- OUR PRIVACY COMMITMENT
- WHO WE ARE
- WHAT PERSONAL INFORMATION DO WE COLLECT?
- HOW YOUR PERSONAL INFORMATION IS USED BY ONCEIT
- WHAT CHOICES CAN YOU MAKE ABOUT YOUR PERSONAL INFORMATION?
- HOW WE PROTECT YOUR PERSONAL INFORMATION
- ONCEIT PRIVACY OFFICER CONTACT
Onceit is committed to protecting the privacy of your personal information. If you decide to share your personal information - we want to do the right thing by you - and all the individuals that we connect with every day.
Our privacy commitment is to do more than just comply with the law - we want to gain and keep your trust - by handling your personal information in a transparent and accountable way, and by ensuring that it is held securely. We will always collect, store, use and disclose personal information in accordance with all applicable privacy laws.
Onceit is bound by the:
- Privacy Act 2020 (New Zealand); and
- Privacy Act 1988 (Australia).
'Personal information' basically means any information which identifies you as an individual, such as your name, address and contact details.
We want to build a trusted relationship with all our customers, and so we think it is important that we give you a bit of information about who we are.
As one of New Zealand’s continually growing and developing online fashion sites, Onceit is here to deliver premium designer goods to our 600,000 + loyal members (customers). Onceit was launched in May 2010 with a staff of one & a dream to become a leading destination for online designer sales. Eleven years down the track, Onceit has become a one-stop destination for more than 500 local & international brands that keep our customers on top of the latest styles & trends.
If you have any questions about our privacy practices or wish to withdraw your consent to the collection, use or disclosure of your personal information or data, please email our Privacy Officer at firstname.lastname@example.org.
Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
Onceit only collects the personal information that we need for one or more of our functions or activities. We will only collect personal information about you by lawful and fair means, and will not do so in an unreasonably intrusive manner.
Information that you provide
In order to handle your purchases, provide customer service, improve our products, provide in-person experiences or events and send you information about our products, trends and promotions, we may ask you to provide your:
- mailing/shipping address;
- billing address;
- e-mail address;
- date of birth or age range;
- gender (optional);
- clothing size/fit information;
- purchase/return/exchange information;
- contact telephone numbers;
- product reviews;
- account or loyalty user name/password;
- payment information (credit/debit card);
- social media names or other details;
- identification details (e.g. licence number, student, pensioner card);
- testimonials or opinions;
- photos of individuals (possibly including recordings on video and audio surveillance devices in our premises);
- financial/ purchase information (such as credit card details);
- information required for a credit assessment;
- records of written or verbal contact with Onceit, including voice recordings of telephone conversations you have had with us; and
- preferred activities, including but not limited to lifestyle and other interests.
We may also collect some personal information from our vendors and suppliers when we conduct and manage our business or if we need to undertake a credit assessment. In New Zealand, the Privacy legislation covers the personal information of employees and job applicants, and so we may also collect your personal information when we make you an offer for employment purposes or to undertake employment, human resource and payroll related functions.
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. However, in some circumstances, this may not allow us to provide you with a service you have asked for (such as delivery). If you ask our Privacy Officer (see below) about this option, we will inform you if it is possible for an interaction to occur on an anonymous basis. Whilst you may opt to not to provide us with your personal information, you should be aware that without this personal information, we may not be able to provide you with some of the services and/or products you are seeking.
Third party Information
Other information we collect about you
We may collect information about you or your activities from our related companies, affiliates or third parties, such as web hosting providers, analytics companies, social media platforms, data companies, and advertising services. This could include information such as:
- demographic information;
- shopping preferences; and/or
- information about your interests.
Most of the personal information that we hold about you will be from your direct dealings with us, but we may also collect your personal information from a third party, anyone authorised to act on your behalf, or via social media. We will only do this if we have been advised that you have consented to the collection of your personal information, or if you would reasonably expect us to collect your personal information in that way.
We may also collect personal information from our business or related entities and affiliates who have collected your information, or by accessing data from other sources. We may then analyse that data and match it with the information that we already hold about you, in order to learn more about your preferences and interests. If we receive your personal information from a third-party, and it is not information we need for the purposes of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).
