PRIVACY POLICY

 





  1. Optimi Limited (we/us/our/Optimi) acknowledges and respects the privacy of individuals. This policy (Privacy Policy) sets out:

    1.1 how we collect, use, manage and protect Personal Information;

    1.2 individual’s rights in relation to any of their Personal Information that we hold; 

    1.3 details of any overseas countries in which Personal Information may be stored or processed on our behalf; and

    1.4 how to contact us.

  2. If not defined in this Privacy Policy, capitalised terms used in this Privacy Policy have the meanings given to them in our Terms and Conditions.

    Our collection of Personal Information

    GENERAL

  3. We comply with the New Zealand Privacy Act 2020, and for individuals based in the European Union, the European Union General Data Protection Regulation (GDPR)

  4. This Privacy Policy is subject to change. Any changes will be effective when a notice of the change is posted on www.optimi.co.nz/privacy-policy. Please check this Privacy Policy periodically so that you are aware of any changes.

    What information do we collect and hold?

  5. We may collect and hold Personal Information:

    5.1 Provided when a user (in their own right or on behalf of the organisation for whom they are acting) sign up to Optimi Services and as they (and/or their organisation) use Optimi Services, personnel and our sites. Examples of Personal Information we may collect and hold includes, without limitation: 
    (a) name, address, email address and IP address;
    (b) organisation name, position within organisation, phone number, industry category, time zone; and
    (c) a log of individual’s interactions with Optimi services, personnel and our sites.

    5.2 Users may use Optimi Services in such a way that the Personal Information of other persons is collected through the Optimi Services (Third Party Personal Information). In such situations we are strictly a data processor, and for that reason the relevant user organisation is responsible for making sure it has the appropriate permissions for us to collect and process the Personal Information. Please see paragraphs 31 and 32 below which outline users’, and their organisations’, obligations in this regard.

  6. This information is usually collected directly from the relevant individual but occasionally, where it is unreasonable or impractical to do so, or where it is collected as part of the Optimi Service as directed by users (as noted above), it may be provided by third party service providers or obtained from publicly available sources. Optimi Service users may choose not to provide any Personal Information to us, however as a result we may not be able to provide services to that individual (or the organsiations they represent).



    How do we use Personal Information?

  7. We may use the Personal Information that we gather so that we can


    7.1 administer individual accounts (and the accounts of the organisation they represent);

    7.2 invoice and charge for services;

    7.3 defend or enforce any legal claim against us;

    7.4 deliver the Optimi Services; and

    7.5 analyse Optimi Service user behaviour, preferences and intentions for the purpose of

    (a) determining Optimi Service developments;

    (b) delivering a statistical result for the purposes of general announcements;

    (c) helping us understand our market position;

    (d) ensuring the security of the Optimi Services; and

    (e) combating and preventing breaches of our terms and conditions and this privacy policy.

  8. We may use the Personal Information that we gather for direct marketing purposes, such as sending offers or information on our services, where we have a strong reason to assume such an offer may be of interest to the individual (or to the organisation they represent)). Any individual can opt out of receiving marketing materials by writing to us at the below address or following any instructions to unsubscribe in one of our marketing emails.



    Legal basis

  9. We process Personal Information to carry out the legitimate interests pursued by our business, including (without limitation) (i) to deliver the Optimi Services or information to our customers, (ii) to assist individuals (or the organisation they represent) with matters relating to the Optimi Services, (iii) to improve, and better understand individuals (or the organisation they represent) preferences in relation to the Optimi Services (iv) to notify any change to the Optimi Services, and (v) to fulfil our legal, contractual and regulatory obligations, including any notification or reporting obligations and any access directions, imposed on us by any Government agency (if and to the extent necessary).

  10. We may use other companies and individuals to perform services on our behalf, or otherwise in connection with the Optimi Services. They may have access to Personal Information as needed to perform and provide these services, but we will not authorise them to use Personal Information for any purpose that is inconsistent with this Privacy Policy.



    How do we disclose Personal Information?

  11. We may disclose Personal Information:

    11.1 to meet the purpose for which it was gathered

    11.2 for the purpose of processing and delivering a service related request;

    11.3 if we are required or authorised by law to disclose the information;

    11.4 if we are required to disclose the information under any agreement or arrangements we have with our third party providers or service users;

    11.5 to protect and defend our rights or property and those of our third party providers (and, where applicable, their end users); and


    11.6 to protect the safety of users of the Optimi service or services provided by our third party providers, or the public.

  12. We may preserve or disclose Personal Information if we believe that it is reasonably necessary to comply with any law, regulation, legal process or governmental request (including any notification or reporting obligations and any access directions) or to address fraud, security or technical issues. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections an individual may have to a third party’s (including any Governmental) request to disclose their information.

  13. We may disclose this information to our affiliated companies and to any prospective purchasers of us or a substantial portion of our assets.



    Trans-border Personal Information transfers

  14. Optimi Limited is located in New Zealand, so Personal Information may be transferred and/or stored there. In respect of our responsibilities under the GDPR, the appropriate safeguard in place for such a transfer is the existence of an adequacy decision under Article 45 of the GDPR.

  15. Personal Information may be provided to our overseas contractors (e.g. third party hosting provides) to enable us to provide the Optimi Services. Although we will use reasonable efforts to obtain assurances from any third party service providers that they will safeguard Personal Information consistent with this Privacy Policy and applicable privacy and data security laws, users, and the organisations they represent, acknowledge that some of these countries may not have an equivalent level of data protection laws as those in New Zealand.  Users, and the organisations they represent consent to the rights of overseas access, processing and disclosure on the basis specified in this clause 17.



