Opening Sale – NZ$5 off all orders! Use code 'OPEN' at checkout. Offer valid until 31 January 2026.

PRIVACY POLICY

Last Updated: 26th November 2025

Introduction

This website, www.pastels.nz, is owned and operated by Pooja Shankar trading as Pastels (NZBN: [Insert Number]), referred to as "we," "us," or "our" in this policy. We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 2020 and the thirteen Information Privacy Principles (IPPs).

This Privacy Policy explains what information we collect, how we use it, how we store it, and your rights regarding your personal data. By visiting our website, placing an order, or subscribing to our communications, you agree to the practices described in this policy.

Information We Collect
Information You Provide Directly

When you place an order, create an account, subscribe to our newsletter, or contact us, we may collect: full name, email address, phone number, delivery or pickup address, order details and preferences, special instructions or notes, date of birth (if you opt in to birthday reminders), and any other information you choose to provide.

Payment Information

Payment transactions are processed securely through third-party payment processors including Stripe (for online card payments), bank transfer (direct deposit), and EFTPOS terminals (for in-person payments). We do not receive, process, or store your complete credit card details. Payment processors handle this information according to their own privacy policies and PCI-DSS security standards.

Information Collected Automatically

When you visit our website, we automatically collect certain technical information about your device and browsing behaviour, including: IP address, browser type and version, device type and operating system, time zone and language settings, pages visited and time spent on each page, referring website or search terms, click patterns and navigation paths, and general location data (city/region level, not precise GPS).

This is referred to as "Device Information" and is collected through cookies and similar tracking technologies.

How We Use Your Information
Order Fulfilment and Customer Service

We use your information to process and confirm orders, prepare your baked goods, arrange delivery or pickup, communicate about order status, provide after-sales support, and respond to inquiries.

Marketing Communications (With Your Consent)

With your permission, we may send you newsletters, special offers, promotions, discount codes, and birthday reminders. You can opt out at any time by clicking "unsubscribe" in any email or contacting us directly.

Website Improvement and Analytics

We analyze website usage to understand visitor behaviour, identify popular products, improve functionality and user experience, troubleshoot technical issues, and detect fraud or abuse.

Legal and Business Operations

We may use your information for complying with legal obligations, maintaining business records for tax and accounting purposes, protecting our legal rights, and preventing fraud.

Cookies and Tracking Technologies
What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help our website function properly and provide information about how you use the site.

Types of Cookies We Use

Essential Cookies (Required): Enable basic website functionality, remember items in your shopping cart, maintain your session while browsing.

Analytics Cookies (Optional): Google Analytics tracks visitor behaviour and website performance, providing aggregated statistics on page views, traffic sources, and user engagement.

Marketing Cookies (Optional): Meta Pixel (Facebook) tracks conversions and helps us show relevant ads, allowing us to measure marketing campaign effectiveness.

Managing Your Cookie Preferences

When you first visit our website, you'll see a cookie banner allowing you to accept or reject optional cookies. You can change your preferences at any time through the cookie settings banner on our website or your browser settings. Please note: Disabling essential cookies may affect website functionality.

Third-Party Analytics and Advertising

We use the following third-party services that may collect and process your data: Google Analytics, Meta Pixel (Facebook), Hostinger (Website Hosting), and our email marketing platform. These services may use cookies and similar technologies for their own purposes. They do not provide us with your direct personal identity without your separate consent to those platforms.

How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service Providers

We may share limited information with trusted third parties who help us operate our business: payment processors (Stripe, Smartpay), website hosting provider (Hostinger), email service provider, and analytics providers (Google, Meta). These providers only receive the minimum information necessary and are contractually required to protect your data.

Legal Requirements

We may disclose your information if required by law, including responding to court orders or subpoenas, complying with government requests, protecting our rights or safety, investigating fraud, or protecting public safety.

