JUMP TO

PRIVACY STATEMENT

Review date: June 2026

Your privacy is important to us. This privacy statement provides a global overview of the way Zespri collects, processes and protects your personal information. It applies to the operations and activities of Zespri Group Limited and its subsidiary companies (Zespri Group). Depending on the Zespri Group entity with which you interact, that entity will act as the data controller of your personal information and will manage personal information in the ways set out in this statement, and may share it with other Zespri entities and third parties as described below.

This statement covers the personal information we collect about the people we deal with – our consumers (the end users of our kiwifruit products), our growers (the passionate people who produce our quality fruit) and our customers, suppliers and contractors (the experts we rely on to get the job done). We may also give you further information about how Zespri manages your data at the time we collect personal information from you. It’s important that you read and understand everything we tell you about your information and the way we need to use it.

Individuals in the European Economic Area, the United Kingdom, or Switzerland, see also our EEA+ Supplemental Data Protection Law Disclosures

California residents, see also our California Consumer Privacy Act Policy


What we do with your information

Whether you’re a consumer, a grower or a contractor, we collect only the personal information we need to provide you with high quality Zespri services and products. 

We collect and process personal information about you to meet our contractual obligations to you as a grower, supplier or contractor, or as a consumer where you have entered a consumer promotion or competition. We also process information to meet our legitimate interests, including making sure we’re providing the best products and services we can, building strong customer and consumer relationships and managing complaints, health and safety or fruit quality control issues. Where legally required, we may also ask for your consent to process personal information for placing cookies, marketing activities (including audience segmentation, personalised communications based on profiling, and monitoring engagement with our websites, forms and emails), or for other market research or development purposes.  

Please note the collection and processing of employee and independent contractor information is managed by our internal People Privacy Notices. 

To find out more about how we process your personal information, click on the relevant category to you below:


Consumers

We collect personal information from you directly when you interact with us on our website, work with us on market research or other consumer projects, or when you enter our competitions or promotions. We may collect personal information about you when you engage with us on social media platforms, subscribe to our newsletters or other marketing communications, complete web forms, manage your preferences, make a complaint, query or otherwise interact with our consumer marketing campaigns and related platforms, or if you contact our staff to discuss your experiences, make a complaint or ask us questions. We may also be provided with anonymised, pseudonymised or de-identified information by third party market research providers we use (such as Kantar Group) to conduct in-market research in the food production industry. 

Where we collect personal information from you during promotions or competitions, or where we’re collecting your contact details  to communicate with you, we will tell you how we will use your personal information, particularly if we’re seeking your consent to communicate with you. Unless we advise otherwise at these times, you do not have to give us personal information, but you should note that we may not be able to provide the services or experiences you have sought from us if you don’t provide the information we seek.

The information we collect might include:

  • your full name;
  • demographic or preference data for research/analytics purposes, such as gender, age range or date of birth;
  • your contact details, including your phone number, physical address and email address;
  • your marketing and communications preferences;
  • information about your use of our websites, including:
    • technical information, such as your IP address, browser type and version, time zone setting, operating system and platform;
    • visit information, such as the path you took to our websites, the pages you visited and products you viewed and other ways you used our websites;
    • cookies and other tracking technologies (see more below on cookies);
  • information about your engagement with our emails and digital campaigns, such as whether an email was delivered, opened, clicked, bounced, unsubscribed from, or whether you submitted or completed a form, downloaded content, or visited particular campaign pages; 
  • public social media posts you have made about Zespri where legally permitted;
  • information you have provided to us about a particular market or health research topic, such as information about your preferences, knowledge, or use of our products or about your awareness of our brand;
  • notes of any calls you make to our customer service lines; and
  • any emails or other correspondence relating to any services you have sought from us or complaints or concerns you have raised with us.

 

Cookies

Cookies are small text data files that our website sends to your browser, which may then store it on your system for later retrieval by our website. Cookies track your movements through different websites. Cookies are widely used on websites to help with navigation and to help personalise your online experience. For more information on the way we collect and use cookies, see our Cookie Policy and if you are in the European Economic Area or the United Kingdom our EEA/UK Cookie Policy.

Children

We limit the information we collect about children and when legally required we rely on their parents or guardians to ensure that children in their care do not send any personal information to us without their knowledge and consent where legally required.

