How and why does Kathmandu collect and hold your personal information?
What kind of personal information does Kathmandu collect and hold?
How does Kathmandu use your personal information?
In what circumstances will Kathmandu disclose your personal information?
Who do we disclose your personal information to?
Does Kathmandu disclose your personal information to overseas recipients?
How you can access or correct your personal information
How you can notify us of a privacy concern or contact our Privacy Contact Officer
Kathmandu is committed to protecting the privacy of your personal information. We manage your personal information in an open and transparent way.
Kathmandu will only use your personal information when it is necessary for us to deliver you a service or perform other necessary business functions and activities.
Kathmandu will not use or disclose your personal information for purposes unrelated to the services we provide, unless we first obtain your consent.
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. However, in some circumstances, this may not be possible, and Kathmandu may need to collect personal information from you to provide you with a delivery or other service. In some cases, if you do not provide the required personal information we will not be able to provide you with a service.
This privacy policy sets out how we comply with our obligations under the:
“Personal Information” means information or an opinion about an identified individual (or an individual who is reasonably identifiable), whether true or not, or recorded in a material form or not.
“Personal Data” means data which relates to a living individual who can be identified from the data, including an opinion about the individual.
For example, these types of information/data could include your name, contact details, age and health information.
In this policy ‘we’, ‘us’, ‘our’ and ‘Kathmandu’ refers to (and this policy applies to) Kathmandu Holdings Ltd and all of its subsidiary companies including Milford Group Holdings Ltd, Kathmandu Ltd, Kathmandu Pty Ltd, Kathmandu (U.K.) Ltd.
If you have any questions regarding Kathmandu’s Privacy Policy, please call Customer Service in Australia on 1800 333 484, New Zealand on 0800 001 234, United Kingdom on 0800 066 5018, or email us at privacy@kathmandu.co.nz. If you would like Kathmandu to send you a copy of this policy, please contact us and we will do so.
By visiting our websites and/or providing your personal information to us, you consent to the terms and conditions in this Privacy Policy, unless you tell us to the contrary by contacting our Privacy Contact Officer.
This privacy policy is effective from March 2014. From time to time, our privacy policies and procedures will be reviewed and, if appropriate, updated. If any changes are made to this policy, these will be posted on our websites.
Kathmandu will only collect personal information about you by lawful and fair means, and not in an unreasonably intrusive manner.
It is Kathmandu’s usual practice to collect personal information [about you (and possibly about your family) directly from you (or from your authorised representative)], when you:
We may collect personal information about you from a third party or a publicly available source, but only if you have consented to such collection, or would reasonably expect us to collect your personal information in this way.
Kathmandu only collects personal information for purposes that are directly related to our business activities, and only when it is necessary for or directly related to such purposes. We also collect personal information related to employment services, human resource management, and other corporate service functions.
If we receive information about you from a third party and it is not information we need in respect of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).
No one under the age of 13 years is allowed to provide any personal information. Minors under the age of 18 years are prohibited from making purchases, including subscriptions, on our websites.
Any personal information that you provide via our websites or directly (for example, when you apply to become a member of the Summit Club) is collected and managed by Kathmandu.
If you provide your personal information to a third party via a link from the Kathmandu website, that information is collected and managed by those third parties. You should familiarise yourself with their privacy policy prior to deciding whether you wish to provide them with your information.
The types of personal information Kathmandu may collect includes (but is not limited to) your:
The nature of the information collected will depend on the purpose for which it is being collected.
If you provide us with information about any third party, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
We use your personal information for a variety of reasons including to:
In the course of conducting our business and providing our products and services to you, we may disclose your personal information.
We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities. We do not give it to anyone else unless one of the following applies:
If we engage third party agents or contractors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information, before we share your personal information with them.
We may disclose your personal information to:
In all circumstances where your personal information is disclosed, we will take all steps reasonable to ensure that these third parties undertake to protect your privacy.
We are committed to compliance with all laws and requirements relating to the use of your personal information. We will only use or disclose your personal information for direct marketing purposes if you have provided your information for that purpose (and you would expect us to use the information for that purpose), or if you have provided consent for your information to be used in this way.
From time to time, we may contact you with information about products and services offered by us and our related entities and our business partners, which we think may be of interest to you. When we contact you it may be by mail, telephone, email or SMS.
We may also provide targeted marketing to you whether directly or through online advertisement networks such as those operated by Google, based on your viewing activity of our website. For more information, see “Website usage” below.
Where we use or disclose your personal information for the purpose of direct marketing, we will:
You can opt out of receiving targeted advertising derived from your viewing habits by selecting from your browser’s privacy or security settings to reject, delete or block (as the case may be) the cookies or web beacons used by us in order to conduct such targeted marketing.
Kathmandu will only ever contact you if you have consented to this, and you can ask to be removed from our marketing lists, at any time by contacting us directly.
If you do not wish to be contacted by Kathmandu, please write to our Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
In some circumstances, Kathmandu may disclose your personal information to overseas recipients. If this occurs, we take steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the relevant privacy laws in relation to that information.
