Harvey Norman Stores (N.Z.) Pty Limited (referred to as “we”, “our”, “us” or “Harvey Norman”) acknowledges that your personal information is given in trust and confidence. Therefore, we are committed to the privacy and protection of your personal information. This privacy policy sets out how we collect, manage, process, store, disclose and protect your personal information in an honest and transparent way in accordance with the Privacy Act 2020 (“the Privacy Act”). This policy also informs you of your rights in relation to your personal information.

This Privacy Policy applies to any personal information collected by us including online at www.harveynorman.co.nz, www.harveynormancommercial.nz, www.harveynormandirect.co.nz, www.harveynormancareers.co.nz and www.harveynormanphotos.co.nz and mobile apps including Harvey Norman Photo Centre (“Platforms"). This Privacy Policy applies when you enter any of our stores, use our Platforms, including when you provide us with your personal information or apply for a job with us and you confirm we have authority to use and disclose your personal information in accordance with it.

1. What is Personal Information?

Personal information, in the Privacy Act means information about an identifiable individual. This includes, but is not limited to, information that could be used to personally identify you such as your name, contact details, images of you and financial information. If the information personally identifies you, or is about an identifiable individual, then the information is personal information. When “you” or “your” are used in this policy, we are referring to the person whose personal information we collect, use and disclose.

2. What Personal Information Do We Collect and Hold?

We collect personal information from you to provide products and services to you, and for employment and recruitment purposes.

We may collect the following personal information:

• contact details including your name, phone number, billing and delivery address, email address and signature;
• identification details to confirm your identity e.g. signature, date of birth, drivers’ licence or passport. We generally only sight your identification, except for recruitment and employment purposes;
• purchase and transaction history information including ordered, purchased and returned products, current and pending transactions and quotations;
• information that is necessary to deliver products and services to you and to respond to enquires. For delivery and installation services we may collect information about your availability and details necessary to provide the service;
• product or service preferences, browsing history and marketing interactions obtained through the use of our Platforms;
• biometric information including but not limited to CCTV footage – video and still images from CCTV cameras operating in stores and surrounding areas;
• vehicle details such as the number plate of the vehicle you have used to collect items from our warehouse;
• payment information including your credit/debit card or “buy now pay later” information and other financial details to facilitate the provision of products and/or services and for any applicable payments and/or refunds;
• financial information to confirm your financial position or credit history when considering a finance or credit arrangement provided by us or third parties including income details, credit history, and where relevant, bank account information and other related billing information as required;
• communications and messages with us including emails, phone, and online chat functions such as Facebook Messenger and WhatsApp. We may record the contents of any online automated chat functions;
• social media account names or comments posted by you on our social media pages hosted by Facebook and Instagram;
• information to be published or displayed or posted on public areas of the Platforms, or transmitted to other users of the Platforms or third parties (collectively, “User Contributions”). If you use any discussion forum feature on the Platforms, be aware that any personally identifiable information you submit there can be viewed and used by other Platform users. Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of those with whom you may choose to share your User Contributions;
• product reviews or testimonials from you via our Platforms or any other platform that you use to make such product reviews or testimonials;
• information provided by you in any customer surveys and feedback;
• emails, documents, photos and other information provided to us for warranty or insurance purposes, complaints, or legal proceedings;
• information provided by you when completing registration or membership forms via any of our Platforms;
• information provided by you when completing registration or membership forms via any of our Platforms;
• past and present employment information provided in an employment application (including online application), cover letter and CV, or provided for employment related purposes;
• information relating to an in-store incident and/or accident;
• aggregated and anonymised information automatically collected by us (or third parties) when you visit our Platforms (using cookies and identifiers) such as IP address, host name, browser type and history, dates, times and duration of search, pages visited on our Platforms, items added to cart and purchases made;
• aggregated and anonymised information automatically collected by us (or third parties) when you visit our Platforms (using cookies and identifiers) such as IP address, host name, browser type and history, dates, times and duration of search, pages visited on our Platforms, items added to cart and purchases made;
• location data if you allow our services to deliver content based on your location (e.g. by enabling this feature on your mobile device), which may be collected through Bluetooth or Wi-Fi signals;
• log information such as diagnostic, technical, error and usage information in order to optimise our delivery of products and/or services to you;
• all information required for the purpose of complying with requests by law enforcement, fraud prevention or credit reporting agencies, including relevant information contained in any legal, regulatory or enforcement proceedings provided by law enforcement and government agencies.

Employees

As an employer, we collect personal information from job applicants, prospective employees, and employees. When you apply for a role with us, we will collect personal information provided in your employment application, cover letter and CV, such as your employment history, references, and other information you choose to provide.

