Collection of information
- Information collected through our website may include personal information about you (including identifiers, as set out in section 2 below). For example, personal information may be:
Provided by you through registration on our website;
Provided to us by you through any other method (such as by email and through discussions);
Collected by us through click tracking in relation to your use of our website, including the tracking of the content you access and any of our services you utilise [or products you may purchase]; and
Collected by us through log files or cookies (as set out in sections 3 and 4).]
- Failure to provide necessary personal information when requested may result in [certain services not being available to you].
- We may also collect aggregated information generated by our systems, which tracks traffic to our website but does not relate to you personally (see section 6 below).
Information about your computer and about your visits to and use of the website (such as your IP address, location, browser type and user name) will be recorded when you log in to our website. We may use this information to identify you. We will treat this information as personal information.
We do not intend to collect personal data from children aged under 13. If you have reason to believe that a child under the age of 13 has provided personal data to us through our website and/or by using our services, contact us through the ‘Contact details’ section below.
- Log files
We use log files in order to enhance your experience on our website and to analyse trends. Log files gather information, such as which URL you just came from, which URL you visit next, what browser you are using and your IP address. We use this information to analyse trends and to administer and operate our website.
[Note: Users who log into our website also have their IP address recorded. An IP address can be used to identify a user, and we will treat this information as personal information.]
Our website uses temporary cookies to keep a session open after a user logs in. We may use the information we obtain from the cookies in the administration of our website and to improve the usability of our website. These cookies help us recognize previous visitors and also identify the route history of users. We cannot identify any personal information stored in these cookies, nor can we gain access to any information stored on your hard drive. In addition, we cannot access information from cookies sent from other websites. Information collected will only be used as described above, and also to improve our website. Some browsers allow you to refuse to accept cookies but this may have a negative impact on the usability of our website.
- Other information
We will have access to and may use other information, such as number of users, traffic patterns and demand for the service, to monitor server and software performance as well as for our other internal purposes. We may also collect information about all system interaction with users while they are logged in. This information is owned by us and may be used to verify actions taken by a user or to better understand the behavior of users in order to improve our website.
- Use of information
We (and our employees, officers, agents, contractors and affiliates as defined below) may use the personal information you provide to:
- To verify your identity for use of our website, to conduct address verification or credit checks for invoicing and billing purposes and to enrich your profile and search ability;
- To assist in providing better services to you by tailoring the services to meet your needs;
- To provide you with further information about us or other websites or products or services offered by us or our related companies or which we consider may be of interest to you;
- To carry out marketing, promotional and publicity activities (including direct marketing), market research and surveys;
- To keep our website relevant and of interest to users;
- To show you advertising and information that is most relevant to you and your interests;
- To assist in arrangements with other organisations (such as loyalty program partners) in relation to a product or service we make available to you;
- To allow us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing, keeping our records up to date, being efficient about how we fulfil our legal and contractual duties);
- To comply with legal and regulatory requirements;
- To detect any fraud or crime, or money laundering and counter financing of terrorism in connection with any laws, rules or regulations in New Zealand or overseas for analysis in aggregate form (with identifiable characteristics removed so that you will remain anonymous); and
- For any other purpose which is stated to you at the time of collection or that you otherwise authorise.]
- Information sharing and disclosure
- We may disclose information about you, including your personal information, to our affiliates or related companies (which means any person or other entity which directly or indirectly controls, is controlled by or is under common control with us) for the purposes set out in the above paragraph;
- We may disclose information about you, including your personal information, to our contractors and suppliers to enable them to [provide services and products to us in relation to our website, including transaction processing services, hosting services and support services.]
- Information collected through our website that does not identify users (cleansed data) is owned by us and may be disclosed by us. We may share aggregated demographic information about our user base with our affiliates, partners and advertisers.
- At your request, we will share your personal data with your representative or any person acting on your behalf (for example, financial advisers, lawyers, attorneys, accountants, executors, administrators, trustees or auditors).
- We operate our business in New Zealand. We may need to share some of the personal information we collect about you with organisations both inside and outside of New Zealand. Sometimes we may need to ask you before this happens. We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
- Advertising and third-party links
- Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or unauthorised alteration of your personal information. However, due to the nature of email and the internet, we cannot guarantee the privacy or confidentiality of your personal information. We may store your information in cloud or other types of networked or electronic storage.
When you provide us with personal information, that information may be collected, stored and processed on servers located outside of New Zealand. As electronic or networked storage can be accessed from various countries via an internet connection it is not always practicable to know in which country your information may be accessed or held.]
Optional: Credit card payments are encrypted and processed using an external credit card payment processor and details are not stored by us.
- Your Rights
Without limitation, you have the following rights:
- The right to be provided full information about your personal data that we hold.
- The right to require that we correct any incorrect information we hold about you.
- The right to ask that we delete or destroy your personal data. Please note that certain conditions may apply to the exercise of this right.
- The right to ask that we restrict the use of your personal data. Please note that certain conditions may apply to the exercise of this right.
- The right to object to the use of your personal data by us. Please note that certain conditions may apply to the exercise of this right.
- The right to receive your personal data in a structured and commonly used format. Please note that certain conditions may apply to the exercise of this right.