In order to deliver any services you have requested from us, and to meet our wider business purposes and interests, we need to use your personal information in certain ways. We will generally use your information in the ways set out below:

  • deliver any services to you or provide any information you have requested from us;
  • communicate with you about products, services or offers that we think you may like, based on the personal information you have provided to us and with your consent where legally required;
  • organise promotions and competitions and facilitate prize delivery, where relevant;
  • understand the ways you use our products and services, including our websites, or the path you have taken to find us;
  • conduct market or health research into the use of our products and services;
  • understand public opinion about our products and brand and, where appropriate, respond to comments made about these;
  • administer our websites and the use of services offered on them, including ensuring that our websites are safe and secure;
  • generally improve the products and services we offer, including our websites, and ensure that any negative experiences you have shared with us are addressed;
  • generally ensure that we market our products and services effectively and in a way that is relevant; 
  • create audience segments and tailor content based on your interactions with our emails and websites, including through profiling for direct marketing purposes; 
  • send and manage automated marketing communications and journeys;
  • maintain suppression lists and records of objections, unsubscribes and consent withdrawals so that we can respect your preferences and comply with applicable law;
  • measure and report on the performance of our campaigns and communications, including delivery, open, click, conversion and unsubscribe metrics; and
  • disclosure to a government agency or competent court, as required or permitted by applicable local law.

We may share your personal information with:

  • other entities within the Zespri Group;
  • our trusted information service providers, including cloud storage providers which may be located in New Zealand or overseas;
  • our trusted providers of other services, including analytical, research or marketing services, such as marketing automation campaign management, web hosting, form management, shopper panel research, analytics, customer support and preference-management services, where these services require the use or processing of personal information;
  • fulfilment, logistics or prize-delivery partners, where this is necessary to administer a promotion, competition or campaign and to deliver prizes or campaign materials to you;
  • advertising or social media partners to help us measure campaigns, create custom audiences, suppress existing contacts from campaigns, or reach individuals with more relevant advertising.
  • external advisors (e.g. lawyers);
  • our growers, where de-identified information is relevant to product development, (i.e. general feedback from the markets on new varieties of kiwifruit);
  • the public, via our websites or social media channels, where you have consented to this or as legally permitted by applicable law; or
  • government agencies, including the New Zealand Ministry for Primary Industries, or law enforcement agencies, where required or permitted by law.
 
Growers

As a grower, we may collect personal information from you directly, when you provide it to us (for example in your registration form) or we may gather or create personal information about you during your relationship with us (for example, the Zespri Grower Support Services team or other Zespri employees about your orchard, your product or your contract with us).

The provision of this information is not mandatory but if you do not provide it to us, we may not be able to work with you effectively or meet our contractual commitments to you.

Where you engage with us through a limited liability company or other corporate entity, some of the information listed below (such as orchard and product information) may not be personal information about you. However, where you are a sole trader, then this may be personal information about you.

The information we collect might include: 

  • your full name;
  • your contact details, including your phone number, address and email address;
  • your communication preferences;
  • your status as landowner or lessee;
  • financial information, including your bank account details, shareholder information and your agreed rate of compensation;
  • orchard information, including information about your location, pest status, spray diary, growing methods, and yield;
  • product information, including information about the varieties you produce, product yields, and size profiles;
  • compliance information related to meeting and maintaining the relevant Zespri standards and requirements, including inspections, audits or investigations, food safety standards, and quality assurance programmes including GLOBAL G.A.P. and GRASP for growers, orchard managers and contractors.
  • notes of any calls or other communication you make to our Grower Support Services line;
  • information about staff visits to your orchard or discussions with you about your orchard or products;
  • CCTV footage operational when visiting Zespri physical offices and sites for security purposes only and in accordance with relevant local laws; and
  • identity management information when interacting with our website, web and mobile applications and online portals (such as Canopy, Customer Claims and Spray Diary), including user name and password;
  • feedback or opinions provided in grower surveys and research and development; and 
  • any emails or other correspondence relating to our relationship or any other matter you raise with us.

