Cannulight Technology Limited - Privacy Policy
Effective Date: 19 June 2025
Cannulight Ltd ("Cannulight", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your data in accordance with international privacy laws, including:
General Data Protection Regulation (EU/UK GDPR)
California Consumer Privacy Act (CCPA/CPRA)
Australian Privacy Act 1988
New Zealand Privacy Act 2020
1. Who We Are
Data Controller: Cannulight Ltd
Business: Medical device manufacturer
Website: [www.cannulight.com]
Registered Office: Level 6, 36 Kitchener Street, Auckland, New Zealand 1010
Email: info@cannulight.com
Our designated Privacy Officer can be contacted via the above email address.
If you are based in the European Economic Area or the United Kingdom, and we do not have a physical presence there, we may appoint a local representative as required under GDPR. We will update this policy with that information when applicable.
2. What Personal Data We Collect
We collect the following categories of information:
Identity & Contact Information: Name, shipping address, email address, phone number
Order Data: Delivery and fulfilment records
Marketing Preferences: Consent status, engagement with promotional materials
How we collect it: Directly from you via website forms, email communication, and interactions with our services.
3. Why We Collect Your Data
Purpose and Legal Basis (EU/UK)
Purpose: Fulfilling sample orders - Legal Basis: Performance of a contract
Purpose: Customer support and communication - Legal Basis: Legitimate interests
Purpose: Risk, fraud, and security analysis - Legal Basis: Legitimate interests
Purpose: Marketing communications - Legal Basis: Consent (opt-in)
4. How We Use Your Information
To fulfil sample requests and arrange deliveries
To communicate with you about your requests
To detect and prevent fraud or misuse
To send marketing communications, with your prior consent
You can opt out of marketing communications at any time by clicking the ‘unsubscribe’ link in our emails or contacting us at info@cannulight.com
5. Sharing Your Data
We share your data only when necessary and in accordance with this policy:
Service Providers: Shipping carriers
Legal Authorities: When required by law or regulatory request
International Transfers: Your data may be stored or processed in New Zealand, and other countries. Where data is transferred internationally (e.g., to service providers in Australia, the United States, or the European Union), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with adequacy decisions.
6. Data Retention
Type of Data and Retention Period
Order and delivery data - 3 years after fulfilment
Marketing preferences - Until you unsubscribe or withdraw consent
Fraud and risk data - Up to 5 years
7. Data Security
We use appropriate technical and organisational measures to protect your personal information.
8. Data Breach Notification
We will notify relevant authorities and affected individuals of data breaches that may cause serious harm within 72 hours of becoming aware of the breach, as required by applicable laws including:
EU/UK GDPR supervisory authorities
Australian Information Commissioner (OAIC)
New Zealand Privacy Commissioner
Affected individuals where required by law
9. Your Rights by Jurisdiction
EU / UK
Under the GDPR, you have the right to:
Access, rectify, or erase your personal data
Object to or restrict processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
United States (California residents)
California residents may:
Request access to or deletion of their personal data
Request information about data "sales" or "sharing" (Cannulight does not sell or share data for commercial gain)
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights
Australia
Under the Australian Privacy Principles, you have the right to:
Request access to and correction of your personal data
Be notified of data breaches that may cause serious harm
Make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe your rights have been breached
New Zealand
Under the Privacy Act 2020 and its 13 Information Privacy Principles, you have the right to:
Request access to and correction of your personal information
Be informed if your data is transferred overseas (we may use processors in the USA and Australia)
Be notified of privacy breaches that may cause harm
Make a complaint to the Privacy Commissioner if you believe your privacy rights have been breached
We comply with New Zealand's 13 Information Privacy Principles and will notify the Privacy Commissioner of privacy breaches within 72 hours where required by law.
10. Children's Data
Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected such data, please contact us immediately.
11. Automated Decision-Making
Cannulight does not use automated decision-making or profiling that significantly affects individuals.
12. Changes to this Policy
This policy will be reviewed periodically. Material updates will be communicated via our website or email, where applicable.
13. Contact Us
For questions, concerns, or to exercise your rights, please contact: Privacy Officer Cannulight Ltd Email: info@cannulight.com
Response Time: We will respond to your privacy requests within one month of receipt (or as required by applicable local laws).
This privacy policy has been designed to comply with privacy laws across multiple jurisdictions. If you have specific questions about how your local privacy laws apply to our services, please contact our Privacy Officer.