Privacy Policy

This Privacy Policy was last updated on:

August 22, 2024

VisTab Limited (we, us or our) adheres to the New Zealand Privacy Act 2020 when dealing with personal information.

1. Scope of this Policy

1.1 VisTab Limited provides Services which enable our customers to upload information they have collected, which may include Personal Information. This Policy sets out how we collect, hold, use and disclose any Personal Information we receive.

1.2 If you are using our services or you consent to one of our customers using our services to collect, hold, use and disclose your Personal Information, then you agree to us collecting, holding, using and disclosing your Personal Information in accordance with this Policy and the New Zealand Privacy Act 2020.

1.3 To the extent that we are collecting, holding, using and disclosing Personal information, we are acting only as the agent of our customers for the purposes of the New Zealand Privacy Act 2020 and any other applicable privacy law.

2. Definitions and Interpretation in this Policy

Customer: The entity that has subscribed for the Subscription that you rely on to access and use our Services.

Personal Information: The information about an identifiable individual.

Services: All products and services we provide from time to time and includes the Website, our Web Portal and our mobile app.

Subscription: Any subscription for our Services.

User: Any person who uses our Services by relying on the same Subscription as our customer. By way of example only, a User may include an office administrator or site manager.

Website: The website at the domain "vistab.co.nz" or any other website operated by us.

3. Collection of Personal Information

3.1 Personal data may be collected, stored and used when visiting our website or placing an order. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will only be used in ways described in this policy.

  • When visiting our website, using our services or if you contact us via phone, email or chat: If you choose to contact us through either of these sources, information you provide such as your name, email address or phone number and any other information you choose to provide us with will also be stored. If you click a link on our website which redirects you to an affiliates website (or third-party website) you should take the time to read the privacy notice on the affiliates (or third-party) website before providing any personal information. Our web servers gather your IP address and other device identifying data to assist with the diagnosis of problems or support issues with our services.
  • Account registration: When registering for an account, details that you provide to us to create a user account and provide you with access to our services. The registration requires you to provide us with personal contact information, such as your name and email address.
  • Online Order: When ordering from our shop, your name, address, email, phone number and any other information you choose to provide us with will also be stored.
  • Payment information: When paying for your subscription online, your financial information is directed to our third-party payment processor. We do not store your financial data on our systems.
  • If you are visiting our premises: If you are a visitor who has signed into our application, the information provided, such as your name, your company, whom you are visiting and other information that we request.
  • Visiting our customer's premises: If you are signing into our application whilst visiting one of our customers this policy does not apply to you, instead you should defer to their privacy notice. They are acting as the ‘Controller’ of the data. This means they collect information necessary for the purposes of your visit to their premises. If you want to exercise your rights with the data they hold you should contact them directly.
  • Other: Third parties where you have authorised this or the information is publicly available

4. How we may use Personal Information

(a) to verify your identity

(b) to manage and provide services and products to you

(c) to respond to communications from you

(d) to improve our services and products that we provide to you

(e) to bill you and to collect money that you owe us, including authorising and processing credit card transactions

(f) to protect and/or enforce our legal rights and interests, including defending any claim

(g) to monitor use and performance of our services

(h) to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose)

(i) for any other purpose authorised by you (the New Zealand Privacy Act or other applicable law)

5. Who we disclose Personal Information to

We may disclose your Personal Information to:

(a) any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products or that assists us with our marketing and customer care activities described in this policy

(b) any user that the customer expressly permits to access that information. We will not grant access to any user (or subsequently revoke that access) without our customer's written consent.

(c) a person who can require us at law to supply your Personal Information (e.g. regulatory authority)

(d) any other person with your consent (whether such consent is given directly to us or indirectly via our customer)

(e) other third parties (for anonymised statistical information)

5.1 We won't sell your personal information to third parties without your express consent.

6. How we store and protect Personal Information

6.1 We have put in place appropriate security, privacy and technical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

These include:

(a) using encryption to protect your information when it's in transit, storing it in AWS in an encrypted format, and using secure tokens for authentication

(b) engaging an independent third party on an annual basis to review our security measures and make recommendations for improvement if required

(c) password protecting your access to our Web Portal. It is your responsibility to keep the password safe. MFA is available.

6.2 A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.

6.3 While we take reasonable steps to maintain secure internet connections, the internet is not a secure environment and we cannot give you absolute assurance that any information provided over the internet will be secure at all times. Accordingly, where you provide Personal Information about any person to us over the internet, you do so at your own risk.

