Privacy Policy

We take your privacy extremely seriously and take all reasonable measures to comply with both the Privacy Act of 1993 and the Unsolicited Electronic Messages Act of 2007. By visiting our site and/or purchasing something from us, you agree to the following Privacy Policy.

Take note that we never forward or on-sell any of your personal data or email addresses.  Please read our Privacy Policy to understand what personal data we collect, how we obtain it and why; it also explains the specific ways we use and disclose that information.

 

Who we are

When we use the term ‘we’, ‘us’ or ‘our’, we are referring to Date in a Box Limited trading as Dandelion Date in a Box, which is a limited liability company registered under the New Zealand Companies Office. We sell and distribute date night boxes, gift boxes and other gifts throughout New Zealand.

When we use the term ‘visitor’ or ‘you’ we are referring to the person that is using or that is a registered customer on our website. Our website address is https://dateinabox.co.nz.

‘Personal Data’ or ‘Personal Information’ are referring to any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, gender or other demographic information.

 

What personal data we collect, why we collect it and how we use your personal data

While visiting our site, we’ll track

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • We’ll also use cookies to keep track of cart contents while you’re browsing our site. Read more about cookies and what their purpose are below.

Order Information

If you have made a purchase from this website, then your information (not including any financial details) are stored in our database in order for us to fulfil your order(s). We can also refer back to your email and/or delivery details to track any orders you have inquiries about.

 

No financial information is stored or used by us, as all financial transactions are made within the following payment platforms. Please refer to the varies payment providers privacy policies.

Card Payments: We use Stripe – external link, which handles 28% of online transactions in the world.

LayBuy: Laybuy – external link lets you receive your online purchase now and spread the total cost over 6 weekly automatic payments. Interest-Free. Late fees may be charged for missed payments.

PayPal: Pay from your bank account, debit card, or any credit cards linked to your PayPal account. Read the legalities here – external link.

 

If we have trouble processing an order, we will use your contact information to contact you.

Your data, as mentioned below, is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted, so that is only readable by the selected payment platforms system.

Your data which is collected and encrypted when making a transaction is as follows:

  • personal data (billing and shipping details which include your name, delivery address, telephone number, email address and order notes)
  • order notes request for you to indicate the names of the couple the purchase is for – we use this information solely to personalise your purchase
  • upon providing your email address there is a checkbox where you can choose to opt-in for our newsletters, if you do so, the email newsletter section of this Privacy Policy also applies to you
  • login data (username and password)
  • how you wish to pay

We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders. All information provided by you is only used to ensure the best possible shopping experience. All information is strictly confidential. Your personal information will not be shared, on-sold, or modified in any way without your consent.

 

Post Comments

When visitors leave comments on this website, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. Please read the Gravatar service privacy policy – external link for more information on how the service protects your data. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Visitor comments are checked through an automated spam detection service called CleanTalk. To review their privacy policy, please visit their website – external link.

 

Media

If you upload images to this website, while commenting, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

 

Contact Forms

When contacting us through the contact portal on this website your personal data provided, which include your name, email address and any other information you provide to us, will not be stored by this website or passed to/be processed by any of the third party data processors. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet.

The email content is then decrypted by our local computer and mobile device. Our email portal (Zoho) takes different steps to ensure the safety of our (and in turn your data sent via email). These include physical security practices (24x7x365 security, video monitoring, biometric access, bullet-resistant walls, etc.), network security (encryption and intrusion detection & prevention), people, processes, and redundancy & business continuity. Zoho participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. You can review their complete privacy policy here – external link.

 

Email Newsletters

We use MailChimp for our marketing automation platform. By joining our mailing list, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy – external link and Terms – external link.

Joining our mailing list is optional and if you have signed up to our mailing list and would like to unsubscribe, simply email us with “Unsubscribe” in the subject area, and you will be removed immediately, along with your data on MailChimp’s database. Alternatively, all emails sent via MailChimp also have an unsubscribe link in the footer.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

We do not forward or on-sell the email addresses on our mailing lists to anyone.

 

Cookies

Cookies are pieces of information which a website transfers to your computers hard disk for record-keeping purposes. This can make a website more useful by personalising information for visitors and by storing information about your preferences on our site. The use of cookies is an industry standard, and many major websites use them to provide useful features for their customers.

