Privacy & Security
We value your privacy and make it a priority to safeguard your personal information.
You can ask us to provide you with access to the personal information we hold about you, or to correct or de-identify some parts this information at any time. To do this, simply Contact Us and we’ll respond within 30 days. We'll handle all such requests in accordance with applicable privacy laws.
A detailed explanation of how we handle and safeguard your personal information is found below. This should be read in conjunction with our Terms & Conditions.
Introduction
www.healthpost.co.nz (“this website”) is operated by HealthPost Limited ("HealthPost",“we”, “us”, “our”), a New Zealand registered company.
We respect the privacy of our website users (“you”, “your”) and are committed to protecting your security and privacy.
The HealthPost Group
HealthPost Limited is part of the HealthPost group of companies (the HealthPost Group), which also includes:
Nourished Life Australia and Flora & Fauna are operated by The Future Collective Company Limited, a subsidiary of HealthPost Limited.
The HealthPost Group companies utilise common infrastructure and resources for storing and managing personal information, including shared IT systems (including data storage systems), personnel, customer service teams and third party service providers.
Each HealthPost Group company (such as HealthPost) may also use personal information that has been collected by other HealthPost Group companies (such as Nourished Life Australia or Flora & Fauna) for the following purposes:
-
publishing product reviews that have been submitted to another HealthPost Group company for the same product; and
-
to obtain insights about the customer base of the HealthPost Group (for example, by combining customer behaviour data from HealthPost Group companies to analyse trends and statistics).
Governing Law
As a New Zealand registered company, we are bound by the NZ Privacy Act 2020 and our policies comply with the information privacy principles which form part of that Act.
We also comply with the privacy laws of other countries in which we operate (including Australia), to the extent that they are applicable to us.
If you are located in Australia, please refer to the "Information for Australians" section at the end of this privacy policy for additional information.
Terms of Use
This privacy policy must be read in conjunction with our Terms & Conditions.
Collection of Your Information
We collect information about you through our website so that we can improve your shopping experience, as well as communicate with you about our products, services and promotions. We do not sell or rent your personal information to third parties for them to use for their own commercial purposes.
We may give, lease, sell or otherwise disclose your personal information to third parties where it is necessary to comply with law; facilitate court proceedings; enforce our Terms & Conditions; or protect the rights, property, or safety of HealthPost Ltd, our users, or others. See the "How we use Your Information" section of this Privacy Policy for further information.
We may share or store your contact information and other basic information with our third party business partners including marketing, advertising and research companies and data analysis companies. These third party business partners use this information on our behalf to conduct sales, marketing and advertising research and analysis for us so that we can: better understand your preferences; improve the services we offer you; present you with suitable offers that you might be interested in. We will only do this with reputable organisations who are acting directly on our behalf to improve the services we offer you.
To do this, we need to store your personal and contact information within the hardware and software systems of reputable third parties in order to facilitate and improve the services which we offer. The privacy and data security policies and standards of the third party organisations we engage for these purposes are reviewed by HealthPost, and we take reasonable steps to ensure that these third party organisations protect your information against unauthorised use or unauthorised disclosure while they are storing it for us.
We may be obliged to release account and other personal information when we believe release is necessary to comply with an applicable law (or is authorised by an applicable law); facilitate court proceedings; enforce or apply our terms and conditions; or protect the rights, property, or safety of HealthPost Ltd, our users, or others. If we are legally permitted to do so, we will usually endeavour to notify you if we are required to provide your personal information to third parties as part of a legal process (unless we consider that this would not be appropriate in the circumstances).
Types of Information Collected, and How We Collect that Information
We may collect personal information from you (including, without limitation, your name, email address, phone number, postal address, gender, date of birth, preferences, and purchase history) when you visit, interact or register with our website, place an online order, save your information with us online, complete an online quiz on our website or other platforms, contact us with a question or concern, or participate in a promotion. If you work for a HealthPost Group company, we may collect information relevant to your position with the HealthPost Group such as your qualifications, length of engagement, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles) health and safety related information, and evaluative information .We acknowledge that this information may be used to identify you, and we agree to treat those details as personal information.
Due to the nature of our business, some of the information that we collect about you may include information about your health and wellbeing. This may include, for example , information that you provide us about your sensitivities and your health conditions. Generally, we only collect this type of information with your consent (for example, when you choose to provide it to us when you answer questions about your health as part of one of our quizzes or surveys, or employment application).
We may also analyse the types of products you have purchased from HealthPost Group businesses, or which you have viewed on HealthPost Group websites, to infer information about your health. Generally, we do this to provide you with helpful recommendations for products and services that may be relevant to you, and to better understand the demographics and needs of our customer base in general.
