INTRODUCTION
Here at KiwiBoss Limited (we, us or our) protecting your privacy and treating your personal information
with care is of paramount importance to us. This Privacy Policy explains what personal information we
collect, why we collect personal information and how we collect, use, disclose, store and protect your
personal information when you visit our website, provide us with information yourself (such as when
you sign up to our service or use our services) or when you accept services from us.
It also explains how to contact us to correct, update or delete any personal information provided to us,
or make a complaint if you have concerns. We are compliant with the Privacy Principles of New
Zealand.
We will only collect and process personal information about you where we have a lawful basis to do
so. Lawful basis includes consent (where you have given consent), use of our service (where
processing is necessary for the performance of our service with you) and legitimate interests
(including security threats or frauds, risk of harm to self or others, compliance with applicable laws,
and enabling us to administer our service).
You expressly and voluntarily grant your informed consent to us to deal with your personal information
in accordance with the terms and conditions of this Privacy Policy. You have the right to withdraw or
decline your consent at any time and where we rely on legitimate interests, you have the right to
object.
CHANGES THAT WE MAKE TO OUR PRIVACY POLICY
We will notify you about any changes to our Privacy Policy by updating the “Last Updated” date of this
Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of
updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to
have accepted the changes in any revised Privacy Policy by your continued use of our Website after
the date such revised Privacy Policy is posted.
COLLECTION OF YOUR PERSONAL INFORMATION BY THIRD PARTIES
This Privacy Policy does not apply to any third-party linked which may also collect and use information
about you. We are not responsible for any of the information collected by any such third party.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT
ACCESS OUR WEBSITE, USE OUR SERVICE OR PROVIDE ANY INFORMATION ABOUT
YOURSELF TO US.
WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?
This Privacy Policy applies to us with respect to content on our website, our services and information
you provide to us about yourself.
WHAT IS PERSONAL INFORMATION?
Personal information is defined as information or an opinion (including information or an opinion
forming part of a database), whether true or not, and whether recorded in a material form or not,
about an individual whose identity is apparent, or can reasonably be ascertained, from the information
or opinion.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We collect most personal information directly from you when you consent to use our service or
receive communications from us. Your consent may be express (e.g. you agree to the use of your
information by ticking a box) or implied by an action you take or do not take (i.e. because you have
agreed to terms and conditions that contain information about the use or disclosure of your
information).
You provide us your information when you use our service or you use our website generally or you
deal with us.
WHAT PERSONAL INFORMATION DO WE COLLECT?
Personal Data
We collect demographic and other personally identifiable information (such as your name and email
address). We may collect the following types of personal information:
• name;
• mailing or street address;
• email address;
• telephone number and other contact details;
• age or date of birth;
• credit card information;
• your device ID, device type, geo-location information, computer and connection information,
statistics on page views, traffic to and from the sites, ad data, IP address and standard web
log information;
• details of the products and services we have provided to you or that you have enquired
about, including any additional information necessary to deliver those products and services
and respond to your enquiries;
• any additional information relating to you that you provide to us directly through our website
or app or indirectly through your use of our website or app or online presence or through other
websites or accounts from which you permit us to collect information;
• information you provide to us through customer surveys; or
• any other personal information that may be required in order to facilitate your dealings with
us.
We may collect these types of personal information either directly from you, or from third parties. We
may collect this information when you:
• register on our website or app;
• communicate with us through correspondence, chats, email, or when you share information
with us from other social applications, services or websites;
• interact with our sites, services, content and advertising; or
• invest in our business or enquire as to a potential purchase in our business.
Children’s Privacy
Our website and service does not address anyone under the age of 18 (Children). Our website and
service is intended for and directed to adults and we do not knowingly collect personal information
from Children without the express consent of a parent or legal guardian.
If you are a parent or guardian and you are aware that your Children have provided us with personal
information, please contact us. If we become aware that we have collected personal information from
Children without verification of parental consent, we will take steps to remove that information from
our servers.
WHY DO WE COLLECT YOUR PERSONAL INFORMATION?
We may collect your personal information when required by law but generally we collect personal
information from you (or about you) to allow us to:
· supply you with information about our service and products;
· supply you with tailored service offerings that may benefit you;
· marketing and advertising to you;
· communicate more effectively with you about our services and your care; and
· ensure your experience with us is a positive one.