You may be offered the option to join one of our loyalty programs. If you choose to do this, we will collect personal information including your profile information, purchase history and the contents of any online wish list. In our premises, we may collect your company name, personal name, address and other relevant personal details if this is needed to comply with local fiscal and legal requirements such as to provide a tax receipt.
When you make a purchase via one of our online stores or a mobile app we will collect information such as your name, shipping and billing address and contact details such as telephone and email address, ordered and returned products, delivery information and invoice information. We also collect data on your usage of vouchers and/or gift cards. If you interact with chatbots (automated messengers) we will record what you respond to these chatbots, how you interact with them and we will store data related to the device that you use. Depending on the platform for the chatbot and your permissions, the data we collect may include your IP address, social media handle, time zone, country and GPS location. The platform that provides the chatbot may also collect some of this data. For example, if the chatbot is provided on Facebook, this platform will collect your user data as well.
Third party automated information collection
When you visit any of our websites or applications or access our in-premise Wi-Fi, we may automatically collect your
- device ID;
- device type;
- browser types and version;
- geo-location and in-premise location;
- IP Address;
- your network activities when using our Wi-Fi; and/ or
- how you use our site (search terms, page views, referring sites, content views).
Please note that our websites are not directed to individuals under the age of fifteen (15). We ask that you do not provide your personal information to us if you are under that age, and also that you do not share the personal information of anyone else under that age with us, unless this is required by us and you are their parent or guardian, or have the express consent of their parent or guardian to do this.
Your data is stored on secure servers in Auckland, New Zealand. These servers are only accessed by authorised Onceit staff or authorised suppliers.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your personal information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised persons or in any unauthorised manner.
It is your responsibility to keep your login details, password and security questions in respect of our business with you safe and secure. You should notify us as soon as possible if you become aware of any unauthorised use of your login details, password or security questions, and immediately change that security information promptly.
To ensure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer. Ensure you logout when you have finished visiting our websites especially if you accessed them from a shared computer.
Collection of Cookies
Cookies are pieces of information that a website transfers to your computer for record-keeping purposes. Cookies help provide additional functionality to the web site or to help us analyse site usage more accurately. We use information collected from cookies to better understand, customise and improve user experience with our websites, services and offerings, as well as to manage our advertising. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. Also, we may use web analytics services that leverage cookies to help us to understand how visitors engage with and navigate our site (e.g., how and when pages in a site are visited and by how many visitors).
There are four main types of cookies that we use:
- site functionality cookies – these allow you to navigate the site and use our features, such as “Add to Cart””;
- site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience;
- customer preference cookies – when you're browsing or shopping on our website(s), these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you; and
- targeting or advertising cookies – these are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
If you have provided us with personal information (e.g. through a registration or a request for certain materials), we may associate this personal information with information gathered through cookies. This allows us to offer increased personalisation and functionality.
In all cases in which cookies are used, the cookie will not collect personal information except with your explicit permission. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognise you when you return to the website, and some website functionality may be lost.
Collection of information via Interest Based Advertising
Onceit may use third party advertising companies to display ads that are tailored to you based on how you browse and shop online, a practice commonly referred to as “interest-based” or “behavioural” advertising. We allow these third parties to collect certain information when you visit our websites or use our applications, including non-personally identifiable information (browser type, subject of advertisements clicks on, session IDs) and personal data (such as static IP address). The information that we obtain about you from social media platforms depends on your account and privacy settings within the platforms and the platforms privacy policies. You can use Ads Settings on your browser to manage the Google ads that you see and to opt out of Ads Personalisation. Please note that you may need to opt-out separately from each service.
The services Onceit may use from time to time include those offered by Facebook (Custom Audience), Google (including Google Display Network and DoubleClick), Yahoo, Adobe (including Campaign Manager and Analytics), and Microsoft. You can find out more information about these services in the privacy policies for those services, including information on how to opt-out of certain things (e.g. Google Analytics Advertising Features which uses age, gender, and interests categories to target our ads to you on the Google Display Network).
