This Privacy Policy sets out how we Cosmo Consumer Brands Limited, Mavala store and use information about you when you use or interact with our websites, www.cosmobrands.co.nz and www.mavala.co.nz and where we otherwise obtain or collect information about you. This Privacy Policy is effective from 15th March 2019.

This section summarises how we obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full sections of this Privacy Policy.

• Data controller: Cosmo Consumer Brands Ltd

• How we collect or obtain information about you:

• when you provide it to us (e.g. by contacting us, placing and order on our website and signing up for our email newsletter,

• from your use of our website, using cookies and

• occasionally from third parties.

• Information we collect: name, contact details, payment information e.g. your credit or debit card details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable), VAT number (if applicable), GST number (if applicable).

• How we use your information: for administrative and business purposes (particularly to contact you and process orders you place on our website), to improve our business and website, to fulfil our contractual obligations, to advertise our goods and services, to analyse your use of our website, and in connection with our legal rights and obligations.

• Disclosure of your information to third parties: only to the extent necessary to run our business, to our service providers, to fulfil any orders from you, where required by law or to enforce our legal rights.

• Do we sell your information to third parties (other than in the course of a business sale or purchase or similar event): No Absolutely Not

• How long we retain your information: for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business). For specific retention periods in relation to certain information which we collect from you, please see the main section below entitled How long we retain your information.

• How we secure your information: using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology, only granting access to your information where necessary.

• Use of cookies: we use cookies and similar information-gathering technologies such as web beacons on our website including essential, functional, analytical.

• Use of automated decision making and profiling: we do not use automated decision making and/or profiling on any of our websites.

• Your rights in relation to your information

• to access your information and to receive information about its use

• to have your information corrected and/or completed

• to have your information deleted

• to restrict the use of your information

• to receive your information in a portable format

• to object to the use of your information

• to withdraw your consent to the use of your information

• to complain to a supervisory authority

• Sensitive personal information: we do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Please do not submit sensitive personal information about you to us. For more information, please see the main section below entitled Sensitive Personal Information

NFORMATION WE COLLECT WHEN YOU VISIT OUR WEBSITES

We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and additional uses of your information.

Web server log information

We use a third party server to host our website called Shopify Inc, the privacy policy of which is available here: https://www.shopify.com/legal/privacy. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system. Our server is located in the United States.

Use of website server log information for IT security purposes.

We AND/OR our third party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, We do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.

Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation: we have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.

Legal basis for processing: our and a third party’s legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: we and our third-party hosting provider have a legitimate interest in using your information for the purposes of ensuring network and information security.

Use of website server log information to analyse website use and improve our website. We use the information collected by our website server logs to analyse how our website users interact with our website and its features. For example, we analyse the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser used.

We use the information gathered from the analysis of this information to improve our website. For example, we use the information gathered to change the information, content and structure of our website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our website.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: improving our website for our website users and getting to know our website users’ preferences so our website can better meet their needs and desires.

Cookies and similar technologies

Cookies are data files which are sent from a website to a browser to record information about users for various purposes. We use cookies and similar technologies on our website, including essential, functional, analytical.

You can reject some or all of the cookies we use on or via our website by changing your browser settings but doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org

INFORMATION WE COLLECT WHEN YOU CONTACT US

We collect and use information from individuals who contact us in accordance with this section and the section entitled Disclosure and additional uses of your information.

Email Information

When you send an email to the email address displayed on our website we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email). 

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).

Transfer and storage of your information

We use a third party email provider to store emails you send us. Our third-party email provider is Google. Their privacy policy is available here: https://policies.google.com/privacy

Contact Form

When you contact us using our contact form, we collect name, email address, phone number, web address, company name, IP address. If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not receive your enquiry.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).

Transfer and storage of your information

Messages you send us via our contact form will be stored in the European Economic Area on our third-party hosting OR email provider’s servers in the US. Our third-party email or hosting provider is Google. Their privacy policy is available here: https://policies.google.com/privacy

For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.

We use third party contact form providers to store messages you send us (depending on which store and which category of user you are).