Data Security

We take reasonable technical, administrative, and physical measures to protect your personal information from unauthorized access, loss, misuse, or alteration. These measures include secure servers with encryption, restricted access to personal data, regular security assessments, and secure payment processing through PCI-DSS compliant providers.

However, no online platform can be 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use our website and provide information at your own risk.

Data Retention

We retain your personal information for the following periods:

Order records and transaction data: Minimum 7 years (to comply with Inland Revenue requirements)

Customer account information: Until you request deletion, or 3 years after last activity

Marketing subscription data: Until you unsubscribe, or 5 years of inactivity

Website analytics data: Aggregated data retained indefinitely; individual user data anonymized after 26 months

Inquiry and support communications: 2 years from last contact

You may request earlier deletion where legally permissible. However, we may need to retain certain information to comply with legal obligations.

Your Rights Under New Zealand Privacy Law

Under the Privacy Act 2020, you have the following rights:

Right to Access: Request a copy of the personal information we hold about you.

Right to Correction: Request correction of inaccurate or incomplete information.

Right to Deletion: Request deletion of your personal information, subject to legal retention requirements.

Right to Restrict Processing: Ask us to limit how we use your information in certain circumstances.

Right to Object: Object to processing of your information for marketing purposes.

Right to Withdraw Consent: Withdraw consent for data processing (e.g., marketing emails) at any time.

To exercise any of these rights, please contact us at info@pastels.nz. We will respond within 20 working days as required by the Privacy Act 2020.

International Data Transfers

Our primary operations serve customers in Auckland, New Zealand. However, some of our service providers (Google, Meta, Stripe, Hostinger) operate internationally and may process data outside New Zealand. Your information may be transferred to and stored on servers in other countries, including the United States and Europe. We ensure appropriate safeguards are in place to protect your information.

Children and Minors

Our services are intended for individuals aged 18 years and older. We do not knowingly collect personal information from children under 18 without verifiable parental or guardian consent.

If you are under 18 and wish to place an order or subscribe, please have a parent or guardian review this Privacy Policy with you, provide consent for your use of our services, and supervise your interactions with our website.

If we become aware that we have collected information from a minor without proper consent, we will delete that information promptly. Parents or guardians may contact us at info@pastels.nz to review, modify, or delete their child's information.

Links to Other Websites

Our website may contain links to third-party websites, social media platforms, or external resources not owned or controlled by Pastels. This Privacy Policy applies only to our website. We are not responsible for the privacy practices or content of external sites. We encourage you to read the privacy policies of any third-party websites you visit.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations.

When we make significant changes, we will update the "Last Updated" date at the top of this policy, notify you by email if you are a registered customer or subscriber, and may display a prominent notice on our website.

Your continued use of our website after changes are posted constitutes acceptance of the updated Privacy Policy.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your privacy, we will: notify affected individuals as soon as practicable, report the breach to the Privacy Commissioner if required by law, take immediate steps to secure our systems, and provide information about affected data and steps you should take.

Complaints and Concerns

If you believe we have breached the Privacy Act 2020 or have concerns about how we handle your personal information, please contact us first at info@pastels.nz. We will acknowledge your complaint within 5 working days and aim to resolve it within 20 working days.

If you are not satisfied with our response, you have the right to lodge a complaint with:

Office of the Privacy Commissioner

Website: www.privacy.org.nz

Phone: 0800 803 909

Email: enquiries@privacy.org.nz

Contact Information

Pastels

Owner: Pooja Shankar

NZBN: [Insert Number]

Email: info@pastels.nz

Website: www.pastels.nz

By using our website and services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Address
Contact
Subscribe to our newsletter

By submitting, you are agreeing to our Privacy Policy and Terms & Conditions

About

Our Story

Gallery

Allergen Information

Refund & Cancellation Policy

Delivery & Pickup Information

+64 22 504 5487
info@pastels.nz

New Lynn, Auckland

Follow us

'Pastels' is a registered food business, pending verification from Auckland Council.