Personal information collected or received by us will only be used for the stated purpose for which it
was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL INFORMATION?
We may collect, hold, use and disclose your personal information for the following purposes:
• to enable you to access and use our website or services;
• to operate, protect, improve and optimise website or services, business and our users’
experience, such as to perform analytics, conduct research and for advertising and marketing;
• to send you service, support and administrative messages, reminders, technical notices,
updates, security alerts, and information requested by you;
• to send you marketing and promotional messages and other information that may be of
interest to you, including information sent by, or on behalf of, our business partners that we
think you may find interesting;
• to administer rewards, surveys, contests, or other promotional activities or events sponsored
or managed by us or our business partners;
• to comply with our legal obligations, resolve any disputes that we may have with any of our
users, and enforce our agreements with third parties; and
• to consider your employment application.
If personal information is disclosed to a third party, we are required to take all reasonable steps to
ensure your personal information is treated in accordance with the laws that apply to personal
information in that country. We may also disclose your personal information to a trusted third party
who also holds other information about you. This third party may combine that information in order to
enable it and us to develop anonymised consumer insights so that we can better understand your
preferences and interests, personalise your experience and enhance the products and services that
you receive.
TO WHOM DO WE DISCLOSE YOUR PERSONAL INFORMATION?
We may disclose personal information for the purposes described in this privacy policy to:
• our employees and related bodies corporate;
• third party suppliers and service providers (including providers for the operation of our
websites and/or our business or in connection with providing our products and services to
you);
• professional advisers, dealers and agents;
• payment systems operators (eg merchants receiving card payments);
• our existing or potential agents, business partners or partners;
• our sponsors or promoters of any competition that we conduct via our services;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement
agencies, or as required, authorised or permitted by law.
AGGREGATE INFORMATION & DIRECT MARKETING
We do not sell your personal information. We may aggregate the information you and others make
available to us and share it with third parties.
We may use, sell, license, and share this aggregated information with third parties for research or
other purposes such as to improve our services or to help our partners understand more about the
users of our service issues.
We and/or our carefully selected business partners may send you direct marketing communications
and information about our service and products. This may take the form of emails, SMS, mail or other
forms of communication, in accordance with the laws of your country. You may opt-out of receiving
marketing materials from us by contacting us using the details set out below or by using the opt-out
facilities provided (eg an unsubscribe link).
You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL INFORMATION?
You are not obligated to provide us with your personal information. You may choose whether you
receive communications from us. Whilst it is your choice not to provide your personal information to
us this may impede our ability to provide you with all the functionality of our service.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNICATIONS FROM US?
Should you wish to remove yourself from our database you may do so at any time by contacting us.
HOW CAN I ACCESS, CORRECT AND/ OR UPDATE PERSONAL INFORMATION YOU HAVE
COLLECTED?
At any time, you may contact us and request your personal information be modified. We will make all
efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal information as quickly as possible, but no later
than 30 calendar days from the date of your request (unless any complexities arise). Requests for a
large amount of information, or information which is not currently in use, may require further time
before a response can be given.
We will provide you your personal information in a structured, commonly used, machine-readable
format.
In some cases, we will refuse to give you access to personal information we hold about you. This
includes, but is not limited to, circumstances where giving you access would: be unlawful; have an
unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal
our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice
enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative
information generated within our business in connection with a commercially sensitive decisionmaking process.
We will also refuse access where the personal information relates to existing or anticipated legal
proceedings, and the information would not be accessible by the process of discovery in those
proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where
we reasonably believe that unlawful activity, or misconduct of a serious nature, is being or may be
engaged in against us and giving access would be likely to prejudice the taking of appropriate action
in relation to that matter.
If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would
be unreasonable in the circumstances. We will also take reasonable steps to give you access in a
way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide
details of how you may make a complaint about our decision.
Please note that the access and correction requirements under this Privacy Policy operates alongside
and do not replace other informal or legal procedures by which an individual can be provided access
to, or correction of, their personal information.
HOW DO WE STORE AND PROTECT YOUR PERSONAL INFORMATION?
