Beca BI Data Protection Notice
Last Updated: 14th November 2019.
This Data Protection Notice (“Notice”) sets out the basis which we may collect, use, disclose or otherwise process your personal data submitted to us, including through Beca BI (“Website”), and comply with the requirements of the Privacy Act 1993 of New Zealand and its regulation(s) (“PA”). In this Notice “personal data” shall have the meaning set out in the PA.
For the purposes of this Notice the terms “we”, “us” and “our” refers to Beca Ltd (Beca) headquartered in Auckland and, “you” and “your” refers to the user of the Website.
Please note that by accessing the Website you may be sharing your personal information with a country other than where you are based. In some instances, the country to which your personal information is transferred may lack privacy laws which are as extensive as the privacy laws applying to the country in which you are located when you provide the information to us. Where we can, we will only send your personal data to countries that have equivalent or higher privacy standards to those in NZ, Singapore, Australia, and the EU, but this may not always be possible.
What personal data we collect
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
Some examples of personal data which we may collect from you include:
- email address
- work phone numbers
Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your computer or be notified before a cookie is stored on your computer. However, if you reject or erase the cookies referred to above some features of the Website will not function properly or may not be fully available. Please refer to your internet browser instructions if you want to find out more about rejecting or erasing cookies.
What we use your personal data for
We may use the personal data we collect from you to:
- provide our services;
- send you information about us, including by email;
- personalise your experience on this Website;
- respond to you;
- improve this Website;
- send you emails;
- prevent illegal activity that threatens the Website, our computer systems or networks;
- comply with any applicable laws and/or regulations, and;
- comply with any contract with users.
We may also use personal data collected from you through the Website in an aggregated or anonymised form without your prior consent. We do not consider such aggregated or anonymised personal data to be personal data.
Why we might share your personal data with third parties
We may share your personal data with third parties who assist us in delivering our services, including operating this Website. We may also share your personal data to comply with applicable laws and/or regulations or to protect our property or safety or that of others. Any such third parties whom we engage will be bound contractually to keep all information confidential.
How to withdraw your consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to the Data Protection Officer at the contact details provided below.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
How to access your personal data
You can use the Website to access basic personal data we hold about you at any time. Alternatively, you can request a copy of your personal data by contacting the Data Protection Officer.
How to correct or delete your personal data
If you think any of the personal data we hold about you is wrong, you can ask us to correct it. Where we have retained your personal data for purposes that are not directly related to the performance of a contract or to our legitimate business interests – you can ask us to delete it.
If we are unable to correct or delete your personal data (for example, where we do not agree that it is wrong, or we need the personal data for a lawful purpose), we will tell you why. You can ask us to attach your correction request to the personal data as a statement of correction and send this to the Data Protection Officer.
Transfer of personal data
From time to time we may need to share personal data across borders, e.g. to send it to our data service providers. This means that personal data collected within New Zealand, for example, may be sent to our data service providers in other countries, including Singapore and Australia.
Where we can, we will only send personal data to countries that have equivalent or higher privacy standards to those in New Zealand. We have designed our privacy processes to meet the requirements of these standards and have high expectations of all the third parties which process data for us. We take reasonable steps to ensure that these expectations are met wherever in the world your personal data is.
Most of the personal data we hold is stored on Microsoft cloud platforms, including Microsoft Azure. Microsoft takes privacy seriously and has a number of safeguards in place to protect the personal data it holds on our behalf. You can read more about Microsoft’s privacy and security practices here https://privacy.microsoft.com/en-ca/
Retention of personal data
We retain personal data only for as long as we have a lawful purpose to use it. When we no longer need to use it, we securely destroy it. We also make sure that any data service providers which hold personal data on our behalf destroy the personal data we no longer need.
How we protect your personal data
We have implemented generally accepted standards of technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Who is the Data Protection Officer?
If you believe that the information we hold about you is incorrect or out of date, or if you have concerns or further queries about how we are handling your personal data, or any problem or complaint about such matters, please contact the Data Protection Officer, Leeann McCallum (Leeann.McCallum@beca.com).
Changes to this Notice
We reserve the right to modify or amend this Notice at any time. If we do make any changes to the Notice you will be asked to accept these when you next log into the Website. The effective date will be displayed at the beginning of this Notice.
By providing Beca with my personal data, I expressly acknowledge the possibility of, and consent to, the cross-border transfer, use, disclosure and storage of my personal information as reasonably required for Beca’s functions and activities.
I understand that by accessing the Website I agree to the terms of this Notice