Privacy Policy – New Zealand Customers

Last Updated: August 2024

Thank you for placing your trust in Lolliland. “Lolliland” refers to the relevant Lolliland entity that you engage with, which may be Lolliland Pty. Ltd. (ACN 003 618 808), Lolliland Limited (NZCN 539168) or any its their related companies (as that expression is defined in the Companies Act 1993 (NZ)) (individually and collectively “we”, “us”, as the context requires).

We are committed to protecting your personal information and complying with the New Zealand Privacy Act 2020 (“Act”) and the Information Privacy Principles set out in the Act (“Privacy Principles”). This Privacy Policy describes how we collect, hold, use, and disclose your information and explains the choices that you have regarding how we use your personal information.

This Privacy Policy applies to all dealings we have with individuals, including customers, guarantors or prospective guarantors, suppliers and service providers, and job applicants.

Personal information is any information that can directly or indirectly identify you or another person (“personal information”).

By submitting your personal information to us, or by using our services, you acknowledge and consent to us using your personal information in accordance with this Privacy Policy. If you don’t agree with our Privacy Policy or don’t want us to collect your personal information, then please refrain from using our website, interacting with us, or purchasing our products in a way where you provide us with your personal information. If, after interacting with us, you change your mind and no longer agree with our Privacy Policy, then please refrain from any further use of our website or interacting with us in a way that provides us with your personal information. This Privacy Policy is intended to enhance the transparency of our operations, to notify you of your rights and our obligations, and to provide you with information regarding:

  1. the kinds of personal information which we collect and hold;
  2. how we collect, hold, use, and disclose personal information;
  3. the purposes for which we collect, hold, use, and disclose personal information;
  4. how you may access personal information that is held by us and seek correction of such information;
  5. how you may complain about a breach of your privacy and how we will deal with such complaints;
  6. whether we are likely to disclose personal information to overseas recipients; and
  7. if we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located.

Acknowledgement

We will collect, use, and hold your personal information in accordance with the Act, the Privacy Principles, and this Privacy Policy. We will take reasonable steps when handling your personal information. While we cannot warrant that loss, misuse or alteration of your personal information will never occur, we will take all reasonable steps to prevent these things from occurring.

We have taken reasonable steps to endeavour to comply with the Act and the Privacy Principles, some examples are noted below:

  • Implementation of this Privacy Policy.
  • Staff training and education.
  • Clear and transparent procedures regarding the handling of complaints and disclosure of information.
  • Appointment of a Privacy Officer.

The kinds of personal information which we will collect and hold

Collection of Personal Information

It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s).

Some examples of the personal information we might collect include (but are not limited to):

  1. your name;
  2. your contact details (such as telephone numbers, addresses (residential and business), and email addresses etc.);
  3. your age or date of birth;
  4. your occupation and employment details (current and former);
  5. personal identification documentation (including government related identifiers);
  6. details relating to your use of our goods and services;
  7. payment details;
  8. banking details;
  9. images from video surveillance and other cameras we use; and
  10. customer survey information.

Identification

You may choose to interact with us using a pseudonym and/or not identify yourself.

In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal information.

Further, it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we will request identification details from you at the beginning of each transaction.

For example, we will not be able to open a commercial credit trading account or process a commercial credit application for you without obtaining identification details.

If you do not consent to the collection of your personal information, in accordance with this Privacy Policy, we may not be able to assist you with the provision of certain services.

How we will collect and hold your personal information

We only collect and hold personal information by lawful and fair means.

There are several ways we may collect your personal information, including when you:

  1. visit, or submit information through, our website;
  2. apply with us for a position of employment or as a contractor;
  3. deal with us face-to-face, in writing (by letter, facsimile, or email), or by telephone;
  4. participate in any of our events, promotions, or surveys, or subscribe to any of our publications; or
  5. submit an application, quotation, purchase order, or service request to us.

In some circumstances, we may collect and hold personal information that has been collected from a third party (such as an associated entity or service provider) or a publicly available source.

This will likely occur in instances where:

  1. you have consented for this collection (which would usually be via our privacy statement and/or credit application form); or
  2. you would reasonably expect us to collect your personal information in this way and it is necessary for us to collect this information for a specific purpose (such as investigation of a complaint).