We share information between our businesses, located in Australia, New Zealand and the United Kingdom.
Sometimes we use third party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise deliver information. These services are hosted and managed by organisations other than ourselves, and some of these services are hosted overseas. We use products and services maintained in Australia, New Zealand, the United Kingdom, Israel, China and the United States.
Your personal information may be stored in a secure and encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us (or by third parties on Kathmandu’s behalf).
Kathmandu will not use Government Identifiers, such as Medicare numbers, or a driver's licence number as its own identifier of individuals.
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure.
The personal information that we collect about you is stored on our database server managed by Kathmandu Limited in New Zealand.
We have a range of systems and communication security measures, as well as the secure storage of any hard copy documents. Access to your personal information is restricted to those properly authorised to have access.
Clear accountability for data sets and security sit with the Chief Information Officer and his respective Technology and Infrastructure Manager and Business Systems Manager. They ensure documentation and reviews of applications and data sets happen regularly along with regular audits on data security and roles.
Kathmandu also has policies in place for data retention across all key areas. We keep your personal information for as long as it is required to provide you with the products you requested from us and to comply with legal requirements. If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.
All systems and applications are, where possible, one version behind the latest release from all vendors, and lifecycle management is a KPI of the Business Systems Manager.
Kathmandu data resides across several tier three Data Centres that are PCI and ISO compliant and protected by an outsourced firewall and filtering system that is penetrated tested annually. In order to stay up to speed with changes in technology, the infrastructure team are certified and their professional development is an ongoing commitment.
Our websites are professionally hosted and operate in a secure environment. You should however be aware that there is always an inherent risk in transmitting your personal information via the Internet.
We use Comodo and Cybersource to process online orders. Customers can see their cards being debited in real time, all in an SSL secure environment.
Please do not enter any credit card details when contacting us via email, through our Live Chat function or through our website “Contact Us” form. These functions do not form part of online transactions which use Comodo and Cybersource and therefore your credit card details will not be encrypted in these situations.
We take website and credit card security extremely seriously, and always endeavour to provide a secure safe platform on which to conduct online transactions, all our websites use Comodo SSL. By using this, you guarantee the highest possible encryption levels for online transactions. Each certificate is signed with NIST recommended 2048 bit signatures and provides up to 256 bit encryption of customer data. This encryption scrambles details such as credit card number, billing details and delivery address so that generally, other computers are unable to decipher the information, ensuring privacy and security.
To make sure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer.
Ensure you logout when you have finished visiting our websites especially if you accessed them from a shared computer.
Cookies are pieces of information that a website transfers to your computer for record-keeping purposes. The information collected may be used by Kathmandu to improve your experience on our website. For example, if you wish to make a purchase using our online store, they will collect information about what is in your shopping cart and assist us to maintain that shopping cart during the transaction.
We may also use web beacons, embedded in our website’s web pages, that work in conjunction with cookies to notify us what web pages on our website are visited by a particular IP address (including by reference to domain name), computer or device, the date and time of visit to our site, the duration of individual page views, information downloaded, hyperlinks selected and paths taken by the visitor through the site, the visitor's screen settings and other general information. That information will be collected either by us directly or by a service provider contracted for that purpose. By measuring how you interact with our website in this way, we may provide targeted marketing to you, based on your viewing activity of our website, whether directly or through online advertisement networks such as those operated by Google.
If you are a registered customer or Summit Club member on our website, we will retain information about your account, including contact details, address details and, to the extent that you make orders while logged in or by reference to your Summit Club membership, the status of your orders.
Any personal information that you submit to us using our website or in an email will only be used in accordance with this privacy policy.
Whilst links to third party websites are provided on our website, we are not responsible for the content or practices of these third party websites.
These links are provided for your convenience and do not represent Kathmandu's endorsement of any linked third party website. We recommend that you check the privacy policies of these third parties prior to providing them with your personal information.
No links may be made to this website without our prior written consent. Applications for consent must be made to our Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
You can request access to the personal information we hold about you at any time, and we will
provide you with that information unless we are prevented by law from giving it to you.
If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.
If you believe that your personal information is not accurate, complete or up to date, please contact Customer Service in Australia on 1800 333 484, New Zealand on 0800 001 234, United Kingdom on 0800 066 5018, via email to privacy@kathmandu.co.nzor address your request to the Privacy Contact Officer, Kathmandu, PO Box 1234, Christchurch 8140, New Zealand.
You are also able to update your personal information online by entering your Summit Club login details when visiting our website:
If you:
please write to:
Privacy Contact Officer Kathmandu PO Box 1234 Christchurch 8140, New Zealand.
Email: privacy@kathmandu.co.nz
If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact:
Australia Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au
New Zealand Privacy Commissioner (New Zealand) on 0800 803 909 or visit their website at www.privacy.org.nz
United Kingdom Information Commissioner’s Office on 0303 123 1113 or visit their website at www.ico.org.uk
Plus access to member-only promotions. Earn points with every purchase and get a $20 voucher for every $500 you spend.
Become a memberCome in and visit us in one of our many stores
