We’ve updated our Privacy and Data Policy to ensure that we communicate to Users, in the clearest way possible, how we comply with these legal requirements, how we collect, use, disclose or transfer Personal Information supplied by Users or collected by us and the ways in which Users can protect their privacy.
Our Privacy and Data Policy also specifies other requirements, such as how Users may access, correct and delete information held about them.
By interacting with us or accessing our Website, Users agree to comply with the terms and conditions of this Privacy and Data Policy and agree that PSP may process (i.e. collect, use, store, transfer, disclose or otherwise process) User’s Personal Information in accordance with this Privacy and Data Policy (as well as for any other use authorised by the User).
Our Privacy and Data Policy explains:
(2) What information we collect and how;
(3) How we use Personal Information;
(4) Who we share Personal Information with and why;
(5) The steps taken to protect Personal Information under our control;
(6) Users’ data protection rights;
(8) Links and connections to third party services;
(9) International data transfers;
(10) How PSP retains and deletes Personal Information;
(11) How to access and update Personal Information; and
(12) How to contact us.
1. USER CONSENT
PSP provides signage, display and building solutions which includes the supply of products and support services, as well as supplying products and services which may be provided to Users by third party providers (together, “our products”). We collect Personal Information in order to be able to provide and improve our products, and for the other uses described below.
By acquiring or using our products, accessing our Website or providing Personal Information to us, Users consent to our collection, storage, use and disclosure of Personal Information (including any sensitive information provided) in accordance with this Privacy and Data Policy.
2. INFORMATION WE COLLECT
There are three ways we collect information:
(1) Information Users give us.
(2) Information we collect when Users interact with us.
(3) Information we collect from third parties.
(a) Information Users Give Us
In order to purchase our products, a User must provide us with certain contact details and other Personal Information including name, address, phone number and email address. When purchasing or attempting to purchase our products from our Website, Users must also provide us with payment information (including credit card numbers). Users may also at times provide industry specific and company information, and billing and financial information.
PSP Limited (“PSP”) is committed to respecting the privacy and security of information received from User(s) of our Website or products. This Privacy and Data Policy sets out our compliance with both New Zealand privacy laws (including the Privacy Act 2020) and the European Union General Data Protection Regulations (“GDPR”).
- Return products for repair or replacement under a warranty;
- Create User accounts or logins;
- Participate in surveys or promotions we organise or promote;
- Interact with our social media pages;
- Subscribe to receive the latest news on our products, and the products and services of our third party service providers; or
- Contact our support team.
Users can always choose not to provide us with Personal Information, however this may mean that we are unable to supply our products effectively, or at all.
(b) Information We Collect When Users Interact With Us
We may automatically collect information (which may include Personal Information) when Users interact with us by visiting our Website or communicating with us. This information may include:
- System information: We may collect information about User system(s) including, but not limited to, the User operating system, applications, IP address, and where applicable, host ID, and other User system environment information.
- Usage information: We collect information about how Users and their system environment interact with us. Information that may be collected includes:
• Information relating to the features Users use;
• The performance of the products and any problems experienced by Users;
• The pages that Users visit on our Website;
• Website content accessed by Users;
• Length of the Users’ stay on a specific page; and
• Browser information.
- Location: When Users interact with us (including using our Website), we may collect and process information about the User’s location. We use various technologies to determine location, including IP addresses and web analytics.
- Device information: When Users interact with us (including using our Website), we may receive information about the User’s device, such as the hardware model, operating system version, unique device identifier and mobile network information (including phone number).
- Analytics and advertising: Our website may use the following analytics and advertising services to assist our marketing and promotional activities:
Google Analytics: For the purpose of customising and continually optimising our website, we may use Google Analytics, a web analytics service provided by Google Inc. ("Google").
In this service, pseudonymised usage profiles are created and cookies are used to generate information about your use of this website such as browser type / version, operating system, referrer URL (the previously visited page), IP address for your computer or device, date and time. This information is transmitted to a Google server in the US and stored there. The information is used to evaluate the use of our website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and our website design.
