Privacy Policy

Thank you for visiting our website. Weleda New Zealand Limited (“Weleda, ”We” or “Us”) is committed to protecting your privacy. We recognise the trust you put in Us when you share information on www.weleda.co.nz (the “Website”).

Purpose and Approach

  1. We respect your privacy and will at all times comply with our obligations under the Privacy Act 2020 when dealing with personal information (personal information is information about an identifiable individual).
  2. This Privacy Policy describes how we collect information when you use the Website, what We may do with it and who We may disclose it to.
  3. This policy does not limit or exclude any of your rights under the Privacy Act. If you would like further information on it, see www.privacy.org.nz.

Collection of Personal Information

  1. We only collect personal information that you provide to Us; for example by doing the following on the Website: completing a “contact us” form, participating in one of our competitions, subscribing to our newsletter or purchasing products.
  2. Your personal information will be held by Us or by one of our trusted service providers.

Use of Personal Information

  1. We only use personal information for business purposes; i.e. to:
    1. Process orders for products placed on our Website;
    2. Communicate with you (for example to provide customer support or to ask you for feedback about our products and services);
    3. Improve our products and services;
    4. Research and analyse how our Website is used so We can improve it;
    5. Protect and/or enforce our legal rights, including to investigate and respond to any complaints or violations of our rights;
    6. Comply with our legal obligations; or
    7. To fulfil any other purpose which is authorised by you or the Privacy Act.

Disclosure of Personal Information

  1. As part of our normal business operations, We may share personal information with certain third-party service providers for the following reasons:
    1. When it is reasonably necessary to support our services and products, including any person that hosts or maintains any underlying IT system or data centre that We use for our Website or other services and products;
    2. When a third-party is providing services to you on our behalf; or
    3. Any other person or organisation that you have authorised Us to disclose information to.

Access, correction and retention of personal information

  1. The information you give Us must be accurate, correct and up to date. It if changes, please inform Us to ensure your information is up to date and correct.
  2. You are entitled to access the personal information we hold about you upon request. You may also request the correction of that personal information. In both cases, please contact us at [email protected].
  3. We will only retain your personal information for as long as it is necessary to achieve the purposes set out in this policy or as required by law.

Security of personal information

  1. We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
  2. In the unlikely event of a notifiable privacy breach, we will notify you (and the Privacy Commissioner) as soon as possible in accordance with the Privacy Act and take appropriate action in response.
  3. For clarity, We will not be liable for the theft, destruction, or disclosure of your personal information where our security safeguards have been breached.

Overseas disclosure

  1. Your personal information may be transferred, stored, processed or used outside of New Zealand by us or by third party service providers (such as our cloud service provider who is in Germany).
  2. When you provide your personal information to Us, you consent to the collection, use, storage, and processing of your personal information in and outside of New Zealand by these third-party service providers. When your personal information is sent overseas, it will always be subject to safeguards that are at least as stringent as those in place in New Zealand.

Links to third party sites

  1. We may have links or references to third party websites on our Website. This policy does not apply to those websites. Please ensure you read the privacy policy of those websites.

Social plugins, Newsletter and Product Reviews

  1. Social plugins
    1. This website has integrated social media/social sharing functions. However, to protect web page users, Weleda has chosen to use Shariff script.
    2. Weleda does not record any personal data through the social plugins or regarding their use itself. To prevent data from being transferred to service providers in the USA without your knowledge, Weleda uses what is known as the Shariff solution. This solution ensures that no personal data is passed on to the providers of the individual social plugins to begin with if you visit this website. Data can only be transferred to the service provider and stored there if you click on one of the social plugins.
    3. For more information on the Shariff solution, please visit the web pages of its provider, Heise Medien GmbH & Co. KG: www.heise.de
  2. Newsletter
    1. When you register for an email newsletter, Weleda requires your form of address, name and the email address the newsletter should be sent to. Any other information is provided voluntarily and is used to address you personally and to be able to personalise the newsletter and answer queries on the email address.
    2. If you register for the newsletter on this web page, Weleda uses the data you enter exclusively for this purpose or to inform you of relevant circumstances concerning this service or its registration. Weleda passes this data on to the third-party provider APSIS for newsletter mailing management and implementation. Weleda has concluded an agreement on the commissioned order processing procedure with APSIS, its email marketing service provider. This ensures that said service provider complies with the strict specifications of German data protection law in every aspect when managing and implementing the newsletter mailing. This also ensures that your data is only stored in the EU with a high degree of protection. Your data is not stored on servers outside of the EU.
    3. A valid email address is required to receive the newsletter. The IP address you use to register for the newsletter and the date you order the newsletter are also stored. This data shall serve as evidence for Weleda in case of misuse, in case an unknown email address is registered for the newsletter.
    4. You may at any time withdraw your consent to the storage of the data, your email address and its use for newsletter delivery with effect for the future. Weleda provides a link you can use for said withdrawal in every newsletter. You can also communicate your request for withdrawal in writing to our Customer Care team at [email protected]
  3. Product reviews
    1. You can review all products on this website. The review is left under your full first name and the first letter of your surname. Accordingly, you must use your first name and surname and your email address to set up a user account and/or log in. The pseudonym in the form of your complete first name and the first letter of your surname is inserted as the author of a review and the associated identifying details are only known to the administrator.

