Our purpose, scope and commitment.
This policy seeks to ensure that personal information managed by the Company is handled in a way that is legally compliant, ethical and adheres to industry best practice.
Personal information is in general terms, any information about an identifiable individual.
This policy is for customers of the Company. For the purpose of this policy, “the Company”, “we”, “our”, or “us” means the New Zealand privately listed company: Circini; and extends to include any related entities where they engage directly with customers.
Where local legislation, regulations or governing authorities differ in the application and or interpretation of privacy requirements, those rulings shall supersede those set out in this policy. The Company will update this policy when our information handling practices change, or when required. Any revised policy will take effect when it is published on our website.
Privacy obligations relating to staff are addressed separately within Circini internal policies.
1. The kinds of personal information we collect;
The information collected by the Company will depend on the products, services or information you ask us to provide to you, and the nature of the dealings you have with us. This will include (but is not limited to) information to confirm your identity, and contact details such as your email. In establishing a customer relationship additional information related to date of birth and contact details such as your physical address and/or mailing address and contact phone numbers.
By providing the Company with your personal information, you consent to us using and disclosing it for the purposes set out in this policy.
2. How we collect personal information;
Where we can, we will collect information directly from you. Such information is collected in a number of ways including but not limited to:
a) When you make an enquiry or contact us directly.
b) Through your communication with us which may include emails, letters, phone conversations, meetings, or other correspondence between you and our representatives.
c) Through other interactions with our websites, social media or direct marketing.
d) When you otherwise interact with the Company or disclose personal information to it.
As well as collecting information directly from you; where required, we also collect information from third parties in circumstances where we have your consent, are legally required to do so or permissible business requirement to do so. Examples of third parties include credit reporting agencies, law enforcement agencies and other government entities.
3. Cookies and how we use them;
The information collected by these tools may include geolocation data, the IP address of the device you are using and information about websites that IP address has come from, the pages accessed on our website and the next website visited. We may use and combine this information to maintain, secure and improve our websites, enhance your experience when using our websites, display and deliver relevant content, services and advertising and understand the effectiveness of our marketing and advertising.
If you want to prevent cookies being used, you can change your browser settings to disable cookies. However, you may not be able to access all or parts of our websites, or you may experience reduced functionality when accessing certain services.
4. How we store and secure personal information;
We keep your hard-copy or electronic records on our secured premises and systems or offsite using trusted third parties. Our security safeguards include:
a) Staff education
We train and regularly remind our staff of their obligations with regard to your information.
b) Destroying data when no longer required
Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).
c) The purposes we collect, store, use and disclose personal information
We collect, use, disclose, store and retain your personal information so that we can carry out our business activities and functions and to provide you with our services. The type of information about you that we will collect, use, disclose, store and retain will depend on our relationship with you, the types of products or services you request from us and our legal obligations.
The purposes for which we collect, store, use and/or disclose personal information is so that we can:
- establish your identity and provide products and services to you;
- send information and communications requested by you;
- manage our relationship with you while conducting and improving our businesses and improving customer experience;
- manage our risks and help identify and investigate illegal activity, such as fraud;
- to update our records and ensure contact details are up to date; and/or
- comply with our legal obligations and assist government and law enforcement agencies or regulators where required.
5) Accidental disclosure;
In the event of a privacy breach where there has been unauthorised or accidental access to personal information, or disclosure, alteration, loss, or destruction of personal information, we will take reasonable steps to immediately contain the breach. All breaches are immediately notified to our Privacy Officer and our Managing Director.
If the privacy breach has caused serious harm to someone (or is likely to do so), we will notify the Office of the Privacy Commissioner as soon as possible as per our obligations under the Privacy Act 2020.
If a notifiable privacy breach occurs, we will notify people affected by the privacy breach. This will happen as soon as possible after we become aware of the privacy breach.
6. Access and correction of personal information;
If you wish to seek access to the personal information we may hold about you, please contact our Privacy Officer using the contact details set out below. Where we hold information that you are entitled to access, we will try to provide you with a suitable and secure means of accessing it such as via direct email.
Where you are not entitled to access personal information under the Privacy Act, for example if it would breach or have the potential to breach another individual’s privacy rights, we will provide a reason for the refusal.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Depending on the nature of the changes requested, we may ask for further confirmation of identity and/or that the request is submitted in writing for audit and compliance purposes.
7. Complaints process;
If you believe that we have breached, or potentially breached our privacy obligations, please contact the Privacy Officer in the first instance using the contact details set out below. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.
8. Disclosure to third parties;
We may disclose your personal information with third parties where this is permitted by law or for any of the purposes mentioned in section 5.
Third parties include:
- Parties to whom we outsource certain functions (e.g. financial institutions).
- Auditors, compliance regulators, government agencies and departments.
- Any other third party with your prior authorisation for such disclosure.
9. Contact us;
Phone: 0800 000 794
Office: Level 9, 35 Victoria Street, Wellington