Burgers-n-Beans Limited (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with your personal information.
This policy sets out how we will collect, use, disclose and protect your personal information.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, please visit www.privacy.org.nz.
Changes to this policy
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
We collect your personal information from you
- when you buy or use our services and products via our website or mobile app
- third parties where you have authorised this or the information is publicly available
We collect the following personal information from you:
- Delivery Address
- Mobile number
- Email Address
- Computer or Network Address
- Interactions with us
- Billing or Purchase information
You are under no obligation to provide us with your personal information, however, if you choose to withhold requested information, we will not be able to provide you with our products and services.
How we use your personal information
- To provide services and products to you
- To bill and take payment online, including authorising and processing credit card transactions
- To improve the services and products that we provide to you
- To understand your personal preferences that will help us serve you better
- To update you on our services and products to you electronically (e.g. by text or email for this purpose)
- To respond to communications from you, including a complaint
- To protect and/or enforce our legal rights and interests, including defending any claim
- For any other purpose authorised by you or the Act
Disclosing your personal information
We may disclose your personal information to:
- Another company within our group
- Any third party business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website and payment gateways
- A person who can require us to supply your personal information (e.g. a regulatory authority)
- Any other person authorised by the Act or another law (e.g. a law enforcement agency)
- Any other person authorised by you.
Online payment security
- All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council
- The PCI Security Standards Council is a joint effort of brands like Visa, MasterCard, American Express, and Discover
- We currently use Stripe as our payment gateway, which is very popular in New Zealand
- When you make a purchase, Stripe stores your credit card data
- It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS)
- Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction
- After the purchase is complete, your purchase transaction information is deleted
- PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers
- For more insight, you may also want to read Stripe’s Terms of Service here or Privacy Statement here
Protecting your personal information
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuses. We follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
Accessing and correcting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting.
Contacting U s