1 POLICY STANDARD
This policy explains how PGW will manage all personal information from any source in accordance
with the Privacy Act 1993 twelve information privacy principles.
PGW is committed to ensuring the privacy of personal information is protected and we strive to uphold
the best practice privacy standards in the collection, storage and use of personal information.
Personal Information means information about an identifiable individual.
strategies, business affairs, accounts, finance or contractual arrangements.
- PGW customers, suppliers and third parties;
- Directors and Officers of PGW Group Companies;
- Employees (full time and part time);
- Temporary and Casual employees;
- Independent contractors (e.g. Real Estate, Livestock agents etc).
- Third party contractors (e.g. consultants); and
- The PGW Group of Companies (e.g. PGG Wrightson Ltd, subsidiaries of PGG Wrightson Ltd, associated companies over which PGW has significant influence; JV companies or consortia which are under the day to day management of PGW or a subsidiary of PGW).
1.4 Privacy Act 1993 Principles
The 12 Privacy Principles can be viewed here.
How PGW complies with the Privacy Principles is set out below.
1.5 Personal information that we collect, and why
Personal information collected by PGW is collected for the purpose of managing customer transactions for products and services, supplier and other third party relationships, and employee relationships.
The personal information we collect differs depending on the nature of the relationship which of our products and services you are involved in, and may include:
- name, address and contact details
- date of birth
- account and newsletter preferences
- for employees, all employment related information
- for customers, information about a product or service you purchased from or sold to us, the place of purchase, deliveries and returns, and information about your ownership of the product
- information about any call to us, including a recording of the call, details about the
- product(s) you bought, the reason why you contacted us and the advice we gave you
- information relating to your use of any of our loyalty programs and the rewards that you claim
- information about third party provider products that you obtain through us e.g. fuel cards
- your business contact details, type of business and other business information, place of employment and position
- product reviews, comments, photos and forum posts that you have submitted;
- credit and financial information and checks, including validation of identity and property ownership
- information about your social network profile such as your social network ID, profile picture, gender and location
- the fact that you have clicked on a 'like' or 'tweet' or similar button in one of our websites or services or one of our pages on a social network site, which we may associate with the details that we store about you
- information about your visit to our website, such as your browser software, which pages you viewed and which items you 'clicked' on, added to your cart or removed from your cart
- service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, domain, device and application settings, errors and hardware activity
- information about where your device is physically located (for example, when you are using a geo-location service or application and you have provided consent to your location being shared)
- interests and preferences that you specify during setup of an Internet enabled product or service
- in the case of candidates seeking employment with us, and our employees, information relevant to your employment history.
If we request personal information from you and you do not supply it, we may not be able to provide you with the product or service you request. We also sometimes collect information about people who are not our employees or customers as part of providing a product or service, for example the other party to a sales transaction that you are involved in.
We do not store your credit card information when you purchase from us in store or online. We use a secure Hosted Payment page solution from Windcave to process online orders, where customers can see their cards being authorised in real time, using a fully encrypted Transport Layer Security (TLS) protocol.
1.6 How we collect personal information
We collect personal information directly from you when you:
- become a PGW customer or employee and during the course of our relationship with you;
- set up an account;
- visit or use a PGW website, including any forums for example chatbot, (this may include the address of your Internet service provider, the name of the web page directing you and your clicks and activity on our website);
- place an order with us through our retail store website or online payment gateways;
- arrange the collection of an item through our online ‘Click & Collect’ service (which will require you to verify your identity);
- subscribe to marketing and sales material or communications;
- complete an online form on one of our social media channels (for example, Facebook) or that is placed on a third party website;
- complete a survey;
- enter a trade promotion or competition;
- register or purchase a gift card;
- complete a hard copy form or provide information in one of our stores;
- request delivery of products;
- make a purchase, return or exchange a product where we request you to verify your identity;
- provide information or feedback via phone, e-mail, chat or social media;
- speak with us, or one of our representatives directly during a product or other enquiry; or
- contact us directly by telephone, via mail, e-mail or online (inbound and outbound calls to the PGW Call Centre will be recorded).
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. For example, if you wish to review a product or make a comment about our service, you are able to do this anonymously.
As listed above, information may be collected in various ways, such as mail, internet, telephone, face to face conversation, email, and in various formats such as forms, letters, electronic file notes and recorded conversations. Customers will be identified by a PGW customer number and password (if applicable). Employees will be identified by a PGW employee number and password (where applicable).
