1.1 Arc (trading as “Arc Atelier”) values the relationship we have with you, and we are committed to protecting your personal information and privacy rights generally.
1.4 This policy applies to all Personal Information under the control of Arc Atelier. It does not apply to other Personal Information collected or held by other entities outside of our control, or to the Personal Information of our employees, contractors, or directors.
(a) For Australian residents, the Australian Privacy Act 1988.
(b) For New Zealand residents, the New Zealand Privacy Act 2020.
(c) For European Union Residents, the General Data Protection Regulation.
(d) For residents of California, United States of America, the California Consumer Privacy Act 2018 and the California Online Privacy Protection Act 2013.
Collection of Personal Information
We will collect Personal Information as follows:
2.1 Using, or placing an order on, our Website
When using, or placing an order on, the Website, we will collect Personal Information that is required to facilitate your use of the Website and process any order. This includes but is not limited to your:
phone number; and
If you are signed in as an account holder, other Personal Information will be collected by us such as your subscription status and previous order history. When creating an account, customers are automatically enrolled in our loyalty programme, and the terms and conditions relating to our loyalty programme (which you can view here) will apply.
2.2 Subscribing to our mailing list
When subscribing to the Arc Atelier mailing list, we will collect Personal Information including your name, email address and browsing data. After subscribing to the mailing, you may wish to provide the information required to be an account holder and join our loyalty programme, and/or to make a purchase.
2.3 Browsing data
Browsing data is tracked using cookies. Cookies are small data files that are sent to your device from our website. Cookies do not collect identifiable information about you but will identify your device.
If required to by any Applicable Privacy Laws, we will ask for your consent when placing cookies on your device. Your browser settings can be changed to disable cookies, which can be done on a per-site basis. However, this may mean that you cannot use all of the features on the Website, or other websites.
2.4 Customer service correspondence
In the case of customer service requests and responses, Personal Information will be collected through email.
2.5 Payment information
Storage and security of Personal Information
3.1 We take the security of your Personal Information seriously, and ensure that all of our staff comply with their legal obligations to protect your Personal Information, except in a limited number of circumstances as required by Applicable Privacy Laws. Personal Information is accessed by authorised personnel only.
3.3 Your Personal Information is held and stored within Shopify and Klaviyo (our commerce and email marketing platforms). Both of these platforms require two factor identification for entry. To find out more about how Shopify uses and stores your Personal Information, please see: https://www.shopify.com/legal/privacy. To find out more about how Klaviyo uses and stores your Personal Information, please see: https://www.klaviyo.com/legal.
How Personal Information may be used
4.1 We will only use your Personal Information for purposes that are directly related to our business activities, and when it is necessary for or directly related to such purposes.
4.2 We may use the Personal Information that we collect generally to:
(a) create, process, and fulfil any orders placed through the Website;
(b) to communicate with you about orders, products, marketing, and special offers;
(c) to provide customer service;
(d) for statistical and analytical purposes (including sales analysis and audience segmentation);
(e) to protect and/or enforce our legal rights and interests, including defending any claim; and
(f) for any other purpose authorised by you or Applicable Privacy Laws.
5.1 If there are additional purposes (other than those identified above) for which we propose to use your Personal Information, the purposes will be specifically notified to you and your consent requested to the proposed use, either when we collect your Personal Information for that specific use or when that additional purpose arises (if it does so after the Personal Information has already been collected).
5.2 We will always give you the option to decline to provide your Personal Information or to decline to allow us to use that Personal Information for the purposes for which we have proposed to use it and will comply so long as doing so does not prevent us from meeting our legal obligations under Applicable Privacy Laws.
Disclosing Personal Information
6.1 We will not sell, lend, or trade Personal Information to any third party.
6.2 We may disclose Personal Information to third parties for the purposes outlined above at clause 4.2, and for directly related purposes (including those required by Applicable Privacy Laws).
6.3 Some of these third parties may include, but are not limited to:
(a) third party service providers, suppliers, or contractors who we do ordinary business with (including payment systems operators and customer service software);
(b) third party freight and logistics providers (including warehouse operators, courier companies, and shipment delivery and returns software providers);
(c) advertisers and analytics providers that require non-identifiable data to provide relevant advertising or analytical information; and
(d) selected providers and vendors authorised by us to carry out our business activities.
6.4 We will primarily collect Personal Information in New Zealand. However, because the Website can be accessed and an order placed from outside New Zealand, Personal Information will be collected from customers across the world. It may therefore be stored and/or accessed in those countries. That Personal Information is collected and transferred pursuant to and in accordance with Applicable Privacy Laws (except as described in paragraph 1.6 where you live in a location to which the Applicable Privacy Laws do not apply). If at any time we need to send Personal Information outside of a country in which we operate to an overseas agency that may use the information for its own purposes, we will:
(a) take steps to ensure that we believe on reasonable grounds that the overseas agency receiving the Personal Information is subject to privacy protections that, overall, provide comparable safeguards to those provided under the Applicable Privacy Law;
(b) enter into a binding contractual agreement with the overseas agency receiving the Personal Information confirming that it will protect the Personal Information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law; or
(c) obtain the express authorisation of the individual concerned to disclose their Personal Information overseas after expressly informing them that the overseas agency may not be required to protect the information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law.
Accuracy, accessing, and correcting Personal Information
7.1 We take all reasonable steps to ensure that your Personal Information that we hold is accurate, up to date, complete, relevant and not misleading.
7.2 At any time, account holders may directly update some Personal Information through logging into their account via the Website. When placing orders, if you do not type an answer to a required form correctly (i.e., your address), we may contact you directly through the contact details you have provided to confirm whether the information is correct.
7.3 Subject to certain grounds for refusal set out in the Applicable Privacy Laws, if you believe that your Personal Information is not accurate, up to date, complete or relevant, or you wish to request that your Personal Information that we hold is provided to you, or deleted, please contact us on: firstname.lastname@example.org.
Retention of Personal Information
8.1 We will only retain Personal Information for as long as is required for the purpose/s for which it may lawfully be used. Once Personal Information is no longer required, we will securely destroy it or otherwise delete all identifying details information so that only anonymised data is retained. This anonymised data may be used by us for statistical purposes.
8.2 You have the right to request that we erase your Personal Information, or restrict the processing of your Personal Information, under certain conditions.
Mandatory reporting of notifiable privacy breaches
9.1 If your Personal Information is involved in a privacy breach which we reasonably believe is notifiable or must be reported in accordance with Applicable Privacy Laws (“Notifiable Privacy Breach”), we will inform the affected individual/s and report the Notifiable Privacy Breach to the relevant supervisory authority/ies as required by Applicable Privacy Laws (such as the New Zealand Office of the Privacy Commissioner, the Australian Office of the Australian Information Commissioner, the supervisory authority in the relevant European Union Member State, and the Attorney General in California, United States of America).
10.1 Under the California Online Privacy Protection Act, we are required to disclose how we respond to “do not track” (DNT) signals from web browsers. DNT signals provide consumers with a choice about the collection of their personally identifiable information from their online activities across different websites.
10.2 Various browsers offer you a DNT option, which allows you to enable or disable DNT signals. This can generally be accessed in the Preferences or Settings page of your web browser.
Making a complaint
12.3 If you are not satisfied with how we have handled your complaint, you can contact the relevant supervisory authority:
In New Zealand, the Office of the Privacy Commissioner.
In Australia, the Office of the Australian Information Commissioner.
In the European Union, the supervisory authority in the relevant Member State.
In California, United States of America, the Attorney General.