263 Gloucester Street, Taradale, Napier 4112, New Zealand | +6468448256

Protection

1. Overview At Lush & Leafy, protecting your personal data is fundamental to our business. This Data Protection Policy outlines how we collect, use, share, and safeguard your personal information in accordance with applicable data protection laws, including GDPR, CCPA, and others. We are committed to transparency and accountability in how your data is handled and strive to protect your privacy at every step. 2. Personal Data We Collect The types of personal information we collect may include: Identification details such as full name, date of birth, and gender Contact details like email address, telephone number, and postal address Account credentials including username and password (stored securely) Payment and billing information used to process transactions Device and technical data such as IP address, browser type, operating system, and browsing behavior Interaction records including customer support communications and feedback Marketing data including your preferences and consent status We collect this information both directly from you and through automated means when you visit or use our website and services. 3. How We Collect Data Personal data is collected via: Forms you fill out on our site, such as registration, contact, or checkout forms Your interactions with customer support Tracking technologies including cookies, pixels, and log files Third-party sources such as social media platforms or business partners when authorized 4. Purpose and Use of Your Data We process your personal data to: Provide, maintain, and enhance our products and services Process orders, payments, and manage accounts Communicate with you, respond to inquiries, and provide customer support Send newsletters, marketing messages, and promotions (with your consent) Analyze website usage and improve user experience Detect and prevent fraudulent or unauthorized activities Comply with legal and regulatory requirements 5. Legal Grounds for Processing Our data processing is based on one or more of the following lawful bases: Your consent, where applicable The necessity of processing to fulfill contractual obligations Compliance with legal requirements Legitimate interests pursued by us or third parties, balanced against your rights and freedoms 6. Disclosure of Personal Data We may share your data with: Trusted service providers assisting in payment processing, marketing, IT hosting, analytics, and customer support Affiliates or subsidiaries involved in business operations Legal authorities when required by law or to protect our rights Potential business partners in mergers or acquisitions under confidentiality agreements 7. International Data Transfers When transferring data internationally, we ensure appropriate safeguards such as Standard Contractual Clauses or approved frameworks to maintain your data’s protection level. 8. Data Retention We keep your personal data only as long as necessary for the purposes it was collected, or as required by law. Once no longer needed, we securely delete or anonymize your data. 9. Data Security Measures We implement robust technical and organizational measures, including: Encryption of sensitive data in transit and at rest Regular security assessments and audits Access controls restricting data to authorized personnel only Employee training on data protection and confidentiality Despite these measures, no system is completely secure, so please help protect your information by safeguarding your credentials and avoiding sharing sensitive data unnecessarily. 10. Your Rights You have the right to: Access your personal data Request correction or deletion of inaccurate or unnecessary data Restrict or object to processing Withdraw consent at any time (where processing is based on consent) Receive a portable copy of your data Lodge a complaint with a supervisory authority To exercise these rights, contact us at [email protected]. We will respond within legally mandated timeframes. 11. Cookies and Tracking Our website uses cookies and tracking technologies to provide functionality, analyze usage, and tailor marketing efforts. You may control your cookie preferences via your browser or our cookie consent settings. 12. Children’s Data Our services are not aimed at children under 16. We do not knowingly collect data from minors. If such data is found, it will be deleted promptly. 13. Policy Updates We may revise this policy to reflect changes in our practices or legal obligations. Updated versions will be posted on our site, and significant changes will be communicated directly.