We may use your personal information to:

  • manage our contractual relationship with you, including contacting you from time to time about your product(s) or about the services Zespri can provide to you;
  • provide any services you have requested from us, including products, systems or platforms that give growers greater visibility and control over orchard and production data;
  • manage the product distribution and supply process, including access, customs clearance and customer queries;
  • ensure your operations and the quality of your orchard and product meet expectations including, on-orchard compliance and certification related activities (I.e. Quality Manual, Grower Manual, GLOBAL G.A.P. and GRASP and Contractor Programme requirements);
  • conduct research and development activities in respect of growers, products or orchards;
  • develop marketing material about our growers;
  • manage pest or disease outbreaks, including, biosecurity monitoring and risk identification;
  • ensure the health and safety of you and of our staff when they visit your property;
  • preventing, finding or detecting offences against persons or property when visiting Zespri physical offices and sites;
  • manage the security and identity management of the websites online portals, web and mobile applications we provide for your use;
  • provide statistical and research information to government and other public agencies on request, including but not limited New Zealand Ministry for Primary Industries, Māori Kiwifruit Growers Manatōpū and Statistics New Zealand;
  • respond to any lawful requests from government agencies, including the New Zealand Ministry for Primary Industries, or law enforcement agencies; and
  • work with industry and regulatory bodies for any of the purposes listed above, including Kiwifruit New Zealand, New Zealand Kiwifruit Growers Incorporated, Māori Kiwifruit Growers Manatōpū and Kiwifruit Vine Health Incorporated.

We may share your personal information with:

  • other entities within the Zespri Group;
  • our trusted information service providers, including cloud storage providers which may be located in New Zealand or overseas;
  • our trusted providers who provide grower services and digital platforms specific to the kiwifruit industry, such as geo-spatial scanning, maturity monitoring, spray and fertiliser diaries.
  • certification, investigation, audit and compliance providers to manage certifications, conduct audits and investigations and training requirements related to orchard activity and business operations.
  • our trusted providers of analytical, research or marketing services, where these services require the use or processing of personal information;
  • external advisors (e.g. lawyers and accountants);
  • relevant New Zealand or overseas regulatory and industry bodies, including Kiwifruit New Zealand, New Zealand Kiwifruit Growers Incorporated, Māori Kiwifruit Growers Manatōpū and Kiwifruit Vine Health Incorporated;government agencies, including but not limited to the New Zealand Ministry for Primary Industries; Ministry of Business, Innovation and Employment; Inland Revenue Department;  Ministry of Foreign Affairs and Trade; Ministry of Social Development; or law enforcement agencies, where required or permitted by law or for statistical purposes;
  • Government customs and market access as legally required for effective delivery of fruit in market.
  • Zespri logistics, distributors and customers, where necessary to satisfy traceability and/or classification requirements; or
  • Any grower suppliers engaged to provide services in respect of your orchard.
 
Suppliers, customers and contractors

We may collect, create and receive personal information about you when you offer your services to, and enter into a Services Agreement with, Zespri Group. This information will vary depending on your role and relationship with Zespri but may include:

  • your full name;
  • your contact details, including your phone number, address, email address and photograph (where voluntarily supplied);
  • details about your education, experience, work history and any other information provided to us in your service offering where necessary and legally permitted;
  • information about your immigration status, and entitlement to work where strictly necessary and legally required;
  • health information, where required for your role and as permitted by local law, which may include any disabilities or other conditions that might impact your contractual obligations or our workplace health and safety obligations;
  • your driver’s license number, where this is relevant to your contractual obligations;
  • service provider information, including your national tax reporting information and any bank account numbers you provide to us;
  • emergency contact information and details about your next of kin (where necessary to facilitate travel);
  • your passport details or ID subject to your consent where legally required, where necessary to facilitate travel or for banking purposes, or other purposes associated with verification of company information;
  • criminal conviction information, where required by the role you are performing, permissible to collect under applicable law and this is relevant to your Services Agreement;
  • information related to anti-money laundering, including a credit check, where this is relevant to your Services Agreement;
  • information related to any other due diligence checks we carry out to assess our risk of doing business with you, where this is relevant to our business relationship with you and where you have agreed to us carrying out such checks;
  • any information provided by your nominated referees;
  • any information provided by the agency or the organisation that recruited you to provide services to Zespri;
  • interview notes;
  • price for services or remuneration details;
  • information about complaints or grievances you may have;
  • information generated by your contractual activities, such as passwords or account information;
  • identity management information when interacting with our websites and applications, such as user name and password;
  • information relating to the use of Zespri owned vehicles, which may include limited location data processed in compliance with applicable law and Zespri’s Vehicle Policies;
  • CCTV footage operational when visiting Zespri physical offices and sites for security purposes and in accordance with local law; and,
  • facial recognition or fingerprint identification provided voluntarily when using Zespri hardware, such as phones/laptops for security management only and subject to your explicit consent; and
  • any emails or other correspondence relating to Zespri, its products, or any services you have sought from us or complaints or concerns you have raised with us.

