Privacy Policy

Your privacy is important to Blackwell and Ruth Limited (“B&R”, “we”, “us”, “our”) so we've developed this Privacy Policy (“Privacy Policy”) that specifies how we collect, use, disclose, transfer, and store personal information that you provide to us. B&R is the controller and responsible for your personal information. ‘Personal information’ is information about an identifiable individual. It does not include data where the identity has been removed (anonymous data).

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions. This Privacy Policy is to be read in conjunction with our Terms of Use. Unless the context otherwise requires, all terms used in this Privacy Policy that are defined in the Terms of Use have meanings given to those terms in the Terms of Use.

Collection of personal information

We may collect personal information from you when you use this Website, which we have grouped together as follows:

• Usage Data includes information about how

• Identity Data includes first name, maiden name, last name, username or similar identifier, title and gender. 

• Contact Data includes billing address, delivery address, email address and telephone numbers. 

• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. 

• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

• Usage Data includes information about how you use this Website and the Services. 

• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

You may decide not to provide your personal information to us. However, if you do not provide it, we may not be able to provide you with access to certain information and the Services.

How we use your personal information

We will not use or disclose your personal information except in accordance with the New Zealand Privacy Act 1993 and the General Data Protection Regulation ((EU) 2016/679) ("GDPR') (where applicable).

We have set out below a description of the ways we plan to use your personal information and which of the legal bases we rely on to do so:

Purpose/ActivityType of personal informationLawful basis for processing including basis of legitimate interestHeader
To register you as a new customer1. Identity; 2. Contact.Performance of a contract with you
To process your order, including:1. Identity; 2. Contact; 3. Financial; 4. Transaction; 5. Marketing and Communications.1. Performance of a contract with you 2. Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, including: 1. Notifying you about changes to our Terms or Privacy Policy; 2. Asking you to leave a review or take a survey; 3. Assisting you if you forget your password.1. Identity; 2. Contact; 3. Profile; 4. Marketing and Communications.1. Performance of a contract with you; 2. Necessary to comply with a legal obligation; 3.Necessary for our legitimate interests (to keep our records updated and to study how customers use our Services).
To enable you to partake in a prize draw, competition or complete a survey1. Identity; 2. Contact; 3. Profile; 4. Usage; 5. Marketing and Communications1. Performance of a contract with you; 2. Necessary for our legitimate uses (to study how customers use our Services, to develop them and grow our business)
To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)1. Identity; 2. Contact; 3. Technical1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation; 2. Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you1. Identity; 2. Contact; 3. Profile; 4. Usage; 5. Marketing and Communications; 6. Technical.Necessary for our legitimate interests (to study how customers use our Services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Website, Services, marketing, customer relationships and experiences1. Technical; 2. Usage.Necessary for our legitimate interests (to define types of customers for our Services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about Services that may be of interest to you1. Identity; 2. Contact; 3. Technical; 4. Usage; 5. Profile; 6. Marketing and CommunicationsNecessary for our legitimate interests (to develop our Services and grow our business)

If you choose to sign up for the optional communications, the personal information we collect allows us to keep you informed regarding TL&CC announcements, updates, and upcoming events. If you change your mind and don't want receive these emails, you can withdraw your consent by clicking ‘unsubscribe’ at the bottom of such emails.

Your personal information will be processed according to this Privacy Policy. Your personal information may be processed in the country in which it was collected and may also be transferred and processed in other countries with laws less stringent than the laws in your country.

You can object to us processing your personal information by contacting our Privacy Officer where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

You can request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:

a) if you want us to establish the information's accuracy;  b) where our use of the information is unlawful but you do not want us to erase it;  c) where you need us to hold the information even if we no long require it as you need it to establish, exercise or defend legal claims;  d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

We will only use or disclose personal information that you have provided to us, or which we have obtained about you:

a) for the above-mentioned purposes or the below-mentioned purposes; b) for any our purpose if we reasonably consider that purpose is compatible with the original purpose; c) for a purpose unrelated to the original purpose, if we have notified you and explained the legal basis which allows us to do so; d) if you have authorized us to do so; e) if we believe that the use or disclosure is reasonably necessary to assist a law enforcement agency or an agency responsible for national security in the performance of their functions; f) if we are required or permitted by law or legal process, litigation, or requests from public and governmental authorities (within or outside your country of residence) to disclose the information; or g) to any relevant third party in the event of a reorganization, merger, or sale of our business.