We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.

Your personal information may be held in either a physical form or in electronic form on our IT system.

Where stored in electronic form on our IT system, we will take steps to protect the information against modification, disclosure, or misuse by including such things as physical restrictions, password protections, internal and external firewalls, and anti-virus software.

We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions.

We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold, and we will restrict any access where necessary.

We retain personal information for as long as necessary in relation to the purposes for which it is collected or as otherwise required by law. We endeavour to destroy and/or de-identify personal information once it is no longer required, except as required by law, including where maintained for business record purposes. You can request that we delete your personal information at any time by contacting our Privacy Officer, but we may retain it if we are legally required to do so.

If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.

If we collect personal information that is unsolicited, and we were not permitted to collect it, the personal information will be destroyed as soon as reasonably practicable.

Cookies and the Collection of Personal Information via Our Website

When you visit our website, we may collect information about the session between your computer and our website using cookies.

Cookies are text files which are stored on your computer or mobile device (by your web browser) that record specific information, such as which pages you visit, the information you have searched for, or the device you are using to access our website.

We use cookies for the purposes of managing and improving our website, improving our business processes, and gathering demographic information about the persons who visit our website, among other things.

Third parties may store cookies on our website, including, by way of example, the following entities:

  1. Google Analytics (provided by Google Inc.) to enable us:
    • to perform statistical analyses of e.g. number of visitors, information on gender, age, location, interests, and the like to learn about our visitors; and
    • to improve the website friendliness and usability (e.g. on the basis of website traffic measurements).
  2. YouTube (provided by YouTube LLC.) to store session preferences (e.g. language) and suggest other content based on your previous uses (only activated when you are logged in to YouTube when visiting our website and only when clicking the YouTube button).
  3. Facebook (provided by Meta Platforms, Inc.) to identify users logged in to Facebook for the purpose of sharing content on Facebook (only when you are logged in to Facebook when visiting our website and only when clicking the Facebook button).
  4. LinkedIn (provided by LinkedIn Corp.) to enable the “follow” and “share” features of LinkedIn (only when you are logged in to LinkedIn when visiting our website and only when clicking the LinkedIn button).
  5. Instagram (provided by Meta Platforms, Inc.) to enable the “pin” and “share” features of Instagram (only when you are logged in to Instagram when visiting our website and only when clicking the Instagram button).
  6. X (formerly trading as ‘Twitter’) (provided by X Holdings Corp.) to enable the “tweet” feature of X (only when you are logged in to X when visiting our website and only when clicking the X button).
  7. TikTok (provided by TikTok Pte. Ltd.) for the purpose of marketing.

You may elect to disable or turn off cookies in your web browser, however, this may impact upon the services we are able to offer you on our website and may impact upon your ability to access certain features of our website.

Our server will also automatically record your Internet Protocol address (IP address).

An IP address is a numerical designation assigned to each device connected to a computer network by your internet service provider. While IP addresses can be used to identify the general physical location of a computer, they are otherwise anonymous, and we will not use your IP address to identify you.

Hiring and Recruitment

If you apply for a position with us, we may also collect information about your experience, character, qualifications, and screening checks (including background, health, references, directorship, financial probity, identity, eligibility to work, vocational suitability, and criminal record checks).

We collect, use, and disclose your personal information to assess your application, conduct screening checks and consider and contact you about positions available. Your personal information may be exchanged with academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, referees, and your current and previous employers.

We may not be able to further consider you for positions with us without your personal information.

The Purposes for Which We Collect and Hold Personal Information

We will endeavour to only collect and hold personal information which is relevant to the operation of our group.

Our purpose for collecting or holding personal information about you is so that it may be used directly for our business activities.

We may use your personal information for the business activities of our group, which include, among other things:

  1. assessing credit applications;
  2. reviewing existing credit terms;
  3. assessing credit worthiness;
  4. collecting overdue payments;
  5. assessing credit guarantees (current and prospective);
  6. internal management purposes;
  7. administering accounts;
  8. managing relationships with our customers;
  9. dealing with complaints;
  10. supplying you with goods and services;
  11. facilitating product and service reviews;
  12. business development and marketing purposes (including direct marketing);
  13. sales and billing;
  14. insurance purposes;
  15. complying with legal requirements;
  16. establishing, exercising, or defending a legal or equitable claim; and
  17. training and recruitment.

