YOUR JOURNEY TO HEALTHY HAIR AND SKIN STARTS HERE!
Search Account
Account

Privacy Policy

Effective Date: 6 November 2025


This Privacy Policy explains how Süla Water Limited ("we", "us", or "our"), the operator of the premium shower filter website at sulawater.co.nz (the "Website"), collects, uses, discloses, and protects your personal information in accordance with the New Zealand Privacy Act 2020 (the "Privacy Act").


We are committed to protecting your privacy and handling your personal information responsibly. This Policy applies to all visitors, customers, and users of our Website.


If you have any questions about this Policy or our privacy practices, please contact our Privacy Officer at:


Privacy Officer  

Süla Water Limited  

9 Queen Street, Waiuku, New Zealand

Email: hello@sulawater.co.nz 


1. What Personal Information We Collect


We collect personal information that is reasonably necessary for our business functions, including selling and delivering premium shower filters, processing orders, providing customer support, and improving our services.


The types of personal information we may collect include:


  • Contact details: Name, email address, phone number, and delivery address.
  • Order and payment information: Billing address, payment card details (processed securely via third-party payment providers – we do not store full card numbers), and order history.
  • Account information (if you create an account): Username, password (hashed), and preferences.
  • Communication data: Information you provide when contacting us, such as enquiries or feedback.
  • Technical data: IP address, browser type, device information, and usage data collected automatically via cookies and similar technologies (see Section 8 below).


We only collect personal information by lawful and fair means, and where possible, directly from you.


2. How We Collect Personal Information


We collect personal information in the following ways:


- Directly from you: When you place an order, create an account, subscribe to our newsletter, contact us, or complete forms on the Website.

- Automatically: Through cookies, analytics tools, and server logs when you visit the Website.

- From third parties: Payment providers (e.g., Stripe or PayPal), shipping carriers (e.g., NZ Post), or analytics providers (e.g., Google Analytics).


Under Information Privacy Principle 3 (IPP 3) of the Privacy Act, when we collect information directly from you, we take reasonable steps to ensure you are aware of the matters in this Policy.


3. Why We Collect and Use Your Personal Information


We collect and use your personal information for the following purposes (under IPP 1 and IPP 10):


- To process and fulfil your orders, including shipping and refunds.

- To provide customer support and respond to enquiries.

- To send transactional communications (e.g., order confirmations).

- To improve our Website, products, and services.

- For marketing purposes (e.g., newsletters), but only with your consent – you can opt out at any time.

- To comply with legal obligations, such as tax and consumer protection laws.

- To prevent fraud and ensure Website security.


We will not use your personal information for purposes unrelated to our business without your consent, unless required or authorised by law.


4. Who We Share Your Personal Information With


We may disclose your personal information to trusted third parties who assist us in operating our business (under IPP 11):


- Service providers: Shipping companies (e.g., NZ Post, CourierPost), payment processors (e.g., Stripe), email providers (e.g., Mailchimp), and web hosting/IT support.

- Professional advisors: Accountants, lawyers, or insurers.

- Regulatory authorities: If required by law (e.g., Inland Revenue or the Police).


These third parties are contractually required to protect your information and use it only for the purposes we specify.


We do not sell your personal information.


5. Sending Personal Information Overseas


Some of our service providers are located outside New Zealand (e.g., Google in the USA, Stripe in the USA).


Before disclosing your information overseas, we take reasonable steps to ensure the recipient provides comparable privacy protections to those under the Privacy Act (IPP 12). This may include relying on:


- The recipient being subject to the Privacy Act (because they carry on business in NZ); or

- EU adequacy decisions (e.g., for providers using standard contractual clauses); or

- Your informed consent.


If you consent to overseas disclosure but the overseas recipient may not protect your information to NZ standards, we will explicitly tell you.


6. How We Keep Your Personal Information Secure


We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, or disclosure (IPP 5). This includes:


- Secure servers with encryption (HTTPS).

- Access controls and firewalls.

- Regular security reviews.

- Staff training on privacy.


We retain personal information only as long as necessary for the purposes above or as required by law (e.g., 7 years for tax records under the Tax Administration Act 1994). After this, we securely delete or anonymise it (IPP 9).


7. Notifiable Privacy Breaches


If we experience a privacy breach that has caused, or is likely to cause, serious harm, we will notify you and the Office of the Privacy Commissioner as soon as practicable, as required by Part 6 of the Privacy Act.


8. Cookies and Analytics


Our Website uses cookies and similar technologies to improve functionality and analyse usage.


- Essential cookies: Required for the Website to work (e.g., shopping cart).

- Analytics cookies: Help us understand how visitors use the site (e.g., Google Analytics – data is anonymised where possible).

- Marketing cookies: For targeted advertising (with your consent).


You can manage cookies via your browser settings or our cookie banner. For more details, see our Cookie Policy [link if separate].


9. Your Privacy Rights


Under the Privacy Act (IPP 6 and IPP 7), you have the right to:


- Access your personal information we hold.

- Request correction if it is inaccurate.

- Complain about how we handle your information.


To make a request, contact our Privacy Officer. We will respond within 20 working days and provide reasons if we refuse. There is usually no charge, but we may charge reasonable costs for complex requests.


You can also complain to the Office of the Privacy Commissioner at www.privacy.org.nz or phone 0800 803 909.


10. Children


Our Website is not intended for children under 13. We do not knowingly collect personal information from children without parental consent.


11. Changes to This Policy


We may update this Policy from time to time. The latest version will be posted on our Website with the effective date. Significant changes will be notified via email or a Website notice.


12. Contact Us


If you have concerns about your privacy, please contact our Privacy Officer first – we aim to resolve issues quickly.


This Policy complies with the New Zealand Privacy Act 2020 and its 13 Information Privacy Principles.


Thank you for trusting us with your information.