For us to provide excellent service we are required to store some personal information and take the
greatest of care to ensure this information is treated as private and confidential. Transmitting personal
data via the internet does have inherent risks associated with it. We will however take all reasonable
steps to ensure the security of this data.
We have taken the necessary measures to ensure the personal information we hold is not
compromised. In accordance with and as permitted by applicable law and regulations we will retain
your information as long as necessary to serve you, to maintain your account or as otherwise needed
to operate our service.
Our website is protected by security certificates and are built considering all modern security stands
where possible. We will take reasonable steps to maintain the integrity and security of any personal
information we have stored, including taking reasonable steps to prevent interference and loss,
misuse, unauthorised access, modification or disclosure of such personal information.
Note that no information transmitted over the Internet can be guaranteed to be completely secure.
While we will endeavour to protect your personal information as best as possible we cannot
guarantee the security of any information that you transmit to us, or receive from us. The transmission
and exchange of information is carried out at your own risk.
It is important that you protect your privacy by ensuring that no one obtains your personal information
and you must contact us either directly if your details change. Should your information be erroneously
provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely
destroy or de-identify it as soon as practicable, as long as it is lawful to do so.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable
precautions to take remedial action to prevent such an event. However, as we cannot guarantee that
remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of
an eligible data breach as soon as practicable, and provide recommendations as to what steps you
should take to mitigate any serious issues.
For UK residents, where we employ data processors to process personal information on our behalf,
we only do so on the basis that such data processors comply with the requirements under the GDPR
and that have adequate technical measures in place to protect personal information against
unauthorised use, loss and theft.
LOG DATA
Whenever you use our website, in a case of an error in the website we collect data and information
(through third party products) on your phone called Log Data. This Log Data may include information
such as your device, Internet Protocol address, device name, operating system version, the
configuration of the device when utilizing our website, the time and date of your use of our website
and other statistics.
TRANSFER OUT
We may transfer data we receive about you, including all personal information, to our hosting service
providers and data centres located overseas. You hereby expressly and voluntarily grant your
informed consent to such transfers. Transfers to out of your county will be protected by appropriate
safeguards, these include one or more of the following: the use of standard data protection clauses
adopted or approved by the European Commission which you can obtain from the European
Commission Website.
You acknowledge that personal data that you submit for publication through our website or services
may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such
personal data by others.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or amend this Privacy Policy at any time.
If you object to any changes, you may cease using our website and/or our services. You acknowledge
and agree that your continued use of our website means that the collection, use and sharing of your
personal information is subject to the updated Privacy Policy.
COOKIES
Cookies are text files placed on your computer to collect standard Internet log information and visitor
behaviour information. When you visit our website, we may collect information from you automatically
through cookies or similar technology. While we do not use browsing information to identify you
personally, we may record certain information about your use of our website, such as which pages you
visit, the time and date of your visit and the internet protocol address assigned to your computer.
Insofar as those cookies are not strictly necessary for the provision of our website and services, we will
ask you to consent to our use of cookies when you first visit our website. We may also use ‘cookies’ or
other similar tracking technologies on our website that help us track your website usage and remember
your preferences. Cookies are small files that store information on your computer, TV, mobile phone or
other device. They enable the entity that put the cookie on your device to recognise you across different
websites, services, devices and/or browsing sessions. You can disable cookies through your internet
browser but our websites may not work as intended for you if you do so.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by
a web browser and will remain valid until its set expiry date, unless deleted by the user before the
expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the
web browser is closed.
COOKIES THAT WE USE
We use cookies for the following purposes:
· authentication and status – we use cookies to identify you when you visit our website and as you
navigate our website, and to determine if you are logged into the website
· personalisation – we use cookies to store information about your preferences and to personalise the
website for you
· security – we use cookies [as an element of the security measures used to protect user accounts,
including preventing fraudulent use of login credentials, and to protect our website and services
generally
· advertising – we use cookies to help us to display advertisements that will be relevant to you
· analysis – we use cookies to help us to analyse the use and performance of our website and services
· cookie consent – we use cookies to store your preferences in relation to the use of cookies more
generally.
COOKIES USED BY OUR SERVICE PROVIDERS
Our service providers use cookies and those cookies may be stored on your computer when you visit
our website.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.