This information may also be transferred to third parties if required by law or if third parties process this data. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized. You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout). For more information about privacy related to Google Analytics, see the Google Analytics information at https://support.google.com/analytics/topic/2919631).
Meta Business Suite: Our website measures conversions using visitor action pixels from Facebook and Instagram, operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. These allow the behaviour of site visitors to be tracked after they click on a Facebook or Instagram ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook and Instagram advertisements for statistical and market research purposes and their future optimization. The data collected is anonymous to us as operators of our website and we cannot use it to draw any conclusions about our users’ identities. However, the data is stored and processed by Facebook and Instagram, which may make a connection to your Facebook and Instagram profile and which may use the data for its own advertising purposes, as stipulated in Facebook’s and Instagram’s Privacy Policies. This will allow Facebook and Instagram to display ads both on Facebook, Instagram and on third-party sites. We have no control over how this data is used. Check out Facebook’s and Instagram’s Privacy Policies to learn more about protecting your privacy:
https://www.facebook.com/about/privacy/ and https://instagram.com/about/legal/privacy/. You can also deactivate the custom audiences remarketing feature in the Ads Settings section of Facebook and Instagram. You will first need to log into Facebook and Instagram. If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
- Social Media Plug-ins: Our website has built in social media plug-ins from the social networks Facebook, Instagram, Pinterest, LinkedIn and YouTube to make our company better known, and personalise usage.
- Other Third Party Service Providers: We may use other third party service providers for the following reasons:
(a) To assist our communications and other interactions with Users;
(b) Website hosting;
(c) Operating our online store on our Website;
(d) Data processing, storage and management;
(e) Data analysis and report automation;
(f) Payroll and inventory management;
(g) Client relationship management;
(h) To create, manage and send emails and surveys to Users for advertising and marketing; and
(i) User account and password management, storage and security.
For example, we use:
Shopify: We use the e-commerce platform Shopify for selling our products online on our Website. Shopify may collect Personal Information, such as name, address, phone number, email address, payment information (including credit card details and billing address). Users’ data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores Users’ data on a secure server behind a firewall. If a User chooses a direct payment gateway to complete their purchase, then Shopify stores Users’ credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). User purchase transaction data is stored only as long as is necessary to complete the purchase transaction. After that is complete, User purchase transaction information is deleted.
Consent to Disclosure/Collection: By using our website or otherwise interacting with us, you:
- Acknowledge that, for information transmitted to Google (through use of Google Analytics, Google Ads, cookies or similar technology), the other analytics, advertising and social media plug-ins identified above, and the other third party service providers described above, those third parties may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020; and
- Authorise the disclosure of your information to those third parties, or collection of your information by those third parties.
(c) Information We Collect from Third
We work closely with third parties (for example, our service providers) in order to be able to develop and supply our products, and provide them to Users.
We may receive the same kinds of information described in (a) and (b) above from third parties.
Personal Information Received from Users about Others
When acquiring or using our products, Users may disclose, and we may collect, Personal Information about someone else. For example, data supplied by Users may contain Personal Information relating to the customers or employees of Users.
Before disclosing Personal Information to us about someone else, Users must ensure that they have obtained sufficient consent to disclose that information to us, and that, without taking any further steps required by applicable data protection or privacy laws, we may collect, use, transfer and disclose such information for the purposes described in this Policy.
Users shall remain responsible for all Personal Information collected and processed by the User, and for compliance with applicable privacy and data protection laws.
3. HOW WE USE PERSONAL INFORMATION
We collect and use Personal Information in order to be able to provide and improve our products.