We collect personal information from our current employees such as bank account details, IRD numbers, emergency contact details, employment records, references (written and verbal), and other work-related information. We are required to collect some of this personal information by law but also collect personal information for business purposes such as payment of employees, training, to manage employment relationships and to keep employees safe.

We will try to obtain personal information directly from job applicants or employees; however we may use third parties to provide us with additional information, including but not limited to, references, licensing details and criminal history checks.

3. How Do We Collect Personal Information?

We collect, hold, and use personal information from a number of individuals including customers, employees (including job applicants), contractors and suppliers but only if it is necessary for our business purposes. We will only collect personal information lawfully and fairly and will not do so in an unreasonably intrusive manner.

We collect information in a number of ways but generally will collect personal information directly from the individual unless it is unreasonable or impracticable to do so. We may also obtain information indirectly from third parties, persons acting on your behalf, or automatically via our Platforms, using cookies or interest-based advertising.

We collect information in the following ways:

• when you purchase products and services from us;
• when you place an order via our Platforms;
• when you create a customer account in-store or online via any of our Platforms;
• when you sign up to receive promotional messages or newsletters from us;
• when we arrange the service or repair of a product;
• when we provide a service to you e.g. delivery or installation;
• from suppliers or manufacturers for product recalls or warranty issues;
• from insurance companies (for insurance claims) and credit providers;
• from CCTV cameras operating in store for security and safety purposes;
• when you become a member of Photocentre Online or sign up for our newsletters;
• when you use our photo kiosks in-store;
• when you contact us in person, by phone, email, online or through any of our Platforms;
• when you access and interact with our Platforms via email or online chats;
• when you engage with us on social media including but not limited to Facebook and Instagram;
• when you provide feedback, comments or submit a product review;
• when you complete any forms such as incident forms or email subscriber forms;
• when you participate in any competitions or promotions;
• when you apply for a job, or commence employment with us including information collected for employment, human resources and payroll related functions;
• automatically when you access our Platforms, by the use of automated tools and methods such as cookies and other tracking technology;
• from web hosting providers, analytics companies, social media platforms, data companies and advertising services;
• from web hosting providers, analytics companies, social media platforms, data companies and advertising services;
• from any of our service providers, third-party affiliates, or contractors if they have collected personal information for our provision of the services;
• from our business partners and/or analytics providers such as aggregated or de-identified demographic/profile information from third party sources including selected partners and companies that specialise in providing enterprise data, analytics, and software as a service;
• from third party single sign-on services when you register or login to our Platforms using a single sign-on service which has been used to authenticate your identity and connect your social media or other login information with our Platforms;
• from any person who you have given permission to act on your behalf or to share with us personal information they hold on you.

Information Collected Automatically

When you access our Platforms or social media pages, we may use automated tracking technology (such as cookies and identifiers) to collect information about you to enhance your interaction with our Platforms and ensure a more personalised online shopping experience.

Cookies are small text files that are placed in your browser by the sites you visit to enable information to be stored and retrieved later by web page servers. Cookies allows us to record information about your visit including the type of browser you use, your IP address, the previous sites you have visited and the pages you have accessed. This helps us provide additional functionality to our Platforms. Cookies protect your privacy as the information collected is non-personal, de-identified, anonymised and aggregated analytical information. Cookies will not give us access to any data on your computer other than the data stored in the cookie. We cannot personally identify you as the source of the data.

Our systems use cookies (including cookies developed by our third-party service providers) to automatically collect information about your visit including:

• the internet protocol (IP) address and the domain name used by your computer to access our Platforms;
• the type of web browser you used to access this site e.g. Google Chrome;
• the operating system used e.g. Windows 11;
• the date, time and duration of your visit;
• the search terms you used to find content on our Platforms;
• the pages you accessed and the links you clicked on.

We use this information for a number of different purposes including but not limited to:

• to measure web traffic, browser history and transaction patterns, so we can improve the content, reliability and effectiveness of our Platforms;
• to research our users’ habits and preferences so we can improve our products and services and create a more personalised experience by recommending products and services based on past behaviour;
• to operate our Platforms efficiently with high levels of functionality;
• to perform ad measurement services;
• to evaluate the effectiveness of our marketing and advertising initiatives on our Platforms, other websites and social media platforms.

We allow third parties to place web analytics and advertising cookies on our Platforms. This information is anonymised and is used to display customised or targeted marketing or advertising material on our Platforms, other websites, or social media sites that you visit.