To exercise your rights, or if you require further information about how your personal data is used by us, you can contact us at: email@example.com
You can also contact us if you have any questions or complaints about, or if you wish to restrict or object to how we collect, use, disclose, manage or store your personal information. We will respond to your request, where required by law, within one (1) calendar month from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted by applicable law. We may charge a fee to cover the costs of meeting your request if your request is unfounded or excessive.
If we do not agree to provide you with access to, or to amend or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.
In some circumstances, and subject always to legal obligations to the contrary, we may not be in a position to grant access to your personal information or otherwise meet your requests with respect to your personal information.
We are required to keep your information for so long as is required for our business operations or by applicable laws.
- Opting in and opting out
You can also withdraw your consent where provided or object to the further data processing of your personal data under certain circumstances. If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision. The withdrawal of your consent will not affect processing of your information that you had consented to.
- Business transitions
- Users outside New Zealand
The information we collect may be processed in and transferred between your location and New Zealand. New Zealand may not have equivalent data protection laws to those in force in your location.
- Contact details
Corestar Creations Ltd
144 Kupe St, Orakei
Auckland, New Zealand
- Optional: European Union General Data Protection Regulation (GDPR)
The GDPR establishes a uniform data protection law across the European Economic Area (EEA) and aims to protect the privacy and use of EEA residents’ personal data in an increasingly digital world. Please see our GDPR Privacy Statement which sets out how we comply with these obligations to protect the data of customers who reside in an EEA country.
EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR)
This Privacy Statement only applies to the collection and processing of ‘EU personal data’. ‘EU personal data’ means any personal information of an individual who is located in the European Union (‘EU’) (whether the individual is a citizen of an EU country or otherwise). This section will apply to you and the processing of your EU personal data if you are located in an EU country. This section does not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.
For the purposes of this Privacy Statement, the term ‘process’ has the same meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This Privacy Statement was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. For further information, please contact us through the ‘Contact details’.
Any EU personal data will be:
- Processed lawfully, transparently and in a fair manner;
- Collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU personal data is processed;
Lawful basis for processing
We will only collect and process EU personal data where we have a lawful basis for doing so. This may include where:
- You have given consent;
- The processing of EU personal data is necessary for the performance of a contract with you (such as to deliver the services you have requested or that have been requested on your behalf); and
- The processing of EU personal data is necessary for the purposes of our ‘legitimate interests’ and those of a related company of ours, provided that such processing does not outweigh your rights or freedoms.
Where we rely on your consent to process personal data, you have the right to withdraw, restrict or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and process EU personal data you should contact us.
Rights of EU personal data subjects
- Restrictions and Objections: You may request that we limit our use of your EU personal data or processing by requesting that we no longer use your EU personal data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU personal data or instances where your EU personal data was provided for direct marketing purposes and you no longer want us to contact you. We will do so, if we are:
Relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
Processing your personal information for direct marketing.
Our responsibilities as a ‘data controller’ and ‘data processor’
We may act as the ‘data controller’, the ‘data processor’ or in some instances both the data collector and data processor simultaneously in relation to EU personal data. We will be a data controller where we determine the purposes and means of the processing of EU personal data alone or jointly with others. To the extent that we are a data controller with respect to EU personal data, we:
- only appoint processors under agreements that the processor will comply with the GDPR;
- will maintain a record of processing activities which are under our responsibility (where required by GDPR);
- co-operate with relevant authorities which enforce the GDPR; and
If a third party discloses EU personal data to us for a specific purpose, we will be acting as a data processor in processing the EU personal data for that purpose. Where we act as a data processor, we will:
- only act on the controller’s documented instructions;
- impose confidentiality obligations on all personnel who process the EU personal data;
- not appoint sub-processors without the prior written consent of the controller;
- where applicable, assist the controller in complying with the rights of the data subjects of the EU personal data;
- maintain and keep accurate records of processing activities (where required by GDPR); and
- implement appropriate technical and organisational security measures to protect EU personal data and report any data breaches to controller without undue delay.
Disclosure to third parties
If we are required to disclose your EU personal data to third parties, including data processors or sub-processors, we will notify the third party that it has an obligation to handle any EU personal data in accordance with the GDPR.
In the event we are responsible for a transfer of EU personal data outside of the EU, such transfer will be for the necessary and lawful performance of our services, including the establishment, exercise or defence of a legal right.
Express consent to transfer
By providing us with your EU personal data, you are consenting to the disclosure of your EU personal data to third parties outside of the EU. You also acknowledge that we are not required to ensure that those third parties comply with their obligations under the GDPR.
If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Contact details’ section.
How do you make a complaint?
If you have a complaint about how we handle your EU personal data, you can contact us: firstname.lastname@example.org
Phone: +64 [4 474 7590 / 9 302 8680], Mon – Fri, 9am – 5pm NZT
If you still feel your issue or request hasn’t been resolved to your satisfaction, then you can escalate your privacy concern to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights). If your complaint relates to how we handled your access and correction requests, you may take your complaint directly to the New Zealand Privacy Commissioner or the authority in which you are located.
Contact details for escalating complaints
Office of the New Zealand Privacy Commissioner
- Online: www.privacy.org.nz
- Phone: +64 4 474 7590 or +64 9 302 8680
- Email: email@example.com