If you use a third-party authentication service or social account (e.g. Google or Facebook) to log into one of our websites, this allows the Onceit website to make a request for data about you. If you choose to log in with an authentication service or social account, your data will be shared between those social networks and Onceit. You should therefore stay updated on your social networks' privacy policies, and only use the social log-in for sites you feel comfortable sharing data with.
If you choose to connect your social media account to your Onceit member account (where such a feature is available), you will share certain personal data from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Onceit member account. We will engage in these activities to manage our contractual relationship with you, with your consent or where we have a legitimate interest. If you have the option to logon to your account through Facebook, Google, Instagram or other social media accounts, we collect profile information from your social media account including your name and email address. Please note that when accessing your account through a social media platform, the social media provider will be notified of your access to the account. Please refer to the privacy notice of the respective social media provider(s) for more information on how your personal information is stored.
Collection of Information via our apps
If you choose to download, install and use one of our apps (e.g. the Onceit sales app (on the Apple Store) or Onceit Shopping app (on Google Play), these apps will collect personal information about you which will be linked to your Onceit identity or profile. The information that is collected may include user's name, email address, telephone number, physical address, IP addresses, log data, information about your purchases, user content, identifiers, financial information, search history and usage data.
Some of the personal information that you share via the app may be collected by third parties, which include Google Analytics, Firebase and Apple App Analytics.
You should carefully read the privacy links in the apps which include information about the types of data that will be collected by Onceit and our third-party partners during normal app usage. But you should bear in mind that the data collected from you may not all be listed in these sections and may also vary from what is displayed. For example, the data collected may depend on the features of the app that you use.
If you post a review of one of our apps, and this includes your name or any other personal information, this will also be collected and published.
If you wish to revoke your consent to Onceit collecting your data via one of our apps, please email our Privacy Officer at email@example.com. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
Onceit may use your personal information for a number of purposes, (including but not limited to):
- to identify you and any records relating to you;
- to provide you with the products and services you have requested;
- to manage your requests for products and services including delivery, processing payments, providing refunds, discounts and incentives;
- to develop and improve the products and services we offer;
- to maintain and improve customer services and seek your feedback, including conducting product and market research and analysis;
- to improve our operational processes, enhance your customer experience and to monitor and review our compliance with relevant regulations and codes of conduct in our dealings with you;
- to send you reminders;
- to manage your gift card balance;
- to market the products and services of Onceit and any related companies and affiliates;
- maintain and improve customer services, including conducting product and market research and analysis;
- to facilitate services and appropriate communication between you and our preferred financial services and credit suppliers, including but not limited to Afterpay and Direct Payment Solutions (DPS);
- to comply with any legal obligations or governance requirements;
- to facilitate your interactions with us on our website or mobile apps;
- to consider making an offer for employment purposes;
- to meet our legal obligations and to notify you of matters that we are required to do so by law (such as product recalls);
- to carry out internal functions such as training;
- to interact with Regulators or other Government agencies;
- to manage and resolve any legal or commercial complaints and issues;
- to investigate fraud and to carry out loss prevention activities; and/ or
- as part of buying or selling our business.
Use of your information for Direct Marketing
When you provide your personal details, you may consent to us using your personal information for direct marketing purposes (for an indefinite period). From time to time, we may contact you with information about products and services offered by us and our our business partners or affiliates, which we think may be of interest to you. When we contact you it may be by mail, telephone, email, SMS or via social media. These communications may relate to products and services of Onceit and any related companies and affiliates, and other products that may be of interest to you.
De-identified personal information may also be used to allow corporate reporting within our business and with our affiliates. In New Zealand, unique identifiers such as driver’s licence numbers, passport numbers, or IRD numbers will only be used when this is necessary. Onceit will take reasonable steps to protect unique identifiers from misuse. Onceit will not use Australian Government Identifiers, such as Medicare numbers, or a driver’s licence number as its own identifier of individuals.
Where we use or disclose your personal information for the purpose of direct marketing, we will:
- allow you to request not to receive direct marketing communications (also known as ‘opting-out’); and
- comply with your request to ‘opt-out’ of receiving further communications within a reasonable timeframe.
