MSP Assist Limited (NZBN: 9429030451704) (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect your personal information.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
CHANGES TO THIS POLICY
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 20 October 2022.
WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM
We collect personal information about you from:
- you, when you provide that personal information to us, including via the website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products
- third parties where you have authorised this or the information is publicly available.
If possible, we will collect personal information from you directly.
HOW WE USE YOUR PERSONAL INFORMATION
We will use your personal information:
- to verify your identity
- to provide services and products to you
- to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose)
- to improve the services and products that we provide to you
- to undertake credit checks of you (if necessary)
- to bill you and to collect money that you owe us, including authorising and processing credit card transactions
- to respond to communications from you, including a complaint
- to conduct research and statistical analysis (on an anonymised basis)
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by you or the Act.
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to:
- another company within our group
- any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products
- a credit reference agency for the purpose of credit checking you
- other third parties (for anonymised statistical information)
- a person who can require us to supply your personal information (e.g. a regulatory authority)
- any other person authorised by the Act or another law (e.g. a law enforcement agency)
- any other person authorised by you.
- A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.
PROTECTING YOUR PERSONAL INFORMATION
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at [insert email address]. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
YOUR RIGHTS UNDER GDPR
This section summarises the rights of data subjects based in the European Union under the General Data Protection Regulation (GDPR). This summary does not set out all the rights and remedies available and you should read and keep apprised of changes in the relevant laws and regulations.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure (the “right to be forgotten”);
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. An initial electronic copy will be provided in CSV format free of charge, but additional copies may be subject to a reasonable fee.
Where any personal data retained by us is inaccurate, out of date, irrelevant or misleading you have the right to have that personal data rectified and have any incomplete personal data about you completed.
In certain circumstances you have the right to request the erasure of your personal data. This is not an absolute ‘right to be forgotten’ but is a right to have personal data erased and to prevent processing in circumstance where: the personal data is no longer necessary in relation to the purposes for which it was originally collected or processed; you withdraw consent to consent-based processing; you object to the processing under the GDPR and there is no overriding legitimate interest for continuing the processing; ; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However we may refuse your request for erasure where the personal data is processed to exercise the right of freedom of expression and information; to comply with a legal obligation for performance of a public interest task or exercise of official authority or the exercise or defence of legal claims. Upon a valid request for erasure, we will:
- disable your account;
- immediately flag your account for permanent deletion; and
- delete your personal data from our databases within 72 hours.
You may have the right to restrict the processing of your personal data where:
- the accuracy of the data is contested (for as long as the accuracy is unverified);
- where the processing is unlawful but you are opposed to exercising your right of erasure;
- where we no longer need the personal data for the original purpose, but we require the data to establish, exercise or defend legal rights; or
- where verification of overriding grounds is pending, in the context of a request for erasure.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
In any case where you believe that the processing of your personal information may infringe data protection laws, you have the legal right to lodge a complaint with the relevant authority. Where you are a EU citizen, you may elect to lodge your complaint in the EU member state of your habitual residence, your place of work or the locality of any alleged infringement.
Where our processing of your personal information is based on your consent, you may withdraw that consent at any time. Any such withdrawal shall not affect the legal basis of any processing of data that occurred prior to the date of the withdrawal.
If you wish to exercise any of your rights in relation to your personal data you may do so by notice to us in writing
- by email using the email address published on our website from time to time.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you post your personal information on the website’s [message board/ chat room], you acknowledge and agree that the information you post is publicly available.