About Privacy and Data Protection
We take security and your data extremely seriously. The information below describes our data protection policy.
TNZ Group Limited, located in Auckland, New Zealand, is a data controller and a processor of data. As we are headquartered in New Zealand, we have appointed a Data Protection Officer (DPO) for you to contact if you have any questions or concerns.
What are my rights?
Under New Zealand's Privacy Act 1993 and the EU's GDPR, you have the right to:
- request that we correct any inaccurate, incomplete or outdated data (correct your data)
- request a copy of any data we hold about you and/or provide a copy of your data to another company (export your data)
- request that we erase your data, where applicable and legally possible (erase your data)
- request that restrict use of data, in certain circumstances (limit use of your data)
These rights can be exercised by contacting our DPO.
We request that data pertaining to individuals under the age of thirteen (13) are not used in conjunction with our services.
You may opt out of receiving electronic communications at any time via the "unsubscribe" link in emails, via your dashboard login's preferences, or by contacting our DPO.
What information do you have about me?
We may store information necessary to provide the products and services you require. Information that we store in our database systems may include contact, company and address details as well as information relating to items that you have purchased from us. We do not capture and store any personal information about you without your knowledge except where your information has been passed to us by a 3rd party, such as a reseller authorised to act on your behalf to complete a purchase.
Any information provided to us is used exclusively by TNZ Group for providing you with current and future information about our products and services and any other services. Your information will not be shared with 3rd parties without your consent.
Examples of information we collect include your name, email address, telephone number, IP Address, browser user-agent, language and timezone, usage, billing information (how you pay, when you paid, and your billing address) and cookies (where required).
While using our services, you may submit data in the form of messages (for example, text content for SMS, documents and images for Fax and Email, etc). This data is used only for the purposes of sending your messages and reporting. You can request this data is purged at any time by contacting our DPO.
Your contact/customer data
Any third party data you provide us (your contact lists, customer's personal details, names, telephone numbers and addresses, address book contacts, plus tracking data and usage data for reporting) are collected for the purposes of providing service to you only. You are in control of this data and can correct, export or erase this data at any time by contacting our DPO.
Where is my data stored?
Data is processed and stored at our primary data-centre in Auckland, New Zealand. Where required for business-continuity/redundancy, we may process and/or store some data within our secondary data-centre in Sydney, Australia.
Some of our services utilize sub-processors Stripe (for credit card payments), Amazon Web Services (for bespoke applications and business-continuity purposes) and third party telecommunications carriers (for the purposes of message delivery).
See Stripe's policies for information on Stripe's data processing and storage.
See AWS policies for information on Amazon Web Service's data processing and storage.
We will continue to store your data for the time necessary to provide you service, and/or until you request to correct or erase it, and/or you cancel your services with us, and/or we deem the data no longer required. We will retain certain metadata for two years in compliance with Australia's Telecommunications (Interception and Access) Act 1979
Should you need to correct, export or erase your data, or should you require a level of data sovereignty, contact our DPO for details.
How safe is my data?
Your information is held securely with the upmost care. We do not pass any of your personal data to outside organizations and/or individuals, unless at your request (such as using a third party API or tool).
We undergo regular testing and updating to ensure our services operate securely, with a stringent Security Policy to restrict access to data by internal employees and contractors, as well as malicious parties. The Security Policy outlines that all data is sensitive, the importance of data security, access controls and where data can be used and stored, and disciplinary measures should these policies be violated. Where we have selected third party providers (such as Stripe and Amazon Web Services), we have done so while ensuring these third parties have certifications and an equal policy to ensure your data is kept safe.
If you believe that your data is no longer secure for any reason, contact our DPO immediately.
Can I access information stored by you?
Yes, you have the right to know about the information we hold about you. You also have a right to have your data corrected, exported or erased. You also have a right to cease providing us data or to import or export your data.
Please contact our DPO with any questions, concerns or data requests.
It is important that you protect your account against unauthorised access and so you should ensure that your account password is kept secure at all times.
Changes to this policy
We may amend this policy at any time. It is important you check our website regularly.
It is also important you check Stripe's policies and AWS policies for changes they may make.
Can I ask a question or lodge a complaint?
You can contact our DPO at any time with concerns or complaints. Our DPO can be contacted:
Via email: Data Protection Officer (DPO)
Via post: DPO, PO Box 25580, St Heliers, Auckland 1740, New Zealand
We will endeavour to address any concerns and rectify any issues as soon as possible.