We use cookies to make your experience better. To comply with the new e-Privacy directive, we need to ask for your consent to set the cookies. Learn more here.
We take your privacy very seriously.
Bluelab Corporation Limited (Bluelab Corporate, we, us) is committed to protecting your personal information and ensuring compliance with the New Zealand Privacy Act 1993 & 2020 (Privacy Act) (if you are in New Zealand), the European Union’s General Data Protection Regulation (GDPR) (if you are in a Member State of the European Union), and the California Consumer Privacy Act (CCPA) (if you are a California resident).
This Website Privacy & Cookie Policy (Privacy Statement) gives details of the personal information that we collect via the website, App or any other online platform operated by Bluelab from time to time (Site) or when you interact with us.
This Privacy Statement also covers how the information is used, disclosed and processed; the purposes and the lawful basis in which your personal information will be processed by us; how you can request access to or correction of your information, and how you can opt in and out of receiving communications from us.
If you are in the EU or if you are a California resident, then you have additional rights under the applicable privacy laws which are outlined in the ‘GDPR’ and ‘CCPA’ sections of this Privacy Statement.
The Privacy Statement should be read in conjunction with the Terms of Use - Web. Unless defined in this Privacy Statement, all capitalised terms have the same meaning given to it in the Terms of Use – Web.
What is personal information
Personal information means any information relating to an identified or identifiable natural person.
Your informed consent
Please read this Privacy Statement carefully. Based on our Privacy Statement, you can then make an informed decision on whether you wish (and continue) to visit our Site or interact with us.
You can withdraw your consent at any time for any reason after it is given by not visiting our Site, not interacting with us or ‘opting-out’ of your personal information being used for the purposes outlined in this Privacy Statement. This also applies if you no longer agree with our Privacy Statement or do not agree with the changes that we make to our Privacy Statement from time to time. If you withdraw your consent, we will stop collecting your personal information.
For the purpose of:
- The GDPR, the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
- The Privacy Act, your personal information will only be used for the purpose for which it was collected in accordance with this Privacy Policy. If that purpose no longer exists or your personal information is no longer needed for the purpose in which it was collected, then we will no longer use your personal information.
- The CCPA, you may exercise your ‘right to opt-out’ and ‘right to delete’ and request that we stop collecting your personal information and delete the personal information that we hold about you (subject to lawful exceptions).
Data controller
The “data controller” (for the purpose of the GDPR), the “agency “ (for the purpose of the Privacy Act) and the “business” (for the purpose of the CCPA) that is responsible for your information is Bluelab Corporation Limited (NZCN 2352700), based in New Zealand.
You can contact us at any time by clicking Contact Us on our website.
Information that is collected and processed
The table below outlines the 4 general categories of information that we collect for processing and the legal basis on which that information is processed:
Category |
|
Types of personal information collected |
Legal Basis for Processing |
Information you give us You may choose to provide us with personal information when you communicate with us. |
Example: when you make Product requests or queries, when you order our Products online, or when you opt-in to receive our marketing and promotional materials. |
· Contact details (name, postal address, email, phone number) · Your Product preferences · Your account information · Your payment information · Any other information you choose to give us |
We collect and process this information based on our legitimate interest to respond to your requests or queries, to provide you with a high level of customer service, to market and promote our Products to you, and to fulfil our contractual obligations to you. |
Information that is necessary for your use our Site We ask for and collect personal information when you use our Site. |
Example: when you register your Product online, when you submit Product returns or when you submit a request to us. |
· Your Product preferences · Your Product purchase history · Your account history · Any additional information we request and that you provide in connection with the operation of our business and performance of our Services to you
|
We collect and process this information based on our legitimate interest to respond to your requests or queries, to provide you with a high level of customer service, and to fulfil our contractual obligations to you. Without the information, we may not be able to provide you with the requested Services. |
Information we automatically collect from your use of our Site When you use the Site, we automatically collect personal information about the Services you use and how you use them. |
Example: when you use certain features within our Site, when you visit or when you browse the content on our Site, when you accept our ‘Cookies’ (see ‘How we use cookies’ below). |
· Your geo-location through your IP address or mobile device’s GPS · Your user information (content, webpages, other actions performed on our Site) · Your payment and transaction history |
We collect and process this information based on our legitimate interest in ensuring a positive user experience, performance of our contract with you, to provide and improve the functionalities of our Site. |
Information we collect from third parties We may collect information that others provide about you when they use the Site or obtain information from other sources (including our third party service providers) and combine that information we collect through our Site |
Example: when you link, connect or login to our Site from a third party service (eg Google, Facebook etc), and when other parties provide us with information, including data to help improve user experience and to detect fraud and Site security issues. |
· Your Product and Service preferences · Your profile information from third party sites · Your user information from third party sites · Other information from publicly available sources |
We collect and process this information based on legitimate interest in ensuring a positive user experience, ensuring the security of our Site and the safety of our customers and, where necessary, to communicate with you. |
In addition to those that are outlined in the table, we will also collect and process information where you give us your informed consent.
