We are pleased about your use of our website. The protection of your personal data is important to us and we want you to feel safe when using our website. This privacy statement is issued in compliance with the Privacy Act of 2020 and other related law and regulations such as the Unsolicited Electronic Messages Act 2007 (“UEMA”).
1. Information concerning the collection of personal data
a. The following shall inform you about the collection, processing and utilization of personal data on our website. Personal data means all data relating to a living individual who can be identified.
b. Controller as per the Privacy Act of 2020 is: Emma Sleep New Zealand Ltd.
Level 2, 142 Broadway,
Newmarket, Auckland 1043,
You can reach our data protection officer through the following details:
c. If we use contracted service providers for individual functions to present our services to you or to your data for advertising purposes, we will inform you in detail about the respective processes below.
2. Your rights as a data subject
a. You have the following rights against us with respect to the personal data concerning you:
Right of access by the data subject (Information Privacy Principle 6):
You have the right to request confirmation whether we hold any personal data about you and to access your personal data subject to the exception provided under Section 49 to Section 53 of the Privacy Act 2020 subject to advanced payment of charges per Section 66 of the Privacy Act 2020. If you are given access to your personal data, you may request the correction of the same under Information Privacy Principle 7.
Right to rectification (Information Privacy Principle 7):
You have the right to request that we rectify inaccurate personal data relating to you or to attach a statement of correction to the personal data if we do not make the correction sought. If a correction is made or a statement of correction is attached to your personal data, Emma will, as is reasonably practicable, inform other entities to whom we previously disclosed the erroneous personal data about the said action.
Right to object to direct marketing (Section 3, UEMA):
You have the right to object to the processing of your personal data for direct marketing purposes when it is without your consent or you wish to withdraw your consent previously given .
b. If you have the feeling that we have not responded in an appropriate manner to your requests, or complaints, or you have further concerns, you additionally have the right to complain to a data protection authority such as the . The responsible authority to us is the Office of the Privacy Commissioner:
c. You can send your inquiries regarding your rights as a data subject to us by sending a data subject request to [email protected]
3. Collection of personal data when you visit our website
When visiting our website, i.e. without registering or agreeing to our further processing or utilization of the data, only the personal data, which your browser transmits to our server is automatically saved. In order to fulfil these technical requirements for you to view our website and provide for the necessary security, the following data is saved:
- IP Address,
- Date and time of your visit,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the query (specific site visited),
- Access status/HTTP status code,
- Amount of transferred data,
- Website from which the initial request emanates,
- Operating system, device, and its user interface
- Language and version of browser software.
The personal data mentioned above gets processed for the following purposes: To ensure a smooth connection of the website To guarantee a comfortable use of our website To evaluate system security and stability as well as for other administrative purposes.
These information are temporarily stored in so-called log files. When you visit this website, this information is automatically recorded without your intervention and stored until it is automatically deleted. If you don’t want the above personal data to be collected, you should not access our website as we will be unable to allow you access to our website without such personal data.
4. Use of our webshop: orders and product returns
a. If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order and fulfill the contract of sale with you. The essential data for the conclusion of the contract is marked, further data is given on a voluntary basis. We use the personal data provided by you to process your order and returns. For charging purposes, we can pass on your payment data to our house bank or to the selected payment service provider. To manage the delivery of the goods to you, and due to the nature of the transaction, we will need to share your delivery address and contact details (email and phone number) with delivery companies. Only strictly necessary data will be shared for the purpose of coordination of delivery, protection against fraud and clarification of urgent issues. The legal basis for this is that this processing is objectively necessary for the performance of the contract of sale with you. This means that the sale of goods cannot, as a matter of fact, be fully performed if this specific processing of the personal data in question does not occur. Please note that failure to provide the mandatory personal data can lead to that that your order with us cannot be carried out.
If you want to do a product return, we will also need to share your personal data (delivery address and contact details) to the assigned non-governmental/charitable organization or delivery company for the pick-up and collection of the product. The legal basis is that the processing is necessary for the performance of a contract to which the data subject is party and our legitimate interest in managing product returns.
Before submitting your order, you are required to tick a box to signify your consent to our terms & conditions, privacy statement, and cancellation policy after having read the same. If you do not agree with our terms & conditions, privacy statement, and cancellation policy, you should not tick the box but you will also be unable to continue checking out.
By ticking the box and proceeding to submit your order, you consent that we may collect and process inside or outside of New Zealand the following categories of personal data about you via the webshop for the following purposes: Identity data (e.g., first name, last name, etc.) for purposes of identifying you in relation to your orders and interaction with us. Contact details data (e.g., shipping address, telephone number, email address, etc.) for purposes of coordination and execution of the delivery and/or pick-up of your ordered and/or returned goods. Order data (e.g., order number, item bought, order amount, etc.) for purposes of carrying-out your order. Payment data (e.g., mode of payment, etc.) for purposes of documenting and processing the payment transaction for your order. Preference data (e.g., consents given, etc.) for purposes of documenting your preferences and consents given.
