Last updated:  5 July 2022

This Privacy Policy sets out how we, Nanolayr Limited, collect, store, use and disclose information about you when you use or interact with any of our websites (including www.nanolayr.com and www.dermalayr.com) (each, a Website) and where we otherwise obtain or collect information about you.

Nanolayr Limited is a company registered in Auckland, New Zealand.

We comply with the New Zealand Privacy Act 2020, and for individuals based in the European Union, the European Union General Data Protection Regulation (GDPR).

To the extent information is associated with an identified or identifiable natural person and is protected as “Personal Information” under applicable data protection laws, it is referred to in this Privacy Policy as Personal Information.

INFORMATION WE COLLECT

We collect your Personal Information for lawful purposes connected to your use of (or interaction with) a Website or where you have agreed we can do so.

  • Communications: If you contact us directly, or participate in communications with us (including via a Website), we may receive Personal Information about you. For example, we may receive your name, email address, phone number, the contents of a message that you send to us, and other information you choose to provide.
  • Device and usage information: Through your use of a Website, we may collect analytics information such as your IP address, web browser type, mobile operating system version, phone carrier and manufacturer, app installations and website activity.
  • Other information: We may collect any other information that you voluntarily provide to us.

We collect this information from:

  • You: when you provide Personal Information to us, through your use of a Website or any other communications you have with us.
  • Your use of a Website: including IP addresses, location information, browser information, the device through which you accessed a Website, and any other action you might take while using our Websites.

HOW WE USE YOUR PERSONAL INFORMATION

We will not process your Personal Information, other than as outlined in this Privacy Policy, without having a lawful basis to do so.

We process Personal Information:

  • to respond to communications from you via a Website;
  • to improve our Websites and/or our products and services;
  • to analyse usage of our Websites, or carry out research and analysis, so we can improve our Websites and/or our products and services;
  • to protect and/or enforce our legal rights and interests, including defending any claim; and
  • to comply with our legal obligations, including any notification and reporting obligations and any access directions imposed on us by a Government agency or regulatory authority,

and such processing is necessary for the purposes of a legitimate interest pursued by us, and we have assessed that our interests are not overridden by the interests or fundamental rights and freedoms of the person to whom the Personal Information relates.

We may also use Personal Information collected for such other purposes that are compatible with the original purpose described above, or that you otherwise consented to from time to time.

We process Personal Information to communicate with you (electronically or by phone) in relation to the products or services offered by Nanolayr that we consider may be of interest to you, from time to time, including to respond to your contact or newsletter subscription requests and any related communication. You can unsubscribe from any communications from us by contacting us as directed in any such communications.

We may also use and disclose de-identified information (non-Personal Information) as set out in this Privacy Policy and as we otherwise determine, provided that there is only a low risk that any person could be re-identified from the information.

If you are based in the European Union (including Switzerland and the United Kingdom) at the time we are processing your Personal Information, you have the right to object to the way we process your Personal Information where the processing is based on legitimate interests.

DISCLOSING YOUR PERSONAL INFORMATION

We may disclose your Personal Information to:

  • third parties who provide necessary services to Nanolayr, including third parties who help us market and sell our products and services – for instance to manage customer relations and send out newsletters;
  • any business that supports our Websites, including hosting or maintaining any underlying IT system or data centre that we use to operate the Websites;
  • other third parties for anonymised statistical information;
  • a person who can require us to supply your Personal Information (e.g. a regulatory authority or lay enforcement agency);
  • to respond to due diligence requests and/or transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business; and
  • any other person or entity authorised by you.

OVERSEAS TRANSFERS

Nanolayr is located in New Zealand, so Personal Information may be transferred and/or stored there. In respect of our responsibilities under the GDPR, the appropriate safeguard in place for such a transfer is the existence of an adequacy decision under Article 45 of the GDPR.

Personal information may be provided to our overseas third party hosting service provider, Campaign Monitor, located in the United States.  Campaign Monitor hosts our subscriber and form lists. Although we will use reasonable efforts to obtain assurances from any third party service providers that they will safeguard Personal Information consistent with this Privacy Policy and applicable data protection laws, you acknowledge that some of these countries may not have an equivalent level of data protection laws as those in New Zealand.  You consent to the rights of overseas access, processing and disclosure on the basis specified in this clause.

THIRD PARTY SERVICES

We use third party services to assist use with operating the Websites and to ensure a better experience for users. In the process of doing so, the third party service provider may have access to Personal Information. However, these third parties do not have the right to use the Personal Information for their own use.

