JUMP TO
PRIVACY THE ZESPRI WAY
Zespri is committed to doing the right thing. Integrity is one of our core values and we strive to be genuine, open and transparent. Maybe it’s a kiwi thing?
We don’t collect very much personal information at Zespri, because our key focus is on the quality of our kiwifruit. But, where we do collect personal information, we’re committed to ensuring that we handle it in ways that are open, accountable and respectful, no matter where in the world that personal information has been collected.
This privacy statement provides a global overview of the way we collect, use and protect personal information. It applies to the operations and activities of Zespri International Limited, and to our subsidiary companies in the countries we operate (the Zespri International Group). Together, these companies are the joint controllers of your personal information, and will manage personal information in the ways set out in this statement. It covers the personal information we collect about the people we deal with – our consumers (the end users of our kiwifruit products), our growers (the passionate people who produce our quality fruit) and our suppliers and contractors (the experts we rely on to get the job done).
ZESPRI privacy principles
We operate in a number of countries but we aim to follow a set of core privacy principles – the Zespri Privacy Principles – regardless of where in the world the personal information we’re using has been collected. These principles reflect good privacy practice and take into account our international privacy obligations. We’ve trained all our staff to understand that these principles must inform the way we work.
Privacy the Zespri way means that we will:
- Be open and transparent about our privacy practices
- Keep personal information to a minimum
- Make sure personal information is correct before using it
- Keep personal information safe and secure at all times
- Do what we say we will with personal information
- Give people control over their own information
- Be accountable for our information, wherever in the world it is held
- Think about privacy when we change our products or processes
- Take care to manage data breaches quickly and effectively
What we do with your information
Whether you’re a consumer, a grower or a contractor, we collect only the personal information we need to consistently work towards our vision, to be the acknowledged world leader, and retail category leader, in kiwi fruit. This is our core purpose for collecting, using and sharing your information. Here, you can find out what information we collect about you and how we may use and share it.
We need to collect and process some personal information about you to meet our contractual obligations to you as a grower, supplier or contractor, or where you have entered a consumer promotion or competition. We also need to process some information to meet our legitimate interests, including making sure we’re providing the best products and services we can and managing health and safety or quality control issues. We rely on your consent to process personal information for marketing purposes.
Consumers
To be the acknowledged world leader, and retail category leader, in kiwifruit, we are striving to provide a brand-based consumer focus and innovate to build strong and effective customer relationships. To get this right, we need to know what our consumers – our end users – want from us, and from their kiwifruit. This helps us to develop our products and our brand, and helps our growers meet the needs of our end users.
We interact with our consumers in a number of ways throughout Zespri’s journey to realise our vision. We’re constantly looking to improve the ways we engage with consumers, so that we can both gather critical insights from them and tell them important things about our products and our brand.
We collect personal information from you directly when you interact with us on our website, work with us on market research or other consumer projects, or when you enter our competitions or promotions. We may collect personal information about you w hen you engage with us on social media platforms or contact our staff to discuss your experiences or ask us questions. We may also be provided with anonymised information by third party market research providers we use.
Where we collect personal information from you during promotions or competitions, or where we’re collecting your contact details in order to communicate with you, we will tell you certain things, particularly if we’re seeking your consent to communicate with you. Unless we advise otherwise at these times, you do not have to give us personal information but you should note that we may not be able to provide the services or experiences you have sought from us if you don’t provide the information we seek.
The information we collect might include
- Your Full name;
- your gender;
- your date of birth;
- your contact details, including your phone number, address and email address;
- information about your use of our websites, including :
- Technical information, such as your IP address, browser type and version, time zone setting, operating system and platform;
- visit information, such as the path you took to our websites, the pages you visited and products you viewed and other ways you used our websites;
- cookies (see more below on cookies)
- public social media posts you have made about Zespri, including photographs;
- information you have provided to us about a particular market or q health research topic, such as information about your preferences, knowledge, or use of our products or about your awareness of our brand;
- notes of any calls you make to our customer service lines; and
- any emails or other correspondence relating to any services you have sought from us or complaints or concerns you have raised with us.
Cookies
Cookies are small data files that our website sends to your browser, which may then store it on your system for later retrieval by our website. Cookies track your movements through different websites but do not record any other personal information about you. Cookies are widely used on websites to help with navigation and to help personalise your online experience. For more information on the way we collect and use cookies, see our Cookie Policy.
