We love a challenge
If you’ve got a big idea or a new project in mind, we’d love to help. Let’s chat.
The internet offers the chance to collect information about site users. This information can be personally identifiable information (“PII”) or aggregated information. However, your privacy is important to us at SeventyTwo Digital Limited (SeventyTwo) and we want to be sure that you understand the terms and conditions relating to the way in which we collect information and the use of that information. This Privacy Policy outlines what information we collect, what we do with it and your rights to view, correct or change it.
The Office of the Privacy Commissioner (www.privacy.org.nz) provides further details of the NZ privacy Act 1993 and how it protects personal information in NZ.
With the passing of the privacy legislation (including subsequent updates), the government introduced legislation to protect personal information about individuals. The Privacy Act 2020 (“the Act”) incorporates the New Zealand’s Privacy Principles (NZPP’s) covered in Part 2 of the Act. These principles apply to private sector organisations who deal with information relating to individuals. This legislation is designed to protect personal information about individuals and sets in place a framework and guidelines about how to deal with this information.
As at 25 May 2018, the EU General Data Protection Regulation (“GDPR”) was introduced providing increased transparency for data protection for all businesses transferring data to the Europe Union “EU”. While the GDPR and the NZPP share some similarities, SeventyTwo Digital Limited is providing robust privacy policies and procedures for its staff and clients. This includes ensuring that it conforms to all required NZPP’s including the provision of a clearly expressed and readily available Privacy Policy. This is completed by the provision of this Privacy Policy Manual.
An NZPP privacy policy is a key tool for meeting NZPP 1’s requirements.
To assist with this compliance, SeventyTwo Digital Limited ensures that all of its staff members adhere to these policies and procedures. Any breaches of these policies and procedures must be reported to the relevant staff member’s manager or supervisor immediately so that any appropriate measures can be taken to mitigate any issues surrounding an identified breach.
Every staff member of SeventyTwo Digital Limited who handles personal information is required to have an understanding of the New Zealand Privacy Principles (NZPP’s), the Act and the GDPR, where necessary. Where a more detailed knowledge of SeventyTwo Digital Limited’s rights and responsibilities is required, the Privacy Officer will be able to provide assistance.
All staff is encouraged to discuss privacy issues with the nominated Privacy Officer.
Formal review of this privacy policy shall be undertaken on a 6 monthly basis with the details of this review recorded by the Privacy Officer.
The Privacy Act 2020 and the Credit Reporting Privacy Code 2004 places obligations and responsibilities on employers and employees to ensure that information collected from individuals is collected, retained and used in line with the NZPP’s. SeventyTwo Digital Limited shall abide by the following NZPP’s at all times:
NZPP No. |
|
NZPP 1 to 4 |
governs the reason for collection of personal information, where personal information may be collected from, and how it is collected. |
NZPP 5 |
governs how personal information should be stored. |
NZPP 6 |
governs that individuals have access to the personal information held about them. |
NZPP 7 |
governs that if an individual requests changes to their personal information held about them then it should be done unless there are grounds not to do so. |
NZPP 8 – 11 |
govern how personal information is used or disclosed. |
NZPP 12 |
governs how personal information is used or disclosed outside of New Zealand |
NZPP 13 |
governs that an individual’s bank number, IRD number, drivers licence number, passport number etc cannot be used to identify an individual between agencies, unless authorisation is granted to SeventyTwo Digital Limited to enable them to complete their performance of any Services to be provided. |
Further information regarding the NZPP’s can be obtained from the office of the Privacy Commissioner at www.privacy.org.nz. A full copy of the Privacy Principles is attached as Appendix B.
In the event of any potential data breach that is likely to result in serious harm to any individuals whose personal information is involved in the breach, SeventyTwo Digital Limited’s Privacy Policy Manual provides a data breach preparation and response to any potential breaches to ensure compliance under the Act.
Upon the implementation of the GDPR on 25 May 2018, SeventyTwo Digital Limited has updated the way they use and collect personal data from residents in the EU. This involves, identifying SeventyTwo Digital Limited’s data protection officer (“Privacy Officer”), how clients can contact the Privacy Officer and identifying the process of transferring client’s personal information. Further, the implementation of cookies notices on SeventyTwo Digital Limited’s website has been activated to ensure SeventyTwo Digital Limited’s clients have adequate protection in providing consent to SeventyTwo Digital Limited in withholding their personal data.
