Cocoon Beauty & Day Spa (2011) Ltd (“Cocoon Beauty & Day Spa” and “we” and “us” and “our”) recognises the importance of protecting and securing your personal information. We have created this Privacy Policy to help you understand how we collect, use and protect your information when you purchase our Products and Services, visit our website or other digital platforms, communicate or interact with us, enter any competitions, complete any surveys or enter our clinics. We respect and value your privacy. This policy is provided for your information and does not limit or exclude your rights under the Privacy Act 2020. If you want to talk to us about this policy or any concerns or queries you have about the use of your personal information, please contact us by email enquiries.cocoon@gmail.com or by telephone on (03) 313 5552.
We may change this Privacy Policy from time to time. Usually we will tell you about a change in the policy by posting an updated policy on our website and if so, any change we make applies from the date we post it on the website.



We collect personal information relating to you – for example when you enquire about or purchasing a Product or Service (by phone, in person or electronically), when you interact with us via phone, email, mail, website, complete any survey/application forms, or enter any of our competitions or special promotions/activities or via social media. In most instances, we collect personal information directly from you. We may also collect personal information from third parties such as from other retailers and the Police to prevent and detect crime and to keep our community safe. The information we collect may include your name, address, email, phone number, gender, birthday, your shopping and marketing preferences, your purchases, delivery information and any other information that you provide to us during our interactions such as your browsing and viewing activity. If there is an incident/accident while visiting our clinics, we may ask you to complete a Health and Safety form and retain this. If we are unable to collect this information, we may not be able to provide you with the Products or Services, or carry out a particular activity that you have requested or that we are required to do.



The information we collect from you may be used by us for a number of purposes connected with our business, primarily being:
To hold a record via your Client Profile of the Services and Products consumed both in our clinics and at home to provide you with a high level of service, recommendations relevant to your skin, and to have a record should you suffer an adverse reaction to a particular Product.
To market, promote, advertise, sell and deliver our Products and Services including by providing targeted and personalised advertising through digital marketing channels including but not limited to Facebook and Instagram, digital display networks, video networks such as YouTube and search services such as Google. This means you may receive access to a range of exclusive offers and rewards not available to the general public.

In addition, we use your personal information:
– To improve and personalise your experience with us.
– To communicate with you and answer any questions or provide information or advice.
– To run competitions, carry out surveys and research (either on our own or with third parties).
– For warranty and Product recall purposes.
– To contact you about Products and Services that we think may be of interest to you (unless you ask us in writing not to).
– For staff training and quality control.
– To undertake administrative and operational functions and for fraud, loss and theft prevention.
– To comply with the law and any directions given by authorities.
– To investigate any breach of any of our Terms or any suspected unlawful activity.
– Generally to customise your experience with us (online and in clinic).



There may be times when we need to disclose your personal information to third parties (some of which may be based outside of New Zealand) to undertake any of the purposes set out above, or where permitted or required by law or as otherwise detailed in this Privacy Policy.

Recipients of your personal information may include:
– Our employees, contractors or service providers, to the extent reasonably necessary for them to carry out their duties. This may include internet service providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, research agencies, and advisors.
– Our suppliers for delivery, warranty and recall purposes.
– Anyone we transfer our business to in respect of which you are a customer or a potential customer.
– Anyone who hosts or maintains data, service platforms or other systems on our behalf, where your information is processed.
-Persons who may be required to pass your information by reason of legal authority including law enforcement agencies and emergency services.

We may also share with third parties aggregated user statistics and other information that does not
personally identify you.



We will retain your information for as long as we need to carry out the purposes noted above, or longer if we are required to do so by law.

Your personal information is held in either hard copy or electronically in our computer systems and databases. This includes software, internet servers, and hosted internet solutions. We may use third-party service providers to store your personal information and provide us with services. This means that we may transfer personal information, or access it from, countries other than New Zealand with laws that may not be as comprehensive as the laws of New Zealand. We will take reasonable steps to ensure that any third-party service providers we use meet our privacy and security expectations.



 If you request us to, or if we deem that we should no longer hold your personal information as we no longer need it, we will take reasonable steps to ensure its deletion from our systems. This will include deleting your profile and any related details from any third party service providers that we use to store your personal information. Any printed or written material we have on hand will be shredded via an electronic shredder held within the clinic.



We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and secured against unauthorised access, modification or disclosure. This may include using firewalls, password protection, monitored or restricted access, training staff and following breach management procedures.



We endeavour to maintain internet security but security risks may still arise. Any personal information transmitted to us or from our online products or services will therefore be at your own risk. If you are accessing third party websites via our website you should read the provider’s privacy policy or website terms and conditions – especially if you are considering providing them with your personal information. You are also responsible for maintaining the secrecy of your passwords and/or any account information.
We may use cookies and other interactive techniques to collect information about how you interact with our website, Products and services, to:
– Understand what you like and use about our website
– Provide a more enjoyable, customised service and experience
– Measure the effectiveness of our marketing initiatives
– Help us develop and deliver better products and services tailored to our clients.

We may use a persistent cookie to record details such as a unique user identity and general registration details on your PC. This helps us recognise you on subsequent visits to this website so that you don’t have to re-enter your registration details each time you visit us and allows us to carry out the activities mentioned above. We may also allow third parties to place cookies and other identifiers on our website to collect
information on your browsing history and use that for marketing purposes. Most browser technology (such as Internet Explorer, Safari, Chrome etc) allows you to choose whether to accept cookies or not – you can either refuse all cookies or you can set your browser to alert you each time that a website tries to set a cookie. You do not need to have cookies turned on to access our sites, but you may need them for customisable areas of the site that we may develop in the future, or to access and benefit from certain functionality offered by the site.



Remarketing is where your browsing history on a website is then used to show you advertising related to your history once you have left that website. We supply cookie information (from your browser) about your browsing history on our website to Facebook and Google and may alter or update this from time to time. You can opt out of remarketing – for Google, by turning off ad personalisation and for Facebook, by changing the advertising settings.



 You have the right to access your personal information that we hold if we hold the information in a way that can be readily retrieved, subject to some legal exceptions. Please contact us if you would like access to the personal information that we hold about you or if you would like us to update or correct your personal information. We may require further information to assist in the retrieval of information and/or to verify your identity. We will not be able to provide your personal information as held by us if we do not know or do not have reasonable grounds to believe disclosure is required or it is not readily retrievable. We reserve the right to charge a reasonable fee for gaining access. You can request correction or amendment of your personal information at any time. If it is reasonable in the circumstances for us to do so, we will make the requested change or correction, otherwise we will take reasonable steps to mark the information as being subject to correction.



 If you believe we have breached our privacy obligations please contact us via email at enquiries.cocoon@gmail.com or call us on (03) 313 5552 and we will endeavour to resolve your concerns promptly. If you want more information please go to www.privacy.org.nz.