Privacy Policy

We take your privacy very seriously.

At Taylored Technologies Limited (we, us, our), we are committed to protecting your Personal Information and ensuring compliance with the New Zealand Privacy Act 2020 (Privacy Act) (if you are in New Zealand), the European Union’s General Data Protection Regulation (GDPR) (if you are in a Member State of the European Union), and the California Consumer Privacy Act (CCPA) (if you are a California resident).

This Privacy Policy gives details of the Personal Information that we collect via our website(s), Digital Wearable Devices, mobile apps, diagnostic tests, or when you interact with us or use our Services.

This Privacy Policy also covers how and why Personal Information is collected, used, disclosed, and processed; and the lawful basis on which your Personal Information will be processed by us; how you can request access to or correction of your Personal Information, and how you can manage receiving communications from us.

If you are in the EU or if you are a California resident, then you have additional rights under the applicable privacy laws which are outlined in the ‘GDPR’ and ‘CCPA’ sections of this Privacy Statement.

This Privacy Policy should be read in conjunction with our Terms of Use. Unless defined in this Privacy Policy, all capitalised terms have the same meaning given to it in our Terms of Use.

Collection and Use of Personal Information and Health Data

We collect personal information such as name, contact information, payment details, and health data including genetic and wearable diagnostic testing, medical history, and any relevant health information that the guest chooses to disclose. This information is collected to create a personalised health experience for each guest during the XXuop retreat, tailor each guest’s experience to their individual needs, and provide them with advanced knowledge and tools to enhance their health and well-being.

All information collected will be solely used for the purpose of the retreat and will not be shared with any third parties without the guest’s explicit consent, unless required by law.

Access, Correction, and Deletion of Personal Information and Health Data

Guests have the right to access, correct, or delete their personal information and health data held by us, in accordance with the New Zealand Privacy Act 2020. To exercise these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with the law.

If you no longer agree with our Privacy Policy or do not agree with the changes that we make to our Privacy Statement from time to time, please discontinue your use of our Site. If you withdraw your consent, we will stop collecting your Personal Information, but we may not be able to continue providing some or all of our Services to you.

If you wish to ‘opt-out’ of receiving certain communications from us or your Personal Information being provided to third parties for direct marketing purposes, then you should notify us or unsubscribe from our mailing list by clicking ‘unsubscribe’ at the bottom of our communications to you. If you decide to do so, then we will only communicate with you to the extent necessary to perform our obligations to you, such as to complete our transaction with you or where we are required to do so by law.

You can otherwise contact us at any time by emailing [email protected] or writing to us at Taylored Technologies Limited, 83A Tristram Street, Level 2, Hamilton, 3204, New Zealand, Attn: Privacy.

For the purpose of:

The GDPR, the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
The Privacy Act, your Personal Information will only be used for the purpose for which it was collected in accordance with this Privacy Statement and the law. If that purpose no longer exists or your Personal Information is no longer needed for the purpose in which it was collected, then we will no longer use your Personal Information.
The CCPA, you may exercise your ‘right to opt-out’ and ‘right to delete’ and request that we stop collecting your Personal Information and delete the Personal Information that we hold about you (subject to lawful exceptions).

Data controller

The “data controller” (for the purpose of the GDPR), the “agency” (for the purpose of the Privacy Act) and the “business” (for the purpose of the CCPA) that is responsible for your information is Taylored Technologies Limited (NZCN 8135230), based in New Zealand.

Information that is collected and processed

The table below outlines the 5 general categories of information that we collect for processing and the legal basis on which that information is processed:

Category		Types of Personal Information collected	Legal Basis for Processing
*Information you give us* You may choose to provide us with Personal Information when you communicate with us.	Example: when you make a request for our Services or make queries, or when you opt-in to receive our marketing and promotional materials.	Contact details (name, postal address, email, phone number) Your preferences Your account information Your payment information Any other information you choose to give us.	We collect and process this information based on our legitimate interest to respond to your requests or queries, to provide you with a high level of customer service, to market and promote our Services to you, and to fulfil our contractual obligations to you.
*Information that is necessary for your use of our Site* We ask for and collect Personal Information when you use our Site.	Example: when you sign up for our Services and use our Site, when you use clinical diagnostic kits.	Your account history Any additional information we request and that you provide in connection with the performance of our Services to you.	We collect and process this information based on our legitimate interest to respond to your requests or queries, to provide you with a high level of customer service, and to fulfil our contractual obligations to you. Without the information, we may not be able to provide you with the requested Services.
*Information we automatically collect from your use of our Site* When you use the Site, we automatically collect Personal Information about the Services you use and how you use them.	Example: when you use certain features within our Site, when you visit or when you browse the content on our Site, when you accept our ‘Cookies’ (see ‘How we use cookies’ below).	Your geo-location through your IP address or mobile device’s Bluetooth Your user information (content, webpages, other actions performed on our Site) Your payment and transaction history.	We collect and process this information based on our legitimate interest in ensuring a positive user experience, performance of our contract with you, to provide and improve the functionalities of our Site.
*Information we collect from your use of our Services* When you use our Services, we collect Personal Information required to provide you with the Services.	Example: when you enable a connection between the Digital Wearable Devices and Otto. When you activate at-home diagnostic kits or submit samples for clinical testing.	Your bio health data (including but not limited to genetics hormones, gut health, heart rate variability, blood glucose, sleep patterns). Your genetic information such as DNA.	We collect and process this information based on our legitimate interest to provide you with our Services and providing you with insights into what your genetics reveals about traits about your wellness. Enhancing the customer experience across the Company. Improving the quality of our laboratory processes and technology, and building new products and services, including services related to your personal wellness.
*Information we collect from third parties* We may collect information that others provide about you or obtain information from other sources (including our third party service providers) and combine that information we collect through our Site.	Example: when you link, connect or login to our Site from a third party service (eg Google, Facebook, Oura, BioStrap, Great Plains Laboratories etc), and when other parties provide us with information, including data about your bio health.	Your Service preferences Your profile information from third party sites Your user information from third party sites Other information from publicly available sources.	We collect and process this information based on legitimate interest in ensuring a positive user experience, ensuring the security of our Site and the safety of our customers and, where necessary, to communicate with you.
*Information we collect specifically for the XXup Wellness Retreat* When you confirm your attendance to the retreat, we collect health and data information	Example: We may ask for your health and medical history	health data including genetic and wearable diagnostic testing, medical history, and any relevant health information	We collect this information to create a personalised health experience for each guest during the XXuop retreat, tailored to each guest’s individual needs.

In addition to those that are outlined in the table, we will also collect and process information where you give us your informed consent.

How the information is used and disclosed

With your consent, we will collect, use and disclose your Personal Information for the following purposes:

to provide you with our Services, including to:
identify and verify your identity;
communicate with you, such as sending you promotional emails about new Services, special offers, promotions or information about our Services;
update, secure, and troubleshoot our Services as well as providing support;
share information, when it is required to provide the Service;
improve and develop our Services;
personalise the Services and make recommendations to you;
respond to your queries regarding the Site, or our Services;
provide you with a positive user experience when you visit our Site or use our Services;
to bill you and to collect our Fees that you owe us, including authorising and processing credit card transactions or undertaking credit checks (if necessary);
develop new Services, features and/or content; and
keep you updated on things that are happening at Taylored Technologies;
to run and maintain our Site and Services such as ensuring our Site and network system are secure;
for our internal record keeping purposes;
to allow for the operation of our legitimate business activities and functions;
the sale of all or substantially all of our business (whether by assets or shares);
to comply with our legal obligations; and
for any other purposes you consent to.

From time to time, we may disclose your Personal Information to third party service providers, in both New Zealand and overseas, whom we engage to assist us in our business functions and activities (for example sending your Wellness Data to overseas labs for testing, sending marketing communications, and providing maintenance services for our Site). We will require our third party service providers to comply with the terms of this Privacy Policy and the applicable privacy laws of the country in which they are located.

We may also use third party service providers to monitor and analyse the use of our Services such as:

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their privacy policy: https://policies.google.com/privacy.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

Firebase

Firebase is an analytics service provided by Google Inc.

You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their privacy policy: https://policies.google.com/privacy.

We also encourage you to review the Google’s policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.