We may also collect personal information from other people, organisations and sources, such as when collection from you is impractical or where you have consented to us collecting it from someone else. These may be parties related to PGW or third parties such as your agent, where you have appointed an agent to act on your behalf in dealings with us (e.g. a broker or lawyer), or employment referees that prospective employees have given us.
1.7 Where we store personal information
PGW stores customer and employee personal information in a number of locations, including:
- customer and employee documentation is scanned into PGW’s computer systems, various equipment, programmes, databases and digital archives
- physical paperwork is filed in a secure location
- electronic files are stored securely with third party cloud-hosting providers
These storage mechanisms may be managed internally by PGW and held locally in New Zealand, or they could be managed by a third party storage provider with whom PGW has a contractual relationship and be held on a server locally or overseas, including in the cloud. When information is stored overseas (e.g. Amazon Web Services or Microsoft Azure), we will ensure that the storage complies with our New Zealand privacy obligations.
1.8 PGW’s storage security procedures
PGW will use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure, such as:
- storing the personal information you provide in computer servers with limited access that are located in controlled facilities secured by surveillance and security technology
- following certain procedures, for example checking your identity against available data when you telephone us and using secure passwords for our computer systems and softwares
- limiting physical access to PGW’s premises
- limiting access to personal information to those who specifically need it to conduct their business responsibilities
- requiring our third party providers to have acceptable security measures to keep personal information secure
- putting in place physical, electronic, and procedural safeguards in line with industry standards; and
- destroying personal information pursuant to the law and our record retention policies.
PGW cannot guarantee that your personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. Please notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.
1.9 Keeping personal information complete, up to date and accurate before we use it
PGW will not use any personal information about our customers or employees without taking reasonable steps to ensure that the information is up to date, complete, relevant and not misleading.
Please take care when submitting personal information to us, in particular when completing free text fields or uploading documents and other materials. Some of our services are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information. If you believe that any of the personal information that we hold about you is not accurate, complete or up-to-date, please let us know.
1.10 How long we can keep personal information
PGW will keep personal information about customers or employees for as long as they continue to
hold that relationship with PGW.
Thereafter, personal information will not be used after six years of the termination of the relationship,
unless required by law.
1.11 What we can use personal information for
Personal information will be used by PGW in association with any past or future sales, transactions, interactions or proposals between PGW and the customer or employee including to:
- identify you when you telephone us to make an enquiry. For example, we may ask for your date of birth so that we can avoid disclosing information to a person who is not authorised by you to receive it
- provide or contact you about any services, products, loyalty, survey or marketing programmes provided by us previously, now or in the future
- for our retail website, send you an abandoned online shopping cart or ‘shopping bag reminder email’
- answer your enquiries and provide customer service to you
- tell you about other products or services that we think may be of interest to you, for example using remarketing capabilities
- enable us to undertake a credit assessment
- manage your gift card balance
- manage and resolve any legal, consumer or commercial complaints and issues
- help prevent or detect fraud or loss
- contact you by any means (including mail, email or telephone) in relation to a particular service or product
- contact you for research/feedback purposes
- make changes to your PGW account details
- provide you with a product or service you have requested, including checking that a payment is not made fraudulently, delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion
- train staff and for quality assurance purposes
- obtain opinions or comments about PGW products and/or services, including conducting marketing research and analysis and product surveys
- respond to your requests for information when you contact us about PGW and its products and services
- conduct prize draws, contests and other promotional offers
- consider employing you if you contact us via one of PGW's job application websites
- record statistical data for marketing analysis
- manage employee information, including using it for human resources, payroll and health and safety matters, and data-matching.
1.12 When we can disclose personal information
PGW may disclose personal information:
- if it is one of the purposes for which the information has been obtained (for example to
- undertake a credit check for the purpose of processing an application for credit, or for bank transaction business);
- to you or someone acting on your behalf including those persons nominated by you, executors, trustees and legal representatives;
- to another PGW business;
- to companies that perform services on our behalf such as printers, post suppliers, delivery and distribution companies, data entry service providers, trade promotion or gift card administration, account management providers, IT companies that manage and maintain our database, survey companies acting on our behalf and digital marketing agencies (for the
purposes of targeting on social media);
- to professional advisers (such as lawyers or auditors);
- to payment systems operators and financial institutions;
- to organisations authorised by PGW to conduct promotional, research or marketing activities;
- upon lawful request from law enforcement agencies or government authorities;
- if it is necessary to enable a sale of PGW’s business;
- if it is necessary to prevent a serious or imminent threat to public health or safety;
- if it is authorised by the Privacy Commissioner;
- where the personal information is publicly available;
- if it is necessary to avoid prejudice to the maintenance of law; or
- where the information will not be used in a form which identifies you.
