Rico Technologies Limited (we , us , our ) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect your personal information.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
CHANGES TO THIS POLICY
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM
We collect personal information about you from:
you, when you provide that personal information to us, including via the website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products
third parties where you have authorised this or the information is publicly available.
If possible, we will collect personal information from you directly.
HOW WE USE YOUR PERSONAL INFORMATION
We will use your personal information:
to verify your identity
to provide services and products to you
to market our services and products to you, including contacting you electronically (e.g. by call, text or email for this purpose)
to improve the services and products that we provide to you
to bill you and to collect money that you owe us, including authorising and processing credit card transactions
to respond to communications from you, including a complaint
to conduct research and statistical analysis (on an anonymised basis)
to protect and/or enforce our legal rights and interests, including defending any claim
for any other purpose authorised by you or the Act.
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to:
Rico employees. Rico may disclose personal information to its employees where necessary. For example, to carry out and support ongoing business functions.
Approved suppliers and third-party services. Rico may share information with its approved third-party companies or individuals as service providers to process Personal Information to help provide our service. These third parties may, for example, provide security, administration and storage services and are identified below.
Aggregated or De-identified Data. We may disclose or use aggregated or de-identified information for any purpose.
To Comply with Laws. If we receive a request for information, we may disclose information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
Customer authorised. Any other person authorised by you.
More information on third-party services we partner with to provide our Service
We disclose your personal information to the following third parties to help provide our service:
Amazon Web Services (aws.amazon.com) - Cloud infrastructure
Auth0 by Okta (www.auth0.com) - User authentication
FullStory (www.fullstory.com) - User analytics
Bugsnag (www.bugsnag.com) - Bug monitoring
Helpcrunch (www.helpcrunch.com) - User communications
We have reviewed the compliance/security measures in place at these third parties and included the following links should you wish to investigate further:
PROTECTING YOUR PERSONAL INFORMATION
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. All data handled in our software is encrypted in transit and during storage and can only be accessed over secure network connections.
STORING YOUR PERSONAL INFORMATION
We will only retain personal information as long as it is required for the purposes for which the information may lawfully be used. All data stored online is backed up and can be retrieved in the event of data loss or corruption.
Data will sometimes be held on-premise if it is provided to us outside of our software.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
We may use information about your use of our websites and other IT systems to prevent unauthorised access or attacks on our software. We may utilise services from one or more third-party suppliers to monitor use of our systems. These third-party suppliers will have access to monitoring and logging information as well as information processed on our websites and other IT systems.