Privacy Statement

1. Purpose & Scope

This Privacy Statement sets out the way that Personal Information is managed by Indevin Group Limited in accordance with applicable privacy laws. For the purpose of this statement, “Indevin”, “the Company”, “we”, “our”, or “us” means the New Zealand company; Indevin Group Limited and extends to include any related entities (collectively referred to as “Indevin”).

If you provide Indevin with Personal Information, you consent to Indevin collecting, holding, using, and disclosing your Personal Information in accordance with this Privacy Statement. We rely on your consent as the basis for our use of your Personal Information. You can withdraw your consent at any time by contacting us using the contact details in section 10.

Where applicable local legislation, regulations or governing authorities differ in the application and or interpretation of privacy requirements when capturing Personal Information, those rulings will supersede those set out in this statement.

2. What is Personal Information

Personal Information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be Personal Information regardless of whether it is true.

3. The kinds of Personal Information we collect

The information collected by Indevin will depend on the products, services, or information you ask us to provide to you, and the nature of the dealings you have with us. This will include (but is not limited to) information to confirm your identity, date of birth and contact details such as your physical address, mailing address, email and contact phone numbers. Recruitment information including right to work information and CVs.

If you submit Personal Information to us about another individual, you must obtain permission from that individual and take reasonable steps to ensure that that person understands what Personal Information we will collect and use.

4. How we collect Personal Information

We will collect Personal Information directly from you, where reasonably practical, in some of the following ways:

  • when you make an enquiry, complete an application or request an order, or enter into a promotion.
  • when you purchase products off our websites.
  • through your communication with us which may include emails, letters, phone conversations, meetings, or other correspondence between you and our representatives.
  • through other interactions with our websites, social media or direct marketing material.
  • when you otherwise interact with Indevin or disclose Personal Information to us.
  • when you apply for a position with us.

As well as collecting Personal Information directly from you, where required, we also collect Personal Information from third parties in circumstances where we have your consent, for example, from an employment agency or background check provider, or where we are legally required to do so.

If you choose not to provide us with Personal Information which we have requested from you, we may be unable to fulfil any of the above purposes, including providing goods and services to you, responding to your requests or processing your application for employment.

Children: Our websites are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18.

5. Cookies and how we use them

We (and authorised third parties) may use cookies and tools, such as web beacons and web server logs, to collect, store and monitor visitor traffic information and actions on our website. Cookies are small data files which are placed on your computer that allows our websites to “remember you” when you return to our websites. These cookies and tools are not used to record any Personal Information. They do record IP addresses which combined with other data may be considered Personal Information. Third party services may have their own privacy policies.

We use optional third-party marketing cookies to collect information on how you utilise our websites. Third parties use this information to perform statistical analysis of aggregate user behaviour, and effectively run, measure and improve products and advertising. We use this analysis to measure advertising and site effectiveness and relative customer interest in the various websites. We use Age Verification, an essential first party cookie to ensure you are of legal drinking age and store your age settings, so you don’t have to enter them every time you access our website.

The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website and the next website visited. We may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising.

If you want to prevent cookies being used, you can change your browser settings to disable cookies. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.

6. How we store and secure Personal Information

We store most information about you in computer systems and databases (including cloud service providers based in Australia) operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

We implement and maintain processes and security measures to protect Personal Information which we hold from misuse, interference, or loss, and from unauthorised access, modification, or disclosure.

These processes and systems include:

  • the use of identity and access management technologies to control access to systems on which information is processed and stored;
  • requiring all employees to comply with internal information security policies and keep information secure;
  • requiring all employees to complete training about information security; and
  • monitoring and regularly reviewing our practise against our own policies and against industry best practice.

We will also take reasonable steps to destroy or de-identify Personal Information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under privacy laws.

7. The purposes we collect, store, use and disclose Personal Information

We collect, use, disclose, store, and retain your Personal Information so that we can carry out our business activities and functions and provide you with our products and services in accordance with applicable privacy laws.

The purposes for which we collect, store, use and disclose personal and credit-related information is so that we can:

  • establish your identity and assess applications for our products and services;
  • enable you to purchase our products and services; and manage and deliver your order;
  • send you transactional or administrative communications (for example, confirmation emails when you to join our database or a specific registration or promotion) as well as service-related updates (e.g. notices about updates to our privacy policy);
  • send you marketing information and communications from us, and allow you to participate in promotions;
  • manage our relationship with you, including responding to any requests for service from you;
  • manage our risks and help identify and investigate illegal activity, such as preventing fraud;
  • conduct and improve our businesses and improve customer experience;
  • to update our records and ensure contact details are up to date;
  • making a decision about your appointment;
  • checking you are legally entitled to work for Indevin Group;
  • administering a contract we have entered into with you; and/or
  • comply with our legal obligations and assist government and law enforcement agencies or regulators where required.

