Audit Assistant (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect the personal information of individuals stored on the Audit Assistant website (www.auditassistant.com) and all related systems.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz
CHANGES TO THIS POLICY
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
WHAT INFORMATION WE COLLECT
We may collect the following personal information about you:
- Contact information
- Billing information
- Support and contact history
- User training history
WHO WE COLLECT YOUR PERSONAL INFORMATION FROM
Where possible, we will collect your personal information from you directly when you provide that personal information to us, including via the website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products.
We may also collect personal information about you from:
- users you authorise to use the Audit Assistant service on your behalf
- third parties where you have authorised this or the information is publicly available
- unrelated or third party users of Audit Assistant, who may upload personal information about you in connection with their own use of Audit Assistant. In this case the user has appointed us as their agent for the purposes of the Privacy Act 2020, and has agreed to obtain all necessary consents from you for that purpose.
HOW WE USE YOUR PERSONAL INFORMATION
We will use your personal information:
- to provide services and products to you or your employees (which includes retention of backups)
- to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose)
- to improve the services and products that we provide to you
- to bill you and to collect money that you owe us, including authorising and processing credit card transactions
- to respond to communications from you, including a complaint
- to conduct research and statistical analysis (on an anonymised basis)
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by you or the Act.
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to:
- any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products. Such businesses may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand, however, we have satisfied ourselves that all such businesses are required to protect the information in a way that, overall, provides comparable safeguards to those in the Act, pursuant to the contracts we have with them.
- other third parties (for anonymised statistical information)
- a person who can require us to supply your personal information (e.g. a regulatory authority)
- any other person authorised by the Act or another law (e.g. a law enforcement agency)
- any other person authorised by you.
PROTECTING YOUR PERSONAL INFORMATION
We will take reasonable steps to keep your personal information safe from loss, unauthorised access, use or modification, or other misuse.
If we become aware of any action that has caused, or has the potential to cause, any unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, your personal information which we hold, we will promptly let you know what has happened and the steps we are taking in response.
If we become aware of any notifiable privacy breach (as defined in section 112 of the Act) we will also notify the Privacy Commissioner and comply with our obligations under section 115 of the Act.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email our privacy officer at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
RETENTION OF PERSONAL INFORMATION
We may keep your personal information for up to seven years for backup purposes. We will delete those backups of your personal information upon request. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.