1. Who we are
We’re InkCartridges.co.nz, a New Zealand business at 37A Archibald Road, Kelston, Auckland 0602, New Zealand. For privacy questions, write to our Privacy Officer: support@inkcartridges.co.nz or post to Privacy Officer, InkCartridges.co.nz at the address above.
2. What we collect
We only collect information we actually need to run an ink-and-toner shop. That means:
- Order details — name, delivery address, billing address, email, phone number, items ordered, order total, and the tracking number assigned by the courier.
- Account details (if you sign up) — email, hashed password, saved addresses, your printer list, and your favourites.
- Payment details — we don’t see or store your full card number. Stripe and PayPal handle payment data; we receive only a token, the last four digits of the card, and the result (paid / declined).
- Support history — emails, contact-form submissions, and any notes from a phone call so the next person who picks up your case has the context.
- Site usage — anonymised pages viewed, products clicked, search queries, device type, and approximate location (city level) via Google Analytics 4.
- Cookies and similar — see §6 below for the full list.
We don’t collect sensitive information (health, ethnicity, sexual orientation, biometric, etc.). Don’t send it to us — we have no use for it.
3. Why we collect it (purpose)
We collect personal information for the purposes you’d expect from an online store:
- Taking, packing, dispatching, and tracking your order.
- Sending order confirmations, shipping updates, and delivery notices.
- Answering your questions, processing returns, and handling refunds.
- Detecting and preventing fraud (e.g. card-testing, credit-card chargebacks).
- Improving the site — figuring out which products people search for, which pages are confusing, and where the checkout flow needs work.
- Sending occasional service emails (e.g. an order recall, a stock arrival on a product you waited for, a security notice on your account). We will not send marketing email unless you opt in.
- Meeting our legal obligations — tax records, consumer-law records, accounting records.
4. Legal basis under the Privacy Act 2020
We collect personal information only for a lawful purpose connected with our function as a retailer (IPP1), directly from you (IPP2), and we tell you up front what we’re collecting and why (IPP3 — that’s this page). We hold it securely (IPP5), give you access to your information on request (IPP6), let you correct it (IPP7), use it only for the purposes we collected it (IPP10), and disclose it only as set out in §5 below (IPP11). We don’t use unique identifiers as a substitute for an account ID (IPP13).
6. Cookies and similar technology
Cookies are small text files we store in your browser. We use them to keep you signed in, remember your cart between visits, defend the site against bots, and (if you allow it) measure how the site is used. The full list:
| Category | Examples | Status |
|---|
You can disable cookies in your browser settings; if you turn off strictly-necessary cookies, the cart and login won’t work. Analytics and advertising cookies are optional — your browser’s Do Not Track signal and any platform-level opt-outs (e.g. Google’s Analytics opt-out) are respected.
7. How we protect your data
The site runs over HTTPS only (HSTS preload, TLS 1.2+). We use Cloudflare Turnstile to block automated abuse, hash account passwords with Supabase Auth (bcrypt), and store database backups encrypted at rest. Card numbers never reach our servers — they go straight from your browser to Stripe or PayPal under their PCI-DSS Level 1 environments. Admin access requires a strong password and email verification. We log access to personal data and review the logs.
If a privacy breach occurs that is likely to cause serious harm, we will notify both you and the Office of the Privacy Commissioner without undue delay, as required by Part 6 of the Privacy Act 2020.
8. How long we keep it
- Order records: 7 years from the order date (Inland Revenue and Companies Act recordkeeping).
- Account data: until you ask us to delete it, or 3 years after your last sign-in if the account is dormant.
- Support correspondence: 3 years from the last reply.
- Payment tokens: until cancelled, or until the subscription/account is closed.
- Analytics data: 14 months in Google Analytics 4, anonymised IP only.
9. Your rights — access, correction, deletion
Under the Privacy Act 2020 you have the right to:
- Ask whether we hold personal information about you, and ask for a copy.
- Ask us to correct anything that’s wrong, or note your view if we disagree.
- Ask us to delete your personal information where we no longer need it for the purpose we collected it (subject to legal recordkeeping minimums above).
- Withdraw consent for any optional processing (e.g. analytics, marketing email).
Email support@inkcartridges.co.nz with the subject “Privacy request”. We’ll respond within 20 working days — usually much sooner. If you’re not satisfied with our response, you can complain to the New Zealand Office of the Privacy Commissioner at privacy.org.nz or 0800 803 909.
10. Children
The site is not aimed at children under 16, and we don’t knowingly collect their personal information. If you’re a parent or guardian and you think your child has given us information, email us and we’ll delete it.
11. Changes to this policy
If we make material changes, we’ll bump the version stamp at the top of this page and email account holders before the change takes effect. The effective version is the one in force when you used the site or placed your order.
12. Contact
Privacy Officer, InkCartridges.co.nz37A Archibald Road
Kelston, Auckland 0602
New Zealand
Email: support@inkcartridges.co.nz
Phone: 027 474 0115