Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: Jule 2025

Table of Contents

1. Overview

Number One Limited ("we," "us," "our," or "Company") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website number1.co.nz, purchase our products, or interact with our services.

This policy complies with the New Zealand Privacy Act 2020, and where applicable, international privacy regulations including the European General Data Protection Regulation (GDPR).

Consent-Based Data Collection

We collect personal information only with your explicit consent, obtained during account registration and at specific interaction points. You have full control over what information you share with us and can withdraw consent at any time through your account settings or by contacting us directly.

Important Chemical Product Notice

As we manufacture and sell chemical cleaning products, we may collect additional health and safety information to ensure proper product use and comply with regulatory requirements. This information is always collected voluntarily and with your explicit consent.

2.1 When We Obtain Consent

We obtain your explicit consent for data collection at the following points:

  • Account Registration: During account creation, you consent to collecting your name, email, phone, and password for account management
  • Address Information: When you add shipping or billing addresses, you consent to storing this information for order fulfillment
  • Newsletter Subscription: Separate consent for marketing communications, with confirmation token verification
  • Blog Participation: Consent when posting comments or engaging with our content
  • Order Processing: Implicit consent for order-related data processing when you make a purchase
2.2 What Consent Covers
Consent Type Data Covered Processing Purpose
Account Registration Name, email, password, phone, activity logs, session data Account management, security, customer service
Order Processing Order details, payment info, delivery addresses, purchase history Order fulfillment, accounting, customer support
Marketing Communications Email preferences, subscription status, engagement tracking Newsletter delivery, product updates, promotional offers
Website Analytics Page views, click patterns, video engagement, search queries Website improvement, content optimization, user experience
2.3 Managing Your Consent
Account Settings

Update your personal information, communication preferences, and data sharing settings through your account dashboard.

Email Preferences

Unsubscribe from newsletters or modify your email preferences using the links in our emails or your account settings.

Withdraw Consent

Contact us to withdraw consent for specific data processing activities. Some data may be retained for legal compliance.

Account Deletion

Request complete account deletion. We'll remove your data according to our retention policies and legal requirements.

Legal vs. Consent-Based Processing

Some data processing doesn't require consent when we have other legal grounds (contract performance, legal obligations, or legitimate interests). However, we prioritize consent-based processing wherever possible and will always inform you of our legal basis for processing your data.

3. Information We Collect

3.1 Personal Information You Provide (Collected with Consent During Registration)
Type of Information Database Fields Collection Purpose
Account Information Name, email, password, phone, role, email verification status Account creation, authentication, user management
Address Information Multiple addresses (primary, billing, shipping), full name, address lines, city, state, postal code, country, phone Order fulfillment, delivery, billing purposes
Order Information Order details, purchased products, quantities, prices, payment methods, transaction IDs Order processing, customer service, accounting, legal compliance
Communication Preferences Newsletter subscription status, email preferences, confirmation tokens Marketing communications, product updates (with consent)
Blog & Content Interaction Comments, author name, email (for blog comments), content engagement Community interaction, content moderation, spam prevention
Product Information Product views, usage feedback, safety information responses Product recommendations, safety compliance, customer support
3.2 Information Automatically Collected
  • Session Data: Session IDs, login/logout times, session duration, last login timestamps
  • Activity Logs: User actions, page visits, product views, search queries, interaction timestamps
  • Technical Information: IP addresses, browser user agents, device information, operating system
  • Website Analytics: Page views, time spent, click patterns, video views, content engagement
  • E-commerce Tracking: Cart additions, checkout progress, abandoned carts, purchase history
  • Newsletter Tracking: Email subscription source, confirmation status, unsubscribe actions
  • Content Interaction: Blog post views, comment interactions, video watching patterns
  • Security Monitoring: Failed login attempts, suspicious activity detection, fraud prevention data

Consent-Based Data Collection

All personal data collection occurs with your explicit consent during account registration. You can withdraw consent at any time by contacting us or updating your account preferences. Some data may be retained for legal compliance even after consent withdrawal.

4. How We Use Your Information

4.1 Primary Uses
  • Order Fulfillment: Processing purchases, managing inventory, arranging delivery
  • Customer Service: Responding to inquiries, resolving issues, providing product support
  • Product Safety: Ensuring appropriate product use, providing safety recommendations
  • Legal Compliance: Meeting regulatory requirements for chemical product sales
  • Account Management: Maintaining user accounts, processing returns/exchanges
4.2 Secondary Uses (With Consent)
  • Marketing Communications: Newsletters, product updates, promotional offers
  • Product Development: Improving products based on customer feedback
  • Personalization: Customizing website experience, product recommendations
  • Analytics: Understanding website usage, improving user experience
4.3 Legal Bases (GDPR Compliance)
  • Contract Performance: Processing orders, delivery, customer service
  • Legitimate Interest: Website security, fraud prevention, business operations
  • Legal Obligation: Tax records, chemical product regulations, safety reporting
  • Consent: Marketing communications, cookies, optional data collection
  • Vital Interests: Emergency situations involving product safety

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted third parties who provide services on our behalf:

  • Payment Processors: Stripe, PayPal, bank payment gateways (PCI DSS compliant)
  • Shipping Partners: New Zealand Post, CourierPost, DHL for delivery services
  • Cloud Services: AWS, Google Cloud for website hosting and data storage
  • Analytics Providers: Google Analytics (anonymized data)
  • Customer Support: Help desk software, live chat providers
  • Marketing Platforms: Mailchimp, SMS providers (with consent)
5.2 Legal Disclosures

We may disclose information when required by law or to protect our rights:

  • Compliance with legal processes (subpoenas, court orders)
  • Regulatory requirements for chemical product sales
  • Tax and customs authorities
  • Emergency situations involving product safety
  • Protection against fraud or security threats
  • Enforcement of our terms of service
5.3 Business Transfers

If Number One is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any such change.

6. Data Security

6.1 Technical Safeguards
  • Encryption: SSL/TLS encryption for data transmission, AES-256 for data storage
  • Access Controls: Multi-factor authentication, role-based access limits
  • Network Security: Firewalls, intrusion detection, regular security monitoring
  • Regular Updates: Security patches, software updates, vulnerability assessments
  • Backup Systems: Encrypted backups, disaster recovery procedures
6.2 Organizational Safeguards
  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Regular security audits and assessments
  • Incident response procedures
  • Data minimization practices

Security Incident Notification

In the unlikely event of a data breach, we will notify affected individuals within 72 hours and relevant authorities as required by law. We maintain comprehensive incident response procedures and cyber insurance coverage.

7. Your Privacy Rights

Right to Access

Request a copy of the personal information we hold about you.

Right to Rectification

Correct any inaccurate or incomplete personal information.

Right to Erasure

Request deletion of your personal information (subject to legal requirements).

Right to Restrict

Limit how we process your personal information.

Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Opt-out of marketing communications and certain data processing.

7.1 Exercising Your Rights

To exercise any of these rights, contact us using the details in Section 13. We will respond within 30 days and may require identity verification for security purposes.

7.2 Limitations

Some rights may be limited where we have legal obligations to retain information, such as:

  • Tax and accounting records (7 years)
  • Chemical product traceability records
  • Safety incident documentation
  • Legal proceedings or disputes

8. Cookies and Tracking Technologies

8.1 Types of Cookies
Cookie Type Purpose Consent Required
Essential Cookies Website functionality, security, shopping cart No (legitimate interest)
Performance Cookies Website analytics, usage statistics Yes
Functional Cookies User preferences, language settings Yes
Marketing Cookies Targeted advertising, social media Yes
8.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality.

9. International Data Transfers

9.1 Data Storage Locations

Your data may be stored and processed in:

  • New Zealand: Primary data storage and business operations
  • Australia: Cloud backup services (AWS Sydney)
  • United States: Some service providers (Google Analytics, payment processors)
  • European Union: Alternative cloud storage for EU customers
9.2 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

10. Data Retention

Data Type Retention Period Legal Basis
Order Information & Order Items 7 years Tax, accounting, and consumer protection requirements
User Accounts & Profile Data 3 years after last login activity Business operations, customer service
User Sessions 30 days from expiry date Security and fraud prevention
Activity Logs 2 years Security monitoring, customer support
Newsletter Subscriptions Until withdrawal of consent + 30 days Consent-based marketing
Blog Comments Indefinitely (until deletion request) Content management, community building
User Addresses 2 years after last order Customer convenience, reordering
Video Analytics 26 months Content optimization, user experience
Product Safety Records 10 years Chemical product safety regulations
Payment Transaction IDs 7 years Financial compliance, dispute resolution
10.1 Automatic Data Purging

We maintain automated systems to remove data according to the retention schedules above. This includes:

  • Expired user sessions are automatically deleted
  • Inactive user accounts are flagged for review after 3 years
  • Activity logs older than 2 years are archived and anonymized
  • Unconfirmed newsletter subscriptions are purged after 90 days

11. Children's Privacy

Age Restrictions

Our products are chemical cleaning agents and are not intended for purchase by individuals under 18 years old. We do not knowingly collect personal information from children under 13, or under 16 in the EU. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify you by email if changes materially affect your rights
  • Provide 30 days' notice for significant changes
  • Maintain previous versions for reference

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Information

Privacy Officer Contact

Number One Limited
Privacy Officer
Email: admin@number1.co.nz
Phone: 021 951 916
New Zealand

12.1 Complaint Resolution

If you have concerns about our privacy practices:

  1. Contact our Privacy Officer using the details above
  2. We will acknowledge your complaint within 5 business days
  3. We aim to resolve complaints within 30 days
  4. If unsatisfied, you may contact the New Zealand Privacy Commissioner at privacy.org.nz
  5. EU residents may also contact their local Data Protection Authority

Legal Framework

This Privacy Policy is governed by New Zealand law and the Privacy Act 2020. For international customers, additional protections under GDPR, CCPA, or other applicable privacy laws may apply. In case of conflicts between different legal requirements, the most protective standard will apply.

12.2 Emergency Contact

For urgent privacy or security matters outside business hours, contact: emergency@number1.co.nz