We may also collect personal information for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

We may also collect personal information from other credit providers, Credit Reporting Bodies (“CRBs”) and any other third parties for the purposes of our business activities including, but not limited to, credit, sales, marketing, and administration.

The Purposes for Which We Use and Disclose Personal Information

We will use and disclose personal information for the primary purposes noted above in relation to the business activities of our group.

In addition, we may also use and disclose personal information for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

Unless one or more of the below scenarios has occurred, we will take all reasonable steps to prevent personal information from being given to government agencies or other organisations, unless:

  1. You have provided your consent.
  2. You would reasonably expect that your information would be so disclosed.
  3. We have informed you that your personal information will be provided to a third party.
  4. We are required by law to provide your personal information to uphold or enforce the law.
  5. The disclosure of the information will prevent a serious threat to somebody’s life or health.

Further, we will endeavour to only disclose personal information for the purpose in which it was collected, unless disclosure is reasonably necessary to:

  1. To avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences;
  2. For the enforcement of a law that imposes a pecuniary penalty;
  3. For the protection of public revenue;
  4. That the disclosure of the information is necessary to enable an intelligence and security agency to perform any of its functions;
  5. For the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation);
  6. Lessening or preventing a serious threat to life, health or safety;
  7. Enabling an intelligence and security agency to perform any of its functions;
  8. Facilitating the sale or other disposition of a business as a going concern;
  9. Or where the information is to be used in an anonymised form, for example for statistical and/or research purposes where individuals are not identified.

Direct Marketing

We will take steps not to disclose personal information for direct marketing purposes unless you have provided your consent to do so.

In any event, you will be provided with an opt-out option with respect to direct marketing, should you wish to be excluded from direct marketing.

If you do not elect to ‘opt out’ of receiving direct marketing material from us, you consent to us using personal information provided to us for direct marketing purposes.

You may at any point in time request to no longer receive direct marketing material from us by opting out.

We will record this information on our opt-out register.

Direct Marketing and Third Parties

We may also, from time to time, if we have received your consent, provide your personal information to a third party for the purposes of direct marketing.

You may at any time request the source of the personal information that has been disclosed.

Disclosure to CRBs

As indicated above, we may disclose personal information to a CRB in accordance with our Credit Reporting Policy as published on our website. Please visit www.lolliland.com.au.

We may disclose your Credit Information to the following CRBs listed below, or any other CRB we use from time to time:

Equifax Australia
GPO Box 94
North Sydney NSW 2059
Tel: 13 8332
Website: Credit Score | Credit Report | Equifax

Creditor Watch
GPO Box 276
Sydney NSW 2001
Tel: 1300 501 312
Website: CreditorWatch

NCI
PO Box 3315, Rundle Mall SA 5000
Tel: 1800 882 820
Website: National Credit Insurance (NCI) | Trade Credit Insurance Specialists

Illion
PO Box 7405, St Kilda Road, Melbourne VIC 3004
Tel: 13 23 33
Website: Home - illion

Experian
GPO Box 1969, North Sydney NSW 2060
Tel: (02) 8907 7200
Website: Home | Experian Australia

NCI Trade Credit Solutions
Level 1, 1 Stokes Rd, Mount Eden, Auckland 1024
New Zealand
Website: www.ncinz.co.nz

Where available, a copy of the credit reporting policy for the CRBs listed above can be found on their website or will be provided in hard copy upon request.

How You May Access Your Personal Information

You are entitled to access your personal information held in our possession and you can ask us to correct it if you think it is wrong.

We will endeavour to respond to your request for personal information within a reasonable time period or as soon as practicable in a manner as requested by you. We will normally respond within thirty (30) days.

