Privacy Policy

 

INTRODUCTION

Autogrow, a brand of Bluelab, complies with the New Zealand Privacy Act 1993 (the Act) and the General Data Protection Regulation of the European Union (GDPR) when dealing with personal information.  Personal information is information about an identifiable individual (a natural person).

If you are based in the European Union (EU) and use our website and related services, the additional terms in the GDPR addendum to this privacy policy (Addendum) applies to you.

This policy does not limit or exclude any of your rights under the Act.  If you wish to seek further information on the Act, see www.privacy.org.nz.  For further information on the GDPR, see https://ec.europa.eu/info/law/law-topic/data-protection_en. This privacy policy was drafted with brevity and clarity in mind.  It does not provide exhaustive detail of all aspects of our collection and use of personal information.  However, we are happy to provide any additional information or explanation needed.  Any request for further information should be sent to marketing@autogrow.com.

 

OUR OVERRIDING DATA PRINCIPLE

We are committed to respecting and protecting your privacy.

All data related to an Autogrow resellers’ business or an Autogrow customer’s business is owned by the relevant reseller or the customer respectively – it is not Autogrow’s.

Autogrow separates data into two categories - Account and Marketing Data and Agricultural Data.

  • Account and Marketing Data is personal information that can identify individuals and is the principal subject of this Privacy Policy. Account and Marketing Data includes data we collect from visitors to our website, our resellers and customers and other persons with whom we deal with directly.

  • Agricultural Data relates to the data collected, stored and processed by Autogrow as to the operation of our customers’ businesses and may include data from devices that monitor and manage our customers’ operations and the location and the size of those operations. Agricultural Data is used by Autogrow to:

    • support the operations of our customers’ businesses

    • assist Autogrow in the development of its products and services, and

    • include data on an anonymised and aggregated basis into Autogrow’s services.

WHEN DOES THIS PRIVACY POLICY APPLY

This privacy policy applies to Account and Marketing Data.

For the purposes of the GDPR, to the extent Agricultural Data includes personal information, our customers are the data controller when storing or otherwise processing that information and we are the data processor.  Our customers determine what and how they collect, use, disclose and transfer Agricultural Data.  This means our customers’ collection and use of personal information included in Agricultural Data is governed by their privacy policy and practices, not ours.

We only process Agricultural Data as authorised by our customers.  Unless required otherwise under applicable law, if we receive any request or enquiry relating to Agricultural Data, we will forward this request to our relevant customer.

The remainder of this privacy policy does not apply to Agricultural Data.

 

CHANGES TO THIS POLICY

We may change this policy by uploading a revised policy onto the website.  The change will apply from the date that we upload the revised policy. 

This policy was last updated on 11 July 2022.

 

WHAT PERSONAL INFORMATION DO WE COLLECT

Directly from you

We collect the following information directly from you:

  • profile data – e.g. your name, address, phone number, email address, date of birth etc

  • enquiry data – e.g. information contained in any enquiry you submit to us regarding our goods or services, call us, meet us in person or otherwise contact us

  • account data - e.g. your name and email address

  • service data – e.g. information collected in the course of the use of our services

  • transaction data – e.g. your purchase history and other information relating to transactions made through the website. If you provide your credit card information to us over the phone, we only collect that credit card information where you have freely provided it to process a one-off transaction and once it is complete, we shred any such credit card information.  If we send you a link to provide your credit card information, in this situation we use a third party service provider to process credit card transactions and we do not have access to your credit card information.  The name of this third party provider will generally be displayed when you are requested to enter your credit card information.  You can see further information about how they process your credit card information in their privacy policy.

  • notification data – e.g. information you provide to us for the purposes of subscribing to our notifications or newsletters.

Some personal information that we collect directly from you may be mandatory and some may be optional.  We will let you know which of these applies at the time we collect the relevant personal information.  While you do not have to provide us with some information we may request, this might mean that our products and services may not perform as well as they should, or that we may not be able to provide some parts of the website or all of our products or services to you.  If you require further information about the consequences of not providing us with any information, please contact us at marketing@autogrow.com.

Automatically when you use our website

When you access and use our website and related services, we may automatically collect information about your device and usage of our website and services, including your IP address, operating system and browser type (Device and Usage Data).  Some of this Device and Usage Data is collected through third party tools and/or the use of cookies, web beacons and similar storage technologies.