SeventyTwo Digital Limited collects personal information for a variety of reasons. This personal information will be collected in the normal course of business and will relate to Goods and/or Services that are provided by SeventyTwo Digital Limited to clients. This information collected will be done so in the course of business where the client is a customer of SeventyTwo Digital Limited or when the client acts as a guarantor for another person or company that is a client of SeventyTwo Digital Limited. SeventyTwo Digital Limited will not collect information that is not relevant or sensitive in nature unless it is required in the normal course of business.
The personal information that is collected may include, but will not be limited to the following;
The client acknowledges that provided the correct Privacy Act disclosures have been made that SeventyTwo Digital Limited may conduct a credit report on the client for the purposes of evaluating the credit worthiness of the client.
SeventyTwo Digital Limited ensures that all personal information is held in a secure manner. Where applicable and to the best of SeventyTwo Digital Limited’s knowledge all computers or servers have the required security protections in place to safeguard and protect any personal information that is held by SeventyTwo Digital Limited.
We use cookies on our website. Cookies are small files which are stored on your computer. They are designed to hold a modest amount of data (including personal information) specific to a particular client and website, and can be accessed either by the web server or the client’s computer. In so far as those cookies are not strictly necessary for the provision of SeventyTwo Digital Limited’s Services, we will ask you to consent to our use of cookies when you first visit our website.
In the event that you utilise our website for the purpose of purchases/orders, SeventyTwo Digital Limited agrees to display reference to cookies and /or similar tracking technologies, such as pixels and web beacons (if applicable), and requests consent for SeventyTwo Digital Limited collecting your personal information which may include:
If you consent to SeventyTwo Digital Limited’s use of cookies on our website and later wish to withdraw your consent, you may manage and control SeventyTwo Digital Limited’s privacy controls through your browser, including removing cookies by deleting them from your browser history when you leave the site.
SeventyTwo Digital Limited also regularly conducts internal risk management reviews to ensure that its infrastructure (to the best of its knowledge) is secure and any identifiable risks have been mitigated as much as they can be in the normal course of business.
In accordance with the Act SeventyTwo Digital Limited is aware of its responsibilities to notify its clients in the event of a potential data breach that may cause serious harm to clients. Further, in the event the client is located in the EU, SeventyTwo Digital Limited acknowledges that any potential data breaches will be safeguarded by the provisions of the GDPR.
SeventyTwo Digital Limited will collect and process personal information in the normal course of business. This personal information may be collected and processed (but is not limited to) by any of the following methods;
Where relevant to data processing as per the GDPR, and in particular where SeventyTwo Digital Limited uses new technologies, and takes into account the nature, scope, context and purposes of processing and considers that the data processing is likely to result in a high risk to the rights and freedoms of natural persons, the Privacy Officer shall, prior to the processing of personal information, carry out an assessment of impact of the envisaged processing operations by way of a protection impact assessment. The data protection assessment will be required in instances whereby:
The assessment shall be carried out in accordance with Article 35 (7) of the GDPR and carry out reviews of such data protection impact assessments when there is any change of the risk associated with the processing of personal information.
As a client of SeventyTwo Digital Limited and agreeing to SeventyTwo Digital Limited’s Terms and Conditions of Trade, which includes of SeventyTwo Digital Limited’s privacy policy you hereby agree and consent to the provisions of this Privacy Policy Manual, including but not limited to the collection, processing, use and disclosure of your personal information. In the event that you withdraw your agreement and consent to any of the above use, processing collection and disclosure, then SeventyTwo Digital Limited warrants that any request by you to withdraw your consent or agreement shall be deemed as confirmation by you to cease any and/or all collection use, processing and disclosure of your personal information. You may make a Request to withdraw your consent at anytime by telephone and/or by e-mail to the following contact details;
The Privacy Officer
SeventyTwo Digital Limited
Unit 4 / 23 Hall Street
Pukekohe
AUCKLAND 2120
(09) 239 0389
SeventyTwo Digital Limited will ensure that any Information that is to be obtained from you is done so verbally or by using SeventyTwo Digital Limited’s prescribed forms which;
Authorise SeventyTwo Digital Limited:
It is the responsibility of SeventyTwo Digital Limited to ensure that any personal information obtained is as accurate and up to date as possible and information is only collected by lawful means in accordance with the Act and relevantly, in accordance with the GDPR.
SeventyTwo Digital Limited will not pass on your personal information to third parties without first obtaining your consent.