Onceit will only ever contact you if we have obtained your consent, and you can ask to be removed from our marketing lists at any time by contacting us directly. If you do not wish to be contacted by Onceit, please click the unsubscribe link at the bottom of any email we send you or please email our Privacy Officer at firstname.lastname@example.org. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
Using your information for Interest Based Advertising and Social Media Targeting
Social media and other IT platforms offer Onceit the possibility to connect with you via those platforms and to share content from our website and other advertising with you. We may therefore use the personal Information that we obtain from you to maintain your personal advertising profile.
We are only allowed to use personal information or data from customers for social media targeting if they have given us their consent to market to them. If you unsubscribe or ‘opt-out’ of marketing, you will be removed from this form of targeting as well.
If you have given us your consent to use your personal information for marketing, we may use your personal information to create a customer list that we can use to advertise to you, or create a lookalike audience to find new people who share similar behaviours and interests as you.
For example, to make a ‘Custom Audience’ for our use on Facebook, we would upload information about you which would include an ‘identifier’ (such as email, phone number, address) to Facebook via a CSV or TXT file. Facebook would then create a Custom Audience or lookalike audience for us to use for marketing purposes. When we upload the customer list to Facebook (that may include your personal information) for the matching process, the information is ‘hashed’ and will be unidentifiable at an individual level. Hashing is a type of cryptographic security method that turns your identifiers into randomised code.
If you do not want your information to be used by Onceit for the purposes of interest based advertising or social media targeting, please email our Privacy Officer at email@example.com. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
How your personal information is shared by Onceit
In the course of conducting our business and providing our products and services to you, we may disclose your personal information. We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities.
We do not give it to anyone else unless one of the following applies:
- you have consented to the disclosure;
- it is otherwise required or authorised by law.
If we engage third party agents or contractors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information we share with them, before we share your personal information with them.
We may disclose your personal information to:
- our employees, agents or contractors as required;
- our marketplace suppliers, business affiliates or related entities;
- professional advisers (such as lawyers, accountants, auditors) to the extent that is reasonably required;
- advertising, marketing, social media and promotional agencies that we engage;
- payment systems operators and financial institutions including but not limited to Afterpay and Direct Payment Solutions (DPS)
- online review platforms;
- debt collectors (where legally allowed);
- third-party service providers that provide us with communication (e-mail) or data storage services;
- technology services including application, development and technical support, processing, storing, hosting and data analysis;
- administrative services, including mailing services, printing, archival and contact management services;
- third party agents or contractors with whom we contract in the ordinary course of business;
- organisations authorised by Onceit to conduct promotional, research or marketing activities;
- upon lawful request from law enforcement agencies or government authorities; and/or
- any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives.
In all circumstances where your personal information is disclosed, we will take reasonable steps to ensure that those third parties undertake to protect your privacy (for example, putting in place a data sharing agreement where this is reasonable and practicable).
Disclosure to overseas recipients
Your personal information may be disclosed to our marketplace suppliers, freight forwarders, related companies and affiliates in Australia and in other overseas countries. If we do this, we will take reasonable steps to ensure that the overseas recipient does not breach the relevant privacy laws in relation to that information.
Sometimes we use third-party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise deliver information.
Our service providers are mainly located in New Zealand, Australia, Hong Kong, China and the United Kingdom. However, from time to time we may need to engage service providers in other countries. These services may also involve geographic locations which change from time to time which include data protection and processing efficiency. Where these services are used by us, it may not be practicable for us to notify you which country your personal information may be located in. We may also be required to report to regulatory authorities, within or outside of New Zealand or Australia.
Your personal information may also be stored in a secure and/or encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us or by third parties on Onceit’s behalf). By providing us with your personal information, you are agreeing to the disclosure of your personal information to third parties operating outside of New Zealand and Australia. Onceit will take all reasonable steps to ensure that any personal information we disclose overseas is handled in accordance with the law.