From third party sources

Where possible, we collect personal information from you directly.  However, sometimes we may collect personal information about you:

  • from our third party business partners

  • that is publicly available (e.g. through Facebook profiles or public directories)

  • from third parties where you have authorised this.

We may combine the personal information about you that we receive from third parties with the personal information we collect from you directly or with Device and Usage Data.

 

HOW WE USE YOUR PERSONAL INFORMATION

We may use your personal information as follows:

  • we use profile data and usage data to verify your identity

  • we use profile data to provide services and products to you

  • we use account data, enquiry data and notification data to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose) that you may choose (or “opt in”) to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in those emails.

  • we use service data to improve the services and products that we provide to you

  • we use profile data to undertake credit checks of you (if necessary)

  • we use profile data to bill you and to collect money that you owe us, including authorising and processing credit card transactions

  • we use account data and service data to respond to communications from you, including a complaint

  • we use account data and service data to conduct research and statistical analysis (on an anonymised basis)

We may also use personal information to:

  • protect and/or enforce our legal rights and interests, including defending any claim

  • respond to lawful requests by public authorities, including to meet law enforcement requirements, and

  • for any other purpose authorised by you, the Act or other applicable law.

We may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.

 

DISCLOSING YOUR PERSONAL INFORMATION

We may disclose your personal information to:

  • another company within our group

  • any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products

  • a person who can require us to supply your personal information (e.g. a law enforcement agency or a regulatory authority)

  • professional advisers e.g. accountants, lawyers or auditors

  • any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition

  • any other person with your consent

  • any other person authorised by applicable law.

We may also share information about your use of our website with our trusted analytics partners through the use of cookies, web beacons, and similar storage technologies.  Please refer to our cookie policy below for further information.

A business that supports our services and products may be located outside New Zealand (the country where we are incorporated) and also outside of the country where you are located.  This may mean the personal information that we collect may be transferred to, and stored in, a country outside New Zealand and the country where you are located.  Please see the GDPR Addendum for further information about personal data transfers from the EU.

 

PROTECTING YOUR PERSONAL INFORMATION

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.  We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal information.

You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services.  You should not disclose your password to third parties.  Please notify us immediately if there is any unauthorised use of your account or any other breach of security.

 

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

Subject to certain grounds for refusal under applicable law, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.  If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, email us at marketing@autogrow.com.  Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).

Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

 

OTHER RIGHTS

In addition to the rights to access and correct your personal information, if you are based in the European Economic Area, you have the additional rights set out in the GDPR Addendum.

 

INTERNET USE

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our website to another website, the owner of that website will have its own privacy policy relating to your personal information.  We suggest you review that website’s privacy policy before you provide personal information.

 

CONTACT US

If you have any question about this privacy policy, our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us here: marketing@autogrow.com.

 

 

GDPR addendum

If you are based in the European Union (EU) and use our website and/or our services, these additional terms (GDPR Addendum) form part of our privacy policy.

The General Data Protection Regulation (GDPR) regulates the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR).  The personal information described in our privacy policy is personal data under the GDPR.  We are committed to complying with the GDPR when dealing with personal data of our website visitors and service users based in the EU.

 

LAWFUL BASIS FOR PROCESSESING PERSONAL DATA

The personal data we may process consists of the personal information described in our privacy policy.  This personal data may be processed for the purposes outlined in our privacy policy. 

Generally, we collect personal information from you where we have your consent , where that processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).

Where we process personal information based on your consent, you may withdraw your consent at any time.

Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.

If you have any question about the legal basis on which we process personal information or need further information, please contact us here: marketing@autogrow.com.

 

YOUR RIGHTS UNDER THE GDPR

Your rights in relation to your personal data include:

  • right of access - if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.

  • right to rectification - if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal data is rectified.  If we have shared your personal data with any third party, we will tell them about the rectification where possible.

  • right to erasure - where your personal data is no longer needed for the purposes for which you provided it, we delete your personal data when it.  You may request that we delete your personal data and we will do so if deletion does not contravene any applicable law.  If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your personal data.

  • right to withdraw consent - if the basis of our processing of your personal data is consent, you can withdraw that consent at any time.

  • right to restrict processing - you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with any third party, we will tell them about this request where possible.

  • right to object to processing - you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.

  • rights related to autonomous decision-making, including profiling – you have a right to not be subject to a decision based solely on automated processing, including processing, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent. We do not conduct automated decision-making or profiling.

  • right to data portability - you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller.  Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.

  • the right to complain to a supervisory authority - you can report any concerns you have about our privacy practices to your local data protection supervisory authority.

Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.

If you would like to exercise any of your above rights, please contact us at marketing@autogrow.com.  If you are not satisfied by the way your query is dealt with by us, you may refer your query to your local data protection supervisory authority.

 

CHILDREN

We do not intend to collect personal data from children aged under 16.  If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please contact us at marketing@autogrow.com.

 

 

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your personal data we collect may be transferred, and stored, outside the European Economic Area (EEA).  Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection.  In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.

Where we transfer personal information outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA personal data, or to a third party where approved transfer mechanisms are in place to protect your personal data (e.g. to organisations in the United States under the EU-U.S. Privacy Shield framework or by entering into the European Commission’s Standard Contractual Clauses.  For further information, please contact us at marketing@autogrow.com.

Some of the personal data we collect is processed in New Zealand (where our registered office is located).  New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision in transferring personal data to New Zealand.

 

DATA RETENTION POLICY

Personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer. 

 

CONTACTING US

You can contact us as at marketing@autogrow.com.

 

 

 

Cookie policy

INTRODUCTION

We use cookies on our website and receive information collected through cookies.  This cookie policy explains how we use cookies and how you can opt out of cookies. 

By continuing to use our website, you indicate your agreement for us to use the cookies described below.

We use the term cookies in this cookie policy to mean cookies or similar technologies such as web beacons, clear GIFs, and pixel tags.

 

WHAT ARE COOKIES

Cookies are text files containing small amounts of information which are downloaded to your browsing device, e.g. a computer or smartphone, when you visit a website.  Cookies can be recognised by the website that downloaded them, or by other websites that use the same cookies.  This helps a website know if the browsing device has visited that or other websites before. 

Cookies can be used to collect information relating to your use of a website or your device, let you navigate between pages effectively, help to remember your preferences and generally improve your browsing experience. 

Cookies can be session or persistent cookies.  Session cookies are temporary and only stay on your browser until you stop browsing.  Persistent cookies stay on your device until they expire or are deleted.

The cookies used on our website may be first party cookies (i.e. set by us) or third party cookies (i.e. cookies set on our website by a person other than us).  The third party companies that place cookies on our website will have their own privacy policies.

 

WHAT TYPES OF COOKIES DO WE USE

The types of cookies used by us can generally be categorised as follows.

Strictly necessary cookies

These cookies are essential for the full functionality of our website.  They enable you to navigate around our website and use its features e.g. accessing secure areas and enabling services that you have asked to receive.  If you opt out of these cookies, you may not be able to access all the functions of our website. 

These cookies do not track where else you have been on the internet and do not remember your preferences beyond your current visit.  These cookies are generally first party session cookies which will expire when you close your browsing session.  These cookies do not collect information that could be used for marketing purposes.

Functionality cookies

These cookies allow a website to remember choices you make and provide enhanced, more personal features e.g. these cookies allow us to remember the settings you have applied to the website (such as font size, preferences or colours), identify whether you are a returning website visitor and present you with a personalised version of the website, or eliminate the need for you to re-enter your login details.  The information these cookies collect is generally anonymous and they do not track your browsing activity on other websites.  These cookies may be first or third party, session or persistent cookies.

Performance cookies

These cookies collect information about how you use a website, e.g. which pages are the most visited and if you receive any error message from any page.  This information helps us improve the way our website works and helps us manage the performance and design of the website and services.  These cookies do not gather information that identifies you.  All of the information these cookies collect is aggregated and anonymous.  These cookies may be first or third party, session or persistent cookies.

 

GOOGLE COOKIES

We use Google Analytics to collect information about visitors to our website.  Google Analytics collects information related to your device, browser, IP address, network location, and website activities to measure and report statistics about your interactions on our website.  We use this information to help us manage the performance and design of our website and to improve our website. 

For further information on how Google uses your personal information when you use our website and how to opt out of Google’s use of cookies, see here. In addition to the processed described in this link, you can opt out using the processes described below.

 

HOW TO CONTROL OR OPT OUT OF COOKIES

You can control and/or delete cookies as you wish.  You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed.  However, if you do this, you may have to manually adjust some preferences every time you visit our website, you may not be able to access certain parts of our website, and some functionalities may not work. 

You can find out more information about how to change your browser cookie settings at http://www.aboutcookies.org.uk.

 

THIRD PARTY WEBSITE COOKIES

If you follow a link on our website to another website, the owner of that website will have its own cookies.  We suggest you review that website’s cookie policy before you visit that website.