For more information on what type of information Firebase collects, please visit the How Google uses data when you use our partners’ sites or apps webpage: https://policies.google.com/technologies/partner-sites.

Klaviyo

Klaviyo is an email marketing and communications service provider and we may use Klaviyo to manage and send emails and text messages to you.

Their privacy policy can be viewed at: https://www.klaviyo.com/marketing-resources/data-privacy.

In some cases, we may remove personal identifiers from your Personal Information and maintain it in an aggregate form. We may combine this information with other information that we hold to produce anonymous, aggregated statistical information to form part of our Services or our marketing, or in scientific publications published by our research partners. Once your Personal Information is anonymised, it may no longer be capable of identifying, or being re-linked, to you.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse information about web page traffic and improve our Site to tailor it to customer needs. We only use this information for statistical analysis purposes and then the information is removed from the system when it’s no longer required for the purpose.

Overall, cookies help us provide you with a better Site and user experience by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the information you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

If you decline cookies, this may prevent you from taking full advantage of functionality and Services available on our Site.

List of cookies we collect

The table below lists the cookies we collect and what information they store.

Cookie Name	Cookie Description
FORM_KEY	Stores randomly generated key used to prevent forged requests.
PHPSESSID	Your session ID on the server.
GUEST-VIEW	Allows guests to view and edit their orders.
PERSISTENT_SHOPPING_CART	A link to information about your cart and viewing history, if you have asked for this.
STF	Information on Services you have emailed to friends.
STORE	The store view or language you have selected.
USER_ALLOWED_SAVE_COOKIE	Indicates whether a customer allowed to use cookies.
MAGE-CACHE-SESSID	Facilitates caching of content on the browser to make pages load faster.
MAGE-CACHE-STORAGE	Facilitates caching of content on the browser to make pages load faster.
MAGE-CACHE-STORAGE-SECTION-INVALIDATION	Facilitates caching of content on the browser to make pages load faster.
MAGE-CACHE-TIMEOUT	Facilitates caching of content on the browser to make pages load faster.
SECTION-DATA-IDS	Facilitates caching of content on the browser to make pages load faster.
PRIVATE_CONTENT_VERSION	Facilitates caching of content on the browser to make pages load faster.
X-MAGENTO-VARY	Facilitates caching of content on the server to make pages load faster.
MAGE-TRANSLATION-FILE-VERSION	Facilitates translation of content to other languages.
MAGE-TRANSLATION-STORAGE	Facilitates translation of content to other languages.

Transfer of information to other countries

In order to provide you with our Services, we may need to disclose and transfer your Personal Information to third parties located outside New Zealand. We will take reasonable steps to ensure that the overseas recipient is required to protect your Personal Information in a way that, overall, provides comparable safeguards to those under New Zealand privacy laws. Examples of such steps include a written agreement between us and the recipient, or making reasonable enquiries regarding the data protection standards of the country in which the recipient is domiciled in.

If you are in a Member State of the European Union, your Personal Information may be transferred to or stored in a geographic region that imposes different privacy obligations than the country you are currently in. We will only transfer your Personal Information to a “secure third country”, such as New Zealand, or to a third country or international organisation where appropriate safeguards are provided in accordance with the GDPR.

Controlling your Personal Information

You can choose to restrict the collection or use of your Personal Information in the following ways:

Indicate to us in writing that you do not wish to be contacted for direct marketing purposes. If you have told us, then you have opted-out of receiving electronic marketing communications from us.
If you have previously agreed to us using your Personal Information for direct marketing purposes, you can change your mind at any time by letting us know you no longer wish for your Personal Information to be used for direct marketing purposes by contacting us using the contact details listed above or unsubscribing from our mailing list by clicking ‘unsubscribe’ at the bottom of our electronic communications.

We will not sell, distribute or lease your Personal Information to third parties unless we have your consent or we are required by law to do so.

Links to other websites

Our Site may contain links to other websites of interest. However, once you have used these links to leave our Site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting third party websites and such websites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to those websites.

How you can request access or correction of your information

If you wish to request correction of your Personal Information that we hold, please login to your account on our Site to make changes. If you do not have an account with us, then contact us using the contact details listed above.

