Privacy Policy

1. Introduction
[Wavespec LTD] (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.vanvibestore.com or purchase our products. It also outlines your rights under the New Zealand Privacy Act 2020 and, for applicable users, the EU General Data Protection Regulation (GDPR). By using our site, you agree to the terms of this Privacy Policy.

2. Information We Collect

  • Personal Information: When you place an order or create an account, we collect information such as your name, email address, billing and shipping address, phone number, and payment details. This information is necessary to process transactions and deliver products.
  • Automatically Collected Data: We use cookies and similar technologies to collect certain data automatically when you interact with our site. This may include your IP address, browser type, device identifiers, pages visited, and browsing behavior. (See our Cookie Policy below for details.)
  • Optional Information: If you subscribe to our newsletter or opt-in for marketing, we collect your email and preferences. If you contact us for support, we may collect additional information you provide in that correspondence.

We do not collect any sensitive personal information (such as race, health, or governmental ID numbers) as it’s not required for our services.

3. How We Use Your Information
We use personal information for the following purposes:

  • Order Processing: To process and fulfill your orders, including sending order confirmations, shipping notifications, and handling returns or exchanges. (Legal basis: contract – fulfilling your purchase.)
  • Delivery of Service: To deliver the products you purchased and provide customer support or services you request.
  • Communication: To communicate with you about your account or transactions (service emails), and – if you have consented – to send newsletters, promotions or updates about our products. You can opt out of marketing at any time (each marketing email has an unsubscribe link).
  • Improvement & Personalization: To analyze and improve our website and services. For example, we may use browsing data to enhance user experience or use purchase history to recommend products you might like.
  • Legal Compliance: To comply with legal obligations, such as maintaining transaction records for tax and accounting purposes, and to respond to lawful requests by public authorities.
  • Fraud Prevention: To monitor for and address fraudulent transactions or misuse of our website.

We will not use your personal data for completely new, unrelated purposes without updating you and obtaining any necessary consent.

4. Disclosure of Your Information
We value your privacy – we do not sell your personal information to third parties. However, we may share information in the following contexts:

  • Service Providers: We share necessary information with third-party companies that help us operate our business. For example:
    • Couriers and Shipping Companies (e.g., NZ Post, DHL) to deliver your orders – they receive your name, address, and phone (for delivery updates).
    • Payment Processors (e.g., Stripe, PayPal) to securely process payments – they receive your payment details. Note: We do not see or store full credit card numbers; they are handled by these PCI-compliant payment providers.
    • IT and Hosting Partners (website hosting, cloud storage, email service) that store or process data on our behalf. We ensure they have appropriate security and privacy commitments.
    • Analytics and Marketing Services: We may use Google Analytics or similar, which use cookies to collect usage data (see Cookie Policy). These providers only see pseudonymous data (e.g., device IDs, not your name).
  • Legal Requirements: We may disclose information if required by law or court order, or if necessary to enforce our terms or protect our rights. For instance, providing information to regulators or to law enforcement upon valid request, or to defend against legal claims.
  • Business Transfers: If our business is involved in a merger, sale, or transfer of assets, personal information may be transferred to the successor entity. If so, we will ensure the new owner continues to honor the privacy commitments herein, or provide notice if changes will be made.
  • With Your Consent: In cases where you have explicitly requested or consented (e.g., sharing a testimonial with your name on our site), we will share information as agreed by you.

Any third parties we engage are contractually obligated to use your data only for the agreed purpose and to keep it secure and confidential.

5. International Data Transfers
We are based in New Zealand. If you are outside NZ, be aware that your data will be transferred to NZ (and potentially to other countries where our service providers are located, such as the United States). New Zealand is recognized for providing an adequate level of data protection similar to EU standards. When we transfer personal data internationally, we ensure it’s protected: for example, by using providers in countries with adequate privacy laws or by incorporating standard contractual data protection clauses. By using our services, you authorize us to process your information in these locations. If you have questions about cross-border safeguards, contact us as noted below.