How the information is used and disclosed
With your consent, we will collect, use and disclose your personal information for the following purposes:
- to provide you with our Services and Products, including to:
- identify and verify your identity;
- communicate with you, such as sending you promotional emails about new Services, special offers, promotions or information about our Services and Products;
- update, secure, and troubleshoot our Products and Services as well as providing support;
- share information, when it is required to provide the Service or carry out the transactions you request;
- improve and develop our Services and Products;
- personalise our Products and Services and make recommendations to you;
- respond to your queries regarding the Site, our Services or Products;
- provide you with a positive user experience when you visit our Site or use our Services or Products;
- to bill you and to collect money that you owe us, including authorising and processing credit card transactions or undertaking credit checks (if necessary);
- develop new Services, Products, features and/or content; and
- keep you updated on things that are happening at Bluelab;
- to run and maintain our Site, Services and Products, such as ensuring our Site and network system are secure;
- for our internal record keeping purposes;
- to allow for the operation of our legitimate business activities and functions which includes analysing our performance, developing our workforce and undertaking research;
- the sale of all or substantially all of Bluelab’s business (whether by assets or shares);
- to comply with our legal obligations; and
- for any other purposes you consent to.
From time to time, we may disclose your personal information to third party service providers, in both New Zealand and overseas, whom we engage to assist us in our business functions and activities (for example providing customer services, sending marketing communications, and providing maintenance services for our Site). We will require our third party service providers to comply with the terms of this Privacy Statement and the applicable privacy laws of the country in which they are located.
In some cases, we may remove personal identifiers from your personal information and maintain it in an aggregate form. We may combine this information with other information that we hold to produce anonymous, aggregated statistical information (e.g. number of visitors, originating domain name of the internet service provider), which is helpful to us in improving our Products and Services. Once your personal information is anonymised, it may no longer be capable of identifying, or being re-linked, to you.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse information about web page traffic and improve our Site to tailor it to customer needs. We only use this information for statistical analysis purposes and then the information is removed from the system when it’s no longer required for the purpose.
Overall, cookies help us provide you with a better Site and user experience by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the information you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
If you decline cookies, this may prevent you from taking full advantage of functionality and Services available on our Site.
List of cookies we collect
The table below lists the cookies we collect and what information they store.
Cookie Name |
Cookie Description |
FORM_KEY |
Stores randomly generated key used to prevent forged requests. |
PHPSESSID |
Your session ID on the server. |
GUEST-VIEW |
Allows guests to view and edit their orders. |
PERSISTENT_SHOPPING_CART |
A link to information about your cart and viewing history, if you have asked for this. |
STF |
Information on Products you have emailed to friends. |
STORE |
The store view or language you have selected. |
USER_ALLOWED_SAVE_COOKIE |
Indicates whether a customer allowed to use cookies. |
MAGE-CACHE-SESSID |
Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-STORAGE |
Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-STORAGE-SECTION-INVALIDATION |
Facilitates caching of content on the browser to make pages load faster. |
MAGE-CACHE-TIMEOUT |
Facilitates caching of content on the browser to make pages load faster. |
SECTION-DATA-IDS |
Facilitates caching of content on the browser to make pages load faster. |
PRIVATE_CONTENT_VERSION |
Facilitates caching of content on the browser to make pages load faster. |
X-MAGENTO-VARY |
Facilitates caching of content on the server to make pages load faster. |
MAGE-TRANSLATION-FILE-VERSION |
Facilitates translation of content to other languages. |
MAGE-TRANSLATION-STORAGE |
Facilitates translation of content to other languages. |
Transfer of information to other countries
In order to provide you with our Products and Services, we may need to disclose and transfer your personal information to third parties located outside New Zealand. We will take reasonable steps to ensure that the overseas recipient is required to protect your personal information in a way that, overall, provides comparable safeguards to those under New Zealand privacy laws. Examples of such steps include a written agreement between us and the recipient, or making reasonable enquiries regarding the data protection standards of the country in which the recipient is domiciled in.
If you are in a Member State of the European Union, your personal information may be transferred to or stored in a geographic region that imposes different privacy obligations than the country you are currently in. We will only transfer your personal information to a “secure third country”, such as New Zealand, or to a third country or international organisation where appropriate safeguards are provided in accordance with the GDPR.