We may use your personal information to:

  • determine your eligibility to provide the services under a Services Agreement, Terms of Trade or other contract, and ensure that you have the necessary skills and qualifications;
  • administer and give effect to our contractual relationship with you, including managing shipping/distribution and billing;
  • enable computer network access to and security monitoring of Zespri’s systems, where applicable, and digital support services to be provided to you;
  • manage the security and identity management of the websites, online portals, web and mobile applications you use;
  • facilitate inter-group communications, including your business contact information being available on Zespri’s internal systems;
  • facilitate travel and transfers;
  • manage your service target/standards and ensure that you are providing the services to Zespri in accordance with the terms and conditions set out in your Services Agreement;
  • to help us identify and evaluate any compliance issues or risks associated with doing business with you;
  • investigate and manage any complaints from or about you;
  • ensure your health and safety, including establishing any particular medical requirements for you, ensuring that emergency contacts are maintained and ensuring you remain safe on all Zespri sites;
  • preventing, finding or detecting offences against persons or property, protecting the security of Zespri’s offices and sites when visiting Zespri physical offices and sites;
  • ensure your compliance with our Supplier Code of Conduct and Social Responsibility Policy or Customer Code of Conduct; and
  • enable your and our compliance with health and safety, tax, immigration and other legislative requirements.

We may share your personal information with:

  • other entities within the Zespri Group;
  • our trusted information service providers, including cloud storage providers which may be located in New Zealand or overseas;
  • legal staff, your relationship manager/procurement manager (and thei manager) for the purposes of managing your engagement and the Services Agreement, Terms of Trade or other contract;relevant government agencies or law enforcement agencies, where required or permitted by law;
  • external advisors (e.g. lawyers);
  • industry bodies such as Kiwifruit New Zealand, New Zealand Kiwifruit Growers Incorporated, Māori Kiwifruit Growers Manatōpū and Kiwifruit Vine Health Incorporated;
  • Government customs and market access as legally required for effective delivery of fruit in-market.
  • Zespri logistics, distributors and customers, where necessary to satisfy traceability and/or classification requirements;
  • relevant Zespri employees and related entities, either in New Zealand or in other countries, to facilitate travel, transfers, shipping/distribution, due diligence checks or audit.

 

How We Keep Your Information Safe

As a global company, we collect, store and process personal information in several countries and facilitate cross-border transfers within the Zespri Group and to our trusted data service providers.

Most of the personal information we hold is stored on Microsoft, SAP cloud and Adobe platforms, including Microsoft Azure, and SAP SuccessFactors.

We retain personal information only for as long as we have a lawful purpose to use it. When we no longer need to use it, we securely destroy it. 

We have appropriate technical and organizational security measures in place within Zespri’s digital environment to protect the information we collect from you. We take steps to protect the personal information we collect against loss, unauthorised access and disclosure or any other misuse.  

We also use contractual protections to protect cross-border transfers within the Zespri Group and with our trusted third-party service providers, including intra-group data transfer agreements and standard contractual clauses, as required.

Zespri has internal policies and procedures in place to protect the personal information it holds including the following:

  • All staff and suppliers must agree to Codes of Conduct that include privacy and security requirements and ensure that personal information collected or managed on Zespri’s behalf is accessed and used only for legitimate business purposes.
  • Our global privacy policy and procedures outline the protocols for data protection and data handling.
  • Our Cybersecurity Policy manages the way staff can access and use Zespri systems, devices and information.
  • Our global privacy and cybersecurity training programme delivers privacy training to our staff all over the world.
  • Our data security and privacy incident response processes and crisis management and disaster response plan guides our staff to promptly respond to and appropriately manage security and privacy incidents and breaches.
  • Our information management policy and procedures requires staff to take certain precautions before sharing personal information with other organizations, or with new service providers.