You can make a request for access by sending an email or letter addressed to our Privacy Officer, the details of which are as follows:

Privacy Officer

Name: The Privacy Officer/Human Resources – Lolliland Pty. Ltd.
Address: 1-7 Smeaton Grange Road, Smeaton Grange NSW 2567
Telephone: (02) 4646 1122
Email: [email protected]

With any request that is made, we will need to authenticate your identity to ensure the correct person is requesting the information.

We will not charge you for making the request; however, we may charge reasonable costs if we are providing you with access to your personal information or correcting your personal information.

You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.

Further, we are not required to, and will not, give access to personal information to the extent that:

  1. The information does not exist or it cannot be found by reasonable efforts;
  2. The disclosure of the information would involve the unwarranted disclosure of the affairs of another person, including a deceased person;
  3. We reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;
  4. The disclosure of the information may prejudice the maintenance of the law by any public sector agency, including the prevention, investigation, and detection of offences; and the right to a fair trial;
  5. The disclosure of the information would breach legal professional privilege;
  6. The disclosure of the information would constitute contempt of court; or
  7. The request for access is frivolous or vexatious.

If we refuse access to the information, written notice will be provided to you setting out:

  1. The reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so);
  2. The mechanisms available to complain about the refusal; and
  3. Any other matter prescribed by the regulations.

We will endeavour to notify any relevant third parties of the correct personal information where necessary and required.

Correction

Should we hold personal information, and it is inaccurate, out of date, incomplete, irrelevant, or misleading, or incorrect, you have the right to make us aware of this fact and request that it be corrected.

If you would like to make a request to correct your information, please contact our Privacy Officer.

In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant, or misleading. We will then take all reasonable steps to ensure that it is accurate, up-to-date, complete, and not misleading.

It is our normal policy to resolve any correction requests within thirty (30) days. If we require further time, we will notify you in writing and seek your consent.

Should we refuse to correct your personal information, written notice will be provided to you setting out:

  1. The reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so);
  2. The mechanisms available to complain about the refusal; and
  3. Any other matter prescribed by the regulations.

We will endeavour to notify any relevant third parties of the correct personal information where necessary and required.

Notifiable Data Breaches

A Notifiable Data Breach is an event where access to your personal data has been gained and there is a risk of serious harm, or it is suspected that there is a serious risk to you.

In the event of a Notifiable Data Breach, we will notify you. Examples of Notifiable Data Breaches include:

  1. Loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information;
  2. Unauthorised access to personal information by an employee; and
  3. Inadvertent disclosure of personal information due to ‘human error’ (e.g. an email sent to the wrong person).

Complaints

If you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the Privacy Principles, please raise this with our Privacy Officer.

We will provide you with a receipt of acknowledgment as soon as practicable.

We will then endeavour to respond to your complaint and attempt to resolve the issues within thirty (30) days.

In dealing with your complaint, we may need to consult another credit provider or third party.

If you are not satisfied with the process of making a complaint to our Privacy Officer, you may make a complaint to the New Zealand Privacy Commissioner at www.privacy.org.nz/your-rights/how-to-complain/.

Disclosure to Overseas Recipients

We may choose to, if permitted by law, share and/or disclose your personal information with recipients outside of New Zealand and Australia.

We currently do not share or disclose personal information overseas except to Australia.

If we do transfer your personal information to any overseas jurisdiction, we will endeavour to ensure that information is transferred:

  • To a participant in a prescribed binding scheme for international disclosures of personal information; and/or
  • To a country that provides comparable safeguards to privacy laws in New Zealand.

If you have any queries regarding this Privacy Policy or wish to find out more regarding any of our other policies, please contact our Privacy Officer using the details listed above.

Security

We take all reasonable steps to keep secure any information which we hold about you. Personal information may be stored both electronically on our computer system and in hard-copy form. Firewalls, passwords, anti-virus software, and email filters act to protect our electronic information.

Changes to This Privacy Policy

We will update this Privacy Policy from time to time. We will post any updated policies on our website, which will be effective on the same date as posting to our website. We therefore recommend that you read it each time you visit our website. If you do not agree with this Privacy Policy at any time, please do not continue to use our website. If you do continue to use our website, you are deemed to have accepted the terms of this Privacy Policy as they appear at the time of use.