PRIVACY POLICY

Silver Fern Farms is strongly committed to protecting your privacy. This privacy notice and statement (“Privacy Policy”) explains how we, Silver Fern Farm Limited, Silver Fern Farm Co-operative and its group entities (referred to as “Silver Fern Farms”, “we”, “our” or “us”) collect, store, use and share your personal data (each is “processing”). It also explains the rights you have and control you can exercise over your personal data.

“Personal data or personal information” means any information relating to an identified or identifiable living person. This Privacy Policy does not apply to non-individual’s data. Please read this Privacy Policy in conjunction with our Terms and Conditions of Use in our
website.

When and how we collect personal data: When you supply stock or other goods to us, purchase our products, use our services, or interact with us, you may share some personal data with us. We may collect information directly from you when you do business or interact with us or through third parties such as your employer or organisation. The personal data we collect may be provided in forms/documents that you have completed (including contracts), face-to-face meetings, email messages, telephone conversations, or when you use our websites, apps or our social media platforms or other platforms.

Types of Personal Data Collected; Personal data that we may collect include (the list is not exhaustive):

• Contact information: your name, position, role, organisation, telephone number, email and postal address;

• Business information: data identifying you in relation to matters in which you are involved;

• Your logon ID and password: for access to our website, apps or other platforms;

• Attendance records: to record your attendance at our offices for security purposes;

• Subscriptions/preferences: when you subscribe to receive marketing materials, other updates, briefs, newsletters or other information as well as consent preferences to help us identify which materials you are interested in receiving;

• Events data: attendance at and provision of feedback forms in relation to our events;

• Supplier data: contact details and other information about you or your organisation where you supply stock/goods and/or services to us;

• Customer data: contact details and other information about you or your organisation where you purchase or receive stock/goods and/or services from us;

• Social media: posts, likes, tweets and other interactions with our social media presence;

• Information from public sources: e.g. LinkedIn and similar professional networks, directories or internet publications;

• Online data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails;   

• Special categories of personal data: such as dietary, disability or similar requirements for events and meetings only to the extent necessary for a specific purpose.  If you do not provide this data, we may not be able to respond to your particular needs or preferences; and

• Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record.) We may seek your consent in a pre-employment process to ensure the safety and security of the Silver Fern Farms and the workplace.

• Biometric data: to the extent permitted by law, we may collect, use or otherwise process fully or partially automated recognition of individuals based on biological or behavioural characteristics, such as facial recognition technology.

We will process your personal data if and to the extent permitted by law: In the case of personal data processing in all jurisdiction except under the PRC’s Personal Information Protection Law:

• you have given us your explicit consent to process your personal data for a particular purpose(s); or
• it is necessary to perform our obligations under a contractual relationship with you; or
• it is necessary to comply with legal or regulatory obligation; or
• it is necessary to deal with a legal claim; or
• it is necessary for our legitimate business interests or those of a third party (provided these do not interfere with your fundamental rights).

In the case of personal data processing under the PRC’s Personal Information Protection Law:

• you have given us your explicit consent to process your personal data for a particular purpose(s); or
• it is necessary to perform our obligations under a contractual relationship with you; or
• it is necessary to comply with legal or regulatory obligation; or
• it is necessary to carry out human resources management pursuant to labour rules and regulations formulated according to the law or the collective contracts signed according to the law; or
• it is necessary to respond to public health emergencies, or the protection life, health and property security of natural persons in an emergency; or
• personal data processed has been voluntarily disclosed to the public by you or personal data processed has been lawfully disclosed to public within a reasonable scope.

We may process your personal data for any or all of the following purposes:

• buying, selling or supplying services and/or goods and managing suppliers and customers; or
• business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offerings/products and/or services
  for you, develop our relationship and target our marketing and promotional campaigns; or
• communication: sending emails, newsletters and other messages to keep you informed of market insights and of our product offerings and services.
• events: running briefings, roundtables and other events.
• customers surveys and feedback.
• Know-Your-Client (KYC): carrying out KYC due diligence under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements.
• website monitoring: checking our website, app, platforms and other technology services are being used appropriately and to optimise their functionality.
• site security: providing security to our offices and other premises (normally collecting your name and contact details on entry to our buildings).
• online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats.
• compliance: complying with our legal and regulatory obligations (as applicable).
• legitimate business interests: pursuing our legitimate business interests which may include (the list is not exhaustive):
• operating, developing and improving our businesses, offerings and operations (provided these do not interfere with your fundamental rights); or
• maintaining the security of our and our customers’ and suppliers’ data and in ensuring the quality of our products and services; or
• purchasing and receiving stock and services; or
• processing, marketing and supplying meat product and other offerings; or
• providing services associated with the above businesses; or
• managing our business and relationship with you or your company or organisation; or
• understanding and responding to inquiries and client feedback; or
• understanding how our customers use our services and websites; or
• identifying what our clients want and developing our relationship with you, your company or organisation; or
• improving our services and product offerings; or
• enforcing our terms of business and website and other terms and conditions; or
• ensuring our systems and premises are secure; or
• managing our supply chain; or
• developing relationships with suppliers, customers and business partners; or
• ensuring debts are paid; or
• sharing data in connection with acquisitions and transfers of our business. Where we need to transfer your personal data due to

We will only share your personal data strictly in accordance with the terms of this Privacy Policy.

Transferring your personal data: As a global organisation, personal data we collect may be transferred internationally throughout our worldwide organisation. Where we transfer or share your personal data, we will seek your express consent and (in the case of transfer out of Mainland China (for the avoidance of doubt Mainland China does not include Hong Kong SAP, Macau SAP and Taiwan) separate consent) to do so or anonymise your personal data. Your personal data may be exchanged within Silver Fern Farms and amongst its group entities. We exchange your data for administrative purposes and so that we can have a complete overview of your contacts and contracts with the Silver Fern Farms. We may also exchange your data to offer you a complete package of services and products.