Controlling your personal information
You can choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a form on our Site, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes. If you have selected that option, then you have opted-out of receiving electronic marketing communications from us.
- If you have previously agreed to us using your personal information for direct marketing purposes, you can change your mind at any time by letting us know you no longer wish for your personal information to be used for direct marketing purposes by contacting us using the contact details listed above or unsubscribing from our mailing list by clicking ‘unsubscribe’ at the bottom of our electronic communications.
We will not sell, distribute or lease your personal information to third parties unless we have your consent or we are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting, if you consent to us doing so.
Links to other websites
Our Site may contain links to other websites of interest. However, once you have used these links to leave our Site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting third party websites and such websites are not governed by this Privacy Statement. You should exercise caution and look at the privacy policy applicable to those websites.
How you can request access or correction of your information
If you wish to request correction of your personal information that we hold, please login to our account on our Site to make changes. If you do not have an account with use, then contact us using the contact details listed above.
We will correct your personal information if it is necessary to ensure that your personal information is accurate, up to date, complete and not misleading. If we decide that it is unnecessary to correct your personal information, we will let you know the legal reasons for our decision. If you are not happy with those reasons, then you have the right to complain to the New Zealand Privacy Commissioner: www.privacy.org.nz/your-rights/how-to-complain/.
If you wish to request access to your personal information that we hold, contact us using the contact details listed above. You have the right to request access to personal information that we hold about you. If we do not give you access to the personal information that you have requested, then we will let you know the legal reasons for not disclosing your personal information. If you are not happy with the legal reasons provided, then you have the right to complain to the New Zealand Privacy Commissioner: www.privacy.org.nz/your-rights/how-to-complain/.
Security
We are committed to ensuring that your information is secure. To prevent unauthorised access, use, modification, disclosure, loss or destruction, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information that we collect. We will also take reasonable steps to ensure that our third parties whom we disclose your personal information to also take reasonable steps to protect your personal information in accordance with this Privacy Statement and the applicable privacy laws.
Privacy complaints
If you are in New Zealand and you think that your privacy rights have been breached, you can make a written complaint to our Privacy Officer by email, or otherwise contact the NZ Privacy Commissioner at https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-form/.
GDPR
If you are in a Member State of the European Union, you have the following rights with respect to your personal information:
- Lodging complaints: You have the right to lodge a complaint with a ‘supervisory authority’ established by a Member State under Article 51 of the GDPR.
- Right of rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal information. We may seek to verify the accuracy of the personal information before correcting it.
- Right to restrict processing: You have the right to limit the ways in which we use your personal information, in particular where:
- you contest the accuracy of your personal information;
- the processing is unlawful and you oppose the erasure of your personal information;
- we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or
- you have objected to the processing of your personal information pending the verification by a supervisory authority of whether our legitimate grounds to process override your own.
- Right of access and portability: You have the right to request certain copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider nominated by you (where technically feasible).
- Right to be forgotten: You have the right to obtain from us the erasure of your personal information without undue delay where one of the grounds set out in Article 17(1) of the GDPR apply. Please note that:
- we may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety;
- we may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, auditing and regulatory compliance obligations; and
- because we maintain our Site to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be able to be removed from our backup systems.
CCPA
Under the CCPA, personal information means ‘information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.’
If you are a California resident, you have the following rights with respect to your personal information:
- Right of Access: You have the right to request that we disclose to you the categories of personal information we have collected about you, the categories of sources from which the personal information is collected, the business purpose or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share personal information, and the categories of personal information we have disclosed about you for a business purpose. You also have the right to request that we provide you with a copy of the specific pieces of personal information we have collected about you in the preceding 12 months of your request without any charge to you.
- Right to Deletion: You have the right to request that we delete the personal information we collect from you. However, in certain situations we are not required to delete your personal information, such as when the information is necessary in order to complete the transaction for which the personal information was collected, to provide a Product or Service requested by you, to comply with a legal obligation, to secure our Site or other online Services, or to otherwise use your personal information internally in a lawful manner that is compatible with the context in which you provided the information.
- Right to opt-out: We do not sell personal information to third parties without your consent. We do allow third parties to collect personal information through our Site and share personal information with third parties for the business purposes described in this Privacy Statement. You can at any time opt-out of your personal information being used for direct marketing purposes (including continuing to receive promotional materials from us) by contacting us using the contact details listed above or unsubscribing from our mailing list by clicking ‘unsubscribe’ at the bottom of our communications to you.
- Right Not to Be Subject to Discrimination: We do not discriminate against a customer because the customer exercised any of his or her rights under the CCPA.