Children
We take particular care with the collection of personal information about children. The law treats this information slightly differently because children may be less able to understand the consequences of providing their information to us. We limit the information we collect about children (for example via our Zespri Kids website) and we rely on their parents or guardians to ensure that children in their care do not send any personal information to us without their knowledge.
In order to deliver any services you have requested from us, and to meet our wider legitimate business purposes and interests, we need to use your personal information in certain ways, some of which are obvious and others less so.We will generally only use your information in the ways set out below. However, we may need to use your information in other ways if permitted or required by law:
- deliver any services you or provide any information you have requested from us.
- communicate with you about products, services or offers that we think you may like, based on the personal information you have provided to us.
- understand the ways you use our products and services, including our websites, or the path you have taken to find us.
- conduct market or health research into the use of our products and services.
- understand public sentiment about our products and brand and, where appropriate, respond to comments made about these.
- administer our websites and the use of services offered on them, including ensuring that our websites are safe and secure.
- generally improve the products and services we offer, including our websites, and ensure that any negative experiences you have shared with us are addressed,and
- generally ensure that we market our products and services effectively and in a way that is relevant.
Growers
To be the acknowledged world leader, and retail category leader, in kiwi fruit, we must form effective partnerships with growers around the world. We need to collect and use some personal information about our growers to form and maintain these partnerships. We also need to manage Zespri business, including ensuring a consistent quality of product and safe and compliant orchards and workplaces. This may require us to share personal information.
As a grower, we may collect personal information from you directly, when you provide it to us (for example in your registration form) or we may gather or create personal information about you during your relationship with us (for example, as you interact with your local cooperative, the Zespri Grower Support Services team or other Zespri staff about your orchard, your product or your contract with us).
The provision of this information is not mandatory but if you do not provide it to us, we may not be able to work with you effectively or meet our contractual commitments to you.
Where you are a limited liability company, some of the information listed below (such as orchard and product information) may not be personal information about you. However, where you are a sole trader, then this may be personal information about you. In any case, we’re committed to treating this information with care and respect.
The information we collect might include:
- your full name;
- your contact details, including your phone number, address and email address;
- your communication preferences;
- your status as landowner or lessee;
- financial information, including your bank account details and your agreed rate of compensation;
- orchard information, including information about your location, pest status, spray diary, growing methods, and yield;
product information, including information about the varieties you produce, product yields, and size profiles; - notes of any calls you make to our Grower Support Services line;
- information about staff visits to your orchard or discussions with you about your orchard or products; and
- any emails or other correspondence relating to our relationship or any other matter you raise with us.
In order to manage our relationship with you and to meet our wider legitimate business purposes and interests, we need to use your personal information in certain ways, some of which are obvious and others less so. We will generally only use your information in the ways set out below. However, we may need to use your information in other ways if permitted or required by law.
We may use your personal information to:
- manage our contractual relationship with you, including contacting you from time to time about your product or about the services Zespri can provide to you;
- provide any services you have requested from us;
- manage the product distribution and supply process;
- ensure the quality of your orchard and product;
- conduct research and development activities in respect of growers, products or orchards;
- develop marketing material about our growers;
- manage pest or disease outbreaks;
- ensure the health and safety of you and of our staff when they visit your property;
- respond to any lawful requests from government agencies, including the Ministry for Primary Industries, or law enforcement agencies; and
- work with industry bodies, including Kiwifruit NZ, NZ Kiwifruit Growers Incorporated and Kiwifruit Vine Health Incorporated.
To use personal information in the ways set out above, we may at times need to share your information with trusted third parties.
We only share personal information with the agencies or types of agency listed below. If we receive a request for information from, or find that we need to disclose information to, an agency we have not anticipated, we will only share information if necessary to meet our legitimate interests or where otherwise required or permitted by law.
We may share your personal information with:
- Other entities within the Zespri International Group;
- Our trusted information service providers, including cloud storage providers which may be located in NZ or overseas;
- Our trusted providers of other services, including analytical, research or marketing services, where these services require the use or processing of personal information;
- Relevant NZ or overseas industry bodies, including Kiwifruit NZ, NZ Kiwifruit Growers Incorporated and Kiwifruit Vine Health Incorporated;
- Government agencies, including the NZ Ministry for Primary Industries, or law enforcement agencies, where required by law;
- Zespri distributors and customers, where necessary to satisfy traceability and/or classification requirements; or
- Any grower suppliers engaged to provide services in respect of your orchard.
