Free Shipping This Month On Orders Over $75

Privacy policy

We comply with the New Zealand Privacy Act 2020 [optional: and the General Data Protection Regulation of the European Union (GDPR) and the equivalent laws of the United Kingdom (UK GDPR)] when dealing with personal information.

Personal information is information about an identifiable individual (a natural person), and includes personal data, personally identifiable information and equivalent information under applicable privacy and data protection laws.

The use of the Vintage Football Shop website is subject to our website terms and conditions. If there is any conflict between this privacy policy and the website terms and conditions, the website terms and conditions will prevail.

  1. Collection of information
  • Information collected through our website may include personal information about you (including identifiers, as set out in cl 2 below). For example, personal information may be:
  • [provided by you through registration on our website;
    • provided to us by you through any other method (such as by email and through discussions);
    • collected by us through click tracking in relation to your use of our website, including the tracking of the content you access and any of our services you utilise [or products you may purchase]; and
    • collected by us through log files or cookies (as set out in cls 3 and 4).]
    • Failure to provide necessary personal information when requested may result in [certain services not being available to you].
    • We may also collect aggregated information generated by our systems, which tracks traffic to our website but does not relate to you personally (see cl 6 below).
  • Identifiers

Information about your computer and about your visits to and use of the website (such as your IP address, location, browser type and user name) will be recorded when you log in to our website. We may use this information to identify you. We will treat this information as personal information.

We do not intend to collect personal information from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal information to us through our website and/or by using our services, contact us through the ‘Contact details’ section below.

  • Log Files

We use log files in order to enhance your experience on our website and to analyse trends. Log files gather information, such as which URL you just came from, which URL you visit next, what browser you are using and your IP address. We use this information to analyse trends and to administer and operate our website.]

[Note: Users who log into our website also have their IP address recorded. An IP address can be used to identify a user, and we will treat this information as personal information.]

  • Cookies

Our website uses temporary cookies to keep a session open after a user logs in. We may use the information we obtain from the cookies in the administration of our website and to improve the usability of our website. These cookies help us recognise previous visitors and also identify the route history of users. We cannot identify any personal information stored in these cookies, nor can we gain access to any information stored on your hard drive. In addition, we cannot access information from cookies sent from other websites. Information collected will only be used as described above, and also to improve our website. Some browsers allow you to refuse to accept cookies but this may have a negative impact on the usability of our website.]

  • Postings

The information that you post on our website, including [your username] and [insert other relevant information], can be viewed by other users of our website. If you use the discussion forum on our website, be aware that any personally identifiable information you submit on the discussion forum can be viewed and used by other users of our website. We take no responsibility for any information submitted to the discussion forum. Further requirements in relation to postings are set out under the heading “communication tools” in our website terms and conditions.]

  • Other Information

We will have access to and may use other information, such as number of users, traffic patterns and demand for the service, to monitor server and software performance as well as for our other internal purposes. We may also collect information about all system interaction with users while they are logged in. This information is owned by us and may be used to verify actions taken by a user or to better understand the behaviour of users in order to improve our website.

  • Use of information

We (and our employees, officers, agents, contractors and affiliates as defined below) may use the personal information you provide:

  • [to verify your identity for use of our website, to conduct address verification or credit checks for invoicing and billing purposes and to enrich your profile and search ability;
    • to assist in providing better services to you by tailoring the services to meet your needs;
    • to provide you with further information about us or other websites or products or services offered by us or our related companies or which we consider may be of interest to you;
    • to carry out marketing, promotional and publicity activities (including direct marketing), market research and surveys;
    • to keep our website relevant and of interest to users;
    • to show you advertising and information that is most relevant to you and your interests;
    • to assist in arrangements with other organisations (such as loyalty program partners) in relation to a product or service we make available to you;
    • to allow us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing, keeping our records up to date, being efficient about how we fulfil our legal and contractual duties);
    • to comply with legal and regulatory requirements;
    • to detect any fraud or crime, or money laundering and counter financing of terrorism in connection with any laws, rules or regulations in New Zealand or overseas for analysis in aggregate form (with identifiable characteristics removed so that you will remain anonymous); and
    • for any other purpose which is stated to you at the time of collection or that you otherwise authorise.]
  • Information sharing and disclosure
  • [We will not disclose personal information we collect from you through our website other than as set out in this privacy policy or as otherwise agreed with you;
    • We may disclose information about you, including your personal information, to our affiliates or related companies (which means any person or other entity which directly or indirectly controls, is controlled by or is under common control with us) for the purposes set out in the above paragraph;
    • We may disclose information about you, including your personal information, to our contractors and suppliers to enable them to [provide services and products to us in relation to our website, including transaction processing services, hosting services and support services].]
    • Information collected through our website that does not identify users (cleansed information) is owned by us and may be disclosed by us. We may share aggregated demographic information about our user base with our affiliates, partners and advertisers.
    • At your request, we will share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, attorneys, accountants, executors, administrators, trustees or auditors).
    • We operate our business in New Zealand. We may need to share some of the personal information we collect about you with organisations both inside and outside of New Zealand. Sometimes we may need to ask you before this happens. We may also disclose your personal information if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
  • Advertising and third-party links

Our website may contain links to a variety of advertising and third-party website sources. Some of these links may request or record information from users or use cookies or other methods to collect information from you. We have no control over the content or privacy policy practices of those sites and encourage our users to review the privacy policies of those sites before engaging in any activity with them.