In accordance with the Act, including the GDPR (where relevant), personal information can only be used by SeventyTwo Digital Limited for the following purposes:
Relationship With Credit Reporter - In the event that notification of a default has been reported to a Credit Reporter and your credit file has been updated (including any changes to the balance outstanding or contact details), then the Credit Reporter shall be notified as soon as practical of any such changes.
SeventyTwo Digital Limited will only gather information for its particular purpose (primary purpose). In accordance with the Act, including the GDPR (where relevant) SeventyTwo Digital Limited will not disclose this information for any other purpose unless this has been agreed to by both parties.
You shall have the right to request from SeventyTwo Digital Limited a copy of all the information about you that is retained by SeventyTwo Digital Limited. You also have the right to request (by telephone and/or by e-mail) that SeventyTwo Digital Limited correct any information that is incorrect, outdated or inaccurate.
Any requests to receive your personal information or to correct personal information should be directed to the following contact details;
The Privacy Officer
SeventyTwo Digital Limited
Unit 4 / 23 Hall Street
Pukekohe
AUCKLAND 2120
(09) 239 0389
SeventyTwo Digital Limited will destroy personal information upon your request (by telephone and/or by e-mail) or when the personal information is no longer required. The exception to this is if the personal information is required in order for SeventyTwo Digital Limited to fulfil their performance of Services or is required to be maintained and/or stored in accordance with the law.
You can make a complaint to SeventyTwo Digital Limited’s internal dispute resolution team (‘IDR’) regarding an interference with and/or misuse of your personal information by contacting SeventyTwo Digital Limited via telephone or e-mail.
Any complaints should be directed to the following contact details in the first instance;
The Privacy Officer
SeventyTwo Digital Limited
Unit 4 / 23 Hall Street
Pukekohe
AUCKLAND 2120
(09) 239 0389
In your communication you should detail to SeventyTwo Digital Limited the nature of your complaint and how you would like SeventyTwo Digital Limited to rectify your complaint.
We will respond to that complaint within 7 days of receipt and will take all reasonable steps to make a decision as to the complaint within 30 days of receipt of the complaint.
We will disclose information in relation to the complaint to any relevant credit provider and or Credit Reporting Body that holds the personal information the subject of the complaint.
In the event that you are not satisfied with the resolution provided, then you can make a complaint to the Privacy Commissioner at http://www.privacy.org.nz.
SeventyTwo Digital Limited does not disclose information about the client to third party overseas recipients unless the client has provided its consent. SeventyTwo Digital Limited will notify you if circumstances change regarding overseas disclosure and will comply with the Act and the GDPR in all respects.
Unless otherwise agreed, SeventyTwo Digital Limited agrees not to disclose any personal information about the client for the purpose of direct marketing. You have the right to request (by telephone and/or by e-mail) that SeventyTwo Digital Limited does not disclose any personal information about you for the purpose of direct marketing.
This Privacy Policy manual is available to all clients of SeventyTwo Digital Limited. It will be made available (where applicable) on SeventyTwo Digital Limited’s website.
This manual will also be available upon request at SeventyTwo Digital Limited’s business premises and is available to be sent to you if required.
If you require a copy of this Privacy Policy please make a request utilising the following contact information in the first instance:
The Privacy Officer
SeventyTwo Digital Limited
Unit 4 / 23 Hall Street
Pukekohe
AUCKLAND 2120
(09) 239 0389
SeventyTwo Digital Limited has appointed an internal Privacy Officer to manage its privacy matters. The name of this officer is available by making contact with SeventyTwo Digital Limited. The privacy officers duties include (but are not limited to) the following:
The Privacy Officer needs to be familiar with the NZPP’s. Educational material is available from the office of the Privacy Commissioner which explains what SeventyTwo Digital Limited needs to know in order to comply with the Privacy Act.
If a person complains to the Privacy Commissioner that SeventyTwo Digital Limited has breached their privacy, the Privacy Commissioner may contact the Privacy Officer to discuss the complaint, and to see whether there is any means of settling the matter. The Privacy Officer shall provide whatever assistance is necessary. The Privacy Officer may be asked to provide background information or identify the staff members who can do so.
In the event that a complaint about privacy issues is received the Privacy Officer will:
In the event that a complaint about privacy issues is received via a credit reporter the Privacy Officer will:
The Privacy Officer shall ensure that SeventyTwo Digital Limited’s documentation complies with the Privacy Act and Credit Reporting Privacy Code at all times.
(Rules 6 and 7 and clause 8)
The Credit Reporting Privacy Code 2004 is issued under the Privacy Act 2020. It promotes fairness, accuracy, and privacy in the practice of credit reporting. Credit reporters gather and sell information about you such as a failure to pay your bills or if you have been made bankrupt.