How You Can Take Charge Of Your Information

We acknowledge that you have rights over the personal information Zespri holds about you. To exercise any of the rights set out below, or to make a complaint or ask a question about your information, contact us in any of the below ways:

Email privacy@zespri.com

Write to Global Data Protection Officer, c/o Zespri International Limited, PO Box 4043, Mount Maunganui, New Zealand

Note that you can only access or manage your own personal information, unless you have the consent of another person to access or manage information on their behalf, so we may need to verify your identity and authority before responding to your request. 

Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible,  within the timelines set forth under applicable laws. In NZ, we will respond within 20 working days in compliance with the New Zealand Privacy Act 2020.

You have the right to request access to or a copy of your personal information. We’ll be as open as we can with you but sometimes, we might need to withhold personal information in accordance with applicable laws, for example where the information is legally privileged, commercially sensitive or includes personal information that would affect the rights and freedoms of others. If we do need to withhold information from you, we’ll tell you why. 

Under certain circumstances, you may have the right to receive personal data concerning you, which you have provided to us,  in a structured, commonly used and machine-readable format and you may have the right to transmit that personal data to another entity without hindrance from us.

Growers should use the Industry Portal to access basic personal information Zespri holds about them but can still make a request to us for more detailed information that might not be included in the portal.

If you think any of the personal information we hold about you is wrong or incomplete, you can ask us to correct or complete it. Under certain circumstances set forth by applicable law, you have the right to ask us to delete your personal information.

If we are unable to correct, complete or delete your information (for example, where we do not agree that it is wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.

We may process the personal information we collect from you in order to meet the requirements of a contract you have with us or to meet our other legitimate business interests. In limited circumstances, you have the right to request that we restrict processing of your personal data.

You may also have given consent for us to use your personal information in other ways in specific privacy notice & consent forms (for example, to conduct market research or communicate with you about products or promotions). You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to such marketing, including profiling. Further, under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data.

You may also update your communication preferences, manage specific subscriptions, or unsubscribe from all marketing communications through our preference tools or the links included in our communications. 

Unless otherwise specified in a specific privacy notice & consent form, we may use limited profiling and audience segmentation for direct marketing purposes. However, we do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you, within the meaning of applicable law.

Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the services you have requested from us. In this case, we may have to cancel the provision of the relevant services to you, in which case we will notify you.

Sometimes, you might simply want to know how or why we’re using your information. You might need more detail about something we’ve told you in this privacy statement. Or, you might want to make a complaint about a decision we’ve made about your privacy request.

We want you to tell us about your concerns or complaints, whatever they might be. You can email, call or write to us using the details set out above. If you’re a grower, you can also talk to your Zespri contact in the first instance to see if they can help.

You also have the right to lodge a complaint with a supervisory authority or your local data protection authority. 

New Zealand 

You can contact the Office of the New Zealand Privacy Commissioner by:

completing an online complaint form at www.privacy.org.nz; or

writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.

European Data Protection Authorities 

In the case of the EU, your local data protection authority will be in the country of your habitual residence, place of work or of alleged EU GDPR infringement. For a list of the European DPA that is relevant to you, please see there: https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities

If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection, or supervisory, authority. You can ask us for help to determine which authority is the right one to contact.

We keep our privacy statement under regular review. This privacy statement was last updated in June 2026

 

Regional disclosures

EEA+ Supplemental Data Protection Law Disclosures

Zespri Group provides to individuals in the European Economic Area (EEA), Switzerland and the United Kingdom (EEA+) the following disclosures to supplement the privacy statement.

Data Controller: The data controllers are Zespri Group as defined above.

Legal bases for the processing of your personal data are:

(i) necessity for the performance of a contract, where we take steps at your request prior to entering into a contract or where we have entered into a contract with you and need to process your personal data to fulfil our contractual obligations to you, such as to organize a competition (e.g. contacting winners and arranging prize delivery), to facilitate contracts with our growers, suppliers, or contractors including managing shipping/distribution and billing and invoicing, manage your service target/standards and ensure that you are providing the services to Zespri in accordance with the terms and conditions set out in your contractual agreement, ensure your compliance with our Code of Conduct and other Zespri terms and standards, as applicable (Art. 6 (1) lit. b GDPR/UK GDPR).