Updates to this privacy policy

  1. We will occasionally update this policy to reflect changes in our practices and business. When we do so, we will revise the “last updated” date at the bottom of this policy. Changes will be effective immediately from the date they are posted. If we make any material changes in the way we collect, use, or disclose personal information, we will post an advance notice on our Website.  If you do not agree to any change you must immediately cease using or accessing our Website.

How to contact us

  1. If you have any queries or concerns about our Privacy Policy or our handling of your personal information please contact us at [email protected].

 

Consent Tool OneTrust

We use OneTrust as our consent tool. With this data protection management software, we offer you the possibility to consent to the storage of cookies in a legally compliant manner and to ensure the revocation of consent. Furthermore, the consent is documented for legal proof and the setting of cookies is technically controlled. Cookies are used for this purpose, which saves your cookie settings on our websites. Thus, your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.
The software is operated by OneTrust as software as a service in the cloud.

Processing Company:
OneTrust Technology Limited
82 St. John Street, London
England, EC 1M 4JN

Privacy information of the processing company:
Below is the email address of the data protection officer of the processing company.
[email protected]

Data processing purposes OneTrust:

  • Offering the possibility to consent to cookies,
  • to document this consent
  • to ensure the revocation of consent, and
  • to control the setting of cookies

Data collected OneTrust.

  • IP address: Technical delivery of a DSGVO-compliant cookie toolbar. Not stored.
  • Pseudo-anonymous browser ID: Retention of given/extracted consents by groups/solutions with indication of the time of change in order to be able to provide legal proof of the given consent.
  • In case of consent, information on browser, country, device type is also stored.

Legal basis:
The following is the required legal basis for the processing of personal data:
Art. 6 para. 1 p. 1 lit. a GDPR (consent).

The required legal basis for the use of cookies and similar technologies for this tool:
Art. 25 para. 2 TTDSG (technically necessary).

Place of processing:
European Union

Retention period cookie:
1 year

Data retention period:
1 year

Data recipient:
OneTrust Technology Limited

Transfer to third countries:
Worldwide

Further Information:
Click here to read the privacy policy of the data processor and to request further information if necessary. 

If you wish to object, please click on the "Cookie Settings" button in the "Cookies " section on this page.

 

Cookies

  1. We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website. Read our cookie declaration here.

 

 

‘Facebook Custom Audience’ / ‘Facebook Pixel’ with advanced matching

  1. ‘Facebook Custom Audience‘ and “Facebook Pixel” are products of Meta Platform Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (’Facebook"). Our website uses a ‘Facebook Pixel’ from Facebook, which establishes a direct connection to the Facebook servers.

 

  1. By storing the Facebook pixel on the end device, the behaviour of users after clicking on a Facebook ad can be tracked. With the help of the Facebook pixel, we can understand how our marketing measures on Facebook are received and, if necessary, take optimisation measures. For this purpose, interest-based adverts (‘Facebook ads’) are displayed to users of our website when they visit the Facebook social network or other websites that also use the process. Accordingly, we also use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called Facebook ‘Custom Audiences’ or ‘Look Alike Audiences’).

 

  1. Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge:

 

  1. By integrating the Facebook pixel, Facebook receives the information that you have clicked on one of our adverts or accessed the corresponding web page on our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features.

 

  1. We have also activated enhanced matching. If you have given your consent, enhanced matching enables us to send hashed user data (e.g. names and email addresses) to Meta together with our meta pixel events in order to optimise our Meta ads. This allows us to attribute more conversions, expand our custom audience and ultimately reach more users. To protect your data, hash values are generated from the information generated on the website before it is transmitted to Meta.

 

  1. The storage of and access to information in the end user's terminal equipment is based on informed consent in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 lit. a GDPR. You give the corresponding consent via the consent banner.

 

  1. The processing of data by Facebook takes place within the framework of Facebook's Data Usage Policy. Specifically, you can manage what content and information you have shared through your use of Facebook via the ‘Activity Log’ tool or download it via Facebook's ‘Download your data’ tool. Further information and details about Facebook Pixel and how it works can also be found in Facebook's help section.

 

 ‘Google AdWords User Lists’ / ‘Google Dynamic Remarketing’ with extended conversions

  1. ‘Google AdWords User Lists‘ and “Google Dynamic Remarketing” are products of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (’Google"). Our website uses a pixel provided by Google, which establishes a direct connection to the Google servers. This tells the Google server that you have visited our website. Google links this information to a unique ID that is stored on your end device in the form of a cookie or provided by your end device (‘advertising ID’ for smartphones). If you visit other websites that also use ‘Google AdWords User Lists’ / ‘Google Dynamic Remarketing’, this information will also be linked to your unique ID. However, we cannot see which other websites you visit.
     
  2. In addition, we have activated the so-called Enhanced Conversions. This is a function of Google Ads. If you have given your consent, existing conversion tags are supplemented with conversion data collected on the website itself and transmitted to Google in encrypted form. When a conversion is carried out on a website, hashed user data (e.g. names and email addresses) is processed in most cases. This allows us to attribute more conversions. To protect your data, hash values are generated from the information generated on the website before it is transmitted to Google.
     
  3. The storage of and access to information in the end user's terminal equipment is based on informed consent in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 lit. a GDPR. You give the corresponding consent via the consent banner.
     
  4. Further information on how Enhanced Conversions works can be found in Google's help section.

 

Last updated 14/10/2024.