You can find the complete text of the Code here
http://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23223.html
The Code, together with the Act, gives you specific rights, many of which are summarised below.
A credit reporter can only collect certain classes of information, set out in the Code, for its credit reporting database. A credit reporter will generally report information for no longer than 5 – 7 years: the actual retention periods are required to be displayed on each credit reporter’s website.
The Code limits the people who can gain access to your credit information. These will usually be credit providers who are considering your application for credit, but in some strictly defined situations the information may be available to prospective landlords, employers or insurers, to debt collectors, to those involved in court proceedings and to certain public sector agencies.
Most credit checks can only take place with your authorisation. This applies to access by credit providers, prospective landlords and prospective employers. Your authorisation may not be required for access by certain public sector agencies, those involved in court proceedings and debt collectors. The credit reporter is required to log each access that is made to your information and will normally disclose this information to you on request.
You are entitled to request a copy of the credit information held about you by a credit reporter. You can ask for just the information contained in your credit report or for all the information held about you (which may include additional information, such as a more complete list of those who have accessed your report). If you want the information quickly (within 5 working days) you may be required to pay a reasonable charge, but otherwise no charge may be made. A credit reporter must take precautions to check the identity of anyone making a personal access request. This may involve asking you for certain identification details, although these cannot be added to the credit reporter’s database without your authorisation.
Credit reporters must take reasonable steps to ensure the accuracy of the information they hold and must act promptly to correct any errors they become aware of. If you tell a credit reporter that your report contains an inaccuracy, the credit reporter must take steps to correct it. This will usually involve checking the information you provide with the source, such as a creditor who submitted a default. While the checking process is under way, the credit reporter must flag your credit report to show that the item has been disputed. The credit reporter must, as soon as reasonably practicable, decide whether to make the correction you have requested or to confirm the accuracy of the information. If the credit reporter needs longer than 20 working days to make a decision it must notify you of the extension and the reasons for it. If the requested correction is not made you must be told the reason and you may ask to have a statement of the correction sought but not made, attached to the relevant information. This statement will be included with future reports. If a correction is made or a correction statement is added, the credit reporter must inform anyone who has recently received your credit report of the change. They must tell you what they have done and provide you with a copy of the amended report. A credit report describes your credit history, not simply your current debts. Information about a bankruptcy that has been discharged or a default that has subsequently been paid in full can continue to be reported, provided it is updated to reflect the later developments, as it remains an accurate statement of those historical events.
Each credit reporter must maintain an internal complaints procedure and have a designated person to facilitate the fair, simple, speedy and efficient resolution of complaints. If you believe a credit reporter has breached the Code you should first approach them directly. If your complaint is not resolved you may complain to the Privacy Commissioner who has statutory powers to investigate the matter. Some cases that cannot be settled can be taken to the Human Rights Review Tribunal for final determination. Other civil law remedies may also be available including defamation and negligence.
SeventyTwo Digital Limited
Unit 4 / 23 Hall Street
Pukekohe
AUCKLAND 2120
Phone (09) 239 0389
Office of the Privacy Commissioner
PO Box 10094, The Terrace
WELLINGTON 6143
Fax (04) 474 7595
Warning: This is only a generalised summary. In the event of a discrepancy between this summary and a provision of the code or Act, the code or Act prevails.
In some cases agencies are authorised or required by other legislation to collect, use, retain, or make available, personal information, and in most cases where an agency collects, uses, retains or makes available personal information in accordance with such legislation this will not amount to a breach of the Privacy Act. (IPP’s10 & 11 of the Privacy Act 2020).
Purpose of collection of personal information
Source of personal information
Collection of information from subject
Manner of collection of personal information
An agency may collect personal information only—
Storage and security of personal information
An agency that holds personal information must ensure—
Access to personal information
Correction of personal information
Accuracy, etc., of personal information to be checked before use
An agency that holds information must not use or disclose that information without taking any steps that are, in the circumstances, reasonable to ensure that the information is accurate, up to date, complete, relevant, and not misleading.
Agency not to keep personal information for longer than necessary
An agency that holds personal information must not keep that information for longer than is required for the purposes for which the information may lawfully be used.
Limits on use of personal information
Limits on disclosure of personal information
Disclosure of personal information outside New Zealand
Unique identifiers
If you’ve got a big idea or a new project in mind, we’d love to help. Let’s chat.