Cross border transfers of personal data:

As a general policy. we will not transfer your personal data to any recipient in a country outside of New Zealand or the European Economic Area (“EEA”) except in the following circumstances:

1. to a jurisdiction that is deemed to have sufficiently comparable privacy or data protection laws and regulations in their respective country that recognise your individual privacy rights in a similar way that the following laws do, (i) in the case of transfer out of NZ, New Zealand Privacy Act 2020 and (ii) in the case of transfer out of the EEA, the GDPR;
2. If your personal data is transferred to a recipient in a country that does not provide the level of protection for personal data as New Zealand or the European Union do, we will take measures to ensure that your personal data is adequately protected in line with locally applicable data protection requirements, subject to amendments we may deem necessary at our sole discretion.  For example, for transfer of personal data:
3. out of the EEA we will bind our recipient to the Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation; and
4. out of New Zealand, we will bind our recipient to the model contractual clauses approved by the Privacy Commissioner in accordance with the New Zealand Privacy Act 2020.

For personal data collected by our Chinese entities, we will not transfer your personal data to any recipient in a country outside of Mainland China unless such data export is in compliance with the requirements of the PRC’s Personal Information Protection Law.

Access to your personal data by external parties: The following types of external parties may have access to your personal data, where necessary:

• Partners, suppliers, distributors, vendors or agents involved in delivering the products and services you have ordered from us; or
• Our customers; or
• Companies who are engaged to perform services for us or on our behalf; or
• Law enforcement bodies, regulators: or other competent authorities where requests are made in accordance with legal requirements; or
• Debt-recovery organisations, credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies; or
• Third parties for joint promotions with that third party who will be responsible for their own compliance with applicable privacy laws; or
• Third parties that we use for marketing, for example, approved media agencies, and third parties that we advertise with, such as Facebook, to serve you advertisements online; or

We may provide your personal data to regulatory bodies, tax authorities and/or investigating authorities in New Zealand in limited circumstances. We will do so only if we are obliged by law or regulation, or if you consent to us disclosing this information.

In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.

We take the security of all the data we hold seriously and will endeavour to take all reasonable steps to keep secure any information which we hold about you in line with best practice, including reasonable steps within our power to prevent unauthorised use or disclosure of your information. Please note, however, that the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted and any transmission is at your own risk.

We have ethical and legal obligations to hold information securely and to use it appropriately, in accordance with our Privacy Statement. If you feel we have breached these obligations, please contact us by emailing us at privacy.officer@silverfernfarms.co.nz

Because we have global business operations and interests, we may transfer and hold your personal data out of your local jurisdiction or region. Privacy laws vary by country. We will take all reasonable steps to protect your information in line with locally applicable privacy or data protection requirements.

We may store your personal data within services provided by New Zealand or offshore cloud service providers. When we do so, this makes no difference to our obligation to respect and protect your privacy and our cloud service providers must only use the data for purposes lawfully authorised by us.

We retain your personal data for as long as is necessary for the purpose for which it was collected. We may hold personal data for such longer periods as may be required by law or regulation or as may be necessary to fulfil our legal obligations or defend our legal rights. When the personal data that we collect is no longer required by law or otherwise, we destroy, delete or permanently anonymise it.

 You have the right to:

• Access: ask us if we hold personal data about your or are processing your personal data and, if we are, you can request access to your personal data.  For your own privacy and security, we may, at our discretion, require you to prove your identity before providing the requested information. If you wish to make a request you can email the Privacy Officer directly or use this form here.
• Rectification: request that any incomplete or inaccurate personal data we hold about you is rectified. If we do not agree with your request, you have the right to have a statement of correction added to the information we hold about you.
• Deletion: ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
• Suspension: ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Transfer: ask us to help you request the transfer of your personal data to another party.
• Objection: where we are processing your personal data based on a legitimate interest (or those of a third party), you may challenge this.  However, we may be entitled to continue processing your data. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Withdraw consent: where you have consented to our processing your personal information, you may withdraw such consent at any time.

If you want to exercise any of these rights, please contact our Privacy Officer-refer to Contact us.

We are committed to protecting the personal data we collect and take privacy very seriously. We have strict privacy breach policies and procedures we will enact if a privacy breach occurs. If you have any concerns or become aware of a privacy breach affecting us, please bring this to our attention immediately by contacting the Privacy Officer at privacy.officer@silverfernfarms.co.nz.

If you have any concerns, please let us know so that we can do our best to resolve your questions or concerns. Raising your concerns early will help us sort out any problems quickly, saving you time and stress.  If you still have concerns about our Privacy Policy, or how we have responded to your requests, you have a right to lodge a complaint with the Office of the Privacy Commissioner here.

We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events that we think may interest you.

You can opt-out of receiving direct marketing from us at any time by changing your marketing preferences on your online accounts settings page, clicking on the "unsubscribe" link included at the end of any marketing email we send to you, or by contacting our Privacy Officer.

Our website, newsletters, email updates and other communications may, from time-to-time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the treatment of your personal data by such websites is not our responsibility. 

If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

We may change this Privacy Policy notice from time-to-time by publishing an updated version here. Please review this this policy periodically to stay informed about how we are protecting your data.

This Privacy Policy was last updated in September 2022.

If you have any questions or complaint about how we use your personal data, please contact us by writing to our Privacy Officer, 283 Princes Street, Dunedin 9016, Dunedin, New Zealand, or by emailing: privacy.officer@silverfernfarms.co.nz . If you are a citizen or resident of Mainland China, our Privacy Officer will refer your questions or complaints to our China-based Privacy Representative.