6.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data retention

7.1 We retain Personal Information for as long as your account is active. Once the subscription has come to an end, we will delete the relevant Personal Information after 12 months or sooner if you let us know.

We will also delete Personal Information when we are no longer required or need to hold it.

8. Third-party websites

8.1 The Services (and in particular the Website) may contain links to third party websites. If you follow a link to a third party website, we take no responsibility for the privacy practices or content of that website.

9. Cookies

9.1 Cookies are small files that a website can send to your computer which can be stored on your hard drive or in memory. Cookies store information about your preferences on a particular website and remain on your computer once you have exited from that website.

9.2 We use cookies on our Website and other technical measures (including Google Analytics and Google Ads) to help us improve our Website and to tailor advertising to you.

How Google uses data when you use their partners’ sites or apps can be found at https://www.google.com/policies/privacy/partners/

9.3 We also use cookies in relation to our Web Portal, these do not contain any personal information or information that could be used to identify you.

9.4 You can set your browser to refuse cookies, or to notify you when you receive a cookie and to give you the opportunity to accept or refuse the cookie. However, if you refuse our cookies, certain features of our Website or our Web Portal may not function properly.

10. Purpose of processing

10.1 Your data will be processed only for specified, explicit and legitimate purposes. We collect and process the personal data detailed in this policy.

10.2 We may, from time to time, use your personal data for reporting and for making improvements to our services; in such instances we will always ensure an individual cannot be identified.

10.3 Your personal data may be transferred to our trusted third party processors, this will be for purposes such as: enabling payments, hosting of our servers, project management tools and customer relationship management system.

10.4 Our trusted third party processors are contractually bound and have technical, organisational and security measures in place to keep your information confidential and use it only for specified, explicit, and legitimate purposes.

10.5 Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.

10.6 We will only transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.

10.7 List of sub-processors as at August 2024

(a) We may update the list of Sub-Processors from time to time without prior notice.

Sub-Processor
Purpose
Data Hosting Location

11. Your privacy rights and how to contact us

11.1 The Privacy Act gives you rights to request access to and correction of the personal information we hold about you.

11.2 You can also complain to us at any time if you think we have misused your personal information.

11.3 Contact us to exercise any of these rights, including the right to complain about our privacy practices. Remember that you can make an information request to us in any form.

11.4 You have the right to request a copy of the personal information we hold about you (whether we have collected from you directly or from a third party). You also have the right to ask us to correct your information if you think it is wrong.

11.5 We will process your request as soon as possible, and no later than 20 working days after we receive it. We will be as open as we can with you, but please note that your right to request personal information is subject to section 206 of the Privacy Act, which requires that we maintain secrecy, in some instances even from you.

11.6 We may also occasionally need to withhold personal information under sections 49-53 of the Privacy Act, for example where the information requested is legally privileged. However, we will only ever withhold information where necessary.

11.7 When making a request or complaint, please include your name, email address and/or telephone number and clearly describe your request or complaint. We will acknowledge your communication and may ask you to verify your identity.

11.8 We will respond to you regarding your request or complaint within a reasonable period of time. If you think that we have failed to respond to your request or resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

11.9 Data Protection Rights under GDPR

11.10 If you are a resident of the European Economic Area (EEA), you have certain data protection rights and VisTab Limited aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights:

(a) You have the right to request access to your Personal Information that we store and have the ability to access your Personal Information.
(b) You have the right to request that we correct any Personal Information you believe is inaccurate. You also have the right to request us to complete the Personal Information you believe is incomplete.
(c) You have the right to request the erase your Personal Information under certain conditions of this Policy.
(d) You have the right to object to our processing of your Personal Information.
(e) You have the right to seek restrictions on the processing of your Personal Information. When you restrict the processing of your personal Information, we may store it but will not process it further.
(f) You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
(g) You also have the right to withdraw your consent at any time where VisTab Limited relied on your consent to process your Personal Information.
(h) You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

12. Contact information

If you have questions regarding this Policy or about the privacy practices of VisTab Limited, please contact us by email at privacy@vistab.co.nz, or at:

VisTab Limited
Attn: Privacy Officer

72 Moorhouse Ave, Addington

Christchurch, 8011

13. Policy Review Statement

13.1 We may change this Policy by uploading a revised Policy to our Website (vistab.co.nz). Unless stated otherwise, the changes will apply from the date we upload the revised Policy.

13.2 By continuing to use our product, services or Sites, or otherwise continuing to deal with us, you accept these changes and this Policy as it applies from time to time. We recommend you regularly review this Privacy Policy and the Terms and Conditions to see any updates or changes to our Privacy Policy.