PRIVACY POLICY
Purpose and Scope
This privacy policy is for customers of Craggy Range Vineyards Ltd (‘we’ or ‘us’) and explains how we collect, store, use, and disclose any personal information that is provided to us when using our website. We may also collect, use and disclose information to the extent applicable law does not prohibit it.
Where local legislation, regulations, or governing authorities differ in the application and or interpretation of privacy requirements, those rulings shall supersede those set out in this policy. Craggy Range will update this policy when our information handling practices change, or when required. Any revised policy will take effect when it is published on our website.
Privacy obligations relating to staff are addressed separately within Craggy Range’s internal policies.
INFORMATION WE COLLECT
Personal Information
The information collected by Craggy Range will depend on the products, services, or information you ask us to provide to you, and the nature of the dealings you have with us. This will include (but is not limited to) information to confirm your identity, date of birth, and contact details such as your physical address, mailing address, email, and contact phone numbers. In establishing a customer relationship additional information related to bank accounts, credit information and reference checks will often be requested.
By providing Craggy Range with your personal information, you consent to us using and disclosing it for the purposes set out in this policy.
Automated Collection
When you visit, navigate through and interact with this website, we use automated data collection technology (such as usage monitoring software, cookies, and sessions) to collect and store certain information about your visit. Please see the Cookie use statement below for more information on the types of such technology that we use and the purposes we use them for. If you disable cookies it may limit your access to some of the website’s content and features. You can choose to refuse cookies by turning them off in your browser and/or deleting them from your hard drive. You do not need to have cookies turned on to use our website, but your experience may be affected.
Advertising services providers by partners
We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, and better understand the visitors to our website we work with partners who provide us advertising services. We collect information via our advertising service providers to help us understand how users interact with our services, to serve advertisements on our behalf across the internet, and measure the performance of these advertisements. Please see the Cookie use statement below for more information on which partners we use and to learn more about your privacy choices.
Social media and APIs
Our website includes social media features such as the Facebook ‘like’ button, Twitter, Google+, and widgets, such as the share button or interactive mini-programs that run on our site. These features may collect your IP address, which pages you visit on our site, and how long for. If you’re a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other personal information. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the third party providing it and to the maximum extent permitted by law, we are not responsible for the actions of those third parties.
We may provide an application programming interface (API) to enable third-party applications to interface with our websites. Some applications enable you to interact with us through the API in a way that requires you to log in. To do this, most of these applications will direct you through a process where you are able to let the application connect to your account.
If you allow an application to connect to your account on our websites, including if you set up your account on our website using an API with a third party social media platform, that application will be able to access information that you can see when you are logged into our websites. You should only allow applications you trust to access your account on our websites.
If you set up your account on our websites using an API with a third-party social media platform, you also consent to us obtaining and using your information from such platform.
How your information is used
We may use your personal information for any purpose which is stated to you at the time of collection or that you otherwise authorize and to:
Send you newsletters
Communicate with you for general contact or feedback inquiries.
Analyze usage of this website;
Carry out marketing, promotional, and publicity purposes including direct marketing, market research, and surveys;
To show you advertising and information that is most relevant to you and your interests; and
Improve the content of this website and customize this website to your preferences.
We will not sell, rent, or lease your personal information to third parties. Your personal information will be made available internally for the above purposes and we may also disclose your personal information to trusted third parties or subcontractors, who have agreed to treat your personal information in accordance with this privacy policy, for similar purposes. Because we operate internationally, the recipients referred to above may be located outside the jurisdiction in which you are located. Your personal information may be transferred to, stored, and processed in New Zealand and other countries that are regarded as ensuring an adequate level of protection for personal information.
Cookies and how we use them
We (and authorized third parties) may use cookies and tools, such as web beacons and web server logs, to collect, store and monitor visitor traffic information and actions on our website. Cookies are small data files that are placed on your computer that allow our websites to “remember you” when you return to our websites. These cookies and tools are not used to record any personal information. They do record IP addresses which combined with other data may be considered personal information. Third-party services may have their own privacy policies. We store your cookie information for three months.
The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website, and the next website visited. We may use and combine this information to maintain, secure, and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services, and advertising and understand the effectiveness of our marketing and advertising.
If you want to prevent cookies from being used, you can change your browser settings to disable cookies. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.
How we store and secure personal information
We keep your hard-copy or electronic records on our secured premises and systems or offsite using trusted third parties. Our security safeguards include:
Staff education: we train and regularly remind our staff of their obligations with regard to your information.
Taking precautions with overseas transfers and third parties: when we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place.
System security: when you transact with us on the internet via our website or mobile apps we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems, and virus scanning tools to protect against unauthorized persons and viruses accessing our systems. We limit access by requiring the use of passwords.
Destroying data when no longer required: where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
Credit Card Information: where credit card information is required, our processes for recording, managing, and using credit card details are designed in alignment with global PCI Security Standards.
The purposes we collect, store, use, and disclose personal information
We collect, use, disclose, store and retain your personal information so that we can carry out our business activities and functions and provide you with our services. The type of information about you that we will collect, use, disclose, store and retain will depend on our relationship with you, the types of products or services you request from us, and our legal obligations.
The purposes for which we collect, store, use, and disclose personal and credit-related information is so that we can:
Establish your identity and assess applications for products and services;
Provide products and services to you;
Send information and communications requested by you;
Manage our relationship with you;
Manage our risks and help identify and investigate illegal activity, such as fraud;
Conduct and improve our businesses and improve customer experience;
To update our records and ensure contact details are up to date; and/or
Comply with our legal obligations and assist government and law enforcement agencies or regulators where required.
Access and correction of personal information
If you wish to seek access to the personal information we may hold about you, please contact our Privacy Officer at privacy@craggyrange.com. Where we hold information that you are entitled to access, we will try to provide you with a suitable and secure means of accessing it such as via direct email or courier.
Where you are not entitled to access personal information under the Privacy Act, for example, if it would breach or have the potential to breach another individual’s privacy rights, we will provide a reason for the refusal.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Depending on the nature of the changes requested, we may ask for further confirmation of identity and/or that the request is submitted in writing for audit and compliance purposes.
Copyright
Copyright for all material hosted within the Website is owned by Craggy Range Vineyards Ltd. unless otherwise indicated. The copyright for material pulled from external platforms is as per specific copyright notices on said platforms.
You may download, store, display, print and reproduce this material in unaltered form only for your personal, non-commercial use or use within your organization so long as you give appropriate acknowledgment to the copyright owner.
Apart from any use as permitted under the Copyright Act 1994 (NZ), all other rights are reserved.
Requests for further authorization should be directed to marketing@craggyrange.com.
Complaints process
If you believe that we have breached, or potentially breached our privacy obligations, please contact the Privacy Officer on privacy@craggyrange.com in the first instance. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.
We’ll do our best to help you, but if we can’t, then you have the right to make a complaint to your local data protection authority about the way we’ve managed your information. You can ask us for help to determine which authority is the right one to contact. In New Zealand, the authority is the Office of the New Zealand Privacy Commissioner who can be contacted by:
Completing an online complaint form at privacy.org.nz; or
Writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.
Disclosure to third parties
We may disclose your personal or credit-related information with third parties where this is permitted by law or for any of the purposes mentioned above.
Third parties include:
Parties to whom we outsource certain functions (e.g. financial institutions).
Auditors, compliance regulators, government agencies, and departments.
Any other third party with your prior authorization for such disclosure.