If you are a customer or a potential customer, we may use your personal information to correspond with you, deliver products to you or fulfil any other aspect of our service, and communicate with you about our products and services, including marketing and promotional material. If you work for a HealthPost Group company, we may use your personal information to administer your position with us.
If you call us via telephone, we may monitor and in some cases record such telephone conversations for staff training, quality assurance and record-keeping purposes.
Where it is reasonably practical to do so, we will collect your personal information directly from you. However, in certain cases we may collect personal information from publicly available sources and third parties. For example:
-
We may receive personal information about you that your friend or family member provides us when they complete one of our quizzes, participate in one of our promotions / competitions, use our referral services to refer you to us, or purchase a product for you as a gift.
-
If you apply for a position with us, we may collect personal information about you from you or from recruitment agencies that you use, your previous employers and other referees, relevant government bodies (e.g. police checks, if required) and academic and professional bodies (e.g. to validate details and currency of qualifications). We may also ask you to undergo a pre-employment medical check if you have certain types of health conditions (such as back, neck, or spine injuries, RSI (Repetitive Strain Injury) or OOS (Occupational overuse Syndrome)), and we may receive the results of that check from the medical professional that conducts the check.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
If you choose to provide us with any personal information about another person (for example, your friends of family members) we rely on you to ensure that they are comfortable for us to receive and use that information in accordance with this privacy policy. Please do not provide us with any information about another person if you are unsure.
We also receive and collect the name of the domain and host from which you access the Internet; the Internet protocol (IP) address of the device you are using; the browser software you use and your operating system; the date and time you access our site; and any search engine or inbound hyperlink used to reach this website which is made available to us. This information is used only for statistical purposes and to help us enhance the customer experience for our website users.
How we use Your Information
The ways in which we use this information will depend on the type of information, and the nature of your relationship with us. We may use or disclose your personal information:
-
for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
-
for other purposes to which you have consented; and
-
as otherwise authorised or required by law.
Some of the common ways in which we use personal information include:
-
To process and fulfil customer orders, including sending emails and/ or text/SMS messages; or alternative messaging apps, to confirm order status and delivery, along with customary business communications.
-
To verify your identity and to assist you if you have forgotten your username or password
-
To verify your identity and account so we could assist you when conversing with us via online Chat, phone or via messaging apps..
-
To communicate with you and to send you information by email, text/SMS messages, postal mail, social media, messaging apps, browser notifications or other means about our products, services and promotions, where you agree to receive such information
-
To show you promotions in Facebook, Instagram, Tik Tok, Google and other social and advertising networks
-
To help us learn more about your shopping preferences and personalise content, products and offers to you
-
To analyse trends and statistics
-
To improve or update our website and our products and services
-
To protect the security or integrity of our website and our business
-
To respond to your enquiries and communicate with you if necessary
-
To provide you customer support and delivery updates
-
To collect your feedback about HealthPost, the service we have provided or products you have purchase.
If you are employed by a HealthPost Group business, we may use your health and safety information to support your safe ‘stay at work’ or’ return to work’ plan. Applicant’s health and safety information may be used to evaluate your suitability for the role.
When we may disclose your personal information
We may disclose your personal information to third parties in connection with the purposes described in this Privacy Policy. This may include disclosing your personal information to third parties such as:
-
our suppliers, contractors and organisations that provide us with technical and support services or who manage some of our business functions;
-
our accountants, insurers, lawyers, auditors and other professional advisers; and
-
any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees).
We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.
If we disclose information to a third party who is handling it on our behalf, we generally require that the third party protect your information to the same extent that we do.
If you post information to certain public parts of our Website or to our social media pages, you acknowledge that such information may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
How We Store and Protect Your Information
We will hold personal information as either secure physical records, electronically on our IT systems, in cloud storage, and in some cases, records on third party servers, which may be located in New Zealand or in other countries. We use a range of security measures to protect the personal information we hold, including by implementing IT security tools to protect our electronic databases.
Where We Store and Process Your Information
HealthPost is a New Zealand registered company, and the HealthPost Group has staff in New Zealand and Australia.
However, some of the third parties to whom we disclose personal information (such as our service providers) may be located outside of New Zealand and Australia. Such recipients provide billing, payment, IT and other administrative services to us (including offshore data hosting and processing, data analytics, help desk and data-entry).
The countries in which such third party recipients are located depend on the circumstances. In the ordinary course of business we commonly store data in, or disclose personal information to recipients located in, countries such as: New Zealand, Australia, the United States, Southeast Asia and countries within the European Union.
Whenever we store or transfer your personal information outside of the country in which you are located, we will do so in accordance with the requirements of any applicable privacy and data protection laws.
Data Retention
We take reasonable steps to destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law. We may need to retain records containing personal information to comply with record keeping obligations and for other legitimate business purposes (such as quality assurance).
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, please contact us.