We will correct your Personal Information if it is necessary to ensure that your Personal Information is accurate, up to date, complete and not misleading. If we decide that it is unnecessary to correct your Personal Information, we will let you know the legal reasons for our decision. If you are not happy with those reasons, then you have the right to complain to the New Zealand Privacy Commissioner: www.privacy.org.nz/your-rights/how-to-complain/.

If you wish to request access to your Personal Information that we hold, contact us using the contact details listed above. You have the right to request access to Personal Information that we hold about you. If we do not give you access to the Personal Information that you have requested, then we will let you know the legal reasons for not disclosing your Personal Information. If you are not happy with the legal reasons provided, then you have the right to complain to the New Zealand Privacy Commissioner: www.privacy.org.nz/your-rights/how-to-complain/.

Security

We are committed to ensuring that your Personal Information is secure. To prevent unauthorised access, use, modification, disclosure, loss or destruction, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Information that we collect. We will also take reasonable steps to ensure that our third parties whom we disclose your Personal Information to also take reasonable steps to protect your Personal Information in accordance with this Privacy Policy and the applicable privacy laws.

Privacy complaints

If you are in New Zealand and you think that your privacy rights have been interfered with, you can make a written complaint to our Privacy Officer by email to i[email protected], or otherwise contact the NZ Privacy Commissioner at https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-form/.

GDPR

If you are in a Member State of the European Union, you have the following rights with respect to your Personal Information:

Lodging complaints: You have the right to lodge a complaint with a ‘supervisory authority’ established by a Member State under Article 51 of the GDPR.
Right of rectification: You have the right to obtain from us without undue delay the rectification of inaccurate Personal Information. We may seek to verify the accuracy of the Personal Information before correcting it.
Right to restrict processing: You have the right to limit the ways in which we use your Personal Information, in particular where:
you contest the accuracy of your Personal Information;
the processing is unlawful and you oppose the erasure of your Personal Information;
we no longer need your Personal Information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or
you have objected to the processing of your Personal Information pending the verification by a supervisory authority of whether our legitimate grounds to process override your own.
Right of access and portability: You have the right to request certain copies of your Personal Information held by us. You may also be entitled to request copies of Personal Information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider nominated by you (where technically feasible).
Right to be forgotten: You have the right to request the erasure of your Personal Information without undue delay where one of the grounds set out in Article 17(1) of the GDPR apply. Please note that:
we may retain some of your Personal Information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety;
we may retain and use your Personal Information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, auditing and regulatory compliance obligations; and
Because we maintain our Site to protect from accidental or malicious loss and destruction, residual copies of your Personal Information may not be able to be removed from our backup systems.

If you are in the EU and you think that your privacy rights have been interfered with, you can make a written complaint to our representative in the EU for GDPR purposes by email to [email protected].

CCPA

Under the CCPA, Personal Information means ‘information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.’

If you are a California resident, you have the following rights with respect to your Personal Information:

Right of Access: You have the right to request that we disclose to you the categories of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business purpose or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share Personal Information, and the categories of Personal Information we have disclosed about you for a business purpose. You also have the right to request that we provide you with a copy of the specific pieces of Personal Information we have collected about you in the preceding 12 months of your request without any charge to you.
Right to Deletion: You have the right to request that we delete the Personal Information we collect from you. However, in certain situations we are not required to delete your Personal Information, such as when the information is necessary in order to complete the transaction for which the Personal Information was collected, to provide Services requested by you, to comply with a legal obligation, to secure our Site or other online Services, or to otherwise use your Personal Information internally in a lawful manner that is compatible with the context in which you provided the information.
Right to opt-out: We do not sell Personal Information to third parties without your consent. We do allow third parties to collect Personal Information through our Site and share Personal Information with third parties for the business purposes described in this Privacy Policy. You can at any time opt-out of your Personal Information being used for direct marketing purposes (including continuing to receive promotional materials from us) by contacting us using the contact details listed above or unsubscribing from our mailing list by clicking ‘unsubscribe’ at the bottom of our communications to you.
Right Not to Be Subject to Discrimination: We do not discriminate against a customer because the customer exercised any of his or her rights under the CCPA.