We also use Personal Information to:
- Communicate, interact and build our relationship with Users, including to better understand Users’ needs and interests, and ensure a quality experience for Users;
- Monitor, develop or optimise the performance of our products, including to conduct internal research;
- Protect and enhance the safety and security of our products and Users;
- Provide information and technical support;
- Carry out billing administration;
- Market and make recommendations on our products;
- Allow our third party providers to provide their services and support to Users;
- Conduct, manage, develop and protect our business;
- Enforce our terms and conditions and other agreements;
- Comply with laws and regulations in applicable jurisdictions;
- Verify Users’ identities and prevent fraud or other unauthorised or illegal activity; and
- Enable third parties to provide services to us.
For these purposes we may receive, use, store, share, send, combine, transform, reformat, encrypt, mask, organise, geomap, update and delete Personal Information (and undertake any further processing activities expressed or implied in this Policy). The Personal Information that we collect will not be further processed in ways that are incompatible with the initial purposes for which the data was collected.
4. WHO WE SHARE INFORMATION WITH
We share information, including Personal Information, as necessary to provide Users the products requested or authorised. For example, we may share information with:
- Banks and other entities which process payment transactions when a payment is made;
- Affiliates, subsidiaries and related companies;
- Our third party providers to provide products and services to the User, to communicate with Users (for example, information shared with communication service providers), to provide Users with information on our products or the products and services supplied by our third party providers or, to provide Users with remote access or to provide notifications;
- Our service providers or suppliers acting and working on our behalf. For example, companies we have hired to assist in protecting and securing our systems and products may need access to personal information to provide those services. In such cases, we will require these entities to abide by our data privacy and security requirements, and restrict use of any Personal Information received from us;
- To our partners and advertisers to provide tailored product information and advertising that we believe may be relevant to the User;
- To other third parties, when we have a good faith belief that doing so is necessary to:
(1) Comply with any applicable law, regulation, legal process or enforceable governmental request;
(2) Protect our Users;
(3) Operate and maintain the security of our business, including to prevent or stop an attack on our computer systems or networks;
(4) Detect, prevent or otherwise address fraud; or
(5) Protect our rights and property, including enforcing our terms.
- A purchaser, as part of a corporate transaction such as an acquisition, merger or sale of assets.
Unless the User agrees otherwise, our data processors will:From time to time we may use third-party data processors to provide elements of services for us, which may be located outside of New Zealand. We will have contracts in place with all of our data processors, to prevent them from doing anything with Users’ Personal Information unless we or the User has instructed them to do so.
- Not share Users’ Personal Information with any organisation apart from us; and
- Hold Users’ Personal Information securely and retain it for the period we instruct.
We require that our service providers and suppliers (data processors) agree to keep all User information we share with them confidential. While we provide these third parties with no more information than is necessary to perform the function for which we engaged them, Users should be aware that any information provided by the User to these third parties independently/directly is subject to the third parties' respective privacy policies and practices.
We may also share or use non-Personal Information (i.e. information that is related to a Person but does not personally identify that individual, such as aggregated, anonymised or de-identified data) publically or with third parties, such as our third party suppliers. For example, we may share or use information publically to show trends about our products. This data or information will in no way identify Users or any other individual.
5. STEPS TAKEN TO PROTECT PERSONAL INFORMATION
Protecting the security of User Personal Information is of the utmost importance to PSP. We maintain a variety of safeguards and procedures in order to protect Personal Information from unauthorised access, use, interference, modification or disclosure.
For example, Users’ Personal Information is kept securely in our database, and is protected by SSL encryption. Users’ Personal Information will only be accessed by people at PSP who need to use the information for the purposes discussed above. We also store Personal Information on computer systems that have password-controlled access and firewalls. We use a SSL VPN (Secure Sockets Layer Virtual Private Network) to ensure that only authorised people at PSP are given remote access to our computer systems.
In order to acquire or use our products, or interact with us, use of the internet is sometimes required, and the internet is not itself a secure environment. We therefore cannot give an absolute assurance or guarantee that User information will be secure at all times. Transmission of information over the internet or third-party networks is at the User’s own risk. We will notify Users at the first reasonable opportunity if we discover or are advised of a material security breach which has resulted in unauthorised access, disclosure or loss of User Personal Information.
