1.2 This policy is intended to meet the requirements of the New Zealand Data Privacy Laws established by the Privacy Act 1993 (Privacy Act) and, to the extent any user is covered by the scope of the European Union’s General Data Protection Regulation (GDPR), that regulation.
1.3 Our website only uses session cookies which are strictly necessary for the operation of the website and service. By using our website and agreeing to this policy, you consent to our use of session cookies in accordance with the terms of this policy. Where any cookie may be used to uniquely identify the device, or in combination with other data, the individual using said device to access the website, we will seek your consent by a clear affirmative act.
2. How we use your personal data
2.1 We may collect and process data about your use of our website and services ("usage data"). This usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, in monitoring and improving our website and services.
2.2 We may collect and process your account data ("account data"). The account data may include your name and email address. The source of the account data is you or your employer. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.3 We may collect and process information you provide to us in the course of any
communication that you send to us, including support tickets generated in relation to communication with our support team ("communication data"). The communication data may include the communication content and metadata associated with the communication. This communication data may be processed for the purposes of offering and selling relevant services to you. The legal basis for this processing is consent and our legitimate interests, namely the proper administration of our website and business and communications with users.
2.4 We may process information relating to transactions, including purchases of services, that you enter into with us ("transaction data"). The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
2.5 We may process personal data identified in this policy to the extent such processing is necessary for the establishment, exercise or defence of any legal claims. The legal basis for this processing is our legitimate interests, namely the assertion of our legal rights, your legal rights and the legal rights of others.
2.6 We may process your personal data as identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.7 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process your personal data as identified in this policy where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3. Provision of personal data to third parties
3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 Financial transactions relating to our website and services are handled by our payment services providers. We will share transaction data with our payment services providers only
to the extent necessary for the purposes of [processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds].
3.3 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4. International transfers of personal data
4.1 We and our other group companies have offices and facilities in New Zealand. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
4.2 The hosting facilities for our website are situated in the United States of America and New Zealand. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to the United States of America will be protected by appropriate safeguards, namely the EU-US Privacy Shield framework, a copy of which you can obtain from: We have reviewed our hosting providers to ensure that they meet the standard required for hosting data outside of the European Union.
4.3 All supplied information is transmitted via Secure Socket Layer (SSL) technology to keep your information secure in accordance with best practice. You can obtain more information about our security from:
5. Retention of personal data
5.1 Any personal data that we process for any purpose will not be retained for any longer than is necessary for that purpose.
5.2 We will retain some of your personal data as required by New Zealand tax laws and
regulations. This information will be stored for a minimum period of 5 years following the date of any invoice and will include the following:
(a) your company name;
(b) your tax location;
(c) your company address;
(d) the full legal name and email address of the primary contact for the tax invoice; and
(e) invoice line items.
5.3 We may also retain your personal data where necessary to comply with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5.4 We have implemented a variety of best-practice security measures to keep and maintain the security of all personal data retained by us.
6. Amendments to this Policy
6.1 This policy may be amended from time to time and the new version will be published on our website.
6.2 We may notify you of changes to this policy by email or through a public notification on our website, but you should regularly return to this policy and review it to ensure that you agree with any changes to this policy.
7. Your rights under the GDPR
7.1 This section summarises the rights of data subjects based in the European Union under the General Data Protection Regulation (GDPR). This summary does not set out all the rights and remedies available and you should read and keep apprised of changes in the relevant laws and regulations.
7.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure (the “right to be forgotten”);
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
7.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. An initial electronic copy will be provided in CSV format free of charge, but additional copies may be subject to a reasonable fee.
7.4 Where any personal data retained by us is inaccurate, out of date, irrelevant or misleading you have the right to have that personal data rectified and have any incomplete personal data about you completed.
7.5 In certain circumstances you have the right to request the erasure of your personal data. This is not an absolute ‘right to be forgotten’ but is a right to have personal data erased and to prevent processing in circumstance where: the personal data is no longer necessary in relation to the purposes for which it was originally collected or processed; you withdraw consent to consent-based processing; you object to the processing under the GDPR and there is no overriding legitimate interest for continuing the processing; ; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However we may refuse your request for erasure where the personal data is processed to exercise the right of freedom of expression and information; to comply with a legal obligation for performance of a public interest task or exercise of official authority or the exercise or defence of legal claims. Upon a valid request for erasure, we will:
(a) disable your account;
(b) immediately flag your account for permanent deletion; and
(c) delete your personal data from our databases within 72 hours.
7.6 You may have the right to restrict the processing of your personal data where:
(a) the accuracy of the data is contested (for as long as the accuracy is unverified);
(b) where the processing is unlawful but you are opposed to exercising your right of erasure;
(c) where we no longer need the personal data for the original purpose, but we require the data to establish, exercise or defend legal rights; or
(d) where verification of overriding grounds is pending, in the context of a request for erasure.
7.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
7.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.10 You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
7.11 In any case where you believe that the processing of your personal information may infringe data protection laws, you have the legal right to lodge a complaint with the relevant authority. Where you are a EU citizen, you may elect to lodge your complaint in the EU member state of your habitual residence, your place of work or the locality of any alleged infringement.
7.12 Where our processing of your personal information is based on your consent, you may withdraw that consent at any time. Any such withdrawal shall not affect the legal basis of any processing of data that occurred prior to the date of the withdrawal.
7.13 If you wish to exercise any of your rights in relation to your personal data you may do so by notice to us in writing
(a) by email using the email address published on our website from time to time; or
(b) by ordinary post at our registered address set out in this policy.
8. Our cookies
8.1 A “cookie” is a small piece of data which is sent by a website to a user’s web browser that is then stored by that web browser on the user’s computer. This cookie is then sent from the user’s computer to the website whenever the user accesses the website.
8.2 A cookie may be either "session" cookies or “persistent” cookies: a session cookie is a cookie that is only stored in temporary memory while a user navigates the website, and will be deleted when the user closes the browser; a persistent cookie is a cookie that does not expire when the browser is closed but will persist on the user’s computer for a specified length of time unless deleted by the user prior to the set expiry date.
8.3 We use session cookies for the following purposes:
Name Data stored Purpose Lifetime
SessionId a random unique number or string or letters and numbers We use a session cookie as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials. This cookie is deleted when you logout of our platform, 20 minutes of inactivity or when you close your browser.
8.4 We do not use persistent cookies on the website.
9. Analytics Cookies
9.1 We do not use tracking cookies or similar analytic cookie technology.
10. Managing cookies
10.2 If you wish to manage or delete cookies, you can obtain up-to-date information about blocking and deleting cookies via these links: (a) Chrome: (b) Firefox: (c) Internet Explorer: (d) Edge: and (e) Safari:
11. Third party links
11.1 We may link to third party products or services on our website. These third party sites will have separate and independent privacy policies that may differ from this policy.
12. Our Details
12.1 This website is owned and operated by Base 2 Software Ltd (NZB 9429046468659) our registered office is at 126 Valley Road, Mount Eden, Auckland, NewZealand.
12.2 You can contact us:
(a) by using the contact form on our website;
(b) by email using the email address published on our website from time to time; or
(c) by telephone, on a telephone number as is published on our website from time to time.
12.3 You may contact our data protection officer on an email address as is published on our website from time to time.