no items to display
Privacy and Data Statement
JUICE PLUS NEW ZEALAND PRIVACY AND DATA PROTECTION POLICY
• Next review date: 1st December 2019
Juice Plus+® needs to gather and use information about individuals. These can include Customers,
Suppliers, Employees, Juice Plus+® Independent Virtual Franchisees (Franchisees) and other people
we have a relationship with or may need to contact.
This policy describes how personal data must be collected, handled and stored and ensures:
• Compliance with the New Zealand Privacy Act 1993 (Privacy Act)
• Protection of the rights of Staff, Customers and Franchisees
• We are open about how we store and processes individual’s data
• Protection from the risk of data a breach
• Protection from possible reputational damage
At the heart of the Privacy Act are twelve privacy principles. The privacy principles cover:
• Collection of personal information (principles 1-4)
• Storage and security of personal information (principle 5)
• Requests for access to and correction of personal information (principles 6 and 7, plus parts
4 and 5 of the Act)
• Accuracy of personal information (principle 8)
• Retention of personal information (principle 9)
• Use and disclosure of personal information (principles 10 and 11), and
• Using unique identifiers (principle 12).
This policy applies to:
• The Juice Plus+® Company (Australia) Pty Ltd (JPCA)
• All New Zealand Juice Plus+® Franchisees
• All Employees of JPCA dealing with New Zealand transactions and Customers
• All Contractors, Suppliers and other people working on behalf of JPCA in New Zealand
Everyone who works for or with JPCA has some responsibility for ensuring data is collected, stored
and handled appropriately.
Each team including Franchisees must ensure that data is handled and processed in line with this
policy and data protection principles.
The following people have key areas of responsibility:
• The Board of Directors is ultimately responsible for ensuring that the organisation meets its
The Financial Controller is responsible for:
• Keeping the Board updated about data protection responsibilities, risks and issues.
• Reviewing all data protection procedures and related policies, in line with an agreed
• Arranging data protection training and advice for the people covered by this policy
• Handling data protection questions from Staff.
• Ensure the Customer Service and Accounts Receivable teams can answer questions from
• Dealing with requests from individuals to see the data that we hold about them.
• Checking and approving any contracts or agreements with third parties that may handle our
The IT Manager is responsible for:
• Ensuring all systems, services and equipment used for storing data meet acceptable security
• Performing regular checks to ensure security hardware and software is functioning properly.
• Evaluating any third-party services the organisation is considering using to store or process
data. For instance, cloud computing services.
The Sales and Marketing Director is responsible for:
• Ensuring Franchisees understand their responsibilities when handling data.
• Ensure the Franchise Team can answer data handling questions from Franchisees.
• Where necessary, working with other Staff to ensure marketing initiatives abide by data
The general guidelines for all Staff, Contractors and Independent Virtual Franchisees are:
• The only people able to access data covered by this policy should be those who need it for
• Data should not be shared informally.
• JPCA will provide training to all Employees, Contractors and Franchisees.
• Employees, Contractors and Franchisees should keep all data secure, by taking sensible
precautions and follow the guidelines below:
• Strong passwords must be used and they should never be shared.
• Personal data should be not disclosed to unauthorised people, either within the organisation
• Data should be regularly reviewed and updated if found to be out of date. If no longer
required it should be deleted, destroyed or archived.
• Employees, Contractors and Franchisees should request help from an appropriate manager
within the organisation if unsure about any aspect of data protection.
Data Storage and Use
All personal data relating to the purchase of products by Customers and Franchisees business
activities is stored on the Juice Plus+® worldwide secure computer system server located at the Juice
Plus+® headquarters in Collierville, Tennessee, a suburb of Memphis. All other personal data is held
on the Australian secure server located at JPCA office in Newcastle NSW.
These rules describe how and where data should be safely stored and used.
When data is stored on paper, it should be:
• Kept in a secure place where unauthorised people cannot see it, such as in a locked draw or
• Not left on desks or printers
• Should be shredded and disposed of securely when no longer required.
When data is stored and used electronically, it must be protected from unauthorised access,
accidental deletion and malicious hacking attempts by:
• Protecting data with strong passwords that are changed regularly and never shared
• If stored on removable media, these should be locked away when not being used
• Data should only be stored on designated drives and servers
• Data should be backed up frequently onto a secure site. Those backups should be tested
• All servers and computers containing data should be protected by security software and
• When working with personal data users should ensure their computer screens are locked
when left unattended
• Users should not save copies of personal data to their own computers
• Financial data must be encrypted before being transferred authorised external service
It’s the responsibility of Employees, Contractors and Franchisees to take reasonable steps to ensure
data is kept accurate and up to date by:
• Keeping data in as few places as necessary
• Take every opportunity to ensure data is updated when dealing with Customers and
• Data should be updated as inaccuracies are discovered. For instance if a Customer can no
longer be reached on their stored phone number it should be removed from the database.
Requests to Access Personal Data
All individuals who are the subject of data held by the organisation are entitled to:
• Ask what information is held about them and why
• Ask how to gain access to it
• Be informed on how to keep it up to date
• Be informed on how the organisation is meeting its data protection obligations
Requests for individuals to access their personal data stored by the organisation is to be made in
writing. We aim to provide the relevant information within 14 days. Before providing information
the organisation will verify the identity of the person making a request.
Data Breaches Involving Personal Information
As a recommendation of the Privacy Act we will notify individuals if there has been a breach of their
personal data that is likely to result in serious harm to the individual affected. We will also advise
them the steps we are taking and what they can do to reduce the impacts to their privacy.
European Union Requirements
JPCA does not operate in the European Union, however New Zealand Franchisees are entitled to
trade worldwide including the EU. We believe that these guidelines are harmonized with EU