  • Security of your personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse or unauthorised alteration of your personal information. However, due to the nature of email and the internet, we cannot guarantee the privacy or confidentiality of your personal information. We may store your information in cloud or other types of networked or electronic storage.

When you provide us with personal information, that information may be collected, stored and processed on servers located outside of New Zealand. As electronic or networked storage can be accessed from various countries via an internet connection it is not always practicable to know in which country your information may be accessed or held.

Sensitive information, such as information entered during the registration process, is encrypted using SSL technology.] [optional: credit card payments are encrypted and processed using an external credit card payment processor and details are not stored by us.

  1. Your Rights

Without limitation, you have the following rights:

  • The right to be provided full information about your personal information that we hold.
    • The right to require that we correct any incorrect information we hold about you.
    • The right to ask that we delete or destroy your personal information. Please note that certain conditions may apply to the exercise of this right.
    • The right to ask that we restrict the use of your personal information. Please note that certain conditions may apply to the exercise of this right.
    • The right to object to the use of your personal information by us. Please note that certain conditions may apply to the exercise of this right.
    • The right to receive your personal information in a structured and commonly used format. Please note that certain conditions may apply to the exercise of this right.

To exercise your rights, or if you require further information about how your personal information is used by us, you can contact us at: [email address].

You can also contact us if you have any questions or complaints about, or if you wish to restrict or object to how we collect, use, disclose, manage or store your personal information. We will respond to your request, where required by law, within one (1) calendar month from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted by applicable law. Subject to applicable law, we may charge a fee to cover the costs of meeting your request if your request is unfounded or excessive.

If we do not agree to provide you with access to, or to amend or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.

In some circumstances, and subject always to legal obligations to the contrary, we may not be in a position to grant access to your personal information or otherwise meet your requests with respect to your personal information.

We are required to keep your information for so long as is required for our business operations or by applicable laws. 

  1. Opting in and opting out

If our intended collection, use or disclosure of your personal information is outside the collection, use or disclosure set out in this privacy policy we will give you the option to opt out and not receive certain services or participate in certain interactive areas, or opt in.

You can also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances. If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision. The withdrawal of your consent will not affect processing of your information that you had consented to.

  1. Business transitions

If in the ownership of all or a portion of [company name] or our website changes, your user information may be transferred to the new owner so that the website can continue operations. In this event, your information will remain subject to this privacy policy.

  1. Users outside New Zealand

The information we collect may be processed in and transferred between your location and New Zealand. New Zealand may not have equivalent information protection laws to those in force in your location.

  1. Changes in privacy policy

We may occasionally make changes to our privacy policy, [Privacy Statement,] or alter website functionality. We encourage you to review the policy regularly for the latest information on our privacy practices.

  1. Contact details

If you have any questions about our privacy policy, or any other matter (including a complaint), please feel free to contact us. You can reach us in one of the following ways: [insert client’s user communication channel details e.g. email, phone and post/courier.]

  1. GDPR and UK GDPR

The GDPR and UK GDPR establishes uniform data protection laws across the European Union (EU) and United Kingdom (UK) and aims to protect the privacy and use of EU and UK residents’ personal data in an increasingly digital world.

EUROPEAN UNION AND UNITED KINGDOM GENERAL DATA PROTECTION REGULATION
Privacy Statement

This Privacy Statement only applies to the collection and processing of any personal data, personally identifiable information or personal information of an individual who is located in the European Union (EU) (whether the individual is a citizen of an EU country or otherwise) or the United Kingdom (UK) (together, EU/UK personal data). This Privacy Statement will apply to you and the processing of your EU/UK personal data if you are located in the EU or the UK. This Privacy Statement does not apply with respect to your personal information if you are located outside of the EU or the UK, even though you may be a citizen of an EU country or the UK.

For the purposes of this Privacy Statement, the term ‘process’ has the same meaning given to it under the EU General Data Protection Regulation 2016/679 (GDPR) and the equivalent laws of the UK (UK GDPR) and may include any operation or a series of operations performed on EU/UK personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

EU/UK personal data that is collected by us may have been sourced directly from you, a third party or implied from your use of our products or services. We will process EU/UK personal data in accordance with this Privacy Statement and our Privacy Policy set out at [insert link]. To the extent of any inconsistencies between other sections of our Privacy Policy and this Privacy Statement in relation to the processing of EU/UK personal data, this Privacy Statement prevails.

This Privacy Statement was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of EU/UK personal data. However, we are happy to provide any additional information or explanation needed. For further information, please contact us through the ‘Contact details’.

