0
0
Menu

Kiwi Kandy — kiwikandy.com

Effective Date: 23 March 2026
Last Updated: 23 March 2026

1. Introduction

Welcome to Kiwi Kandy (“we,” “our,” or “us”). We operate the website kiwikandy.com (the “Site”) and sell authentic New Zealand lollies, chocolate, and treats to customers worldwide. We are a New Zealand–registered company.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site, make a purchase, interact with us on social media (including Facebook and Instagram), or communicate with us in any other way.

By using our Site or providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

  • Place an order (name, email address, phone number, shipping and billing address, payment details)
  • Create an account on our Site
  • Subscribe to our newsletter or marketing emails
  • Contact us via email, social media, or our contact form
  • Leave a product review or comment
  • Apply a discount or promo code

2.2 Information Collected Automatically

When you visit our Site, we may automatically collect:

  • Device and browser information (IP address, browser type, operating system, screen resolution)
  • Usage data (pages visited, time spent on the Site, referring URL, click behaviour)
  • Cookies and similar tracking technologies (see Section 6 below)
  • Location data derived from your IP address

2.3 Information From Third Parties

We may receive information about you from:

  • Social media platforms (Facebook and Instagram) — such as your public profile information, likes, and interactions when you engage with our pages or ads
  • Meta (Facebook/Instagram) Pixel and tracking tools — aggregated data about how users interact with our ads and Site
  • Payment processors (e.g., Stripe, PayPal, Shopify Payments) — transaction confirmation and fraud-prevention data
  • Shipping partners (DHL Express and other couriers) — delivery status and address-verification data
  • Analytics providers (e.g., Google Analytics)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Processing and fulfilling your orders, including shipping and customs documentation
  • Communicating with you about your orders, enquiries, and customer support requests
  • Sending marketing and promotional communications (only where you have opted in or where permitted by law)
  • Running advertising campaigns on Facebook, Instagram, and other platforms, including retargeting and lookalike audiences
  • Personalising your experience on our Site
  • Analysing Site usage to improve our products, services, and user experience
  • Preventing fraud, unauthorised transactions, and other illegal activities
  • Complying with legal obligations, including tax and customs requirements for international shipments

4. Legal Bases for Processing

Depending on where you are located, we rely on the following legal bases to process your personal information:

  • Contract: Processing necessary to fulfil your order or respond to your enquiry.
  • Consent: Where you have opted in to receive marketing emails or where you have accepted non-essential cookies.
  • Legitimate interests: Improving our Site and services, preventing fraud, and running our business effectively, provided these interests do not override your rights.
  • Legal obligation: Where we are required to retain or disclose information under applicable law (e.g., tax records, customs declarations).

5. Sharing Your Information

We do not sell your personal information. We may share your data with the following categories of third parties:

  • Shipping and logistics providers (DHL Express and other couriers) to deliver your orders
  • Payment processors to process transactions securely
  • Website hosting and e-commerce platform providers (e.g., WordPress/WooCommerce hosting)
  • Analytics and advertising partners (Google Analytics, Meta/Facebook Pixel, Instagram) to measure and optimise advertising performance
  • Email marketing platforms to send newsletters and promotional communications
  • Professional advisers (accountants, lawyers) as necessary
  • Government authorities or law enforcement where required by law or to protect our legal rights

6. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies for the following purposes:

  • Essential cookies: Required for the Site to function (e.g., shopping cart, session management, secure checkout).
  • Analytics cookies: Help us understand how visitors interact with our Site (e.g., Google Analytics).
  • Advertising cookies: Used to deliver relevant advertisements and track ad performance across platforms, including the Meta (Facebook) Pixel and Instagram tracking.

Meta (Facebook/Instagram) Pixel

We use the Meta Pixel on our Site. This tool collects data about your browsing activity on our Site and sends it to Meta to help us measure the effectiveness of our advertising, deliver targeted ads on Facebook and Instagram, and build custom and lookalike audiences. The data collected by the Meta Pixel may include pages visited, products viewed, items added to cart, and purchases completed.

You can manage your ad preferences on Facebook and Instagram through your Meta account settings. You may also opt out of interest-based advertising through the Digital Advertising Alliance or the Network Advertising Initiative.

Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Site. Where required by law, we will ask for your consent before placing non-essential cookies.

7. International Data Transfers

We are based in New Zealand and ship worldwide. Your personal information may be transferred to, and processed in, countries other than your country of residence — including New Zealand, the United States, and other countries where our service providers operate. These countries may have data-protection laws that differ from those in your jurisdiction.

Where required, we take steps to ensure that appropriate safeguards are in place, such as standard contractual clauses or relying on adequacy decisions (New Zealand has been recognised as providing adequate data protection under EU and UK law).

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Order and transaction records: 7 years (for tax and accounting purposes)
  • Customer accounts: Until you request deletion or the account is inactive for an extended period
  • Marketing preferences: Until you unsubscribe or withdraw consent
  • Website analytics data: Up to 26 months (as configured in our analytics tools)

9. Your Rights

Depending on your location, you may have some or all of the following rights regarding your personal information:

9.1 New Zealand (Privacy Act 2020)

Under the New Zealand Privacy Act 2020, you have the right to access and request correction of your personal information. If you believe we have breached your privacy, you may complain to the Office of the Privacy Commissioner.

9.2 European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your personal data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

9.3 United States

Residents of certain US states (including California, Virginia, Colorado, Connecticut, and others with comprehensive privacy laws) may have additional rights, such as the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale or sharing of personal information. We do not sell your personal information. To exercise any of these rights, please contact us using the details below.

9.4 Australia (Privacy Act 1988)

If you are located in Australia, you have the right to access and correct your personal information under the Australian Privacy Principles. You may also lodge a complaint with the Office of the Australian Information Commissioner.

9.5 Canada (PIPEDA)

Canadian residents have the right to access, correct, and challenge the accuracy of their personal information. You may file a complaint with the Office of the Privacy Commissioner of Canada.

10. Data Security

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or alteration. These measures include:

  • SSL/TLS encryption on all pages of our Site
  • Secure payment processing through PCI-DSS compliant providers
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular review of our data-collection, storage, and processing practices

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

11. Third-Party Links

Our Site and social media pages may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Social Media

We maintain pages on Facebook and Instagram. When you interact with our social media content (including liking, commenting, sharing, or sending us a direct message), Meta may collect information in accordance with its own privacy policy. We may use information from these interactions to respond to your enquiries, run promotions, and improve our marketing.

We may also use Meta Business Tools (including the Meta Pixel, Conversions API, Custom Audiences, and Lookalike Audiences) to serve you targeted advertisements. These tools process data in accordance with Meta’s Data Policy. For more information, visit Meta’s privacy centre.

13. Children’s Privacy

Our Site is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child, please contact us and we will take steps to delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Kiwi Kandy
Email: [email protected]
Website: kiwikandy.com