Privacy Policy

Introduction

This Privacy Policy describes how we ("the Company", "we", "us", or "our") collect, use, disclose, and protect your personal information in accordance with the New Zealand Privacy Act 2020 and the 13 Information Privacy Principles (IPPs).

We are committed to protecting your privacy and handling your personal information in a transparent, fair, and responsible manner. This policy applies to all personal information we collect through our website, services, and business operations.

1. Information We Collect

1.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, postal address, and company details
• Professional Information: Job title, industry, company size, and business requirements
• Account Information: Username, password (encrypted), and account preferences
• Communication Records: Records of your communications with us, including emails, contact forms, and support inquiries
• Technical Information: IP address, browser type, device information, operating system, and browsing behavior on our website
• Usage Data: Information about how you interact with our website and services
• Marketing Preferences: Your preferences for receiving marketing communications

1.2 Sensitive Information

In the course of providing data consulting services, we may handle sensitive business data on behalf of our clients. We implement strict security measures and contractual obligations to protect this information.

2. How We Collect Information

We collect personal information through:

• Direct Interactions: When you contact us, request services, subscribe to newsletters, or create an account
• Website Usage: Automatically through cookies and similar tracking technologies when you visit our website
• Third Parties: From business partners, marketing platforms, and publicly available sources
• Service Delivery: During the provision of consulting services and project work

3. Purpose of Collection and Use

We collect and use your personal information for the following purposes:

• Service Delivery: To provide data consulting services, analytics, and technical solutions
• Client Communication: To respond to inquiries, provide support, and manage client relationships
• Contract Management: To enter into and fulfill contractual obligations
• Marketing: To send newsletters, promotional materials, and service updates (with your consent)
• Website Improvement: To analyze usage patterns and improve our website and services
• Legal Compliance: To comply with legal obligations and regulatory requirements
• Security: To protect against fraud, unauthorized access, and security threats
• Business Operations: To manage our internal operations, including recruitment and vendor management

4. Legal Basis for Processing

We process personal information based on:

• Consent: Where you have explicitly agreed to our use of your information
• Contract Performance: Where processing is necessary to fulfill contractual obligations
• Legal Obligation: Where we are required by law to process your information
• Legitimate Interests: Where processing serves our legitimate business interests while respecting your privacy rights

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Website hosting and maintenance
• Email delivery and marketing automation
• Analytics and performance monitoring
• Payment processing
• Cloud storage and computing services
• Customer relationship management (CRM)

5.2 Business Partners

We may share information with technology partners and strategic alliances to deliver integrated solutions, with appropriate data protection agreements in place.

5.3 Legal Requirements

We may disclose information when required by law, including:

• Compliance with court orders or legal processes
• Responding to government or regulatory requests
• Protecting our legal rights and interests
• Preventing fraud or investigating security incidents

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Cross-Border Data Transfers

Some of our service providers are located outside of New Zealand. When we transfer personal information overseas, we ensure that the recipient:

• Is subject to privacy laws that provide comparable safeguards to the Privacy Act 2020
• Has agreed to contractual obligations that protect your personal information
• Participates in recognized privacy frameworks and certifications

We primarily work with service providers in jurisdictions recognized as providing adequate protection, including the European Union, United Kingdom, Australia, and other approved countries.

7. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: Data in transit is protected using SSL/TLS encryption
• Access Controls: Role-based access and authentication requirements
• Secure Storage: Encrypted storage solutions and secure data centers
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Regular privacy and security training for all personnel
• Incident Response: Procedures for detecting and responding to security breaches

Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy:

• Client Data: Retained for the duration of the business relationship and for 7 years thereafter for legal and accounting purposes
• Marketing Data: Until you unsubscribe or withdraw consent, after which it is deleted within 30 days
• Website Analytics: Aggregated data retained for up to 26 months
• Legal Records: As required by New Zealand law and regulatory requirements

After the retention period expires, we securely delete or anonymize personal information in accordance with our data retention schedule.

9. Your Privacy Rights

Under the Privacy Act 2020, you have the following rights regarding your personal information:

9.1 Right to Access

You can request access to the personal information we hold about you. We will provide this information within 20 working days of your request, free of charge for the first request.

9.2 Right to Correction

You can request that we correct any inaccurate, incomplete, or out-of-date personal information. We will make corrections promptly and notify any third parties to whom we have disclosed the information.

9.3 Right to Deletion

You can request deletion of your personal information, subject to legal and contractual obligations that may require us to retain certain records.

9.4 Right to Object

You can object to the processing of your personal information for marketing purposes or where processing is based on legitimate interests.

9.5 Right to Withdraw Consent

Where we process your information based on consent, you can withdraw that consent at any time.

9.6 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer using the details provided below.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website performance. For detailed information about our use of cookies, please see our Cookie Policy.

11. Marketing Communications

We may send you marketing communications about our services, insights, and events. You can:

• Opt-out at any time by clicking the "unsubscribe" link in our emails
• Update your marketing preferences through your account settings
• Contact us directly to remove you from marketing lists

Even if you opt out of marketing communications, we may still send you service-related messages (e.g., account notifications, security alerts).

12. Children's Privacy

Our services are designed for business users and are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

13. Privacy Breaches

In the unlikely event of a privacy breach that is likely to cause serious harm, we will:

• Notify the Office of the Privacy Commissioner without undue delay
• Notify affected individuals where required by law
• Take immediate steps to contain and remediate the breach
• Implement measures to prevent future occurrences

14. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

• Post the updated policy on our website with a revised "Last Updated" date
• Notify you of significant changes via email or prominent website notice
• Obtain your consent where required for material changes

We encourage you to review this policy periodically to stay informed about how we protect your information.

16. Privacy Officer and Contact Information

We have designated a Privacy Officer responsible for overseeing compliance with this Privacy Policy and the Privacy Act 2020.

Privacy Officer Contact Details:

• Email: privacy@enterprisedatasolutions.co.nz
• Phone: +64 3 123 4567
• Postal Address: Enterprise Data Solutions, 123 Colombo Street, Christchurch Central, Christchurch 8011, New Zealand

If you have questions, concerns, or requests regarding your personal information or this Privacy Policy, please contact our Privacy Officer. We will respond to your inquiry within 20 working days.

17. Complaints

If you believe we have breached the Privacy Act 2020 or handled your personal information inappropriately, you can:

1. Contact our Privacy Officer using the details above to lodge a complaint
2. We will investigate your complaint and respond within a reasonable timeframe
3. If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner:

• Website: www.privacy.org.nz
• Phone: 0800 803 909
• Email: enquiries@privacy.org.nz

18. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of New Zealand. Any disputes relating to this policy will be subject to the exclusive jurisdiction of the New Zealand courts.