Suppliers and Contractors
Zespri operates in a regulated and seasonal industry and we rely on the services of suppliers and contractors to achieve our business goals, meet the expectations of our growers and consumers, and ensure that we can meet our compliance obligations. As with our employees, we need to collect some personal information about our suppliers and contractors. We don’t collect a lot of personal information but, where we do, we treat with the same care and respect.
We may collect, create and receive personal information about you when you offer your services to, and enter into a Services Agreement with, Zespri.
This information might include:
- your full name;
- your contact details, including your phone number, address, email address and photo;
- details about your education, experience, work history and any other information provided to us in your service offering;
- health information, including information about any disabilities or other conditions that might impact your contractual obligations or our workplace health and safety obligations;
- your drivers license number, where this is relevant to your contractual obligations;
- service provider information, including your GST number and any bank account numbers you provide to us;
- emergency contact information and details about your next of kin (where necessary to facilitate travel);
- your passport details, where necessary to facilitate travel or for banking purposes;
- criminal conviction information, where this is relevant to your Services Agreement;
- information related to anti-money laundering, including a credit check, where this is relevant to your Services Agreement;
- any information provided by your nominated referees;
- any information provided by the agency or the organisation that recruited you to provide services to Zespri;
- interview notes;
- price for services or remuneration details;
- information about complaints or grievances you may have; and
- information generated by your contractual activities, such as passwords or location information.
We collect personal information about you for the purpose of managing your obligations under the Services Agreement, looking after your interests and our own and ensuring that the best possible contractual relationship is maintained at all times. To do this, we may use your personal information to
- determine your eligibility to provide the services under a Services Agreement, and ensure that you have the necessary skills and qualifications;
- facilitate inter-group communications;
- facilitate travel and transfers;
- manage your service target/standards and ensure that you are providing the services to Zespri in accordance with the terms and conditions set out in your Services Agreement;
- investigate and manage any complaints from or about you;
- ensure your health and safety, including establishing any particular medical requirements for you and ensuring that emergency contacts are maintained; and
- comply with health and safety, tax and other legislative requirements.
To use personal information in the ways set out above, we may at times need to share your information with trusted third parties.
We only share personal information with the agencies or types of agency listed below. If we receive a request for information from, or find that we need to disclose information to, an agency we have not anticipated, we will only share information if necessary to meet our legitimate interests or where otherwise required or permitted by law.
We may share your personal information with:
- other entities within the Zespri International Group;
- our trusted information service providers, including cloud storage providers which may be located in NZ or overseas;
- legal staff, your relationship manager/procurement manager (and their manager) for the purposes of managing your engagement and the Services Agreement; and
- relevant Zespri employees and related entities, either in NZ or in other countries, to facilitate travel, transfers or audit.
How We Keep Your Information Safe
We’re accountable for your personal information no matter where in the world we collected it or who holds it or processes it on our behalf. This is a legal requirement but it’s also the right thing to do. We care about your personal information at every stage of its journey with Zespri and we have processes in place to keep it safe at all times.
For us, accountability is an ongoing process. It starts with making sure we use only trustworthy partners to store and process our data. Once we’ve chosen these partners, then we make sure they know what our privacy expectations are and we periodically check in on their practices. At all times, whether personal information is being stored locally by Zespri or with one of our partners, we take reasonable steps to protect it.
We take reasonable steps to make sure the personal information we collect is protected against loss, unauthorized access and disclosure or any other misuse. Information security is about more than passwords and firewalls, though, it requires us to take reasonable steps to ensure that our systems, processes and people are safe and secure.
Zespri generally stores and processes personal information within Microsoft cloud platforms, and Microsoft has put in place a significant number of security steps to protect the information it holds on our behalf. You can read more about Microsoft’s privacy and security practices here. So, we’ve got our system safeguards sorted.
Zespri has also put a number of processes and policies in place to protect the personal information it holds, and make sure our people do the right thing, including the following:
- Our global internal privacy policy ensures that all our staff understand the Zespri Privacy Principles and manage personal information consistently with our expectations.
- All staff and suppliers must agree to Codes of Conduct that include privacy and security requirements and ensure that personal information collected or managed on Zespri’s behalf is accessed and used only for legitimate business purposes.
- Our IS Devices and Security Policy manages the way staff can access and use Zespri systems, devices and information, and ensures that best privacy and security practices are followed at all times.