Some of the above grounds for processing your Personal Information will overlap and there may be several grounds which justify our use of your Personal Information.

8. Your rights in respect of Personal Information

You may access or request a correction to the Personal Information that we may hold about you by contacting our Privacy Officer, contact details are set out below. Where we hold information that you are entitled to access, we will try to provide you with a safe and secure means of accessing.

Please understand there are some circumstances in which we are not required to give you access to or correct your Personal Information, but we will advise you if these circumstances apply to your request.

If you are based in the United Kingdom or European Union, you may have the following additional data protection rights:

  • the right to request we erase your Personal Information in certain circumstances;
  • the right to request that we restrict the processing of your Personal Information and the right to object to our processing of your Personal Information in certain circumstances; and
  • the right to request that we transfer your Personal Information we have collected to another organisation or directly to you, in certain circumstances.
  • The right to request a review of any decisions made about you which we made solely based on automated processing, including profiling.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Privacy Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

9. Complaints process

If you believe that we have breached, or potentially breached our privacy obligations, please contact the Privacy Officer in the first instance using the contact details set out below. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.

We will endeavour to resolve your concerns however if you feel we have not addressed your concerns, you may contact the relevant supervisory authority. If you are based in the United Kingdom, you can contact to the Information Commissioner’s Office.

Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113.

If you are based Australia, you can contact the Office of the Australian Information Commissioner (OAIC), GPO Box 5288 Sydney, NSW 2001, Phone enquiries 1300 363 992.

10. Disclosure to third parties and recipients based overseas

Transfers within the Indevin group of companies: The Indevin Group of companies are based in Australia, New Zealand, Canada, and the United Kingdom. We may share your Personal Information between entities for administrative purposes and to provide the services to our customers. All Indevin entities will handle your Personal Information as described in this Privacy Statement.

Sharing with Third Parties: The Personal Information you provide to us may be shared with third-parties to the extent necessary to carry out our professional and business needs, to complete your requests, where we are required to disclose that information by law or for safety reasons, with your consent or as otherwise stated in this privacy statement.

In particular, third parties we share Personal Information with may include:

  • Parties to whom we outsource certain functions. We use third-party service providers to store and process our data, support the sale of our products to you and support our website.
  • Third parties who help us deliver and manage our products and services.
  • Auditors, compliance regulators, government agencies and departments, courts or other regulatory bodies.
  • Any other third party with your prior authorisation for such disclosure.

Sharing in the event of sale or transfer: In the event the Indevin business is sold, transferred or assigned, disclosure might be necessary for that sale, transfer, merger or assignment, or as a result of the sale, transfer, merger or assignment. In some cases, the third parties we share your Personal Information with may be located overseas, including but not limited to Australia, United Kingdom, United States and Canada. We require these third-parties to take appropriate measures to protect the Personal Information and restrict how they use it, in accordance with our contractual obligations and all other applicable privacy laws.

11. Our controller and processor status

Where we process or hold Personal Information solely on behalf of you or another organisation, we do as an “agent” under the New Zealand Privacy Act and to the extent applicable, a data processor under the GDPR. Where we process, use or disclose Personal Information for our own purposes, for purposes related to our business, we will be an agency governed by the New Zealand Privacy Act.

12. Contact us

To exercise any of your rights, or if you have any questions about this Privacy Statement, please contact our Privacy Officer:


Post: Indevin, Level 2, 1 Market Street, Blenheim 7201

13. Changes to this Privacy Statement

We keep our Privacy Statement under regular review, and we reserve the right to modify this Privacy Statement from time to time to reflect changes in the law, our use of information and other business activities and the services that we provide. If the changes do not disadvantage you, we may notify you of the changes by publishing an updated version of this Privacy Statement on our website and it is your responsibility to review the current version of this Privacy Statement when you use our website.

If we make any other changes, we will take additional steps to bring the changes to your attention, such as by providing you with notice of our updated Privacy Statement with a notice on our website, or by other direct communication, such as email. By continuing to use this website after such changes have been made you are deemed to accept our updated Privacy Statement.