We prepare anonymous, aggregate or generic data (including "generic" statistics) for a number of purposes, including for product and service development, business promotion and research purposes. As we consider that this is not personal information, we may share it with any third party (such as our suppliers, advertisers, industry bodies, the media and/or the general public).
1.13 Allowing the person who is the subject of the information to access personal information
Any individual is entitled to confirmation from PGW as to whether we hold personal information and are entitled to request a copy of that personal information, which will be provided within 20 working days if it is readily retrievable.
To protect the privacy of our customers, PGW will verify our customer is who they say they are before we provide access to or change information.
Any requests made by an agent on your behalf (such as a lawyer or broker) must be accompanied by a written authority from you authorising that particular agent to act on your behalf.
Any requests from outside of PGW for access to personal information should be made to the General Manager Corporate Affairs.
Any requests from PGW employees for access to personal information should be made to the General Manager Human Resources.
The Act outlines circumstances under which we may refuse to allow you access to some or all of your personal information. In such cases, we will give you a reason for our decision.
1.14 Correcting personal information
Individuals have the right to request access to personal information we hold about them, and request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.
1.15 Unique identifiers
A “unique identifier” is a tag that does not use the individual’s name. PGW will only assign a unique identifier, e.g. a customer account number or employee number, if this is necessary to enable us to carry out our functions effectively.
1.16 Direct Marketing
PGW may use your information to provide you with newsletters and direct marketing communications by post, email, telephone and/or text message, if you have provided consent for your information to be used in this way (for example, though a catalogue, email, SMS/TXT message or direct mail permission), or we are otherwise permitted to do so under applicable law.
When we contact you, it may be by mail, telephone, email, SMS/text message or social media message.
- You can change your marketing communication preferences at any time: if you would like to unsubscribe from an email sent to you, follow the 'unsubscribe' link and/or instructions placed (typically) at the bottom of the email. But note that:
- if you use more than one e-mail address to contact PGW, you will need to unsubscribe separately for each email address; and
- this method will only unsubscribe for the newsletter or other communication that you have received and you should use one of the other methods if you wish to opt-out of all our marketing communications,
- you can contact us in order to change your marketing communication preferences.
On our retail store website, you subscribe to promotional and marketing email communications when registering for a Web Account or after order confirmation. If you do not wish to receive email or SMS/TXT communications do not tick those boxes. Occasionally we will send SMS/TXT messages to you about exclusive offers, technical information and early notice of our promotions, field days and sales on your mobile device. You can unsubscribe to communications received from us by following
the unsubscribe functions on our retail website or on communications you receive.
1.17 PGW’s websites
PGW’s websites collect the domain names, not the email addresses of visitors. Our web server may require you to place a “cookie” (small data file) on your computer’s hard drive or device, in order to track statistical information about navigation to and throughout certain areas of the site.
If you are just surfing and reading information on our website, then we collect and store the following information about your visit:
- the IP address of your machine when connected to the Internet and the domain name from which you are accessing the Internet
- the operating system and the browser your computer and/or device uses, and any search engine you are using
- the date and time you are visiting
- the URLs of the pages you visit
- if you provide it, your email address.
We use that information to measure the number of visitors to different parts of the site and, for example, to measure the effectiveness of advertising. Although we may publish aggregated information about usage patterns, we do not disclose information about individual machines except for the reasons set out below in this section. We may gather more extensive information if we are concerned, for example, about security issues. If we think it is necessary, we can disclose information to relevant law enforcement authorities, such as the Police or the Department of Internal Affairs.
Some of our online services may allow you to upload and share messages, photos, video and other content and links with others and/or create a publicly accessible profile for your account.
- the communities and forums area of our websites, allows you to post comments (with your account name), which are visible to other users of that service; and
- other services allow you to share a link which if clicked on may allow the recipient to access your uploaded content.
You should not expect any information that you make available to others via PGW's online services to be kept private or confidential. Content and links that you share might, for instance, be forwarded by your recipients to others. You should always exercise discretion when using such services.
1.18 Monitoring communications
PGW may monitor and record communications we receive, including recording and storing phone calls. This may be done for quality and training purposes to improve the service that we provide, to ensure compliance with our practices and procedures and/or to provide evidence of a transaction such as where a contract is entered into, or a claim is made.