    Retention and deletion of Personal Information

  16. We retain Personal Information for as long as the user an/or the organisation associated or linked with the Personal Information is active. We take steps to regularly destroy Personal Information that we no longer use, however we may:

    16.1 in some cases, retain a copy of Personal Information to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal Information retained for this purpose will be archived and stored in a secure manner after the relevant user organisation has stopped using Optimi services and will not be accessed unless required for any of these reasons; and

    16.2 retain Personal Information in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying a person from the information



    Individual privacy rights

  17. We will take reasonable steps to ensure that the Personal Information we collect is accurate, complete and up-to-date.

  18. Individuals can request:

    18.1 access to and correction of any Personal Information;

    18.2 that we delete their Personal Information;

    18.3 that we restrict the processing of any or all of their Personal Information; and

    18.4 the porting of any or all their Personal Information to another organisation,
    at any time. Any such requests should be made directly by contacting our privacy officer (see below for details).

  19. Individuals may also lodge a complaint regarding our Personal Information processing activities as they relate to their Personal Information with their relevant privacy law supervisory authority.

  20. We will respond to any request made in respect of the above in accordance with the applicable Data Protection Laws where the relevant individual is resident. Please note that there are some exceptions to an individual’s right to gain access to their information, including (but not limited to) where:

    20.1 providing access would have an unreasonable impact upon the privacy of other individuals;

    20.2 the request for access is frivolous or vexatious;

    20.3 the information relates to existing or anticipated legal proceedings between the individual and us, and the information would not be accessible by the process of discovery in those
    proceedings; or

    20.4 providing access would be unlawful.

    Clickstream data

  21. Each time our sites are visited our server collects some anonymous information, known as click-stream data, including the type of browser and system being used; the address of the site the visitor has come from and moves to after their visit; the date and time of the visit; and the IP address.

  22. We may collect this information for statistical purposes to find out how our sites and Optimi Service is used and navigated, including the number of hits, the frequency and duration of visits, most popular session times. We may use this information to evaluate and improve our sites and service performance or to identify individuals whom may threaten the security or integrity of our sites or the Optimi service.

  23. We may disclose IP addresses to law enforcement authorities if requested by the authorities to do so or if directed to do so by the courts.



    Cookies

  24. A cookie is a piece of information that our web server may send to a device when its user visits our website. The cookie is stored on users machines, but does not identify them or give us any information about their computer.

  25. The types of cookies we may use are strictly necessary cookies. These cookies are essential for the full functionality of our website and Service. They enable navigation around our website and use of its features. Without these cookies, it may not be possible to access all the functions of our website or the Service;

  26. The length of time a cookie will stay on users browsing devices depends on whether it is a persistent or session cookie. Session cookies will only stay on the browsing device until browsing ends. Persistent cookies will stay on the browsing device until they expire or are deleted.

  27. With most internet browsers, cookies can be erased from the computer hard drive, blocked, or warnings can be given before a cookie is stored. If a user wants to do this, they should refer to their browser instructions or help screen to learn more. If the use of cookies is rejected, the site will still be able to be accessed but please note that some of its functions may not work as well as if cookies were enabled. To learn more about how to enable, edit, or disable cookies on your computer, please visit the aboutcookies.org website.

    Links to other sites

  28. We may provide links on our website to other websites. If these links are used, the user will leave our website and we are not responsible for any third party websites, their content or their usage of any Personal Information. We advise that users check the terms and conditions of use, the privacy policies and any other guidelines for access and use on those websites as they will apply to their access and use of those websites and any services and information contained on such websites.



    Information validation and security review

  29. Users, and the organisations which they represent, authorise us to use and disclose Personal Information for the purposes of validating the information they provide to us in the course of signing up to and using our sites and the Optimi Services.


    YOUR RESPONSIBILITIES

  30. We take reasonable measures to protect all Personal Information stored within our database. However, the transmission of information using the Internet is not completely secure. We therefore cannot guarantee the security of data transmitted to our site (or via our services) and any transmission is at users, and the organisations which they represent, own risk.

  31. Users, and the organisations which they represent, acknowledge and agree that, in respect of Third Party Personal Information that they provide us or direct us to process through our services, they are acting as a data controller and we are acting as data processor.

  32. By using Optimi Services to process Third Party Personal Information, users, and the organisations which they represent, agree that they

    32.1 will comply with their obligations under all applicable privacy laws

    32.2 have a lawful basis under all applicable privacy laws, for us to process Third Party Personal Information through the service as they direct;


    32.3 upon becoming aware of a breach, or suspected breach, of their security safeguards in respect of any Third Party Personal Information, must notify us without undue delay and shall
    provide timely information relating to the security incident as it becomes known or as is reasonably requested by us; and/or
    32.4 are responsible for their secure use of the Optimi service, including securing any account credentials.

    HOW TO CONTACT US

  33. Individuals, and the organisations which they represent, should contact our privacy officer at malcolm at optimi.co.nz if they

    33.1 wish to discuss any privacy issues;

    33.2 wish to raise any objections to the way in which we deal with Personal Information


    33.3 have any concerns regarding Personal Information; or


    33.4 do not wish to receive any future communications from us.

  34. By using our website and/or providing (or allowing the provision of) Personal Information to us, users, and the organisations which they represent, are consenting to the collection, holding, use and disclosure of that information as set out in this Privacy Policy.