Privacy
We believe in being transparent about what data we collect and how we use it. We believe that our policies and procedures are compliant with current and future NZ Privacy Laws, however, we may update our policy and this page at any time without additional notice being given. If we do update this page, we will update the “Last Update Date” date.
If you have questions (or issues with our site), you may wish to contact us. For our returns policy, please see our Terms & Conditions page.
Last Updated: July 2024
—
Who We Are
Our website address is: https://grail.co.nz
What Personal Data We Collect And Why We Collect It
In general, you can visit our website without providing any personal information. We usually collect information when you contribute or engage in any of the following parts of our website;
Comments / Reviews
When visitors leave comments or reviews we may collect user data e.g. name, email, the visitor’s IP address and browser user agent string to help spam detection. Sometimes we ask for an image / media.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you have consented to us taking your photo – or if you provide us with one or more of you / your group – you are giving us permission to publish those images where we deem most appropriate, for example in our newsletter, social media feeds and / or website.
We will not publish inappropriate images and we will not publish any personally identifiable information except your first name or name of your party / group. – unless you request a credit / link if the media is your own work. Please also ensure that any embedded location data (EXIF GPS) is removed, if you do not wish this to be retained.
You can request images be not used, or taken down at any time. We will retain all editorial control and we will not be able to use any images that require any kind of license / royalty or other financial agreement.
Contact Forms
If you contact us via the contact form on our website, we will collect and store the data you’ve supplied. You may also be prompted to join our newsletter and if you do so, we will also collect and store the information you’ve provided, for marketing purposes where you have elected to allow us to do so.
Newsletter
If you join our newsletter by completing a form, we will collect the information supplied from you and only use it to communicate with you as we have specified. We will not sell or pass on your data. You can unsubscribe at any time via the links found in the footer of any newsletter.
Purchasing
When you wish to purchase products from us, we will ask you to create a customer account on our website so that we may process your order efficiently. We take our customer’s data seriously and have secured this website with an SSL (Secure Sockets Layer) certificate, that encrypts sensitive information transmitted between your computer and our website.
Any information you do provide (for example; your address, phone number, name and email address when creating an account) will never knowingly be sold or passed on by us to any third parties. We hold all data in the strictest of confidence, on a secure server. For additional security, we encrypt any sensitive information such as passwords.
In terms of payments, we do not have access to, nor do we store or retain any of your payment information or Credit Card details, since all of our payments are processed off-site through a encrypted PayPal.
Cookies
If you leave a comment / review on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Embedded Content From Other Websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics & Other Diagnostics
This site utilises multiple analytics and diagnostics services to help us to improve the overall experience for all users. All information is anonymized before storage and processing begins.
Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Objecting To The Collection Of Data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Demographic Data Collection By Google Analytics
This website may use Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
Google ReCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Google Ads
We may choose to use Google Adwords or other Google advertising platforms for advertising our services. These services can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en You may also review Google’s privacy policy here: https://support.google.com/adspolicy/answer/54817?hl=en
COPPA (Children Online Privacy Protection Act)
We do not market to children under the age of 13 years old.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
- We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
- To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honour opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us by using unsubscribe links, or advising us directly
Server Log Files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
Security
We take our customer’s data seriously and have secured this website with SSL (Secure Sockets Layer) technology, that encrypts sensitive information transmitted between your computer and our website servers.
Any information you do provide (for example; your address, phone number, name and email address when creating an account) will never knowingly be sold or passed on by us to any third parties. We hold all data in the strictest of confidence, on a secured server. For additional security, we encrypt some sensitive information such as passwords.
In terms of any online payment system, if one exists on this site, we do not have access to, nor do we store or retain any of your Credit Card details, since all of our payments are processed off-site through a heavily encrypted payment gateway.
We take measures, including data encryption, to protect the transmission of all sensitive end-user information. We make reasonable efforts to ensure the integrity and security of our network and systems. Nevertheless, we cannot guarantee that our security measures will prevent third-party ‘hackers’ from illegally obtaining this information. We take all reasonable measures to prevent such breaches of security, but given the resourcefulness of cyber-criminals we are unable to guarantee that our security is 100% breach-proof. You assume the risk of such breaches to the extent that they occur despite our reasonable security measures
Who We Share Your Data With
We do not knowingly share your data with any unauthorised third party.
We may share your data across our team members (and this includes our trusted third party service providers) purely to provide the product(s) and / or service(s) you have requested, or to provide the best experience for you on the site.
Members of our team may have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and;
- Customer information like your name, email address, and billing and shipping information;
- Submitted form information and comments.
Our team members have access to this information to help fulfil orders, process refunds and support you.
How Long We Retain Your Data
Data is retained indefinitely. This is so we can provide the appropriate services.
Where We Send Your Data
If you join up to our newsletter or contact us, some of your information (e.g. name, email, location etc) will be transferred to our Newsletter Provider.
Data is typically sent / received / transmitted and stored “in the cloud” through e.g. our webhosting provider, cloud email / data providers (Google, Microsoft etc) and any other related 3rd party service provider(s) that we (or our trusted partners) have contracted with to supply services that enable us to run our business, perform our services, or deliver products and services to you that you’ve requested.. Such providers may be located in New Zealand, Australia, UK , USA – or elsewhere. In this regard, we expect and understand that such providers perform their duties securely, safely and in a manner that complies with the current and future NZ Privacy Laws.
Confidentiality
We will keep all of your personal information secure and confidential to the best of our abilities.
Your Choices
If you are an existing customer, you can close your account, subject to additional terms that may apply concerning the access and processing of your data.
When you wish to purchase products from us, we will ask you to create a customer account on our website so that we may process your order efficiently. We take our customer’s data seriously and have secured this website with an SSL (Secure Sockets Layer) certificate, that encrypts sensitive information transmitted between your computer and our website.
If any information we hold about you is incorrect, please contact us to request that it be updated.
If you decide not to provide us with your personal information, we may not be able to provide products and or services to you via the website and you will need to communicate with us via other means.
If at any time, you wish to be removed from our newsletter or public areas of our site, you may request that and we will respect your wishes.
You also have the right to request a copy of the information we have on record for you. You may also request that data be deleted.
Any information you do provide (for example; your address, phone number, name and email address when creating an account) will never knowingly be sold or passed on by us to any third parties. We hold all data in the strictest of confidence, on a secure server. For additional security, we encrypt any sensitive information such as passwords.
In terms of payments, we do not have access to, nor do we store or retain any of your payment information or Credit Card details, since all of our payments are processed off-site through a heavily encrypted PayPal.