Privacy Policy

 

Privacy Policy

This Privacy Policy describes how LifeStone Ltd (“LifeStone,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit our websites (including lifestone.co.nz and lifestone.co.nz/virtual), use our mobile applications, or otherwise engage with our services. It reflects world-class privacy standards in New Zealand, the European Union (GDPR), the United Kingdom (UK GDPR), Australia (APPs), California (CCPA/CPRA), and other major jurisdictions as of 2025.

1. Scope and Applicability

This policy applies to all personal information we process in connection with:

  • Our websites, apps, and online portals

  • Offline services (e.g., order fulfillment, customer support)

  • Marketing, analytics, and community engagement activities

It covers information about customers, prospects, website visitors, employees, contractors, and other individuals whose data we handle.

2. Key Definitions

  • Personal Information or “Personal Data”: Any information relating to an identified or identifiable individual.

  • Processing: Any operation performed on Personal Data, from collection through deletion.

  • Controller: LifeStone determines purposes and means of processing.

  • Processor: Third parties acting on LifeStone’s instructions.

  • Data Protection Officer (DPO): The individual responsible for overseeing privacy compliance.

3. Information We Collect

We collect Personal Data in the following categories:

  • Identification and Contact Data (e.g., name, email, postal address, phone)

  • Account and Authentication Data (e.g., usernames, passwords, third-party login tokens)

  • Financial Data (e.g., payment method details processed by our payment vendors)

  • Content Data (e.g., photos, videos, text, metadata uploaded by users)

  • Technical and Analytics Data (e.g., IP address, device characteristics, browser type, pages visited, engagement metrics)

  • Communication Data (e.g., correspondence, marketing preferences)

  • Transactional Data (e.g., purchase history, order details, shipping addresses)

4. Legal Bases for Processing

We rely on the following lawful grounds:

  • Consent: Where individuals have given clear permission (e.g., marketing emails).

  • Contractual Necessity: To perform services or deliver products.

  • Legal Obligation: To comply with statutory requirements (e.g., tax, anti-money-laundering).

  • Legitimate Interests: For fraud prevention, analytics, and service improvement, balanced against individual rights.

5. How We Use Personal Data

LifeStone processes Personal Data to:

  • Provide, maintain, and improve our products and services

  • Manage user accounts and authentication

  • Process orders and payments via authorised vendors

  • Communicate with you about orders, updates, and support requests

  • Send marketing by consent and allow easy opt-out

  • Analyse site and app usage trends through trusted analytics partners

  • Enhance security, detect and prevent fraud, and troubleshoot issues

6. Sharing and Disclosure

We may share Personal Data with:

  • Service Providers and Processors (e.g., payment processors, hosting, analytics)

  • Business Partners (e.g., shipping carriers)

  • Legal and Regulatory Authorities when required by law

  • Successors in the event of a merger or acquisition, subject to confidentiality

All third parties are bound by contractual obligations to use data only for specified purposes and to implement appropriate safeguards.

7. International Data Transfers

LifeStone operates globally. When transferring Personal Data outside New Zealand, the EEA, or other regions with data-export restrictions, we employ authorised safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Binding Corporate Rules (BCRs)

  • Adequacy decisions where applicable

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Site Functionality

  • Performance and Analytics (e.g., Squarespace analytics)

  • Marketing and Personalisation

You can manage your cookie preferences via your browser settings or the cookie banner. Disabling non-essential cookies may affect site functionality.

9. Data Retention

We retain Personal Data only as long as necessary for the purposes collected, legal compliance, or dispute resolution. The table below summarises our retention periods:

Data Category Retention Period Account and Authentication Data Duration of account plus 2 years after deletion Transactional and Order Data 7 years (to meet tax and audit obligations) Content Data (user-uploaded media) Until account deletion or user request Marketing Consents and Preferences Until withdrawal of consent plus 1 year Log Files and Analytics Data 2 years from date of collection Communication Records 3 years after issue resolution

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your Personal Data

  • Withdraw consent at any time

  • Restrict or object to processing

  • Request data portability

  • Lodge a complaint with a supervisory authority

To exercise any rights, please contact our DPO (see Section 16).

11. Children’s Privacy

Our services are not directed to individuals under 13. We do not knowingly collect Personal Data from children under 13. If we become aware that we have inadvertently collected such data, we will promptly delete it.

12. Security Measures

We implement a combination of administrative, technical, and physical controls to protect Personal Data, including:

  • Encryption in transit (TLS) and at rest where feasible

  • Access controls and regular audits

  • Incident response plans and breach notification procedures

No system can be 100% secure; we strive for continual improvement in line with ISO 27001 and ISO 27701 standards.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, our practices, or new services. We will post the revised policy with an updated “Effective Date” and notify registered users via email where required.

14. Contact Information

For questions, concerns, or to exercise your privacy rights, contact:

Data Protection Officer
Email: gen@lifestone.co.nz
Address: 15 Kolmar Road, Papatoetoe, Auckland 2025, New Zealand
Phone: +64 9 600 1859

Thank you for trusting LifeStone with your personal information. We are committed to safeguarding your privacy and upholding the highest standards of data protection worldwide.