Privacy Policy

Raised ("we", "our", "us") is committed to protecting your privacy and personal information in accordance with the New Zealand Privacy Act 2020 and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

Information We Collect

The type of personal information collected depends on how you use the Platform:

For Organisations and Wholesalers (Account Holders):

• Name and contact details (email, phone number)
• Organisation information (business name, type, address)
• Banking and payout information
• Account credentials and authentication information
• Storefront and product information you create

For Customers (Purchasers):

• Name and contact details (email, phone number)
• Delivery address
• Order details and purchase history
• Payment information (processed by Stripe - we never see credit card details)
• Marketing preferences

Note: Customer information collected through Organisation storefronts is primarily controlled by the Organisation, not Raised. See "Data Controller Relationships" below.

For All Users:

• Website usage data (IP address, browser type, pages visited)
• Device information and cookies
• Communications with us (support requests, feedback)

For more information about how we use cookies, please see our Cookie Policy.

Data Controller Relationships

Understanding who controls your data:

• Raised as Platform Provider: For Organisations and Wholesalers who create accounts, Raised is the data controller for your account information. For Customers, Raised acts primarily as a data processor on behalf of the Organisation running the storefront where you made a purchase.
• Organisations as Primary Controllers: When you make a purchase through an Organisation's storefront, that Organisation is the primary data controller for your personal information. They determine how your data is used, stored, and shared (within the bounds of our Terms of Service).
• Wholesalers as Data Recipients: When an Organisation uses a Wholesaler to fulfill orders, the Wholesaler receives customer data as a data recipient/processor and may also be a joint controller for certain purposes (e.g., direct marketing).

What this means for you: If you are a Customer and have privacy concerns or requests about your data (access, correction, deletion), you should contact the Organisation that operates the storefront where you made your purchase. Raised can assist in facilitating these requests but may need to direct you to the Organisation as the primary data controller.

How We Use Your Information

Raised uses personal information for the following purposes:

• Providing and maintaining the Platform infrastructure
• Processing payments through our payment provider (Stripe)
• Managing Organisation and Wholesaler accounts
• Facilitating transactions between Customers and Organisations
• Providing customer and technical support
• Sending important Platform updates and notifications
• Improving our services and developing new features
• Detecting and preventing fraud and suspicious activity
• Complying with legal obligations
• Marketing our Platform (with your consent where required)

Information Sharing and Disclosure

Raised shares personal information as follows:

Customer Information Shared with Organisations:

When you make a purchase through an Organisation's storefront, we share your personal information (name, email, phone, address, order details) with that Organisation. The Organisation may use this information for:

• Order fulfillment and delivery
• Customer service and support
• Record-keeping and financial reporting
• Future fundraising communications
• Direct marketing (subject to your consent and anti-spam laws)

Customer Information Shared with Wholesalers:

When an Organisation uses a Wholesaler to fulfill your order, we share your personal information with the Wholesaler. The Wholesaler may use this information for:

• Order processing and delivery
• Inventory and logistics management
• Customer support related to products
• Direct marketing of their products (subject to your consent)

Other Information Sharing:

• Payment Processors: We use Stripe to process payments. Your payment information is transmitted directly to Stripe and is never accessible to Raised, Organisations, or Wholesalers. Stripe performs all required AML/KYC checks and sanctions screening. For more information, see our AML / KYC and Sanctions Compliance page.
• Service Providers: We share information with third-party service providers who assist in operating our Platform (hosting, analytics, email delivery, customer support tools).
• Legal Requirements: We may disclose information to legal and regulatory authorities when required by law, to protect our rights, or to investigate fraud or security issues.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, modification, or disclosure. This includes:

• Encryption of data in transit and at rest
• Secure access controls
• Regular security assessments
• Staff training on data protection

Your Privacy Rights

Under the Privacy Act 2020, you have the right to:

• Access your personal information
• Request correction of your personal information
• Be informed about how your information is being used
• Know whether we hold personal information about you
• Request deletion of your personal information in certain circumstances
• Object to certain uses of your personal information
• Complain to the Privacy Commissioner if you believe your privacy has been breached

Overseas Data Transfers

We may transfer your personal information to overseas recipients, including service providers located outside New Zealand. We ensure that any such transfers comply with the Privacy Act 2020 and that appropriate safeguards are in place.

Data Retention

Personal information is retained as follows:

• Platform Data: Account information for Organisations and Wholesalers is retained for the duration of your account and for a reasonable period after account closure to comply with legal obligations (e.g., tax, accounting, dispute resolution).
• Customer Order Data: Customer information collected through Organisation storefronts is retained indefinitely in the Platform for operational purposes, unless deletion is requested by the Customer and agreed to by the Organisation. Organisations may also retain this data separately and have their own retention policies.
• Wholesaler Data: Wholesalers may retain customer order information they receive indefinitely for their own business purposes (subject to their own policies and applicable laws).
• Legal Requirements: We may be required to retain certain information for longer periods to comply with New Zealand tax laws, accounting requirements, or other legal obligations.

If you wish to request deletion of your data, please contact the relevant party as described in "Your Privacy Rights" above.

Organisation and Wholesaler Responsibilities

Organisations and Wholesalers using the Platform have their own data protection responsibilities:

Organisations must:

• Act as data controllers for customer information collected through their storefronts
• Comply with the Privacy Act 2020 and other applicable privacy laws
• Provide customers with appropriate privacy notices
• Obtain necessary consents for data collection and use
• Implement appropriate security measures for customer data
• Respond to customer privacy rights requests (access, correction, deletion)
• Only use customer data for legitimate purposes (order fulfillment, customer service, consented marketing)

Wholesalers must:

• Handle customer data received through the Platform in accordance with the Privacy Act 2020
• Use customer data only for order fulfillment and consented marketing purposes
• Implement appropriate security measures to protect customer data
• Respond to customer privacy rights requests regarding data they hold
• Not misuse or sell customer data to third parties

Raised monitors for suspicious activity and may suspend accounts that violate these privacy obligations, but Organisations and Wholesalers remain independently responsible for their own compliance with privacy laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and, where appropriate, sending you a notification.

reCAPTCHA

This site is protected by reCAPTCHA and the GooglePrivacy PolicyandTerms of Serviceapply.