At Imperial Tobacco New Zealand Limited ("ITNZ") we believe in the importance of an individual's right to keep their personal information safe and secure. We are committed to protecting and maintaining the privacy, accuracy and security of your personal and financial information. We operate in adherence with current New Zealand privacy legislation, including the Privacy Act 1993 (NZ) (the “Act”) and the information privacy principles set out in the Act (“Principles”).
To find out more about the Principles, contact the Office of the Privacy Commissioner on 0800 803 909 or firstname.lastname@example.org, or see their website for more details: www.privacy.org.nz.
1.1 How we collect your information
- We will only collect information relevant to our business relationship with you. The information we collect will include contact details, your date of birth, personal details, IP addresses, financial information, information about your dealings with our company, and other personal information as defined by the Act (“personal information”).
- We will collect personal information directly from you where possible. However, we may also use external sources to collect personal information.
- We will not collect certain personal information about you, such as such as information relating to your health.
- If the information that we request from you is not provided, we may not be able to promote products to you and you may not be able to use our websites or create an account with us.
1.2 How we use your information
We will limit the use of your personal information to:
- Promoting products and services to you.
- Carrying out our business, which includes marketing, sales, distribution and all activities that relate to this.
- Fulfilling our legal requirements (for example, disclosure to law enforcement agencies or the courts).
- Using your information to promote products and services that we believe meet your needs.
However, you can notify us at any time if you do not wish to receive these offers by requesting to opt out or by contacting our Privacy Officer by emailing email@example.com. We will act promptly on any such request.
1.3 Who will use your information?
- We provide your personal information to other select organisations that perform certain functions or operations for us with your consent. These organisations include, but are not limited to, legal representative, accountants, third party providers.
- We bind these companies to the same high standard of care as we do ourselves. They are not permitted to provide your personal information to anyone else. We enforce these requirements through contractual agreements.
- We may share your personal information with Imperial Brands PLC and its subsidiaries, partnerships, associates and joint ventures (“Imperial Brands”)
- We may disclose your information to overseas recipients. If we do disclose your information to an overseas recipient, it will be to Imperial Brands or to another entity in the course of providing our products and services to you. However, such overseas recipients must, in ITNZ’s reasonable opinion, be subject to a law or binding scheme that has the effect of protecting the information in a way that overall is at least substantially similar to the protection afforded by the Principles. Under the Act, should ITNZ disclose your personal information to an overseas recipient and that recipient breaches a Principle, ITNZ will be held accountable for that breach.
1.4 Your information is secure
- We will use up-to-date techniques and processes which meet current industry standards to ensure that your personal information is securely stored, and we take steps to ensure that your personal information is protected from misuse, loss, or unauthorised access or disclosure.
- Only employees of Imperial Brands ITA, ITNZ, and those who perform services on our behalf, and are authorised to handle your information, will have access to your personal information.
- We will not retain any of your information for any longer than is required by us, except to fulfil our legal obligations.
- As a guide, the law generally requires us to retain account information for seven years after an account is closed. However, we may retain some information for shorter or longer periods than this, depending upon any specific legal requirements and the needs of our business.
- We will, with your help, keep your personal information accurate, complete and up to date.
- Before we disclose your information to an overseas recipient we will take reasonable steps to ensure that the overseas recipient will not breach the Principles.
1.5 You have access to your information
- You can access most of the personal information we hold about you and request corrections in the event that you believe the information we hold about you is incorrect.
- This right is subject to some exceptions. For example, you may not obtain access to information relating to existing or anticipated legal proceedings.
- You can request access to your information by visiting any of our branches or contacting the Privacy Officer on firstname.lastname@example.org. This service is free unless the information you request requires significant research or preparation time. Before we act upon requests of this nature, we will tell you how much this service will cost.
- If we refuse access or refuse to make a correction, you may contact our Privacy Officer and ask that they review the decision.
1.6 What to do if you think we've made an error?
- ITNZ is committed to the protection of your privacy, and our policies, processes and systems have been developed with this intention. We have developed strict guidelines in order to be better placed to protect your personal information.
- However, sometimes human errors do occur. If you think we have not lived up to our commitment, we invite you to contact our Privacy Officer by emailing email@example.com.
- Our objective is to respond to any complaint within five working days and to take all reasonable action to correct the error.
- In the event of a data breach, we have systems and processes in place which are designed to mitigate the impact of the breach. If we determine that the breach could result in serious consequences for the owner of that information, we will take steps to advise the owner of the information of the breach as soon as possible to assist in the mitigation of risk. We may also, at our discretion, notify the Office of the Privacy Commissioner.
- For more information about our commitment to securing your personal information, contact our Privacy Officer by emailing firstname.lastname@example.org.
1.7 Things you should know
- Information is current as at November 2017 and is subject to change.
- This policy incorporates the relevant provisions of the Act and the Principles.