Further, you consent that the above categories of personal data may also be used separately or jointly for marketing or advertising purposes.
b. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities or public authorities. We conclude data processing agreements with our private-entity data processors, which ensure that they may only process your personal data in a way that we have explicitly instructed them to do so and ensure that they take the necessary technical and organizational measures to process your data securely and store your personal data only for as long as necessary. With respect to private-entity data controllers, we have less control as to how they will use your personal data but we enter into data sharing agreements which mandate compliance of both parties with applicable laws. Finally, when sharing your personal data with public authorities, we will only do so when required and allowed by law.
Being an international business with a global footprint, we may process your personal data outside of New Zealand. By agreeing to the privacy statement through the method explained above, you consent that, in addition to us, the following categories of recipients from inside or outside of New Zealand may receive the following categories of personal data for the following purposes: Subsidiaries and affiliates – may receive Identity data, Contact details data, Order data, Payment data, and Preference data for purposes of order management, customer management, and marketing. Credit institutions and providers of payment services for billing and payment processing (online payment providers) – may receive Identity data, Order data, and Payment data in order to offer you their payment methods for your order during checkout. Our payment service providers are considered separate data controllers and process your personal data according to their respective privacy statements and such processing may include credit checks or other assessment methods to determine your qualification for the payment method. Before using a payment method, please read the payment service provider’s privacy statement available in its website such as:
o MasterCard - https://www.mastercard.com/global/en.html o Visa - https://www.visa.com.my/legal/global-privacy-notice.html o Zip – https://zip.co/nz/privacy-policy/ Parcel Shipper – may receive Identity data, Contact details data, and Order data in order to manage and facilitate the delivery of your order to the address you indicated including package tracking. Our parcel shippers are considered separate data controllers and process your personal data according to their respective privacy statements. Before proceeding with your order, please read the parcel shippers’ privacy statements available in their website such as:
o Store Right Logistics - https://www.store-rite.co.nz/ Supplier and Warehouse service provider – may receive Identity data, Contact details data, and Order data in order to manage and facilitate the delivery of your order to the address you indicated including package tracking. Non-Governmental/Charitable Organization that collects product returns – may receive Identity data and Contact details data in order to manage and facilitate the pick-up and collection of the product to be returned by you in the address you indicated. IT service provider to maintain our IT infrastructure – may receive Identity data, Contact details data, Order data, Payment data, and Preference data for data storage purposes. Cloud and cloud-based solutions provider – may receive Identity data, Contact details data, Order data, Payment data, and Preference data for data storage and cloud-based solutions purposes such as solutions for webshop creation, webshop hosting, order management, customer management, email management, etc. Service provider for the optimization of the online offer – may receive Identity data, Contact details data, and Order data for the optimization of the online offer. Collection service providers or lawyers to collect receivables and enforce claims in court – may receive Identity data, Contact details data, Order data, and Payment data for purposes of litigation and protecting our legal rights and interest. Marketing and advertising service provider – may receive Identity data, Contact details data, and Order data for marketing and advertising purposes. Customer service provider – may receive Identity data, Contact details data, Order data, Payment data, and Preference data for purposes of addressing your queries and concerns. Management service provider – may receive Identity data, Contact details data, Order data, Payment data, and Preference data for purposes of managing our platforms, websites, etc. Government agencies – may receive Identity data, Contact details data, Order data, Payment data, and Preference data if allowed and required by law for purposes of achieving their legal mandate.
c. If personal data is processed in countries outside of New Zealand, we will ensure that your personal data is processed in accordance with Privacy Act of 2020’s data protection level by entering into legally binding agreements with the recipients.
5. Communications and contact form
When you contact us such as through e-mail or via the contact form, the information you provide will be processed for the purpose of processing your request and for the event that follow-up questions arise. If you are contacting us in relation to your purchase, our legal basis for the processing of your personal data is that it is needed to fulfill our contract of sale with you. If you are contacting us in relation to other matters, our legal basis for the processing of your personal data is your consent. The personal data collected by us in this context will be deleted when the request associated with the contact has been completely clarified and it is also not to be expected that the specific contact will become relevant again in the future, unless legal storage obligations stand against this.
6. Newsletters and electronic notifications
a. We send newsletters, e-mails and other electronic notifications containing promotional information. Our newsletters contain information about our products, offers, promotions and our company. With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection.