INTERNET USE

While we take reasonable steps to maintain secure internet connections, if you provide us with Personal Information over the internet, the provision of that information is at your own risk.

If you follow a link on a Website to another website, the owner of that website will have its own privacy policy relating to your Personal Information. We suggest you review that website’s privacy policy before you provide access to your Personal Information.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We will keep your Personal Information:

  • until we no longer have a valid reason for keeping it;
  • until you request us to stop using it; or
  • for as long as required by law.

You should be aware that we do keep backups and logs for up to six months before they are automatically deleted.

COOKIES AND TRACKING

We may use various technologies to collect and store information when you use a Website, and this may include using cookies and similar tracking technologies, such as pixels and web beacons.

Cookies

A cookie is a piece of information that our web server may send to your machine when you visit a Website. The cookie is stored on your device, but does not identify you or give us any information about your device.

The types of cookies we use may include:

  • Strictly necessary cookies: These cookies are essential for the full functionality of our Websites. They enable you to navigate around a Website and use its features. Without these cookies, you may not be able to access all the functions of our Websites.
  • Performance cookies: These cookies collect information about how you use our Websites. All information these cookies collect is anonymous and only used to improve how our Websites.
  • Functionality cookies: These cookies allow our Websites to remember the choices you make (for example, your user name, language or your region). Although these cookies are used to enhance the performance of our Websites, they are non-essential to their use. However, without these cookies, certain functionality may become unavailable.

The length of time a cookie will stay on your browsing device depends on whether it is
a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies will stay on your browsing device until they expire or are deleted.

With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. If you want to do this, refer to your browser instructions or help screen to learn more. If you reject the use of cookies, you will still be able to access our Websites but please note that some of its functions may not work as well as if cookies were enabled.  To learn more about how to enable, edit, or disable cookies on your computer, please visit the aboutcookies.org website.

Web analytics

We use Google Analytics to collect information about use of our Websites, with the goal of improving our Websites. Google Analytics collects information such as how often users visit a Website, what pages they visit when they do so, and what other sites they used prior to coming to the site.

Web beacons

Web beacons are tiny graphics with a unique identifier that may be included on a Website for several purposes. For example, we may use web beacons to deliver or communicate with cookies, to track and measure the performance of a Website, to monitor how many visitors view a Website, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on your hard drive, Web Beacons are typically embedded invisibly on web pages (or in an email). We use these web beacons to customise content and advertising and to analyse traffic to a Website.

PROTECTING YOUR PERSONAL INFORMATION

We take the protection of your Personal Information seriously and we will take reasonable steps to keep your Personal Information safe from loss, unauthorised activity, or other misuse.

YOUR RIGHTS

You have the right to access your Personal Information that we hold about you, to ask for it to be corrected if you think it is wrong.

If you are based in the European Union (including Switzerland and the United Kingdom) you also have the right, under the GDPR, to:

  • in certain circumstances, have your Personal Information erased;
  • restrict the processing of your Personal Information;
  • move, copy or transfer your Personal Information easily for your own purposes across different services in a safe and secure way; and/or
  • object to processing where we rely on our legitimate interests as the lawful basis for processing.

We will respond to any request made in respect of the above in accordance with the applicable data protection laws. Please note that there are some exceptions to your right to gain access to your information, including (but not limited to) where:

  • providing access would have an unreasonable impact upon the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings between you and us, and the information would not be accessible by the process of discovery in those proceedings; or
  • providing access would be unlawful.

If you wish to exercise your rights under this Privacy Policy or any applicable data protection laws, you can do this by emailing our Privacy Officer (at the email address set out below). Your email should provide evidence of who you are and set out the details of your request (e.g. the Personal Information or the correction that you are requesting).

You may also lodge a complaint regarding our Personal Information processing activities as they relate to your Personal Information with your relevant privacy law supervisory authority.

HOW TO CONTACT US

Please contact our privacy officer at info@nanolayr.com if you:

  • wish to discuss any privacy issues;
  • wish to raise any objections to the way in which we deal with your Personal Information;
  • have any concerns regarding your Personal Information; or
  • do not wish to receive any future communications from us.

CHANGES TO THIS PRIVACY POLICY

From time to time we may make changes to this Privacy Policy (for example, to reflect any changes in our business or any applicable data security laws).  Where a change is significant, we will make sure we let you know – usually by displaying a notice on our Websites.