Categories of personal information

The personal information we collect falls into five categories: contact details, click trails, activity history, publishable content, and website security/risk signals.

1. Contact details are collected as supplied by you from time to time. We do not personally store usable credit card information. Where a record is required, we entrust credit cards to our payment gateway and store only the last few digits and expiry date of your credit card solely for purposes of identity confirmation and forewarning of expiry.
2. Data tracking records the paths taken by visitors through the website and basic actions performed. This information may be used in anonymous, aggregated, or security-related ways depending on the tool and purpose.
3. Activity history consists of orders, enquiries, votes submitted via the website, form submissions, or offline contact you have with us such as phone calls.
4. Publishable content consists of comments or other submissions of content you would like us to publish on our website.
5. Website security and fraud-prevention signals may include technical and interaction information used to help identify spam, bots, automated abuse, account misuse, fraud risk, or malicious activity.

Website, direct contact, tracking tools, and security tools

Contact details and publishable content are collected when supplied by you either via the website or directly to us by other means.

Activity history is recorded whenever you undertake an activity such as submitting an enquiry, submitting a form, making a comment, voting on an object, placing an order, managing your account, and may additionally be recorded by us when you contact us offline.

Purpose of collection and use

Publishable content is collected and republished where applicable to enable a public two-way conversation between us and our visitors.

We collect and use your personal information, tracking data, activity history and security/risk signals for the following purposes:

1. Contact details: to communicate with you about your orders, enquiries, accounts, applications, support requests and forms.
2. Click trails: to improve our website functionality and user experience.
3. Activity history: to provide better customer service and personalise your experience.
4. Publishable content: to enable public discussions and improve our products or services based on your feedback.
5. Website security and fraud-prevention signals: to help protect our website, forms, account functions, checkout pathways, customer accounts, and business systems from spam, bots, automated abuse, fraudulent activity, and malicious use.

Each type of data is used to support the operation of our services and your experience with us, including:

Disclosure to third parties

We may disclose your personal information to third parties under the following circumstances. In most cases, we will seek your explicit consent before sharing your data with third parties, except where required by law or as specified below. You consent to us disclosing your personal information to third parties in the following situations:

Sales Enquiries: if you are enquiring from outside of the Realm of New Zealand, we may forward your enquiry to the appropriate regional agent.

Where possible and appropriate, we will anonymise or de-identify personal information before sharing it with third parties, except in cases where identifiable information is necessary for the intended purpose.

Regional agents and manufacturers

As the official NZ regional agent for various manufacturers, we are obligated to forward any enquiries coming from outside the Realm of New Zealand to the manufacturer or the agent of the region where the enquiry originated. The use of your information will be subject to the regional laws and the privacy policy of the manufacturer and/or the local agent.

How we protect personal information

We will take all reasonable steps to securely store any personal information collected through Waterless Composting Toilets NZ Limited. This information may, for the avoidance of doubt, be transferred and stored on servers anywhere worldwide.

Content you ask us to publish

1. When you submit content to us for publication, including but not limited to comments, testimonials, votes, or forum posts, you assign us a transferable perpetual right to publish and/or commercially exploit said content without limitation. You also warrant in submitting such content that the content is owned or produced by yourself, or you otherwise have permission to assign publication rights to us. Publication rights do not extend to fields specifically marked as private, such as your email address, except in cases of clear violations of our terms of use.
2. Content submitted by you for publication may be disclosed to all visitors of our website and/or republished on other websites at our discretion. If you provide personal information either of your own or of any third party as part of publishable content, you warrant that you have permission to publish said information and indemnify us against any consequences resulting from the publication of said information.

If you find your personal information published on our website without your consent, please contact us immediately as outlined in the contact section of this policy.

Cookies, web beacons, pixel tags, and security tools

Cookies are electronic tokens containing small amounts of information that are passed between a web browser and a server. They are used to maintain a session state between pages or to retain information between visits if you return to the website at a later time.

We use several types of cookies, including session cookies, persistent cookies, and third-party cookies. We also use other tracking technologies such as web beacons and pixel tags. We use cookies to correlate passive activity tracking data as well as to authenticate the supply of information such as enquiries, comments, votes and forms, and to minimise malicious or spam traffic.

Website security and fraud-prevention tools, including Google reCAPTCHA / Google Cloud Fraud Defense where enabled, may use cookies, scripts, risk scores, device or browser information, IP address information, interaction signals, and other security-related data to help distinguish legitimate users from bots, automated abuse, fraud or malicious activity.