6. Data Retention
We only keep your personal information for as long as necessary to fulfill the purposes described above. For example:

  • Order information is retained for at least 7 years to comply with tax and accounting laws (transaction records).
  • Account information is kept until you deactivate your account or request deletion. If you request deletion, we may retain certain data (like past order info under your name) as required for legal obligations or legitimate interests (e.g., fraud prevention), but we will remove it from active user profiles.
  • Marketing subscription data is kept until you unsubscribe or it’s no longer useful. If you opt out of emails, we will retain minimal info to honor the opt-out (i.e., your email in a do-not-contact list).
  • Web analytics data is typically aggregated or anonymized over time, but identifiable analytics cookies are usually stored on your browser only for a certain period (e.g., Google Analytics retains data for 14 months unless you revisit, subject to their policy).

When data is no longer needed, we will securely erase or anonymize it so you can no longer be identified.

7. Your Rights and Choices
For New Zealand users: Under the Privacy Act, you have the right to access the personal information we hold about you and request correction of any errors. Contact us (details in Section 9) to exercise these rights – we will respond as soon as practicable and at least within 20 working days. We may need to verify your identity before releasing data. In rare cases, we might refuse access or correction for specific legal reasons (we’ll explain why if so).

For EU/UK users (GDPR): You have the above rights and also:

  • The right to erasure (“right to be forgotten”) – to request deletion of your data when it’s no longer needed or if processing is unlawful. (Note: We’ll comply unless an exemption applies – e.g., we may keep transaction records needed for legal compliance.)
  • The right to object to certain processing (like direct marketing, or processing based on our legitimate interests). We will honor objections to marketing immediately. For other objections, if we have compelling legitimate grounds to continue (or a legal requirement), we’ll inform you; otherwise we will cease the processing.
  • The right to restrict processing – you can ask us to limit processing if you contest data accuracy or have objected, until resolved.
  • The right to data portability – to receive a copy of personal data you provided to us in a structured, commonly used format (and have it transmitted to another controller) where applicable (this mostly applies to data processed by consent or contract, which in our case is order and account data).
  • The right not to be subject to automated decision-making that significantly affects you. We do not conduct automated profiling or decisions with legal effects – any marketing segmentation we do does not have significant impact on individuals.

For California users (CCPA): While CCPA primarily applies to larger businesses, we aim to provide similar control. You can request to know what personal info we collect, to delete your data, or to opt-out of any “sale” of data (we do not sell personal data in the traditional sense). We treat opt-outs of marketing as “do not sell” signals as well.

Opting Out of Marketing: Every marketing email we send has an “unsubscribe” link. You can also log into your account settings on our website to change communication preferences, or email us to opt out. Note that transactional emails (order confirmations, shipment notices) are not marketing and you’ll continue to receive those as needed for purchases.

Cookies & Tracking Choices: See our Cookie Policy below on how to manage or disable cookies.

We will never discriminate or retaliate against you for exercising your privacy rights.

8. Data Security Measures
We implement a variety of security measures to protect your personal data:

  • Our website uses SSL/TLS encryption for all data in transit (look for the padlock in your browser).
  • Payment information is handled through PCI DSS compliant providers – we do not store credit card numbers on our servers.
  • Personal data we do store is on secure servers protected by firewalls and access controls. We limit access to personal info to employees or contractors who need it for their job (for example, our fulfillment staff accessing your order details). They are bound by confidentiality.
  • We regularly update our website platform and plugins to patch security vulnerabilities.
  • We have procedures for detecting and responding to security incidents. In the event of a data breach, we will promptly contain it and notify affected users and regulators as required by law (see “Notifiable breaches” in section 4 above).

Despite these efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of data. You also play a role: protect your account password and do not share it. If you believe your account or data has been compromised, contact us immediately.

9. Contact Us
If you have questions, concerns, or requests regarding your personal information or this Privacy Policy, please contact our Privacy Officer:

Email: [info@vanvibestore.com]
Postal: Vanvibes, Attn: Privacy Officer, 24 Crawford Road, Belfast, Christchurch, New Zealand

We will do our best to address any issue to your satisfaction. If you are in New Zealand and are not happy with our response, you have the right to complain to the Office of the Privacy Commissioner (NZ). If you are in the EU/UK, you may contact your local data protection authority.

10. Updates to this Policy
We may occasionally update this Privacy Policy to reflect changes in our practices or for legal reasons. The “Last updated” date at the top indicates when changes were made. We encourage you to review this policy periodically. If changes are significant, we may provide a more prominent notice or seek your consent as required by law (for example, via email notification). Your continued use of our website after any update indicates your acceptance of the revised terms.

Last updated: [01/07/2025]

newsletter sign up

Shopping Cart
Scroll to Top