Web Analytics Cookies

We use third-party service providers such as Google and Emarsys, who use cookies and other web analytics tools to analyse the browsing behaviour of our customers, which helps us to understand how users use our Platforms, how we can improve our Platforms and guarantee their security and continued proper functioning. The data collected is in aggregate and anonymised form and cannot personally identify you.

Google uses Google Analytics to monitor anonymised IP addresses and provide us with aggregated reports on such things as the number of page views, the number of visitors, time spent on our Platforms, browser types, and entry and exit points to the Platforms. The information collected will be used by Google to compile aggregated reports on website activity and internet usage.

Emarsys helps us understand how you engage with us through various channels including email, social media, and websites, so we can improve your customer experience.

Advertising Measurement

We also use third-party tracking technologies, such as Google Ads and Facebook Pixel, to optimise and improve our marketing and customer experience by personalising content by way of targeted advertising. These third parties display targeted advertising to you based on your use of our Platforms, your purchases, and your interactions with our advertising on other third-party websites. These third-party advertising cookies collect information from our Platforms to improve our advertising and deliver personalised advertising to you. This means that you may see ads from us when you visit other websites. We may also use social media platforms to advertise our products and services.

Social Media Platforms, Features and APIs

If you choose to interact with us or access our Platforms via social media sites, any personal information that you provide on our social media page or posts, may be shared with other users of that site. This will depend on your account and privacy settings within these sites. Please ensure that you are aware of these social media sites’ privacy policies, as any personal information that you submit to these social media platforms will be governed by each respective privacy policy and to the maximum extent permitted by law, we accept no responsibility for the acts or omissions of those third parties.

Our Platforms also include social media features such as the Facebook like button, widgets, the share button or other interactive programs that run on our sites. These features may collect your IP address, which pages you visited, and how long for. If you’re a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other personal information. Social media features and widgets are either hosted by a third party or hosted directly on our Platforms. Your interactions with these features are governed by the privacy policy of the third party providing it and to the maximum extent permitted by law we accept no responsibility for the actions of those third parties.

We may provide an application programming interface (“API”) to enable third party applications to interface with our Platforms. Some applications enable you to interact with us through the API in a way that requires you to log in. To do this, most of these applications will direct you through a process where you are able to let the application connect to your account.

If you allow an application to connect your account on our Platforms, including if you set up your account on our Platforms using an API with a third party social media platform, that application will be able to access information that you can see when you are logged into our Platforms. You should only allow applications you trust to access your account on our Platforms.

If you set up your account on our Platforms using an API with a third party social media platform, you also consent to us obtaining and using your information from such platform.

How to Manage Cookies

Some web browsers are set to accept tracking technologies such as cookies. You can choose to disable cookies in your website browser settings, but you may experience a loss of functionality on our Platforms as a result.

4. What Happens If We Are Unable to Collect Personal Information?

It is your decision whether to provide personal information to us. If you choose not to, you can deal with us anonymously. However, if you do not provide your personal information, we may not be able to provide you with access to certain information, products or services, or tailor our content, Platforms, and communications to your preferences.

There will be some circumstances where we will collect personal information because it is required by law, our policies require us to do so, or because it would be impracticable to deal with you anonymously. Some of those circumstances include but are not limited to:

• where you purchase products online and you need to collect in-store;
• where you purchase products to be delivered or installed;
• where you purchase Product Care;
• where you apply to purchase products and/or services on finance;
• where you return products for a repair, or make a warranty or consumer guarantees claim;
• where you return products for a repair, or make a warranty or consumer guarantees claim;
• where you agree to provide information for future purposes such as receipt retention for warranty purposes.

5. Why Do We Collect Personal Information From You?

Our main purpose for collecting, managing, and disclosing information about you is to provide products and services to you, to understand your needs and to provide customer service. In addition, we collect, hold and disclosure your personal information for other purposes connected with our business operations including:

• to fulfil orders and deliver products and services to you that you have ordered or purchased including products that are shipped direct to you from the supplier;
• to conduct, manage and protect our business;
• to allow a repair agent to contact you to arrange a repair at your home or to collect a product for repair;
• to provide and manage customer accounts;
• for authorising and processing payments;
• to manage credit applications with financial and credit service providers;
• to communicate with you in person, by phone, email, social media, advertisements, or via our Platforms;
• to provide information, recommendations and advice about our products and services;
• to process a refund or exchange of a product;
• to manage product warranty or consumer guarantee claims including product or safety recalls;
• to manage any requests, enquires, complaints and other customer-related services by phone, email, social media, online or via one of our Platforms;
• CCTV surveillance in our stores for security, safety and operational purposes;
• to verify your identity to purchase certain products or to collect products in-store that have been ordered online;
• to conduct competitions or promotions;
• to comply with our obligations with third parties such as telecommunication service providers and consumer finance providers;
• to communicate and manage our relationships with stakeholders;
• for recruitment and employment purposes;
• to analyse and evaluate our Platforms’ performance and interactions with you so we better understand your needs, so we can improve your customer service experience in store and online;
• to evaluate the effectiveness of our online advertising so we can personalise the content we display to you, which includes providing you with further information about us or other Platforms or products and/or services offered by us or our related companies or third parties or which may be of interest to you;
• to perform ad measurement;
• to identify and investigate health and safety incidents involving our premises, staff, customers and visitors;
• to identify and prevent harm to us or others including detecting fraud, data security and privacy incidents and other harmful activity;
• to investigate a breach of our terms and conditions, or any suspected unlawful or criminal activity;
• to investigate a breach of our terms and conditions, or any suspected unlawful or criminal activity;

6. Who Do We Share Your Personal Information With?

We may share your personal information with third parties to the extent necessary to carry out our business activities, where we are authorised or required to disclose that information by law or for safety reasons, where you have authorised or requested us to do so, or as otherwise stated in this policy. Some examples of who we may share your information with include:

Employees and Related Companies

We may share your personal information with our employees, contractors, our Australian based parent company, Harvey Norman Holdings Limited, or other related companies. However, information will only be shared for the purposes set out in this policy.

Service Providers

We engage third party service providers and agencies to undertake services for us in connection with our business and to assist in delivering services to you. We may share your personal information with these service providers if it is required to fulfil these services. Some examples of service providers we may use are:

• operational, administrative, and technical providers with whom we contract to help us provide products and services to you;
• logistics and delivery providers who help us deliver online shopping orders;
• delivery companies and installation providers;
• payment systems operators and financial institutions including but not limited to Afterpay and Latitude Financial Services;
• payment systems operators and financial institutions including but not limited to Afterpay and Latitude Financial Services;
• recruitment service providers;
• internet, email and data storage service providers;
• advertising, promotional, social media and search engine companies that we engage including but not limited to Google and Facebook, who display advertising or content based on your personal information or preferences.
• marketing and research companies who help us collect reviews and feedback and analyse customer behaviour to improve your experience with us;
• IT and software providers including providers of security technology, application and systems, cloud computing facilities, email development and technical support, processing, storing, hosting and data analysis.

Manufacturers, Suppliers and Repair Agents

We may also share your personal information with manufacturers or suppliers (including Customer Direct suppliers) of products or services for the purposes of order fulfilment, delivery, product warranty, recall purposes, product safety issues or repairs.

Advertising Providers

For advertising measurement, we may share personal information (which uses an encryption process called “hashing”) with third party advertising providers such as Google and Facebook. This encryption process means your personal information is readable only by the intended recipient.

To provide more relevant ads, we may also provide encrypted personal information to our advertising providers/partners. Once encrypted this information is unlikely to be identifiable to an individual.

Third Parties – Where Required or Authorised or Not Prohibited by Law

We may also share your personal information where we are required or authorised by law or not prohibited by law, including:

• for legal compliance and law enforcement purposes including disclosing information to law enforcement, credit reporting and government agencies for the investigation of criminal or fraudulent activities;
• to comply with government agencies’ statutory powers e.g. Police and IRD;
• to facilitate legal proceedings in courts, tribunals and regulatory authorities;
• to protect the rights, property or safety of Harvey Norman, our customers and others e.g. under the Health and Safety at Work Act 2015;
• where we reasonably believe disclosure is necessary to uphold the maintenance of the law, to protect your safety or the safety of others, or to protect national intelligence and security e.g. under the Privacy Act.

Persons Acting on Your Behalf

We may share information with persons acting on your behalf. This includes persons authorised by you including legal representatives, trustees, and executors. Persons acting on your behalf may need to show proof of authority to act and identity.

All third parties we share your personal information with must protect and safeguard this information from unauthorised use and disclosure and must only use it for the purposes for which it was supplied. We take all reasonable steps to ensure that those third parties comply with privacy requirements under the Privacy Act or have comparable privacy protections in place.

Sale of Personal Information

Except to the extent transferred as part of a sale of some or all of our business, Your personal information will not be shared, sold, leased or disclosed to third parties, other than as described within this privacy policy or as required or permitted by any law. By providing us with your personal information you agree to us using and disclosing your personal information in the manner set out in this policy.

7. How Long Do We Keep Your Personal Information For?

We retain your personal information for as long as it is required for the purposes for which the information was collected and may be lawfully used. However, we may also be required to keep some of your personal information for specified periods of time under applicable laws or regulations such as financial reporting and employment legislation, or due to legal or contractual obligations.