- Our global privacy training programme delivers both general and detailed privacy training to our staff all over the world, ensuring that they understand the Zespri Privacy Principles and the requirements of relevant privacy regulations.
- We have an information sharing process in place that requires staff to take certain precautions before sharing personal information with other agencies, or with new service providers, including seeking the approval of our global data protection officer.
- We enable our staff to recognise data breaches and understand our data breach management process, which ensures that we can contain, mitigate and notify all breaches quickly.
As a global company, we must collect, store and process personal information in a number of countries. From time to time we also need to share personal information across borders, whether to send it to our data service providers, or to use it within our group of companies to keep the business running. This means that information collected within the EU, for example, may be sent to our data service providers, or our group of companies, in other countries, including New Zealand.
Where we can, we will only send personal information to countries that have equivalent privacy standards to those in NZ and the EU, but this isn’t always possible. As such, we have designed our privacy processes to meet the requirements of these regulations and have high expectations of all the third parties which process data for us. We take reasonable steps to ensure that these expectations are met wherever in the world the data is.
Most of the personal information we hold is stored on Microsoft cloud platforms, including Microsoft Azure. Microsoft takes privacy seriously, and has a number of safeguards in place to protect the personal information it holds on our behalf. You can read more about Microsoft’s privacy and security practices here.
We retain personal information only for as long as we have a lawful purpose to use it. When we no longer need to use it, we securely destroy it. We also make sure that any data service providers which hold personal information on our behalf destroy the information we no longer need.
How You Can Take Charge Of Your
Information
Good privacy practice is all about respect. Privacy regulations all over the world expect businesses like Zespri to respect the rights of the people they deal with. Zespri will always do the right thing by its people. We have processes in place to make sure that we can receive and manage any requests from a consumer or a grower to access or manage their personal information.
To exercise any of the rights set out below, or to make a complaint or ask a question about your information, please contact us in any of the below ways:
- Email privacy@zespri.com
- Write to Global Data Protection Officer, c/o Zespri International Limited, PO Box 4043, Mount Maunganui, New Zealand
Please note that you can only access or manage your own personal information, unless you have the consent of another person to access or manage information on their behalf, so we may need to verify your identity and authority before responding to your request. We do this to protect your privacy and the privacy of other people we deal with.
Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible, and no later than 20 working days (one calendar month) after we receive it.
You have the right to request a copy of your personal information. We’ll be as open as we can with you but sometimes we might need to withhold personal information, for example where the information is legally privileged, commercially sensitive or includes personal information about other consumers or growers. If we do need to withhold information from you, we’ll tell you why.
Growers should use the Industry Portal to access basic personal information we hold about them but can still make a request to us for more detailed information that might not be included in the portal.
We may process the personal information we collect from you in order to meet the requirements of a contract you have with us (for example, where you are a grower and have given us information to manage our relationship with you) or to meet our other legitimate business interests (such as managing our health and safety obligations). We need to use the information you entrust to us in these ways to run our business.
However, you may also have given consent for us to use your personal information in other ways (for example, to conduct market research or communicate with you about products or promotions). We appreciate your willingness to let us use your information in these ways but we understand that you might change your mind from time to time.
You can revoke your consent at any time. Further, if you believe we’re using your personal information in ways that are not directly related to the performance of a contract you have with us, or to our legitimate business interests, and you have not specifically authorised us to do this, you can also object to this data processing.
If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate business interests – you can ask us to delete it.
If we are unable to correct or delete your information (for example, where we do not agree that it is wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.
Sometimes, you might simply want to know how or why we’re using your information. You might need more detail about something we’ve told you in this privacy statement. Or, you might want to make a complaint about a decision we’ve made about your privacy request.
We want you to tell us about your concerns, whatever they might be. Please contact us in any of the below ways:
- Email privacy@zespri.com
- Write to Global Data Protection Officer, c/o Zespri International Limited, PO Box 4043, Mount Maunganui, New Zealand
We’ll do our best to help you, but if we can’t, then you have the right to make a complaint to your local data protection authority about the way we’ve managed your information. You can contact the Office of the NZ Privacy Commissioner by:
- completing an online complaint form at www.privacy.co.nz; or
- writing to the Office of the Privacy
Commissioner, PO Box 10-094, The Terrace, Wellington 6143
If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection, or supervisory, authority. You can ask us for help to determine which authority is the right one to contact.
We keep our privacy statement under regular review. This privacy statement was last updated on 22 May 2018.