Business transfer clause
It is possible, moving forward, that there could be a change in our business ownership or structure (including but not limited to a merger, acquisition or sale of a portion of all or some of our assets, (including our customer databases)), or we may undertake a corporate reorganisation or other action or transfer the personal information we handle between Onceit’s related companies or entities.
In the event that this should happen, you should be aware, that when you provide your personal information (by any means, whether verbal, written or electronic) or through your use of the Onceit websites at any time, you are consenting to the future transfer of your personal information to a potential or actual new owner or successor entity so that services can be continued to be provided to you. It is possible that our member information, including your personal information, may be transferred to the new business entity as one of Onceit's assets. In such an event, we will update this policy to reflect any change in ownership or control of your personal information.
You can unsubscribe from marketing or promotions via the ‘unsubscribe’ or ‘opt out’ button below each email or by going to the My Account tab on your login - My Profile, Subscription - Email Settings.
Alternatively, you can email our Privacy Officer at firstname.lastname@example.org. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
A request to opt-out may take three to five business days to take effect. If you are a Onceit member, you may still receive communications related to your account, loyalty points or special officers (such as birthday discounts).
An opt-out request will also not stop transactional emails related to your purchases.
If you no longer wish to receive the text messages that you had consented to previously, you can text “STOP” after receiving a message.
Access or correction of your personal information
You can request access to, or correction of, the personal information we hold about you at any time by contacting us at email@example.com. We will provide you with that information unless we are prevented by law from giving it to you. If we are unable to give you access to the information you have requested, or make the correction you require, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage if required. We will advise you of any fee payable before we process your request.
If you believe that your personal information is not accurate, complete or up to date or you wish to request that we delete (or refrain from processing) any of your personal information that we handle, please contact our Privacy Officer.
If you just want to unsubscribe from marketing or promotions via the ‘unsubscribe’ or ‘opt out’ button below each email or by going to the My Account tab on your login - My Profile, Subscription - Email Settings.
Alternatively, you can email our Privacy Officer at firstname.lastname@example.org. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
Sale of personal information
At Onceit, we do not share your personal information directly with third-parties for their own marketing purposes in exchange for monetary consideration. However, as mentioned in this policy, we do engage in Interest-Based Advertising, where we allow third parties to place cookies, pixels, and trackers on our site to provide you with personalized ads. If you want to opt out of such advertising please email our Privacy Officer at email@example.com. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).
The ‘Help’ section of your browser may tell you how to prevent your browser from accepting cookies.
We hold personal information, at our premises in New Zealand and with the assistance of our service providers. We have a number of security controls in place, and we take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss or unauthorised access, modification or disclosure.
Our computer systems may be operated by us or by our service providers. In all cases, we have rigorous information security requirements aimed at eliminating risks of unauthorised access to, and loss, misuse or wrongful alteration of, the personal information that we handle.
Examples of these measures include:
- control of access to personal information through access and identity management systems (such as passwords); and
- Onceit personnel are bound by and trained on internal information security policies and are required to keep personal information secure at all times.
Onceit uses Amazon Web Services (AWS) and it's services for storing the information that is captured from our websites and apps.
Onceit has measures in place to protect your personal information including credit card information. Your credit card details are not held or processed on Onceit's website or systems, all transact ions are processed through a secure payment service provider. Onceit uses Direct Payment Solutions (DPS) to provide this service for both New Zealand transactions and international transactions. All transactions are processed using encrypted methods. DPS hosts all payment pages and transaction sessions. Your credit card details are not held by Onceit and cannot be accessed by any Onceit staff members. However, they may be held by DPS.
Data Retention Policy
We will only keep your personal information for as long as we require it for the purposes of operating our business. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to companies, money laundering and financial reporting legislation.
You can request access to the personal information we hold about you at any time, and we will provide you with that information unless we are prevented by law from giving it to you.
If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.
If you have any queries, concerns or complaints about the manner in which your personal information has been collected or handled by Onceit or would like to request access to or correction of the personal information we hold about you please email our Privacy Officer at firstname.lastname@example.org. Or if you would prefer to call us, you can do this by calling our member service team on 09-973 5442 (+64 99735442).