8. How Do We Store and Protect Your Personal Information?

The personal information we collect about you is held at our head offices (72 Cavendish Drive, Manukau, Auckland), our stores, other offices, and storage facilities, and by our data service providers, electronically or in hard copy, using physical and electronic storage facilities.

Where we store this information will depend on the nature and purpose of that information and the way which it was supplied to us. Customer records and other electronic documents are stored on our IT systems and data centres, and in online cloud platforms provided by us or third parties (whether in New Zealand or overseas). We also use SAP and Microsoft Office 365 applications. Hard copy documents are securely stored at various locations including our head offices, individual stores and warehouses, at third party document management and archiving facilities.

Harvey Norman maintains a secure physical and electronic environment, using suitable security measures (including physical security such as locks and security systems and computer and network security such as firewalls and passwords) to protect your personal information from unauthorised or accidental access, use, disclosure, alteration, loss, or destruction.

Our computer systems are protected by firewalls, modern encryption standards and are password protected. We do regular backups, which are encrypted and are held in secure storage facilities. Access to personal information is limited to authorised staff, which minimises the risk of unauthorised access to or misuse of personal information. We also have a privacy breach response plan in place to manage any data or privacy breaches.

Our websites have security measures in place to protect your information and to provide a secure and safe platform from which to conduct online transactions. Our websites employ the industry standard Secure Sockets Layer (SSL) technology from the TNS gateway, which encrypts information such as credit card details and personal information as it is transmitted over the internet. Credit card details and other financial information are not retained on our website or in our POS system.

While we take technical and organisational measures to protect your information on our Platforms , unfortunately no data transmission over the internet can be guaranteed as completely secure. Accordingly, we cannot guarantee the security of any information you send to us or receive from us via the internet. Transmission of information over the internet is at your own risk.

Links to Third Party Websites

Our Platforms may contain links to third-party websites which are provided for your convenience and are not endorsed by us. To the maximum extent permitted by law, we are not responsible for the content or material contained in any third-party websites or the privacy practices of the third-party websites in collecting and managing any personal information you provide. When visiting third-party websites from links on our Platforms, we recommend that you review their privacy policies.

9. What You Can Do to Help Keep Your Information Safe

We take great care in protecting your privacy and making sure your personal information is secure. To help keep your personal information safe, we encourage you to do the following:

• When you visit our websites, to ensure you are accessing a secure server, please check for the closed lock symbol in the browser window. This indicates that SSL is active. You can also check by looking at the URL which should read “https” rather than just “http”.
• Please ensure your internet browser, software and computer system are secure, up to date and free from any viruses.
• If you have set up an online account, please ensure you keep your sign in details (including your password), safe and confidential at all times. Remember to log out of your account if you are using a public computer.
• Please notify us of any changes or corrections to your personal information such as your phone number and email address.

10. How Can You Access and Update Your Personal Information?

At Harvey Norman we take reasonable efforts to ensure that the information we hold about you is accurate, complete, and up to date. To assist us to do this, please inform us if any of your details change at any time.

Under the Privacy Act, you have rights of access to and correction of personal information we hold about you. This can be done by contacting us at privacy.officer@nz.harveynorman.com

11. Unsubscribing to Electronic Messages

Where you have authorised us to send you marketing or promotional messages or information relating to your purchases, you can request us to stop sending such messages at any time in the following ways:

• Email: Select the ‘unsubscribe’ option in one of the emails that you received from us. This is normally found at the bottom of the email.
• SMS: Unsubscribe by texting the word “STOP” after receiving a message or alternatively contact your store of purchase.
• Contact our Customer First Team on admin.online@nz.harveynorman.com.

12. What Can I Do If I Have a Privacy Query or Complaint?

We are committed to maintaining and protecting your privacy. If you suspect any misuse, loss of, or unauthorised access to your personal information, please contact us immediately.

If you have any queries or complaints about the way we collect, handle, or use your personal information, or you believe that we may have breached our obligations under the Privacy Act, please contact our Privacy Officer at:

• Harvey Norman Stores (N.Z) Pty Limited
• Private Bag 94035
• Manukau
• Auckland 2410
• Phone: (09) 261 4400
• privacy.officer@nz.harveynorman.com

The Privacy Officer will acknowledge receipt of your complaint or query promptly and will respond to your request. If your complaint or query is complicated or requires further investigation, our response may take additional time to finalise.

13. Updates to this Privacy Policy

We may update this policy from time to time by publishing an updated version on our applicable Platforms. Any amendments to the policy will take effect immediately.