If you cancel your account (or we otherwise close your account due to inactivity) we may still retain and use your information if required to comply with record keeping obligations and other laws; facilitate court proceedings; enforce or apply our terms and conditions; protect the rights, property, or safety of HealthPost, our users, or others; or perform other legitimate business purposes (such as quality assurance).
We hold the right to deactivate or delete your account if you have not been in contact or active with us for some time.
Cookies
Our website uses cookies to help us provide you with a better experience with the HealthPost Group. Cookies may be used in a variety of ways to enhance or personalise your online browsing and shopping experience.
Cookies may be used to personalise your visits to our website, eliminate the need for you to repeatedly enter the same information, enable us to improve our content, reliability and functionality of our website, evaluate the effectiveness of the advertising and track website usage patterns. Cookies help us to keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder emails, web browser notifications and/or SMS messages. We also use cookies to serve targeted advertising on third party platforms - please see the "Third-Party Remarketing" section of this Privacy Policy for further information.
Accepting a cookie will not give us access to any data on your computer other than the data stored in the cookie. Cookies do not impact your online security or harm your device. Although you may configure your browser to not accept cookies, you may experience a loss of functionality and personalisation as a result. You can manage cookie settings via your desktop or mobile browser. We also use cookies for Remarketing as explained below.
One type of data that cookies can collect is your IP address. An IP address is a unique identifier that is assigned to your device when you connect to the internet. We use this information to understand your general location - this helps us provide you with relevant information, content and offers associated with your location.
If you complete an online form or click a link in an email sent to you from HealthPost, cookies may be used to track and identify you through an auto-generated ID, this can temporarily hold personally identifiable information (email address, phone number, webpage viewed, products purchased etc.). We use this to pass data from our website through to Klaviyo, our marketing automation platform (https://www.klaviyo.com/legal/privacy). This information is then used to enhance your experience by providing you with content that is most relevant to you. We may also analyse this information to provide you with a personalised shopping experience and/or providing more targeted advertising based on your preferences.
Marketing Consent
If you've subscribed to receive email marketing communications from us in the past, but no longer wish to receive these, you can easily unsubscribe by using the link provided in any promotional email. However, please keep in mind that even if you unsubscribe from our email marketing database, you may still receive important service-related communications from us, such as order confirmation, order dispatch, rewards expiry, and product or HealthPost review request emails.
Unsubscribing from our marketing emails will not automatically unsubscribe you from our review request or industry update emails. We want to make sure that you only receive the emails that you are interested in, so please take a moment to unsubscribe from any email lists that you no longer wish to receive.
If you have subscribed to our industry update emails, you will need to separately unsubscribe from these by clicking on the 'unsubscribe' link in the footer of an industry update email.
If you have opted in to receive text/SMS marketing from us and no longer wish to receive these messages, you can easily unsubscribe by clicking on the unsubscribe link provided in any promotional SMS message or by following the instructions in the SMS. Depending on your mobile plan, you may be charged a standard SMS fee if you choose to reply to any SMS message. Please note that if you unsubscribe from our text/SMS marketing messages, you may still receive service-related communications from us, such as delivery updates.
If you have any questions or concerns about our messaging service, or need further support to unsubscribe, please do not hesitate to contact us.
Third-Party Remarketing
When you visit our website with cookies enabled, we place a third party cookie supplied by our partners such as Google, Meta, Microsoft, Outbrain, Pinterest, Nosto, Criteo, Push Engage, Typeform, Gorgias, Particular Audience, Getsitecontrol, or others onto your browser. While this cookie doesn't provide us or any third party with any information the directly identifies you (e.g. your name, email address or physical address), it does track certain things like how long you spent on our site, and which pages you did or didn't visit. Some cookies may also store your IP address and geo location. This information enables us to use Remarketing functionality provided by our partners to then deliver targeted advertising to you based on your behaviour whilst you were on our site. For example, if you visited a particular product, we might use this information to display advertising to you promoting a special offer specific to this product. This advertising may be displayed to you as you browse other sites across the internet. This is possible because many websites participate in third-party advertising programmes, allowing them to use parts of their sites to display promotional messages from participating advertisers. You may also see our advertisements on sites directly owned or controlled by Google, such as Youtube, or on Facebook, Instagram, Tik Tok ,Pinterest and others.
You can manage your tracking and advertising preferences at the following link
We may also present to you with additional products that other customers tend to purchase alongside the product you are viewing.
Use of personal identifiers
We may also use advanced matching method and personal identifiers (such as email address, phone number and others) to match our website's visitors and display our ads on advertising platforms, such as Meta or Google. The information is hashed before being sent to our partners to help protect your privacy.
When we use these services (or any advertising service that requires us to use or disclose your personal information), we will only do so if we are permitted to do so by applicable privacy laws.
