Privacy Policy
What do we do with your information?
When you purchase something from our online store, as part of the buying and selling process, and with your permission, we collect the personal information required for the transaction such as your name, postal address, and email address.
With your permission, we may send you emails about Three Gems, new products, and other updates.
How do you get my consent?
When you provide us with personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
When you enter credit card information into our website, we do not see these. Your credit card details are encrypted and securely sent to a third party for payment processing. We use Stripe for this. Stripe is one of the biggest and most secure payment gateways.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If, after you opt-in, you change your mind you may withdraw your consent for us to contact you for the continued collection, use, or disclosure of your information at any time, by contacting us at louise@threegems.co.nz or mailing us at:
Three Gems Limited
PO Box 1000
Nelson 7040
New Zealand
Where excatly is my data stored?
Your data is stored on two main systems we use to run our business, and temporarily by New Zealand Post and also the Stripe payment gateway:
WooCommerce
Your Three Gems Account information and any purchase details (excluding your credit card information) are stored in the cloud-based Woo Commerce platform. The only people and entities with access to this are the Three Gems staff and the staff of our website developer, Slightly Different Limited, who is based in Nelson, New Zealand.
Klaviyo
Klaviyo is the platform we use for managing our emails to you. This includes follow-up customer service emails and our newsletters. This is cloud-based, and the only people and entities with access to this are the Three Gems staff and very occasionally the Klaviyo support centre only when we give them access to assist us when we contact them for assistance.
New Zealand Post
When we send your order to you, we supply NZ Post with your name and address, and any additional delivery information you may give us on the checkout page of your order.
We do not supply NZ Post with your email or phone number. Your shipping details are held by NZ Post for 90 days and then deleted.
Stripe for Credit Card Information
We do not see or hold any of your credit card details. When you enter these into our website, the information is encrypted and sent securely to Stripe. Transaction details are held by Stripe only for the purposes of passing your payment on to us, and also for crediting you in the case of us processing a refund to you.
Website hosting
Our store works on the WooCommerce system, which provides us with an online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Woo-Commerce’s data storage, databases, and the general WooCommerce application. They store your data on a secure server behind a firewall.
Both our website host and the platform we use for our email newsletters and the like use ‘cookies’, (small bits of data, which are sent to your Internet browser and stored on your computer) which allow us to recall your preferences when you re-visit our site. Most websites do this. Cookies can be used to identify your account in our system whenever you are logged in, but don’t carry any personal information about you.
You can choose to turn off cookies in your browser settings; however, this will mean that some of our website functions will be unavailable to you, e.g. you may not be able to sign in.
Payment
If you choose to pay for your online purchases with a credit card, this will go through the Stripe payment gateway. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa and Mastercard.
Security
To protect your personal information, we take all reasonable precautions and follow industry best practices to make sure it is not lost, misused, accessed, disclosed, altered or destroyed.
GPDR and DPDA COMPLIANCE
As the Three Gems website may be accessed globally, we have an obligation to comply with GDPR (General Data Protection Regulation (EU)) and PDPA (Singapore Personal Data Protection Act 2012)
GDPR comprises of eight basic rights. These rights are given to individuals to protect their private lives and control the digital footprints they leave behind when using internet-based applications and services. These rights are to create openness, control, and trust between the parties. As such you have the:
Right to consent – you will have the opportunity to give consent
Right to data protection – all data is stored securely
Right to view personal data – we only store the information you provide
Right to correct data – you can contact us at any time to review and correct
Right to get notified – you will be notified if your data is breached
Right to data portability – this is not applicable to our on-line store
Right to be forgotten – you can unsubscribe at any time from our emails
Automated delete – your personal data is deleted after two years
Changes to these terms and conditions
We reserve the right to modify these terms, conditions, and privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect and how we use it.
Questions and contact information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer at louise@threegems.co.nz or by mail to:
Three Gems Limited
PO Box 1000
Nelson 7040
New Zealand