To help maintain the security of information, Users agree to keep their passwords and account details private and confidential.
6. USERS’ DATA PROTECTION RIGHTS
Under data protection and privacy laws, Users have rights regarding the Personal Information that we hold/collect. The rights available to Users depend on our reason for processing Users’ Personal information. These rights include:
- Right of access: Users have the right to ask us for copies of their Personal Information. This right always applies.
- Right to correction: Users have the right to ask us to update or correct information they think is inaccurate. Users also have the right to ask us to complete information that the User thinks is incomplete. Users are responsible for ensuring that Personal Information provided to us is accurate, complete and up-to-date. We will take reasonable steps to ensure that any further Personal Information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.
- Right to erasure: Users have the right to ask us to erase their Personal Information in certain circumstances.
- Right to restriction of processing: Users have the right to ask us to restrict or cease the processing of their information in certain circumstances. This may (depending upon the circumstances) include the collection of Personal Information from third parties, collection of sensitive information, disclosure of Personal Information to third parties, transfer of Personal Information overseas, or processing of Personal Information in a particular way, or for a particular purpose, including direct marketing.
- Right to data portability: This only applies to information Users have given us. Users have the right to ask that we transfer the information Users have given us from one organisation to another, or give it to the User. This right only applies if we are processing information based on Users’ consent, or under (or in talks about entering into) a contract and the processing is automated.
All requests should be sent to us at firstname.lastname@example.org, and include the words 'Attention: The Privacy Officer'. User choices in relation to Personal Information may affect our ability to provide our products. We will respond to Users as soon as reasonably practicable regarding the impact of the User’s requests on the products, any other issues arising and to confirm the User’s intention to proceed. If we are unable to comply with the request, we will give the User reasons for this decision when we respond (for example, the information may not be readily retrievable and it may not be reasonable or practicable for us to process the request in the manner sought. In some instances, it may also be necessary for us to arrange access to User Personal Information through a third party e.g. a third party service provider).
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.
By subscribing to email communications, or otherwise providing an email address, Users consent to receiving emails which promote and market our products, or the products and services of others, from time to time.
Users can unsubscribe from our email communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email, or by emailing email@example.com, and include the words 'Attention: The Privacy Officer’.
Once a User has unsubscribed from the email communications, the User will be removed from the corresponding email/distribution list as soon as is reasonably practicable.
8. LINKS AND CONNECTIONS TO THIRD PARTY SERVICES
Disclosure of Personal Information by Users to third party service providers is at the User’s own risk, and we encourage Users to read the privacy policies applicable to these third-party services. We are not responsible for the security or privacy of any information collected by these third-parties.
9. INTERNATIONAL DATA TRANSFERS
When we disclose, use or store data, it may be transferred to and processed in, countries other than New Zealand. In those countries, there may be differences with New Zealand's privacy laws.
- Oracle NetSuite: For accounting functions, and inventory and customer relationship management we use Oracle NetSuite. Oracle NetSuite is a cloud-based business management service provided by Oracle Corporation and related companies. Oracle NetSuite processes and stores New Zealand user data in the United States, and other countries where Oracle NetSuite operates. For more information on Oracle NetSuite’s data protection and privacy, see https://www.oracle.com/legal/privacy/ and https://www.oracle.com/legal/privacy/services-privacy-policy.html.
- Other third party providers: We also use the other third party service providers described in part 2(b) of this Policy.
This means that Users’ Personal Information may be transferred outside of New Zealand. However, where we disclose Personal Information to a third party in another country, we place or obtain safeguards to ensure Users’ Personal Information is protected (except as expressly disclosed in this Policy). Where Users’ Personal Information is transferred outside New Zealand, it will (except as expressly disclosed in this Policy) only be transferred to:
- Countries that have been identified as being subject to privacy laws that, overall, provide comparable safeguards to those under privacy laws in New Zealand); or
- A foreign Person or entity where we have transfer mechanisms in place to protect Users’ Personal Information; or
- A foreign Person or entity that we believe on reasonable grounds is subject to the Privacy Act 2020 (NZ), or is a participant in a prescribed Binding Scheme, or is subject to privacy laws of a Prescribed Country; or
- A recipient that has agreed to data protection and privacy commitments that, overall, provide comparable safeguards to those under privacy laws in New Zealand.
