Nyriad Limited (we, us, our) complies with applicable privacy and data protection laws when dealing with personal information, including the New Zealand Privacy Act 1993 and the General Data Protection Regulation of the European Union (GDPR).
Personal information is information about an identifiable individual (a natural person) and includes personal data, personally identifiable information and equivalent information under applicable privacy and data protection laws.
This policy sets out what we collect and how we will collect, use, disclose and protect your personal information and data when you visit and use our website, purchase products or services from us, or otherwise deal with us.
This policy does not limit or exclude any of your rights under the New Zealand Privacy Act 1993 or the GDPR. For further information on the New Zealand Privacy Act 1993, see www.privacy.org.nz. For further information on the GDPR, see https://ec.europa.eu/info/law/law-topic/data-protection_en.
This policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed. Any request for further information should be sent to firstname.lastname@example.org
Changes to this policy
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 27 November 2018.
We do not intend to collect personal information from or about children aged under 16. If you have reason to believe that we have collected personal information from or about a child under the age of 16, please contact us at email@example.com.
What do we collect
Directly from you
We collect the following information from you:
- When you fill in a contact or enquiry form on our website, call us, meet us in person or otherwise contact us, we collect your name, contact information, information about your organization and any other information you choose to provide to us, to support sales engagements.
- When you purchase our products and services, we collect contact and payment data to process the payment.
- When you interact with our support team, we collect your name, contact information, device and usage data or error reports to diagnose and resolve problems.
Automatically when you use our website and products
When you install and use our product, we remotely collect information from the system on which our products are installed so that we can identify the license and collect usage data or error reports to make improvements and to diagnose and resolve problems.
From third party sources
Where possible, we collect personal information from you directly. However, sometimes we may collect personal information about you from third parties where you have authorised this or the information is publicly available.
How we use your personal information and other data
We will use your personal information and the data related to the performance of our products:
- to verify your identity
- to provide our website, services and products to you
- to market our services and products to you, including contacting you electronically (e.g. by text or email) for this purpose
- to improve our website and the services and products that we provide to you
- to bill you and to collect money that you owe us
- to respond to communications from you, including enquiries and complaints
- to conduct research and statistical analysis (on an anonymised basis)
- to protect and/or enforce our legal rights and interests, including defending any claim
- to respond to lawful requests by public authorities, including to comply with lawenforcement requirements
- for any other purpose authorised by you or under applicable law.
We may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails or contacting us at firstname.lastname@example.org.
Disclosing your personal information
We may disclose your information to:
- another company within our group, if any
- any business that supports our website, services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our website, services and products or that we use to process payments
- third parties (for anonymised statistical information)
- professional advisers e.g. accountants, lawyers or auditors
- a person who can require us to supply your personal information (e.g. a law enforcement agency or regulatory authority)
- any other person authorised by applicable law
- any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition
- any other person authorised by you.
International transfers of personal information
A business that supports our website, products and services may be located outside of New Zealand (the country where we are incorporated) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.
If you are located in the European Economic Area (EEA), your personal information may be transferred outside of the EEA. Under the GDPR, the transfer of personal information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information if other appropriate safeguards are in place.
Where we transfer personal information outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where approved transfer mechanisms are in place to protect your personal information (e.g. to organisations in the United States under the EU-U.S. Privacy Shield framework or by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact at email@example.com.
Some of the personal information we collect is processed in New Zealand. New Zealand is recognised by the European Commission as a country that has an adequate level of data protection and we rely on this decision in transferring personal information to New Zealand.
Protecting your personal information
We will take reasonable steps to keep your personal information and other data safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks inherent in processing personal information.
You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services. You should not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.
Accessing and correcting your personal information
Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and request a correction to your personal information. Before you exercise this right, we may need evidence to confirm that you are the individual to whom the personal information relates.
Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.
If you want to access your personal information or request a correction, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
Data retention policy
The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
If you have any questions or if you would like to request access to, or correction of, your personal information, please contact us at email@example.com.
GDPR additional terms
Lawful basis for processing personal information
Our lawful basis for processing (as that term is defined in the GDPR) personal information that we collect, use and disclose depends on the personal information collected and the context in which we collect it.
Generally, we collect personal information from you where we have your consent, where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).
Where we process personal information based on your consent, you may withdraw your consent at any time.
Despite the above, we may process your personal information where such processing is necessary for compliance with applicable laws.
If you have any question about the legal basis on which we process personal information or need further information, please contact us at firstname.lastname@example.org.
Your rights under the GDPR
If you are located in the European Union, your rights in relation to your personal information include:
- right of access - if you ask us, we will confirm whether we are processing your personal information and provide you with a copy of that personal information
- right to rectification - if the personal information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal information is rectified. If we have shared your personal information with any third party, we will tell them about the rectification where possible
- right to erasure – when your personal information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your personal information and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your personal information
- right to withdraw consent - if the basis of our processing of your personal information is consent, you can withdraw that consent at any time
- right to restrict processing - you may request that we restrict or block the processing of your personal information in certain circumstances. If we have shared your personal information with any third party, we will tell them about this request where possible
- right to object to processing - you may request that we stop processing your personal information at any time and we will do so to the extent required by the GDPR
- rights related to automated decision-making, including profiling - you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent. We do not undertake automated individual decision-making
- right to data portability - you may obtain your personal information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal information directly to another data controller
- the right to complain to a supervisory authority - you can report any concern you have about our privacy practices to your local data protection authority.
Where personal information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at email@example.com. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.