(ii) our legitimate interests (Art. 6 (1) lit. f GDPR) for personal data passively collected through our website which are the following: to monitor and maintain the performance of our website,  conduct market or health research into the use of our products and services, understand public opinion about our products and brand and, where appropriate, respond to comments made about these, responding to your questions, concerns and complaints, manage and analyse the performance of our promotions and competitions, administer our websites and the use of services offered on them, including ensuring that our websites are safe and secure, generally improve the products and services we offer and ensure that any negative experiences you have shared with us are addressed, generally ensure that we market our products and services effectively and in a way that is relevant 

(iii) our legitimate interests (Art. 6 (1) lit. f GDPR/UK GDPR) for personal data collected directly from the data subject which are the following: manage the product distribution and supply process, ensure the quality of your orchard and product, conduct research and development activities in respect of growers, products or orchards, develop marketing material about our growers, manage pest or disease outbreaks, determine your eligibility to provide the services under a Services Agreement, Terms of Trade or other contract, and ensure that you have the necessary skills and qualifications, facilitate inter-group communications, facilitate travel and transfers, to help us identify and evaluate any compliance issues or risks associated with doing business with you, investigate and manage any complaints from or about you, ensure your health and safety, including establishing any particular medical requirements for you and ensuring that emergency contacts are maintained, ensure the health and safety of you and of our staff when they visit our growers’ property, respond to any lawful requests from government agencies or law enforcement agencies, work with industry bodies.

(iv) our legitimate interests (Art. 6 (1) lit. f GDPR/UK GDPR) for the transfer of your personal data within the group of companies which are the following: for internal administrative and support purposes (access is limited to colleagues with a need to know), customer and grower support services, quality management, HR and personnel management, transport and logistics support, digital support and troubleshooting, security monitoring and system access control services.

(v) compliance with a legal obligation to which Zespri is subject (Art. 6 (1) lit. c GDPR/UK GDPR), for example if we are required by law to disclose personal data to law enforcement agencies, or governmental authorities, or to enable compliance with health and safety, tax, employment, immigration and other legislative requirements.

(vi) our legitimate interests for the purposes of exercising our legal rights or defending legal claims, legal counsel and external consultants or legitimate interests, such as exercise or defense of legal claims.

(vii) necessity for the performance of a contract  (Art. 6 (1) lit. b GDPR/UK GDPR) or our legitimate interests (Art. 6 (1) lit. f GDPR/UK GDPR), as the case may be, for the transfer of your personal data in connection with a transfer of all or part of our organization or assets which are the following: the orderly transition of all or part of our business.

(viii) our legitimate interests to protect and defend the rights or property of us or third parties, including enforcing agreements, policies and terms of use, to monitor and protect our premises and employees and in an emergency including to protect the safety of our employees or any person which are the following: to protect the property, rights, and safety of any person and to prevent fraud. 

Whenever we rely on our legitimate interests as legal basis for the processing of your personal data (Art. 6 (1) lit. f GDPR), we will properly balance them against data subjects' interests, fundamental rights and freedoms. Information on the balancing test is available upon request by contacting us as set out in the contact section. 

(ix) your (explicit) consent where legally required (Art. 6 (1) lit. a and Art. 9 (2) lit. a GDPR). Such consent may be collected by means of ad hoc privacy notice & consent forms or by means of another clear affirmative action, including where we send direct electronic marketing communications, place non-essential cookies or similar technologies, manage marketing preferences, or use profiling and audience segmentation to personalise our marketing communications.

The personal data that we collect or receive about you may be transferred to and processed by recipients which are located inside or outside the EEA, including to countries which are not recognized from an EEA+ law perspective as providing for an adequate level of data protection. 

When interacting with our Website or contacting us, we may transfer personal data overseas to recipients in any jurisdiction where Zespri Group operates and in New Zealand, Australia, Singapore, USA, Belgium and other EU jurisdictions. We rely on the European Commission adequacy decisions (Art. 45 GDPR) when transferring your personal data to recipients in New Zealand and to US commercial organisations participating in the EU-US Data Privacy Framework. To the extent your personal data are transferred to countries that do not provide for an adequate level of data protection from an EEA, Swiss or UK law perspective, we will base the respective transfer on appropriate safeguards, such as standard contractual clauses (Art. 46 (2) GDPR). You can ask for a copy of such appropriate safeguards by contacting us as set out in the contact section. The access of information processed by Zespri is limited to recipients with a need to know.

