality and coaching purposes. Enforcing staff use of agreed protocols and for customer complaint investigations.|
|Social Media correspondence||Legitimate interest||Competition correspondence.|
Opting out of email marketing:
You can choose whether or not you would like to receive email marketing, and can opt out at any time.
If you do not wish to hear from us about sales, promotions or health and wellbeing, you can opt out by clicking the Unsubscribe link provided at the bottom of the email. If for any reason this opt-out is not successful, please contact us (including your full name and address) and we will remove you from our mailing lists manually.
Please note that it may take around five working days to unsubscribe you from email marketing. Rest assured that we do not sell your data to third parties.
Who Do We Share Your Data With And Why?
Healthspan will never pass or sell your data outside the Healthspan Group of companies, except where required to fulfil order delivery, or to provide communications as part of Healthspan’s normal service, including marketing and analytics.
We share your data with our trusted fulfilment partners and ensure all appropriate contractual safeguards and security is in place. These include warehouse packing services, IT systems, hosting providers and IT support; mailing houses, email services, marketing analysis third parties and an independent product and service review provider (see below).
We also share information outside of New Zealand where we use a service provider or technology provider based overseas. Where we send Personal Data outside of New Zealand, we ensure that suitable safeguards are in place to protect the information, through risk assessment and where deemed appropriate, contractual obligations including using any model contractual clauses provided by the New Zealand Privacy Commission or similar clauses.
Healthspan shares hashed data with Facebook to enable us to provide offers and content which may be of interest to you. For more information please visit: https://www.facebook.com/policy.php. Healthspan and Facebook Ireland have entered into a Controller Addendum with regard to the Joint Processing of Personal Data; Facebook Ireland is responsible for enabling Data Subjects’ rights with regard to Personal Data stored by Facebook Ireland after the Joint Processing.
We share your Personal Information with external companies that provide services on our behalf including:
- Customer service centre
- Online and social media advertising agencies
- Media agencies
- Mailing houses and printers
- Market research agencies
How we use information from social media channels Information publicly available on social media Sites may be used by us to monitor and review how customers engage with our brand. This process does not always identify individual users. Should we wish to use information posted publicly by you on a social media Site such as Facebook, we will not do so without your permission.
In order to provide improved offers, advice and information, and to evaluate our advertising across various online marketing channels and social media Sites (such as Facebook), we may analyse the following: your Personal Information, products you view and buy, your browsing habits and other ways you interact with us. Facebook Ireland is a Joint Controller of the Joint Processing of Personal Data; for more information on how Facebook processes Personal Data and ways to exercise data subject rights, visit Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.
Your Personal Data is protected by legal rights, which include:
|Right to be informed||To know what Personal Data we process, how and why.|
|Right of access||To request access to your Personal Information and information about how we process it.|
|Right to rectification||To have your Personal Information corrected if it is inaccurate and to have incomplete Personal Information completed.|
|Right to erasure (also known as the Right to be Forgotten)||To have your Personal Information erased.|
|Right to withdraw consent to direct marketing at any time||To choose not to receive any direct marketing content.|
|Right to data portability||To electronically move, copy or transfer your Personal Information in a standard form.|
|Right to restrict processing||To restrict processing of your Personal Information.|
|Rights in relation to automatic decision-making including profiling||Rights with regards to automated individual decision making, including profiling.|
Should you wish to action any of these rights, please contact our friendly Customer Care Services via email: email@example.com.
Please note if you action your right to withdraw consent to direct marketing or your right to erasure this will be implemented immediately, however it may take around five working days to unsubscribe you from email marketing (as email address data is processed in advance) and up to six weeks to unsubscribe you from postal marketing (as mailings are printed in advance).
To contact Healthspan’s Data Protection Officer: Mrs Esteé Watchorn, and/or if you have any concerns as to how your data is processed, please email DPO@healthspan.co.uk.
You also have the right to lodge a complaint to the Privacy Commissioners’ Office (www.privacy.org.nz) if you believe that we have not complied with the legal requirements regarding your Personal Data.
How Secure Is Your Data?
Healthspan employs a wide variety of security measures to back up, protect and manage your data. We are audited annually and undertake to secure your data using up to date technology and robust policies and processes. All third parties are scrutinised and subject to appropriate contractual safeguards. We document all data processing and review this regularly. Staff are regularly trained on security and policies and we use strict access controls.
Reviews, Ratings, Promotions And Competitions
To leave a product rating or review you must have purchased that product.
The poster of a product rating or review continues to own all rights to content provided to Healthspan. However, Healthspan reserves the right to use this content royalty-free as part of its marketing and communication programs.
The purpose of reviews is to help people who haven’t brought the product to learn from the experiences of those that have.
For competition purposes we may collect Personal Data. We may use this data for competition administration and to:
- contact you in relation to the competition
- analyse and review competition performance
- marketing communications across various online marketing channels and social media Sites
UPDATES TO THIS NOTICE
Healthspan reserves the right to update this notice in line with current legislation and best practices. If we make changes to this notice, we will notify you by updating it on our Website.
Last amended date: 05/10/2020