Disclosure to service providers

B&R shares personal information with companies who provide services such as information processing, delivering Services to you, managing and enhancing customer data (including in the Google Cloud platform), providing customer service, assessing your interest in our Services, developing this Website, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever B&R operates.

Marketing and electronic messages

In addition to essential communications if we send you email communications about our Services it is because we believe you have provided either express consent or because we have inferred your consent for us to send these emails. B&R would like to continue to keep in contact with you. If you change your mind and don't want receive these emails, you can withdraw your consent by clicking ‘unsubscribe’ at the bottom of such emails.

From time to time we may also ask if you would like to receive communications to be kept up to date on information about new services and features, upcoming events and news about TL&CC. Agreeing to accept such communications is optional.

Collection and use of non-personal information

We also collect non-personal information data in a form that does not permit direct association with any specific individual. You agree that we may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it: a) Information such as language, zip code, area code, unique device identifier, location, and the time zone where a Service is used so that we can better understand customer behaviour and improve our Services, and advertising.
b) Information regarding customer activities on our Website. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our Website and Services are of most interest to our customers. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.

If we do combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Cookies and other technologies

The Website, the Services, interactive applications, email messages, and advertisements may use ‘cookies’ and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our Website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

The Website also uses cookies and other technologies to remember personal information when you use our Website, the Services, and applications. Our goal in these cases is to make your experience with the Website more convenient and personal.

You can disable Cookies in your browser if you so wish.

As for most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyze trends, to administer the Website, to learn about user behaviour on the Website, and to gather demographic information about our user base as a whole. We may use this information in our marketing and advertising services.

Personal information about children

While this Website and the Services are not primarily directed at children under the age of 13, personal information about a child may be collected if that child uses the Website or the Services. All personal information collected is used in the way outlined in this Privacy Policy. If we become aware that we have personal information from a child located in the United States of America under the age of 13, we will take all necessary steps to comply with the Children's Online Privacy Protection Act 1998. If we become aware that we have personal information from a child located in the European Union under the age of 16, we will take all necessary steps to comply with the GDPR. We will endeavour to obtain verifiable parental consent before collecting, using or disclosing personal information that we know is from a child. You, as a parent or holder of parental responsibility over the child, may agree to such a collection without agreeing to the personal information being disclosed to third parties. You may also review your child's personal information, request to have it deleted, and refuse any further collection of your child's personal information. Please contact us via email at helloattruthlovecc.com if you have any concerns about your child's personal information on our Services.

Protection of personal information

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. By accepting our Terms of Use you acknowledge that, in spite of the above precautions, B&R cannot eliminate all risks associated with security of your personal information.

Retention of personal information

Upon your request we can remove all personal information on you from our records so long as there is no legal reason preventing us from doing so.

B&R will store and retain your personal information for the period necessary to provide the Services and fulfil the purposes (including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements). B&R may also store and retain your personal information online with Stripe, according to the Stripe terms of service.

Access to and correction of personal information

You may request access to, transfer of, or correction of, any personal information we hold about you by contacting us as follows, or as otherwise notified to you from time to time:

Telephone: +64 (9) 300 9955 Email: hello@truthlovecc.com Post: Attention: Privacy Officer, Blackwell and Ruth Limited, PO Box 37 692, Parnell, Auckland 1151, New Zealand.

Our Privacy Officer is responsible for overseeing questions in relation to this privacy policy and requests to exercise your legal rights in relation to your personal information.

If you request the transfer of your personal information to you or to a third party, we will provide it in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Complaints

If you reside in the European Union, you have the right to lodge a complaint with the supervisory authority in your country if you consider that the processing of your personal information infringes the GDPR. The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to resolve your concerns before you approach your local supervisory authority, so please contact us in the first instance.

Third party websites 

This Website contains hyperlinks to websites operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites collect, store, use, and distribute any personal information you provide. When you visit third party websites from hyperlinks displayed on this Website, we encourage you to review the privacy statements of those websites so that you can understand how the personal information you provide may be collected, stored, used and distributed.

EU-U.S. Privacy shield framework

The Website's hosting provider, Firebase (operated by Google), is certified under the EU-U.S. Privacy Shield Framework. You should contact us if you have any questions or concerns relating to the compliance of this Website with the EU-U.S. Privacy Shield Framework.

Changes to Privacy Policy

We reserve the right, at our discretion, to alter this Privacy Policy at any time. Changes to this Privacy Policy will take effect immediately once they are published on this Website. Please check this Privacy Policy regularly for modifications and updates. If you continue to use this Website or if you provide any personal information after we post changes to this Privacy Policy, this will indicate your acceptance of any such changes.