This policy explains how Datasourcery Limited, a company incorporated in New Zealand (company number 6980813) (Datasourcery, Donoranalytics, Donoranalytics.nz, WorkVision, us, we), collects, holds and processes personal information and other data. We only provide services to our business customers and not directly to individuals, but we recognise that in doing so we will be dealing with our customers’ data and that may include personal information of their customers, clients employees, users or others to whom they provide their services.
We take the privacy of personal information seriously, and we comply with the Privacy Act 1993 (NZ Privacy Act), and the Privacy Act 1988 (Cth) which incorporates the Australian Privacy Principles (AU Privacy Act).
“Personal information” means any information relating to a particular individual that can identify that person either directly or indirectly (i.e. by reference to other information we have access to). The term “processing” includes collection, storage, and all of the ways we use personal information when we provide our Site and services.
(a) Personal information provided to us
- We do not collect personal information directly from individuals other than under our contracted services provided to our business customers. We rely on our customers having appropriate authorisation to allow us to use their customers’, users’, clients’, employees’, or other third parties’ data, including personal information which is necessary for the provision of our services. Where a customer does not have that authority, it will indemnify us fully should the lack of that authority cause us any loss, damage, or cost (including our full legal costs).
- When a customer engages us to provide services we collect that customer’s name, business address, phone number, the client contact person’s name and contact detail, and other information that a customer provides to us which is reasonably necessary to enable us to provide our services.
- When a customer contacts us for support or other enquiries, we may collect the customer’s name, contact person’s name, telephone number, email address and any other information the contact person provides to us.
(b) Technical information we may collect automatically:
- When you access our Site through a location enabled device we collect and process real time GPS-based information about your device’s location. If you do not consent to us collecting location-based information you can disable the GPS or other location tracking functions from your device if your device allows you to do this.
(c) Information about minors. Our Site and services do not address anyone under the age of 18. We do not knowingly collect personal identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
We collect, hold, and use personal information and technical information for the primary purpose of providing our services to our business customers.
We may also use personal information for the following secondary purposes:
- to provide our customers with support and customer care services;
- to improve our Site and services;
- to let our customers know about new services that we think they may be interested in;
- to provide our customers with updates that they have subscribed to receive, such as our cyber guidance update. Customers can unsubscribe at any time by contacting us at the address set out in are set out in paragraph 14 below or clicking on the unsubscribe link found on the email;
- to bill our customers for services they have engaged us to provide;
- to conduct research and statistical analysis to improve our services;
- to protect and/or enforce our legal rights and interests, including defending any claim; and
- to provide to a government agency or law enforcement as allowed under the AU Privacy Act and the NZ Privacy Act (and any amendment). For further information how we share information for legal purposes please see paragraph 3.
We may disclose or share personal information with third parties in the following circumstances:
- With customer consent. We may share personal information with third parties where a customer has consented or requested us to do so.
- Third party service providers. We may share personal information with companies that support our Site and our services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our Site or services.
- Legal purposes. Where it is legally required by a third party, government agency or law enforcement authority in any jurisdiction (in which case we will generally require a production order or similar court order. Where we are to make any disclosure of customer data, we will provide our relevant customers with as much advance notice as is reasonable in the circumstances, provided we are not prevented by law from doing so.
- Business sale. In the event we sell our business we may disclose personal information to the prospective buyer. If substantially all of our assets are acquired by a third party, personal information will be one of the transferred assets.
We take reasonable precautions, including administrative, technical, and physical measures, to safeguard personal information against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction.
Unfortunately, no data transmissions over the Internet can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure please contact us immediately. Our contact details are set out in paragraph 14 below.
We retain personal information for as long as it is needed to be able to provide our services to a customer. Once our services have been provided we will only keep data if it is necessary or required to meet legal or regulatory requirements, resolve disputes, or to prevent fraud or abuse.
Our Site may contain links to third-party websites, products, and services. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
Please be aware that if you share any of your personal information on a third party social media website or app (e.g. Facebook and LinkedIn), your personal information may be collected or used by the third-party website or app and/or the users of these sites, and could result in you receiving unsolicited messages. We encourage you to review the privacy policies and settings of the social media websites and apps you interact with.
Our business is operated in New Zealand but businesses that support our services may be located outside Australia or New Zealand. This means that information may be held and processed outside Australia or New Zealand, and also transferred between Australia and New Zealand.
A privacy breach occurs where there is:
- unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information held by us; or
- an action that prevents us from accessing personal information on either a temporary or permanent basis.
If we learn of a privacy breach involving any of our services we will assess whether the privacy breach is likely to cause serious harm to an affected individual or individuals.
If our assessment finds that the privacy breach has caused serious harm to an affected individual or individuals, or is likely to do so, we will notify the individual or individuals and the Australian or New Zealand Privacy Commissioner (as applicable) as soon as practicable after we become aware that a notifiable privacy breach has occurred.
Subject to certain grounds for refusal set out in the AU Privacy Act and NZ Privacy Act, you have the right to request confirmation from us that we hold personal information about you and a copy of such personal information. You are also entitled to request the correction of the information we hold about you. If you would like to exercise either of these rights, please contact us at [email protected]
Your email should provide evidence of who you are and the details of your request (e.g. the personal information, or the correction, that you are requesting).
If you wish to complain about an alleged privacy breach, we encourage you to lodge the complaint with us in writing (using the contact details set out in paragraph 14). We will respond to your complaint within a reasonable time and within any applicable timing requirements prescribed by law, to try and work with you to resolve the issue.
You may opt out of emails you receive from us by emailing [email protected] or by clicking the unsubscribe link found in the email.
Date last updated 21st September 2020
To improve your experience, our Site may use “cookies” and other technologies such as pixel tags and web beacons. A cookie is a small text file that our Site may place on your device as a tool to remember your preferences. These technologies help us better understand user behaviour, tell us which parts of our Site people have visited, and facilitate and measure the effectiveness of our products and services. Pixel tags enable us to send email messages in a format that customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Our Site uses service Google Analytics in order to better understand our users’ needs and optimise our service experience. Google Analytics is a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
In some of our email messages, we use a “click-through URL” linked to content on our Site. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our Site. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communications. If you do not consent to us collecting information on your click-through activity, do not click text or graphic links in the email messages.
Datasourcery Limited, a company incorporated in New Zealand (company number 5407342) (Datasourcery, Donoranalytics, Donoranalytics.nz, WorkVision, us, we), complies with the Privacy Act 1993 and the Privacy Act 1988 (Cth) which incorporates the Australian Privacy Principles.
Other than technical information about your equipment, browsing actions and patterns, which we may collect automatically when you interact with our site (www.datasourcery.com, www.donoranalytics.nz, www.workvision.co.nz), we collect personal information directly from our customers.
We may share your personal information with our third-party service providers in the course of operating our business and other third parties where it is required by law, necessary to enforce our rights, prevent fraud and for safety, in the event we sell our business.
Our business is operated in New Zealand but businesses that support our services may be located outside New Zealand. This means that information may be held and processed outside New Zealand.
You have a right to access any personal information we hold about you, and you may ask us to update or correct your personal information.