Google uses the data collected to track and monitor the use of our Service. This data is shared with
other Google services. Google may use the collected data to contextualize and personalize the ads of
its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing
the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript
(ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web
page: http://www.google.com/intl/en/policies/privacy/
Google AdWords
Google AdWords remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display
Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on –
https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser
Add-on provides visitors with the ability to prevent their data from being collected and used by Google
Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web
page: http://www.google.com/intl/en/policies/privacy/
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page:
https://www.facebook.com/help/164968693837950
To opt-out from Facebook’s interest-based ads follow these instructions from Facebook:
https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by
the Digital Advertising Alliance. You can also opt-out from Facebook and other participating
companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the
Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive
Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile
device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy:
https://www.facebook.com/privacy/explanation
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so
vary from browser to browser, and from version to version. You can however obtain up-to-date
information about blocking and deleting cookies via these links:
https://support.google.com/chrome/answer/95647 (Chrome);
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
https://help.opera.com/en/latest/security-and-privacy/ (Opera);
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
(Internet Explorer);
https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
(Safari); and
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites. If you block
cookies, you will not be able to use all the features on our website.
GENERAL DATA PROTECTION REGULATION (GDPR) FOR THE EUROPEAN UNION (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness,
transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as
defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which
we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any
data collected will be to the extent necessary and not excessive for its purpose. We will keep your data
safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a
contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is
necessary to carry out a public function, a task of public interest or if the function has a clear basis in
law.
We do not collect or process any personal information from you that is considered “Sensitive Personal
Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic
origin unless we have obtained your explicit consent, or if it is being collected subject to and in
accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the
consent of your parent or someone who has parental authority for you. We do not knowingly collect or
process the personal information of children.
YOUR RIGHTS UNDER THE GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information
is obtained and used. We comply with your rights under the GDPR as to how your personal information
is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
· to be informed how your personal information is being used;
· access your personal information (we will provide you with a free copy of it);
· to correct your personal information if it is inaccurate or incomplete;
· to delete your personal information (also known as “the right to be forgotten”);
· to restrict processing of your personal information;
· to retain and reuse your personal information for your own purposes;
· to object to your personal information being used; and
· to object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this
Privacy Policy.
We may ask you to verify your identity before acting on any of your requests.
NOTICE FOR CALIFORNIA RESIDENTS
If you are a visitor or a user from California, you have certain rights which are granted to you under The
California Consumer Privacy Act (“CCPA”) and the California Online Privacy Protection Act
(“CalOPPA”). We are legally bound by the requirements of either or both of these legislative acts when
we fall within the scope of one or both of them.
YOUR RIGHTS
If you are a California resident, you may request that we disclose to you the following information
covering the 12 months preceding your request:
● The categories of personal information that we have collected about you and the categories of
sources from which we collected such personal information
● The business or commercial purposes for collecting such personal information
● The categories of personal information about you that we have disclosed to third parties for a
business purpose and the categories of third parties to whom we have disclosed such personal
information
You, as a resident of California may contact us by using the details in section “Questions and Contacts”
above to obtain copies of any personal information that may have been collected or stored about you,
and request its correction or deletion as may be required and permitted by law. Nevertheless, there
may be legal or other reasons that we will have to decline to honor your request. For example, in cases
if we cannot verify your identity or confirm that the personal information that we maintain relates to you,
or if we cannot verify that you have the authority to make a request on behalf of another individual.
We will not sell or trade any personal information collected from you. Therefore, you do not need to opt
out in order to prevent the sale or trading of personal data.
ENQUIRIES, REQUESTS & COMPLAINTS
Enquiries regarding this Privacy Policy or the personal information we may hold on you, should be
addressed with the Privacy Officer, whose contact details are below.
If you think your personal information, held by us, may have been compromised in any way or you have
any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a
reasonable time, considering the circumstances of your claims. If any corrective action is determined
to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation
and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further
information in relation to any privacy matters, please contact the Office of the New Zealand Privacy
Commissioner, whose contact details are below.
Office of the New Zealand Privacy Commissioner
Telephone 0800 803 909
Email investigations@privacy.org.nz
Postal Address PO Box 10 094, Wellington 6143
Website https://www.privacy.org.nz