IMPAC Privacy Policy

INTRODUCTION

This privacy policy (Policy) applies to all personal information (as defined in the Privacy Act 1993 (New Zealand) (Privacy Act) held by IMPAC Services Limited (New Zealand Company Number: 977706) and CPNZ Limited (New Zealand Company Number: 3479454) (us, we, our, or IMPAC). IMPAC’s business is to supply products and services to our customers to help them comply with their health and safety regulatory obligations (Services). 

 The Policy outlines our policy and practices for collection of personal information and data, how we use that information, and the options that you have regarding our use of, and your ability to correct, such personal information.

The provisions in this Policy govern only the activities of IMPAC regarding personal information and data. If you disclose your personal information to third parties, or if you are directed to a third party website (whether from our website or by other means) that third party’s privacy notices and practices will apply. We suggest reviewing the third party’s privacy policy before you provide personal information.

 In this Policy, where the term “including” is used (or a similar expression is used) that term or expression is deemed to be followed by the words “without limitation”.

 

2. USING PERSONAL INFORMATION AND DATA

2.1        We collect personal information and data for the following purposes:

2.1.1      to verify a person’s identity

2.1.2      to provide and improve the Services

2.1.3      to market our Services, including by means of direct electronic communication

2.1.4      to undertake credit checks (if we deem it necessary)

2.1.5      to bill and collect money that our customers owe us, including authorising and processing credit card transactions

2.1.6      to respond to communications

2.1.7      for statistical reporting, marketing purposes, and our internal business use

2.1.8      to protect and/or enforce our legal rights and interests

2.1.9      to analyse the traffic of users of the IMPAC website

2.1.10    to provide and improve our website

2.1.11    for any other purpose authorised by the person whose personal information it is, or by the Privacy Act.

 

3. INFORMATION COLLECTED

3.1        By accessing or using the Services, the website, or by providing information to us, you consent to:

3.1.1     our collection of personal information and data in accordance with this Policy

3.1.2   and the onward transfer, processing, collection, use, disclosure, retention, and storage of personal information and data as described in this Policy.

3.2         We will only collect personal information and data in a manner that is compatible with this Policy.

3.3         We may collect personal information and data from the following sources:

3.3.1    our customer’s health and safety policies and practices (including information about any health and safety incidents, and hazard identification register)

3.3.2      our customer’s contact and payment/bank details (including name, address, phone number, email, bank account number, credit card information, transaction data, and invoicing details)

3.3.3      third party data about our customers in connection with the Services, including information from:

              (a) WorkSafe New Zealand
              (b) Inland Revenue
              (c) Credit reporting companies

3.3.4      data and analytics on our customer’s use of the Services

3.3.5      traffic, visitor information, and analytics relating to use of the Website and other online aspects of the Services

 

4. COLLECTING PERSONAL INFORMATION AND DATA

4.1          We collect the personal information and data outlined at clause 3.3 by the following methods:

4.1.1      when a person registers for, and/or uses, the Services

4.1.2      directly from a person including through:

              (a) any registration or subscription process (including in person and through web forms or similar methods on the website)
              (b) any employment application
              (c) information provided to us by email, phone, or in person

4.1.3      using analytics tools on the website and other online components of the Services, including through the use of cookies to monitor a user’s use of the Website

4.1.4      directly from third parties where the person has authorised this

4.1.5      from publicly available resources.

4.2          If we are unable to collect certain personal information or data from you, your use of the Services (and user’s use of our website) may suffer from reduced functionality, and certain features may be disabled.

 

5. DISCLOSURE OF INFORMATION

5.1          We will not sell, rent, share, or otherwise disclose any personal information or data to anyone except to provide the Services or as otherwise described in this Policy, which may be updated from time to time in accordance with clause 2.

5.2          We may disclose personal information and data in the following circumstances:

5.2.1      to provide the Services

5.2.2      to provide the Website

5.2.3      to meet the purpose(s) for which it was collected (as set out at clause 3).

5.3          We may disclose personal information:

5.3.1      to another company within the IMPAC group

5.3.2      to any business that supports IMPAC to provide and enhance the Services, including website hosting, data analysis and storage, payment processing, information technology and related infrastructure, customer service, service maintenance, e-mail delivery, credit card processing, auditing, and other similar services

5.3.3      to any credit reporting companies

5.3.4      in an aggregated form (such that no personal information is identifiable), for statistical reporting and marketing purposes

5.3.5      for our internal business purposes (including in connection with any audits, professional advice, research, or Service improvements)

5.3.6      to any business that provides IMPAC with direct marketing services

5.3.7      In connection with a sale of the IMPAC business, or if IMPAC were to merge with or be acquired by another company. If IMPAC were to merge with or be acquired by another company, we may share information with them in accordance with our privacy standards. Should such an event occur, we will use our best endeavours to ensure that the new combined entity follows this Policy with respect to personal information

5.3.8      to comply with a request from any regulatory or law enforcement authorities. We will provide requested information in compliance with local laws and regulations, and only in the instance and to the extent where we reasonably believe that we are legally required to do so

5.3.9      to any other person authorised by the person whose personal information and data it is, or by the Privacy Act.

 

6. PROTECTING PERSONAL INFORMATION AND DATA

6.1          We will take reasonable steps to keep personal information safe from loss, unauthorised activity, or other misuse.

6.2          The Services and the website may be hosted internally or by third party cloud services, and as a result, personal information and data may be processed and stored outside of New Zealand.

6.3          We will take reasonable steps to maintain secure internet connections. Please note that when providing personal information through our website, the transmission may not be completely secure and will depend on your browser and internet settings. We cannot guarantee the security of data transmitted to us through our website and any such transmission is at your own risk.

6.4          If you wish to retain a copy of your personal information and data (or any part of it) please contact us before you finish using the Services, otherwise, upon:

6.4.1      you finishing to use the Services; and

6.4.2      IMPAC no longer being required to comply with any legal obligations that require the retention of personal information and data, we will securely delete your personal information.

6.5          Despite clause 6.4 we may retain personal information and data in an aggregated and non- identifying form.

 

7. ACCESSING AND CORRECTING PERSONAL INFORMATION AND DATA

7.1          You have the right to:

7.1.1      access any of your personal information and data

7.1.2      request correction of any of your personal information and data, held by us by contacting us using the details given at clause 8.

7.2          Please provide evidence to confirm your identity, and set out the details of your request (including the personal information or correction) when you contact us.

7.3          We will respond to any request in accordance with the Privacy Act (including making available to any readily retrievable personal information, making corrections that are reasonable and that we are reasonably able to, and charging for costs reasonably incurred by us).

 

8. CONTACT INFORMATION

8.1      If you wish to contact us in relation to this Policy, our privacy standards, or our personal information-handling practices please contact us using the details below:

           Email: personalinfo@impac.co.nz

8.2      Note that emails to this address may be distributed to IMPAC personnel and tracked for reporting purposes.

 

9. CHANGES TO THIS POLICY

We may revise and change this policy from time to time, any changes will apply from the date that we upload the revised policy to our website.

Version: 1.2 - Last updated: 20 August 2019