For further information, please contact us using the details set out in the contact section below.
10. RETENTION AND DELETION OF PERSONAL INFORMATION
The period of time for which we hold Personal Information that we have collected varies according to what the Personal Information is used or required for, and whether we have an ongoing need to retain it (for example, to provide Users with a product they have requested or to comply with applicable legal requirements such as financial record-keeping legislation).
Unless there is a legal requirement or justification for us to keep the Personal Information, we will retain it for no longer than is necessary:
- To provide the products requested by the User;
- As part of our usual business record-keeping practices;
- To fulfil the purpose(s) for which the Personal Information was originally collected;
- In accordance with our internal retention policies and practices; or
- For any other purpose(s) authorised by the User.
Once Personal Information is no longer required, the Personal Information will be deleted, securely destroyed or anonymised.
11. ACCESSING AND UPDATING USER PERSONAL INFORMATION
Users are responsible for ensuring that Personal Information provided to us is accurate, complete and up-to-date. This includes personal or sensitive information contained in their User account. We will also take reasonable steps to ensure that any Personal Information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.
We endeavour to provide Users with reasonable access to Personal Information we hold about Users, and Users may request that we update, correct or delete any Personal Information that is inaccurate or inappropriate for the purposes for which it was collected.
Requests for access to, or the correction of, Personal Information should be emailed to firstname.lastname@example.org, and include the words 'Attention: The Privacy Officer’.
We will process requests as soon as reasonably practicable, provided we are not otherwise prevented from doing so by law. If we are unable to meet a User’s request, we will explain the reasons why when we respond to the User’s request. For example, the information may not be readily retrievable and it may not be reasonable or practicable for us to process the request in the manner requested.
12. HOW TO CONTACT US
Please contact us if you have any questions or complaints about this Privacy and Data Policy, if you wish to access, update, erase and/or correct Personal Information, or if you otherwise have a question or complaint about the manner in which we or our service providers treat Personal Information.
Users may write to PSP’s Privacy Officer by email, including any supporting documentation, at email@example.com, and include the words 'Attention: The Privacy Officer’.
Alternatively, you can write to us at:
Attention: Privacy Officer
320 Rosedale Road,
We will endeavour to respond within 30 days.
Application of this Privacy and Data Policy
Our Privacy and Data Policy applies to all of the products offered by us, and all Users who access our Website or interact with us. Our Privacy and Data Policy does not cover the information practices of other companies and organisations (such as our third party service providers) that supply, contract and advertise using our website.
Changes to this Privacy and Data Policy
We recommend that Users regularly review this Policy to learn how we protect Personal Information.
In this Policy, unless the context requires otherwise:
means a binding scheme specified in regulations made under section 213 of the Privacy Act 2020 (NZ);
means and includes any natural person, company, corporation, firm, partnership, joint venture, society, organisation or other group or association of Persons (whether incorporated or not), trust, state or agency of state, statutory or regulatory body, local authority, government or governmental or semi-governmental body or agency (in each case whether or not having separate legal personality);
means information about an identifiable individual and includes, without limitation, names, addresses, phone numbers, email addresses and IP addresses;
means a country specified in regulations made under section 214 of the Privacy Act 2020 (NZ);
means all Persons accessing our Website, interacting with us and/or purchasing our products, including Persons that submit a request for our products, and/or any Persons providing Personal Information to us;
means any User’s account with us;
means any website or websites operated by us (including www.psp.co.nz and any websites on the root domain psp.co.nz); and
we, us, our, PSP
means PSP Limited, trading as “PSP”.