If you leave a comment on our site, you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Most browsers are initially set up to accept cookies. If you prefer, you can set your browser to reject cookies. However, you will not be able to take full advantage of our website if you do so.

 

Links To Other Websites

Sections of this website may include links to other websites that are not operated by us. These links will always be indicated by an ‘- external link’ wording after the word containing the link. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. Date in a Box Limited has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third party sites or services.

 

Social Media Platforms And Widgets

Our website includes social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our website, and they may set a cookie to make sure the feature functions properly.

Social media features and widgets are either hosted by a third party or hosted directly on our website. We also maintain presences on social media platforms including Facebook and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

 

About This Website’s Server

This website is hosted through FastComet- external link which has data centres in the United States, Europe and Asia. The website host’s platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States, and therefore adheres to the Privacy Shield Principles.

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

 

Analytics – Site Visitation Tracking

Our website uses Google Analytics and their Monster Insights plugin, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy– external link and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google– external link.

 

How We Store Your Personal Data

As detailed in Order Information and Post Comments above, if you submit an order, register on this website or comment to a blog post published on this website some personal data will be stored in this website’s database.

When placing an order your information is sent to GoSweetSpot which is our shipping providers’ database which runs on secure servers that has SSL Certificates issued by leading certificate authorities, and all data transferred between us and them is encrypted. To review their privacy policy please visit their website – external link.

When you opt-in for our newsletter your name and email address is stored on our computer database along with MailChimp’s database as mentioned in the Email Newsletters above. Our computer database is secured under two-factor authentication measures and MailChimp is compliant with GDPR.

 

How Long We Retain Your Personal Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

Contact Form entries along with analytic records are kept for one year.
Customer Purchase records are kept for ten years.
Email Addresses are kept for newsletter purposes until you opt-out.

 

Who on our team has access to your personal data

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfil orders, process refunds and support you.

 

Our Third Party Data Processors

We use a number of third parties who process personal data for our business to run fluently. These third parties have been carefully chosen and all of them are GDPR compliant.

 

Payment platforms we use – all of them are GDPR compliant.

 

Sharing Information

We do not on-sell any of your personal data or email addresses.

Legal Requests: We may disclose your personal data if we are required by law to do so or if you violate our Terms and Conditions.

Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Date in a Box Limited goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.

With Your Consent: We may share and disclose personal data with your consent or at your direction.

 

Information Shared Publicly

Information that you choose to make public when commenting on blog posts is – you guessed it – disclosed publicly.

 

How We Protect Your Personal Data

We work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our website and hardware for potential vulnerabilities and attacks.

 

What Data Breach Procedures We Have In Place

If a security breach causes an unauthorised intrusion into our system or the database(s) of any of our third-party data processors that materially affects you, then Date in a Box Limited will notify you and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. We will also report the action we took as soon as possible.

 

Legal Bases For Collecting And Using Information

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

  • The use is necessary in order to fulfil your order under our Terms and Conditions
  • The use is necessary for compliance with a legal obligation under the Consumers Protection Act; or
  • You have given us your consent – for example, opting-in to receive newsletters about promotions or new products that we release

 

What Rights You Have Over Your Personal Data

If you have an account on this site or have left comments, you can request to receive a copy of any personal data we hold about you. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

EU Citizens Under The GDPR, You Have:

  • the right to request access to, deletion of or correction of, your personal data held by us
  • the right to restrict processing
  • be informed of what data processing is taking place
  • the right to data portability
  • the right to object to the processing of your personal data
  • rights with respect to automated decision-making and profiling
  • the right to complain to a supervisory authority

 

Changes To This Privacy Policy

We reserve the right to update this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on this website. When any updates are made to this Privacy Policy you will be required to accept the Privacy Police again when visiting this site for the first time after any changes have been made. We encourage you to review this Privacy Policy after updates have been made to stay informed of changes that may affect you, as your continued use of the website signifies your continuing consent to be bound by this Privacy Policy.

 

Contact Us

If you have any privacy-specific concerns, or if you want to update, delete, or change any personal information we hold, please contact us at the following email address: dandelion{at}dateinabox.co.nz.

 

Updated May 24, 2018