Privacy and Data Policy
Last updated: August 2018
EBOSS is committed to respecting the privacy and security of information received from User(s) of our website or services. This Privacy and Data Policy sets out our compliance with both New Zealand privacy laws (including the Privacy Act 1993), and the European Union General Data Protection Regulations (“GDPR”).
We’ve updated our Privacy and Data Policy to ensure that we communicate to Users, in the clearest way possible, how we comply with these legal requirements, how we collect, use, disclose or transfer personal information supplied by Users or collected by us and the ways in which users can protect their privacy.
Our Privacy and Data Policy also specifies other requirements, such as how Users may access, correct and delete information held about them.
By using our services, or accessing our website, Users agree to comply with the terms and conditions of this Privacy and Data Policy and agree that EBOSS may process (i.e. collect, use, store, transfer and disclose) User’s personal information in accordance with this Privacy and Data Policy (as well as for any other use authorised by the User).
Our Privacy and Data Policy explains:
- What information we collect and how;
- How we use personal information;
- Who we share personal information with and why;
- The steps taken to protect personal information under our control;
- Users’ data protection rights;
- Links and connections to third party services;
- International data transfers
- How EBOSS retains and deletes personal information;
- How to access and update personal information; and
- How to contact us.
1. User Consent
EBOSS provides an online architectural product library service. We collect personal information in order to be able to provide and improve our services, and for the other uses described below.
By using our services or providing personal information to us, Users consent to our collection, storage, use and disclosure of personal information (including any sensitive information provided) in accordance with this Privacy and Data Policy.
2. Information we collect
There are three ways we collect information:
- Information Users give us.
- Information we collect when Users use our services.
- Information we collect from third parties.
(a) Information Users give us
In order to use our services, a User must provide us with certain contact and personal information including name, address, phone number, email address, industry specific information and company information. Users may also at times provide financial information.
Users may also provide us with information when they:
- Register product information with us;
- Create User accounts and logins;
- Register for events promoted or hosted by us;
- Subscribe to receive the latest news on our services, and the goods and services of our partners and advertisers; or
- Contact our support team.
Users can always choose not to provide us with personal information, however this may mean that we are unable to supply our services effectively, or at all.
(b) Information we collect from use of our services
All Other Services
We may automatically collect information (which may include personal information) when Users interact with or use our services by visiting our website. This information may include:
Usage information: we collect information about how Users and their system environment interact with our services. Information that may be collected includes:
- Information relating to the features Users use;
- The performance of the services and any problems experienced by Users;
- he pages that Users visit on our website;
- Website content accessed by Users;
- Length of the Users’ stay on a specific page; and
- Browser information.
- Location: when Users use our services (including our website), we may collect and process information about the User’s location. We use various technologies to determine location, including IP addresses.
3. How we use Personal Information
We collect and use personal information in order to be able to provide and improve our services.
We also use personal information to:
- Communicate, interact and build our relationship with Users, including to better understand User needs and interests, and ensure a quality experience for Users;
- Monitor, develop or optimise the performance of our services;
- Provide information and technical support;
- Carry out payment administration;
- Market and make recommendations on our services;
- Allow our partners and advertisers to market, offer promotions and make recommendations to Users;
- Conduct, manage, develop and protect our business;
- Enforce our terms of service or other usage policies; and
- Enable third parties to provide services to us.
For these purposes we may receive, use, store, share, send, combine, transform, organise, update and delete personal information (and undertake any further processing activities expressed or implied in this Policy). The personal information that we collect will not be further processed in ways that are incompatible with the initial purposes for which the data was collected.
4. Who we share Information with
We share information, including personal information, as necessary to provide Users the service requested or authorised. For example, we may share information with:
- Banks and other entities which process payment transactions when a payment is made;
- A purchaser, as part of a corporate transaction such as an acquisition, merger or sale of assets;
- To our partners and advertisers to provide tailored product information and advertising that we believe may be relevant to the User;
- To other third parties, when we have a good faith belief that doing so is necessary to:
- Comply with any applicable law, regulation, legal process or enforceable governmental request;
- Protect our Users;
- Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks;
- Detect, prevent or otherwise address fraud; or
- Protect our rights and property, including enforcing our terms.
From time to time we use third-party data processors to provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with Users’ personal information unless we have instructed them to do so. They will not share Users’ personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We require that our service providers, suppliers and business partners (data processors) agree to keep confidential all information we share with them. While we provide these third parties with no more information than is necessary to perform the function for which we engaged them, Users should be aware that any information provided by the User to these third parties independently/directly is subject to the third parties' respective privacy policies and practices.
5. Steps taken to protect Personal Information
Protecting the security of User personal information is of the utmost importance to EBOSS. We maintain a variety of safeguards and procedures in order to protect personal information from unauthorised access, use, interference, modification or disclosure. For example, Users’ personal information is kept securely in our database, and is protected by SSL encryption. Users’ personal information will only be accessed by people at EBOSS who need to use the information for the purposes discussed above.
Some of our services do however require use of the internet, and the internet is not itself a secure environment. We therefore cannot give an absolute assurance or guarantee that User information will be secure at all times. Transmission of information over the internet or third-party networks is at the User’s own risk. We will notify Users at the first reasonable opportunity if we discover or are advised of a material security breach which has resulted in unauthorised access, disclosure or loss of User personal information.