For the subscription to our newsletter we use a logged Double-Opt-in procedure. This means that after subscription you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the service provider are also logged. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. The provision of further data is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The newsletter dispatch and the measurement of performance are based on your consent if you subscribed.
b. We may also send you a newsletter and/or notification through the e-mail address or other contact details you provided to us during checkout. If you receive a newsletter and/or notification, without subscribing, we are doing so on our legitimate interest to market and advertise our products, services, promotions, and events to you.
c. To stop receiving the newsletter, you may withdraw your consent to or object to receiving the same at any time by clicking on the unsubscribe link provided in every newsletter e-mail or by completing the DSR Request Form at the bottom left of this page.
d. After unsubscribing, we will delete your e-mail address or relevant contact details, unless you have consented to other use of your data, or the use of the same is permitted or required by law per another legal basis.
7. Data retention
We keep your personal data for the period of the customer relationship with you or for the legally-required period after termination of such relationship or agreement in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations. In general, the legal retention period for documents important for taxation (such as accounting receipts) is ten (10) years while other documents that can be considered as commercial or business transaction documents is six (6) years.
8. Social-Media portals
a. We are represented in the social networks and employer evaluation portals mentioned below. These presences are operated exclusively by the respective provider. They serve to communicate directly with customers, interested parties and users. If you contact us via our social media channels, we process the personal data that you provide us with as well as the personal data that is necessary to process your request. Insofar as you have given your consent to the operators of the respective social media platforms (e.g. by means of a checkbox opt-in), the processing is carried out on the basis of your consent. You can revoke your consent at any time with the operator of the respective platform with effect for the future.
b. When you visit our social media pages, your user data is recorded and provided to us by the operator. The exact types of data differ from provider to provider, but generally include the following information: Follower: number and stored profiles; information about growth and development over a defined time frame. Reach: number of people who see a specific contribution; number of interactions with a contribution. From this, it can be deduced, for example, which content is better received by the community than others. Ad performance: how many people were reached by a contribution or a paid ad and have interacted with it? Demographics: average age of visitors, sex, location, language.
c. Since our social media channels are operated by the providers of the respective social network, there may be a supplementary use of your personal data by the respective operator, over which we have no influence. This often involves the recording of your IP address, the creation of static evaluations and the processing of further information stored in the form of cookies. We have no influence on the generation and presentation of this personal data and can neither turn off this function nor prevent the processing of the personal data.
d. The assertion of data subject rights and requests can most effectively be addressed directly to the platform providers, since only they have access to your personal data and can take immediate action and provide information. Should our cooperation be necessary for this, we will support you in enforcing your rights as a data subject.
9. Social-Media plug-ins
We have integrated plug-ins on our web services. These plug-ins are indicated by the respective button belonging to the service. With the help of the plug-ins, users can share or post links to the corresponding websites in social networks such as Facebook or Twitter or recommend the contents there. Through your active interaction with these plugins, (e.g., by clicking the respective button or leaving a comment) this information is transmitted directly to the respective service and stored there.
When you visit one of our web services that contain an activated plugin, your browser establishes a connection with the servers of the respective service, which in turn transmits the content of the plugin to your browser, which then integrates it into the displayed page. Thus, the information about the visit of our web services is forwarded to the respective service. We do not collect personal data ourselves by means of the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the service provider will attempt to store cookies on the computer used. If you are logged in to the respective service at the same time as visiting our web services via your personal user account (e.g. via another browser session), the service provider can assign the visit to our web services to your account.
10. Facebook Insights - "Facebook Fanpages"
Upon a visit of our Facebook page collects Facebook among others your IP address as well as other information, which is saved on your device in form of cookies. This information will be used to provide us as the operator of the Facebook page with statistical information on Facebook usage. We can access these statistics through so-called Facebook “insights”. These statistics are collected and provided solely by Facebook. We as the operator of the page have no influence over their generation and presentation. We cannot either stop or prevent their generation and data processing. You can find further information about “Insights” provided by Facebook here: https://www.facebook.com/help/pages/insights. Following information will be provided to us by Facebook through “Insights”: Number of page views, “likes”, page activities, reach, impressions, video views, post clicks and reactions, post reach, comments, shared content, answers, gender ratio, regional distribution of the users (origin based on country and city), language, opens and clicks in the shop, clicks on the address and on the telephone number.
b. This website uses the following types of cookies: Transient Cookies - Transient cookies are automatically deleted when you close your browser. These are mostly session cookies, which save a so-called “session-ID”, which allows for the assigning of different queries within your browser during a particular session. This can be used to identify your device when one repeatedly visits a website during a session. These cookies are deleted once you log out or the browser window is closed. Persistent Cookies - Persistent cookies enable the website to remember your information and settings on your next visit. This gives you faster and more convenient access to the website, as you do not have to change your language settings again, for example. How long the cookie remains on your device depends on the duration or expiration date of the respective cookie and your browser settings. These cookies are automatically deleted after a set period of time which can differ from cookie to cookie. Persistent cookies can be deleted via the security settings in your browser at any time.
d. Cookies used in the website may include the ones indicated further below.