GDPR and UK GDPR Principles

Any EU/UK personal data will be:

  • processed lawfully, transparently and in a fair manner;
    • collected only for the purposes identified in this Privacy Policy or any other agreed specified purposes and not further processed in a manner incompatible with those purposes;
    • collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU/UK personal data is processed;
    • kept current and up-to-date in accordance with our Privacy Policy;
    • stored in a form which permits us to identify you, but only for the period necessary in relation to the relevant purposes identified in our Privacy Policy; and
    • stored and processed securely to protect EU/UK personal data against unlawful or unauthorised access and accidental loss, damage or disclosure in accordance with our Privacy Policy.

Lawful basis for processing

We will only collect and process EU/UK personal data where we have a lawful basis for doing so. This may include where:

  • you have given consent;
    • the processing of EU/UK personal data is necessary for the performance of a contract with you (such as to deliver the services you have requested or that have been requested on your behalf); and
    • the processing of EU/UK personal data is necessary for the purposes of our ‘legitimate interests’ and those of a related company of ours, provided that such processing does not outweigh your rights or freedoms.

Where we rely on your consent to process EU/UK personal data, you have the right to withdraw, restrict or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and process EU/UK personal data you should contact us.

[Optional: You have the right not to be subject to a decision made solely by automatic processing, including profiling, unless the profiling is necessary for contractual purposes.]

[Optional: We do not use automatic decision making, such as profiling, to make a decision that may produce a legal effect concerning a data subject of EU/UK personal data.]

Rights of EU/UK personal data subjects

In addition to other rights you may have as set out in this Privacy Policy, you may exercise the data protection rights set out below in relation to your EU/UK personal data:

  • Access and Portability: a request can be made by you for a copy of your EU/UK personal data (and any other information relating to your EU/UK personal data permitted under Article 15 of the GDPR or the UK GDPR) held by us in accordance with the ‘Your Rights’ section of our Privacy Policy. In addition, you may request to be provided with EU/UK personal data in a structured, commonly used and machine readable format (including for the purposes of transferring to another party).
    • Restrictions and Objections: You may request that we limit our use of your EU/UK personal data or processing by requesting that we no longer use your EU/UK personal data or limit how we use your EU/UK personal data, this may include where you believe it is not lawful for us to hold your EU/UK personal data or instances where your EU/UK personal data was provided for direct marketing purposes and you no longer want us to contact you. We will do so, if we are:
      • relying on our own or someone else’s legitimate interests to process your EU/UK personal data, except if we can demonstrate compelling legal grounds for the processing; or
      • processing your EU/UK personal data for direct marketing.

Our responsibilities as a ‘data controller’ and ‘data processor’

We may act as the ‘data controller’, the ‘data processor’ or in some instances both the data collector and data processor simultaneously in relation to EU/UK personal data. We will be a data controller where we determine the purposes and means of the processing of EU/UK personal data alone or jointly with others. To the extent that we are a data controller with respect to EU/UK personal data, we:

  • set out in our Privacy Policy how we collect personal information (including EU/UK personal data), how it is stored, to whom such personal information is disclosed and how the EU/UK personal data is otherwise processed;
    • only appoint processors under agreements that the processor will comply with the GDPR and UK GDPR;
    • will maintain a record of processing activities which are under our responsibility (where required by the GDPR or UK GDPR);
    • co-operate with relevant authorities which enforce the GDPR and UK GDPR; and
    • implement appropriate technical and organisational security measures to protect EU/UK personal data and report any data breaches to authorities and affected individuals as required by the GDPR or UK GDPR in accordance with our Privacy Policy.

If a third party discloses EU/UK personal data to us for a specific purpose, we will be acting as a data processor in processing the EU/UK personal data for that purpose. Where we act as a data processor, we will:

  • only act on the controller’s documented instructions;
    • impose confidentiality obligations on all personnel who process the EU/UK personal data;
    • not appoint sub-processors without the prior written consent of the controller;
    • at the instruction of the controller, return or destroy the EU/UK personal data in accordance with our Privacy Policy;
    • where applicable, assist the controller in complying with the rights of the data subjects of the EU/UK personal data;
    • maintain and keep accurate records of processing activities (where required by the GDPR or UK GDPR); and
    • implement appropriate technical and organisational security measures to protect EU/UK personal data and report any data breaches to controller without undue delay.

Disclosure to third parties

If we are required to disclose your EU/UK personal data to third parties, including data processors or sub-processors, we will notify the third party that it has an obligation to handle any EU/UK personal data in accordance with the GDPR or UK GDPR.

In the event we are responsible for a transfer of EU/UK personal data outside of the EU or UK, such transfer will be for the necessary and lawful performance of our services, including the establishment, exercise or defence of a legal right.

Express consent to transfer

By providing us with your EU/UK personal data, you are consenting to the disclosure of your EU/UK personal data to third parties outside of the EU or UK. You also acknowledge that we are not required to ensure that those third parties comply with their obligations under the GDPR or UK GDPR.

If you have any questions, comments or complaints about our handling of your EU/UK personal data, or wish to contact us regarding your EU/UK personal data, please use the contact details set out below.

How do you contact us or make a complaint?

If you have any questions, comments or complaints about how we handle your EU/UK personal data, you can contact us at: info@vintagefootball.shop

No products in the cart.