To help maintain the security of information, Users agree to keep their passwords and account details private and confidential.
6. Users’ data protection rights
Under data protection law, Users have rights regarding the personal information that we hold/collect. The rights available to Users depend on our reason for processing Users’ information. These rights include:
- Right of access: Users have the right to ask us for copies of their personal information. This right always applies.
- Right to rectification: Users have the right to ask us to update or rectify information they think is inaccurate. Users also have the right to ask us to complete information that the User thinks is incomplete.
- Right to erasure: Users have the right to ask us to erase their personal information in certain circumstances.
- Right to restriction of processing: Users have the right to ask us to restrict or cease the processing of their information in certain circumstances.
- Right to data portability: This only applies to information Users have given us. Users have the right to ask that we transfer the information Users have given us from one organisation to another, or give it to the User. This right only applies if we are processing information based on Users’ consent, or under (or in talks about entering into) a contract and the processing is automated.
All requests should be sent to us at firstname.lastname@example.org, and include the words 'ATT: THE PRIVACY OFFICER'. User choices in relation to personal information may affect our ability to provide our services, or the performance of the services. We will respond to Users as soon as reasonably practicable regarding the impact of the User’s requests on the services, any other issues arising and to confirm the User’s intention to proceed. If we are unable to comply with the request, we will give the User reasons for this decision when we respond.
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.
By subscribing to email communications, or otherwise providing an email address, Users consent to receiving emails which promote and market our products and services, or the products and services of others, from time to time.
Users can unsubscribe from our email communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email, or by emailing email@example.com, and include the words 'ATT: THE PRIVACY OFFICER'.
Once a User has unsubscribed from the email communications, the User will be removed from the corresponding email/distribution list as soon as is reasonably practicable.
8. Links and connections to third party services
Disclosure of personal information by Users to third party service providers is at the User’s own risk, and we encourage Users to read the privacy policies applicable to these third-party services. We are not responsible for the security or privacy of any information collected by these third-parties.
9. International data transfers
When we disclose, use or store data, it may be transferred to, and processed in, countries other than New Zealand (for example, some of our employees are currently based in Australia). There may be differences with New Zealand's privacy laws. However, where we disclose personal information to a third party in another country, we place safeguards to ensure Users’ personal information is protected.
For individuals in the European Economic Area (EEA), this means that Users’ personal information may be transferred outside of the EEA. Where Users’ personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have transfer mechanisms in place to protect Users’ personal information (e.g. by ensuring that the recipients of the personal information have agreed to data protection and privacy commitments as specified in the GDPR). For further information, please contact us using the details set out in the contact section below.
10. Retention and deletion of personal Information
The period of time for which we hold personal information that we have collected varies according to what the personal information is used or required for, and whether we have an ongoing need to retain it (for example, to provide Users with a service they have requested or to comply with applicable legal requirements such as financial record-keeping legislation).
Unless there is a legal requirement or justification for us to keep the personal information, we will retain it for no longer than is necessary:
- To provide the services requested by the User;
- As part of our usual business record-keeping practices;
- To fulfil the purpose(s) for which the personal information was originally collected;
- In accordance with our internal retention policies and practices; or
- For any other purpose(s) authorised by the User.
Once personal information is no longer required, the personal information will be deleted, securely destroyed or anonymised.
11. Accessing and updating user Personal Information
Users are responsible for ensuring that personal information provided to us is accurate, complete and up-to-date. This includes personal or sensitive information contained in their User content. We will also take reasonable steps to ensure that any personal information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.
Requests for access to, or the correction of, personal information should be emailed to firstname.lastname@example.org, and include the words 'ATT: THE PRIVACY OFFICER'.
We will process requests as soon as reasonably practicable, provided we are not otherwise prevented from doing so by law. If we are unable to meet a User’s request, we will explain the reasons why when we respond to the User’s request.
12. How to contact us
Please contact us if you have any questions or complaints about this Privacy and Data Policy, if a User wishes to access, update, erase and/or correct personal information, or if a User otherwise has a question or complaint about the manner in which we, our service providers or our partners treat personal information.
Users may write to EBOSS’ Privacy Officer by email, including any supporting documentation, at email@example.com, and include the words 'ATT: THE PRIVACY OFFICER'.
Alternatively, you can write to us at:
Attention: Privacy Officer
91 St Georges Bay Road
We will endeavour to respond within 30 days.
Application of this Privacy and Data Policy
Our Privacy and Data Policy applies to all of the services offered by us. Our Privacyand Data Policy does not cover the information practices of other companies and organisations (such as our partners or advertisers) that supply, contract and advertise using our website.
Changes to this Privacy and Data Policy
We recommend that Users regularly review this Policy to learn how we protect personal information.
In this Policy, unless the context requires otherwise:
- means and includes any natural person, company, corporation, firm, partnership, joint venture, society, organisation or other group or association of persons (whether incorporated or not), trust, state or agency of state, statutory or regulatory body, local authority, government or governmental or semi-governmental body or agency (in each case whether or not having separate legal personality);
- personal information
- means information about an identifiable individual and includes, without limitation, names, addresses, phone numbers, email addresses and IP addresses;
- means all persons accessing our website and/or using the service (including any part of the service), including persons that load and/or manage content on our website or that receive or subscribe for any other paid services;
- User account
- means any User’s account with us;
- we, us, our and EBOSS
- means Quad Concepts Limited, trading as EBOSS.