Throughout this policy you will see the use of the term ‘Personal information’ a lot, this means information about an identifiable individual (a natural person). That’s you.
Kaynemaile Limited complies with the New Zealand Privacy Act 1993 (the NZ Privacy Act) and other applicable laws when dealing with personal information, including the General Data Protection Regulation of the European Union.
This policy does not limit or exclude any of your rights under the NZ Privacy Act and other applicable laws. If you wish to seek further information on the NZ Privacy Act, see www.privacy.org.nz.
Who are we collecting your personal information from
We collect personal information about you from:
- You when you provide that personal information to us, including via the website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy our products
- Third parties where you have authorised this (e.g. Instagram, facebook or architectural product libraries) or the information is publicly available (e.g architectural product libraries).
When you visit or use our website or any related service, we may collect information about you:
- by recording clickstream data, which is non-personal information that is recorded when you click anywhere on a webpage and is used for the purposes of collecting, analysing and reporting data about how you use our website and related services; and
What personal information are we collecting
When you visit our website we collect the following information:
- when you ask to receive information about us or our products or sign up to our newsletter, your email address and any other contact information you provide to us
- any information contained in your correspondence with us, for example, when you send us an email, submit a general enquiry through the website or meet with us
- if you order a sample through the website, your order history and other information relating to the order made through the website
- any other information required to provide this website or our products
- as noted above, clickstream data, including your IP address, geographical location, browser type, operating system and session duration.
But we don’t ever collect your credit card details:
Once we have collected it, how are we using your personal information
We may use your personal information:
If you make an enquiry through our website, you will be required to enter your name, email address, phone number and postal address – we will use this personal information to:
- get in contact with you about the enquiry you have made via phone or email; and
- we will enter this information into our customer management system (CRM).
On our website you can also sign up to our mailing list, so we can send you our newsletter. You will be required to enter you name and email address.
- we use your name and email address to send you our Kaynemaile newsletters; and
- you can stop receiving our marketing emails at any time by following the unsubscribe instructions included in those emails.
We may also use your personal information to:
- to bill you if you order product from us
- we use clickstream data to conduct research and statistical analysis (on an anonymised basis) and to improve our website, products and related services
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by you, the NZ Privacy Act or other applicable law
- to respond to lawful requests by public authorities, including to meet law enforcement requirement
- we may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We may need to disclose your personal information sometimes – this isn’t as scary as it sounds
These are the main people we may disclose your personal information to:
- Google Analytics — a web analytics tool offered by Google that helps us analyse our website traffic
- Mailchimp — an email marketing service that we use to send monthly newsletters and marketing emails to you
- Resellers of our product if they are in the same territory as you so they can help you with your enquiry.
These are some other people we also may disclose your personal information to:
- another company within our group – our other companies are Hammock IP and Nutcracker
- any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other products and services or that we use to process payments.
- a person who can require us to supply your personal information (e.g. a regulatory authority)
- any other person authorised by the NZ Privacy Act or other applicable law (e.g. a law enforcement agency)
- professional advisers e.g. accountants, lawyers, auditors
- any other person authorised by you.
- any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
Sometimes we may need to disclose your information to companies in other countries:
A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand. Please see the Addendum for further information about personal data transfers from the European Economic Area.
Keeping your personal information safe
Keeping your personal information safe is important to us. We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal information.
As you know, we collect your personal information via the internet
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
You are welcome (and because it’s the law) to see what personal information you gave to us
Subject to certain grounds for refusal set out in the NZ Privacy Act or other applicable law, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates that you, are you.
In respect of a request for correction, if we are reasonably able to change the personal information, we will make the correction.
If you want to see your personal information, email us at email@example.com. Please include some evidence of who you are and set out the details of your request.
As always, you can contact us
Sometimes we may need to change this policy
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
If you’re based in the EU – this bit is for you.
For the purposes of the GDPR, we are the data controller (as defined in the GDPR) when processing personal data collected by us through the website and/or when you use our services.
This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to firstname.lastname@example.org.
Processing Personal Data
The legal basis for our processing of your personal information is your consent. Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
You do not have to provide us with your name and email address to access and use the website. However, you must provide us with your name, email address, postal address, and phone number when making an enquiry through our website. The consequence of not providing your name, email address, postal address, and phone number is that we will not be able to provide all of our services to you.
Your rights in relation to your personal data under the GDPR include:
- right of access — if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
- right to rectification — if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible.
- right to erasure — we delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.
- right to withdraw consent — if the basis of our processing of your personal data is consent, you can withdraw that consent at any time.
- right to restrict processing - you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.
- right to object to processing — you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.
- right to data portability — you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
- the right to complain to a supervisory authority — you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority.
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at email@example.com. If you are not satisfied by the way your query is dealt with, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please contact us at firstname.lastname@example.org
Cookies are text files containing small amounts of information which are downloaded to your browsing device, e.g. a computer or smartphone, when you visit a website. Cookies can be recognised by the website that downloaded them, or other websites that use the same cookies. This helps websites know if the browsing device has visited them before.
Cookies do lots of functions, like helping us understand how the website is being used, letting users navigate between pages effectively, remembering your preferences, and generally improving your browsing experience. The types of cookies used by most websites generally can be put into five categories: strictly necessary, performance, functionality, tailored content and targeting. We only use strictly necessary, performance and functionality cookies.
The types of cookies we use and for what purpose are as follows:
Some of the third party providers we use place cookies on your browsing device through our website.
Third party cookies placed on the website include:
- Mailchimp — We use MailChimp to send our monthly email newsletters and marketing emails. When you visit our website, you will notice a pop-up asking you to subscribe to our newsletter. Mailchimp’s cookies are used to remember that you have already signed up to your newsletter and we won’t bother you again. Information about MailChimp’ cookies, including how to opt out of MailChimp’s cookies, is available at: https://mailchimp.com/legal/cookies/.
If you would like to opt out of the technologies we employ on our sites you may do so by blocking, deleting, or disabling them as your browser or device permits.
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our website and attempt use our services, you may not be able to access certain parts of our website or services, and some
functionalities may not work. You can find out more information about how to change your browser cookie settings at http://www.aboutcookies.org.uk.
International transfer of data
The personal data we collect through our website and/or the provision of services may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
Some of the personal data we collect is processed in New Zealand (where our operations are located). New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision in transferring personal data to New Zealand.
Data Retention policy
Personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.