Details of key third party transfers

Category of transfer
Third Country
Internal administration & support services NZ, Singapore, Australia & US
Recruitment & people management NZ, Singapore, Australia & US
Customer management and support NZ, Singapore, Australia & US

Your personal data will be retained for as long as necessary to provide you with the services requested, for the duration of our contractual relationship (if any) and in accordance with Zespri’s Data Retention Standard, which in most cases does not exceed 10 years following the end of our contractual relationship. In the case of consumer data, we will only hold the information for as long as required for the purposes it was collected. Follow this period, we will review the relevant record and, unless we are required or permitted to keep it for another lawful purpose, delete or anonymise it.

When Zespri no longer needs to use your personal data to comply with contractual or statutory obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your information, including personal data, to comply with statutory retention periods e.g. for tax purposes, audit, and legal compliance for a legally prescribed time period thereafter, or if we need it to preserve evidence to establish, exercise or defend legal claims within statutes of limitation. 

We only record CCTV images, where legally permissible, for the purposes of gathering evidence of incivilities, facts constituting an offence or generating damage, or searching and identifying their perpetrators, public order offenders, witnesses or victims. We retain CCTV images on our systems, where legally required, and in accordance with local retention requirements.  After this defined period, the images are permanently destroyed (or overwritten) in a secure manner, except where there is a current investigation for which the CCTV images are required, in which case the CCTV footage will not be destroyed until the completion of the investigation and any appeal.

 
California Consumer Privacy Act Privacy Policy

Last Modified and Effective Date: June 2026

This notice and policy supplements information contained in privacy disclosures from Zespri Group Limited and its corporate business affiliates,  New Zealand Kiwi Holdings Inc., Zespri Fresh Produce North America Inc. and New Zealand Kiwi Corporation Inc.,  subject to the California Consumer Privacy Act of 2018, as amended from time to time (“CCPA”) as businesses (“Zespri”) and applies solely to residents of the State of California (“consumers” or “you”). Any terms defined in the CCPA have the same meaning when used in this notice and policy. This notice and policy does not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception under the CCPA applies. You can download a pdf version of the notice and policy here.

Right to know about personal information collected and disclosed, to request correction or deletion of personal information, and opt out of personal information selling

You have the right to request that we disclose what personal information we collect, use, disclose, or sell about you specifically (“right to know”) and to request the correction or deletion of personal information. To submit a request to exercise the right to know or a request to correct or delete personal information, please submit an email request to privacy@zespri.com or call our US office on our toll-free number at +1 833 615 2770.

Zespri may ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. Zespri will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.

When a business sells your personal information or shares it for cross-context behavioural advertising, you also have a right to opt out of such sale or sharing. Zespri does disclose your personal information gathered through cookies to third party providers as outlined in our cookie policy and which may amount to selling or sharing under the CCPA. To opt out of the sale and sharing of personal information, you can use settings like Global Privacy Control ("GPC") on certain web browsers. We respond to opt-out preference signals communicated via the GPC and will process such signals with respect to the browser or device communicating the signals, or with respect to you specifically if you have signed onto your Zespri account while communicating GPC opt-out preference signals. To use GPC opt-out preference signals, please follow the instructions here: https://globalprivacycontrol.org/.  To opt out, you can also click on the Your Privacy Choices link. If you exercise your right to opt-out of the “sale” and "sharing" of your personal information, we may still disclose your personal information to third parties for purposes other than cross-contextual behavioral advertising, as described in our privacy disclosures.

Zespri does not have actual knowledge that it sells the personal information of minors under 16 years of age.

We have set out below categories of personal information we collect about California residents and have collected in the preceding 12 months. For each category of personal information we have collected, we have included the reference to the enumerated category or categories of personal information in the CCPA that most closely describe such personal information.