Cookies and marketing communications

1. You may opt out of the correlation of passive activity data by turning off cookies in your browser. Please note however that disabling cookies may result in a reduction of available functionality on our site, including but not limited to the loss of the ability to post comments, vote on content, submit forms, complete account actions, complete checkout, or pass website security checks.
2. When you supply us with your email address you may be asked to opt in to receive marketing information by email or other means. You will be given the opportunity to opt out from receiving further communications from us in accordance with this policy each time we send you information for which you have opted in. This comes in the form of an “unsubscribe” link, generally in the footer and/or header of each email.

If you receive any communication purporting to be connected with us or our products or services that you believe has been sent to you other than in accordance with this policy, or in breach of any law, please contact us immediately as outlined in the contact section of this policy.

Managing information and account security

With the exclusion of information supplied for publication as outlined in section 7, we will take all reasonable steps to ensure that the personal information we hold is not lost, misused, or inadvertently provided to unauthorised third parties, including by means of firewalls, password locking, truncation of credit card data, encryption of data in transit, and secured servers.

1. You acknowledge that the security of communications sent by electronic means cannot be guaranteed. You provide information to us via the internet at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not wholly within our control.
2. We are committed to protecting your personal information and ensuring its privacy, security, and integrity. All personal data collected, processed, and stored by us is subject to our comprehensive data protection policies, which are designed to comply with applicable data privacy laws. We use industry-standard security measures to protect your data from unauthorised access, disclosure, alteration, and destruction.
3. Your personal information will only be used for the purposes specified in this agreement and will not be shared with third parties without your explicit consent, except where required by law or as set out in this Privacy Policy.
4. You have the right to access, correct, and delete your personal data, and you may exercise these rights by contacting our designated data protection officer at support@wctnz.co.nz, or by writing to ATTN: Support, 8A Woodruffe Ave, Henderson, Auckland 0612.
5. You must ensure the security and confidentiality of any username and/or password used by yourself to access this website. You agree that you will be held responsible for all activities which occur under your username and password, including but not limited to publication of illegal or defamatory material or any other unlawful activity, or unauthorised charging of your credit card.
6. You agree that we are not responsible for the privacy or security practices of any third party and that the collection and use of your information by third parties may be subject to separate privacy and security policies. If we offer the option to create an account or log in using third-party services, such as social media platforms, you acknowledge that we may receive certain information from those third parties in accordance with their privacy policies. We will handle any such information in accordance with our own Privacy Policy, but we cannot control the practices of these third-party services. By using our services, you explicitly consent to the collection and processing of your personal data as outlined in this Privacy Policy.

If you suspect any misuse or loss of, or unauthorised access to, your personal information, please contact us immediately as outlined in the contact section of this policy.

Access, correction, and deletion requests

1. You have the right, excluding exceptions outlined in the Privacy Act, to seek access to, update or correct the personal information we hold about you. Additionally, you have the right to request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected.
2. If you make an access, correction, or deletion request, we will ask you to verify your identity.
3. We may charge a fee to cover the costs of meeting your request.

If you would like to seek access to personal information we hold about you, you can contact us as outlined in the contact section of this policy.

Customer review survey participation

We participate in the Google Customer Reviews program to collect and display customer feedback about your shopping experience. As part of this program, Google may place and read cookies or use web beacons on your browser to collect information about your transactions and interactions with our site.

We share transaction information, such as order details including products purchased, price, and shipping information, with Google to facilitate customer reviews. Google handles this information in accordance with its Privacy Policy.

You can manage cookies via your browser settings, as described in our Cookies and Web Beacons section. If you choose to participate in Google Customer Reviews, we will obtain your consent using Google-provided templates before Google sends you review survey emails.

Website security, bot protection and fraud-prevention tools

We may use Google reCAPTCHA, now part of Google Cloud Fraud Defense, to help protect our website forms, account functions, checkout pathways and other online services from spam, automated abuse, fraud, account misuse and malicious activity.

This service may process technical and interaction information such as device, browser, IP address, usage signals, risk indicators, risk scores and other security-related data to assess whether an interaction appears legitimate and to help protect our website and online services.

Google processes this information in accordance with its applicable Google Cloud terms, data processing terms, privacy documentation and service-specific terms.

Notifiable privacy breaches

If WCTNZ® becomes aware of a notifiable privacy breach, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable, in accordance with the Privacy Act 2020.

Where possible, we aim to notify promptly and, where appropriate, within 72 hours of becoming aware of a notifiable breach, even if some details are still being confirmed.