If you’d like more information please Contact Us .
Business Continuity
In the event that HealthPost’s business is acquired, merged or restructured, or in the unlikely event HealthPost Ltd or the HealthPost Group goes out of business, or enters into liquidation or receivership, you acknowledge that your personal information may be transferred to the new owners or operators of HealthPost's business, and that any acquirer of HealthPost Ltd, The Future Collective Company, or the HealthPost group may continue to use the information collected by HealthPost.
Website and Credit Card Security
We take website and credit card security seriously.
HealthPost endeavour to provide a safe and secure platform on which to conduct online transactions. www.healthpost.co.nz uses the industry standard Secure Sockets Layer (SSL) protocol, which encrypts your personal information as it is transmitted over the internet. This encryption scrambles details such as your password and address so that generally, other computers are unable to decipher the information, ensuring privacy and security. To make sure you are accessing a secure server, check for a closed padlock symbol in your browser window. In current versions of the Chrome, Firefox and Edge browsers, this appears before the URL itself in the browser address bar. If this appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer.
When you undertake a card transaction on the HealthPost website, may be asked to complete a "3D Secure" process to authenticate the transaction. "3D Secure" is designed to provide an extra layer of security for online shopping, and deter unauthorised card use. The authentication process will depend on your bank’s requirements for your account. You may be asked to authorise your payment via use of your mobile device, your banking app, or by calling your bank.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We comply with applicable privacy laws by taking reasonable steps to ensure that all personal information is protected (as is reasonable in the circumstances) against unauthorised access, use, modification, disclosure or misuse. However, due to the nature of the Internet and email systems, we are unable to guarantee the privacy and confidentiality of your personal information while it is transmitted over the Internet.
HealthPost may investigate or monitor a customer’s behaviour if it suspects that there may be fraudulent activity on their account. This may result in HealthPost contacting a customer by email or telephone about their order to verify its validity or credit card information, before the order is dispatched.
Please ensure you sign out when you have finished visiting www.healthpost.co.nz, especially if you access our website from a shared computer.
We use Stripe to process all credit card payments. For more info, please refer to their Privacy Policy.
Linking to Third-Party Websites
When you click on links and banners on our site that take you to third party websites, you will be subject to the third party's privacy policies. While we support the protection of privacy on the Internet, HealthPost Ltd cannot be responsible for the actions of any third-party web sites.
Product Reviews
We reserve the right to use all testimonials and product reviews we receive in HealthPost Group marketing and promotional material, both on and offline, on any platform managed by the HealthPost Group, identifying reviewers by first name only. If you provide a review about a product, we may publish that review on any other HealthPost Group platform that offers that product (for example, Nourished Life and/or Flora & Fauna). If you choose to include a photo or video with your review (for example, a photo or video of yourself with the product), we may publish that photo or video together with your review. Please carefully consider any photo or videos that you choose to include with your review.
If you don't want us to use your review, please let us know.
Only reviews compliant with applicable laws will be published on our site, and we reserve the right to reject the publication of reviews submitted to our site, or post our comment or our brand partner’s comment alongside the relevant review.
Changes to our Privacy Policy
We reserve the right to change this privacy policy from time to time by publishing the revised privacy policy on our website. We encourage you to check this policy regularly for any modifications or updates. Your continued use of our Services after any changes have been posted on our Website indicates your acceptance of those changes.
If you have any questions regarding our privacy policy or any other matter, or if you believe that HealthPost has not adhered to this privacy policy, please contact us. We will use commercially reasonable efforts to promptly determine and remedy the problem.
You also have the right to complain if you believe that we have breached New Zealand privacy laws by mishandling your personal information.
We take all complaints seriously and will respond to your complaint in accordance with any applicable timeframes imposed by law and otherwise within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
If you are dissatisfied with the handling of your complaint, you may make a complaint with the Office of New Zealand Privacy Commissioner on the following link.
ADDITIONAL COUNTRY-SPECIFIC INFORMATION FOR INDIVIDUALS OUTSIDE OF NEW ZEALAND
Information for Australians
HealthPost Limited is a New Zealand registered country, and your personal information may be stored and accessed in countries outside of Australia. See the "Where We Store and Process Your Information" section of this Privacy Policy.
Under Australian privacy laws, you have the right to request access to, or correction of, personal information that we hold about you.
You may contact us to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. We will respond to all requests for access to or correction of personal information within a reasonable time.
On the rare occasions when we refuse access (which we will only do in accordance with applicable laws), we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to the personal information we hold about you.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
You also have the right to complain if you believe that we have breached Australian privacy laws by mishandling your personal information.
When contacting us please provide as much detail as possible in relation to your question, concern or complaint.
We take all complaints seriously and will respond to your complaint in accordance with any applicable timeframes imposed by law and otherwise within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au