Privacy Policy


JUICE PLUS+ NEW ZEALAND PRIVACY AND DATA PROTECTION POLICY

Key Details
• Next review date: 1st December 2023

Introduction 
 
Juice Plus+ (Australia) Pty Ltd (JPCA) needs to gather and use information about individuals. These can include Customers, Suppliers, Employees, Juice Plus+ Independent Virtual Franchise Partners (Franchise Partners) and other people we have a relationship with or may need to contact.

This policy describes how personal data must be collected, handled and stored and ensures:

· Compliance with the New Zealand Privacy Act 1993 (Privacy Act)

· Protection of the rights of Staff, Customers and Franchise Partners

· We are open about how we store and processes individual’s data

· Protection from the risk of data a breach

· Protection from possible reputational damage

 

At the heart of the Privacy Act are twelve privacy principles. The privacy principles cover:

· Collection of personal information (principles 1-4)

· Storage and security of personal information (principle 5)

· Requests for access to and correction of personal information (principles 6 and 7, plus parts 4 and 5 of the Act)

· Accuracy of personal information (principle 8)

· Retention of personal information (principle 9)

· Use and disclosure of personal information (principles 10 and 11), and

· Using unique identifiers (principle 12).

 

Policy Scope 
 
This policy applies to:

· The Juice Plus+® Company (Australia) Pty Ltd (JPCA)

· All New Zealand Juice Plus+® Franchise Partners

· All Employees of JPCA dealing with New Zealand transactions and Customers

· All Contractors, Suppliers and other people working on behalf of JPCA in New Zealand

 

Responsibilities 
 
Everyone who works for or with JPCA has some responsibility for ensuring data is collected, stored and handled appropriately.

Each team including Franchise Partners must ensure that data is handled and processed in line with this policy and data protection principles.

The following people have key areas of responsibility:

· The Board of Directors is ultimately responsible for ensuring that the organisation meets its legal obligations

The Financial Controller is responsible for:

· Keeping the Board updated about data protection responsibilities, risks and issues.

· Reviewing all data protection procedures and related policies, in line with an agreed schedule.

· Arranging data protection training and advice for the people covered by this policy

· Handling data protection questions from Staff.

· Ensure the Customer Service and Accounts Receivable teams can answer questions from Customers.

· Dealing with requests from individuals to see the data that we hold about them.

· Checking and approving any contracts or agreements with third parties that may handle our sensitive data.

 

The IT Manager is responsible for:

· Ensuring all systems, services and equipment used for storing data meet acceptable security standards.

· Performing regular checks to ensure security hardware and software is functioning properly.

· Evaluating any third-party services the organisation is considering using to store or process data. For instance, cloud computing services.

 

The Sales and Marketing Director is responsible for:

· Ensuring Franchise Partners understand their responsibilities when handling data.

· Ensure the Franchise Partner Team can answer data handling questions from Franchise Partners.

· Where necessary, working with other Staff to ensure marketing initiatives abide by data protection principles.

The general guidelines for all Staff, Contractors and Independent Virtual Franchise Partners are:

· The only people able to access data covered by this policy should be those who need it for their work.

· Data should not be shared informally.

· JPCA will provide training to all Employees, Contractors and Franchise Partners.

· Employees, Contractors and Franchise Partners should keep all data secure, by taking sensible precautions and follow the guidelines below:

· Strong passwords must be used and they should never be shared.

· Personal data should be not disclosed to unauthorised people, either within the organisation or externally.

· Data should be regularly reviewed and updated if found to be out of date. If no longer required it should be deleted, destroyed or archived.

· Employees, Contractors and Franchise Partners should request help from an appropriate manager within the organisation if unsure about any aspect of data protection.


Data Storage and Use 
 
All personal data relating to the purchase of products by Customers and Franchise Partners business activities is stored on the Juice Plus+ worldwide secure computer system server located at the Juice Plus+ headquarters in Collierville, Tennessee, a suburb of Memphis. All other personal data is held on the Australian secure server located at JPCA office in Newcastle NSW.

These rules describe how and where data should be safely stored and used.

When data is stored on paper, it should be:

· Kept in a secure place where unauthorised people cannot see it, such as in a locked draw or filing cabinet

· Not left on desks or printers

· Should be shredded and disposed of securely when no longer required.

 

When data is stored and used electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts by:

· Protecting data with strong passwords that are changed regularly and never shared

· If stored on removable media, these should be locked away when not being used

· Data should only be stored on designated drives and servers

· Data should be backed up frequently onto a secure site. Those backups should be tested regularly

· All servers and computers containing data should be protected by security software and firewall

· When working with personal data users should ensure their computer screens are locked when left unattended

· Users should not save copies of personal data to their own computers

· Financial data must be encrypted before being transferred authorised external service providers

Data Accuracy  
 
It’s the responsibility of Employees, Contractors and Franchise Partners to take reasonable steps to ensure data is kept accurate and up to date by:

· Keeping data in as few places as necessary

· Take every opportunity to ensure data is updated when dealing with Customers and Franchise Partners

· Data should be updated as inaccuracies are discovered. For instance if a Customer can no longer be reached on their stored phone number it should be removed from the database.

Requests to Access Personal Data 
 
All individuals who are the subject of data held by the organisation are entitled to:

· Ask what information is held about them and why

· Ask how to gain access to it

· Be informed on how to keep it up to date

· Be informed on how the organisation is meeting its data protection obligations

Requests for individuals to access their personal data stored by the organisation is to be made in writing. We aim to provide the relevant information within 14 days. Before providing information the organisation will verify the identity of the person making a request.   

 

Data Breaches Involving Personal Information
 
As a recommendation of the Privacy Act we will notify individuals if there has been a breach of their personal data that is likely to result in serious harm to the individual affected. We will also advise them the steps we are taking and what they can do to reduce the impacts to their privacy.

 

SMS Service 
 
Message and data rates may apply.

 

European Union Requirements
 
JPCA does not operate in the European Union, however New Zealand Franchise Partners are entitled to trade worldwide including the EU. We believe that these guidelines are harmonised with EU requirements.