Corresponding reference to category of personal information under CCPA definition of personal information:

Corresponding reference to category of personal information under CCPA definition of personal information
Category of personal information
Identifiers. First and last name, photo, your driver’s license number, where this is relevant to your contractual obligations, your passport details or ID, where necessary to facilitate travel or for banking purposes, or other purposes associated with verification of company information.
Personal information categories listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)). Date of Birth, phone number, address and email address, information you have provided to us about a particular market or health research topic, such as information about your preferences, knowledge, or use of our products or about your awareness of our brand, your communication preferences, emergency contact information and details about your next of kin (where necessary to facilitate travel), any information provided by your nominated referees, any information provided by the agency or the organisation that recruited you to provide services to Zespri, information about complaints or grievances you may have.
Characteristics of protected classifications under California or federal law. Gender, health information, including information about any disabilities or other conditions that might impact your contractual obligations or our workplace health and safety obligations.
Commercial information. Public social media posts you have made about Zespri, including photographs, notes of any calls you make to our customer service lines, any emails or other correspondence relating to any services you have sought from us or complaints or concerns you have raised with us, your status as landowner or lessee, financial information, including your bank account details and your agreed rate of compensation, orchard information, including information about your location, pest status, spray diary, growing methods, and yield, product information, including information about the varieties you produce, product yields, and size profiles, notes of any calls you make to our Grower Support Services line, information about staff visits to your orchard or discussions with you about your orchard or products, any emails or other correspondence relating to our relationship or any other matter you raise with us, service provider information, including your national tax reporting information and any bank account numbers you provide to us, criminal conviction information, where this is relevant to your Services Agreement, information related to anti-money laundering, including a credit check, where this is relevant to your Services Agreement, information related to any other due diligence checks we carry out to assess our risk of doing business with you, where this is relevant to our business relationship and where you have agreed to us carrying out such checks, price for services or remuneration details, information generated by your contractual activities, such as passwords or location information, any emails or other correspondence relating to Zespri, its products, or any services you have sought from us or complaints or concerns you have raised with us.
Biometric Information. CCTV footage for physical security purposes, facial recognition or fingerprint identification for facility access only.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web website, application, or advertisement. Technical information, such as your IP address, browser type and version, time zone setting, operating system and platform, visit information, such as the path you took to our websites, the pages you visited and products you viewed and other ways you used our websites; cookies.
Geolocation data. IP location
Audio, electronic, visual, thermal, olfactory, or similar information. Audio recording of US customer calls or recording of interviews or customer meetings or calls.
Professional or Employment related information. Recruitment information including details about your work history and any other information provided to us in your service offering, information about your immigration status, and entitlement to work, interview notes.
Education information. Details about your education, experience.
Sensitive Personal Information Employee’s social security number, health information, biometric data and details about immigration status as legally required.
Inferences drawn from any of the information.  Predictions of characteristics, behavior, attitudes, interests, and preferences.

Zespri collects such information from the sources described in the main section of this privacy statement.

Zespri collects, uses, retains, and discloses your personal information for the purposes described in the main section of this privacy statement.

Zespri does not respond to “do not track signals” but honours Global Privacy Controls as required.

In the preceding 12 months, Zespri disclosed the above categories of personal information to the categories of third parties as described in the main section of this privacy statement for a business purpose, in some cases as directed by you.

In the preceding 12 months, Zespri provided third party targeting cookies of personal information collected through Zespri’s website to our third-party advertising partners, such as Facebook, Google, YouTube, Tiktok and Twitter. This may constitute a ‘sale’ as defined in the CCPA.

You may not be discriminated or retaliated against because you exercise any of your rights under the CCPA in violation of California Civil Code § 1798.125. You have a right to limit our collection and use of your sensitive personal information if used for beyond certain purposes specified by law, but Zespri does not use or disclose your sensitive personal information beyond such legally specified purposes.

You can designate an authorized agent to make a request under the CCPA on your behalf if:

  • The authorized agent is a natural person or a business entity registered with the Secretary of State of California and the agent provides proof that you gave the agent signed permission to submit the request; and 
  • For verifiable consumer requests, you directly confirm with Zespri that you provided the authorized agent with permission to submit the request.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please provide any information Zespri requests to verify your identity. The information that Zespri asks you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

If you have any questions or comments about this notice and policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, please do not hesitate to contact us at privacy@zespri.com.

 

Translations of this Privacy Statement into local languages have been completed using AI translation tools. While we aim for accuracy, the English version of this policy is the authoritative version in the event of any discrepancy. Please let us know of any translation errors at privacy@zespri.com.