1. General provisions
This policy on the processing of personal data is made in accordance with the requirements of the Law on Personal Data, and defines the order of processing of personal data and measures to ensure the security of personal data carried out by the website nzfirst.org.nz (hereinafter the “Operator”).
- 1.1 The Operator’s most important goal and condition of its activities is to observe human and civil rights and freedoms in the processing of personal data, including the protection of rights to privacy, personal and family secrets.
- 1.2 This policy of the Operator with respect to the processing of personal data (the “Policy”) applies to all information which the Operator may obtain about visitors to https://www.nzfirst.org.nz/.
2. Basic concepts used in the Policy
- 2.1 Automated processing of personal data means the processing of personal data by means of computer technology;
- 2.2 Blocking of personal data – temporary suspension of processing of personal data (except when the processing is necessary to clarify personal data)
- 2.3 Website means a combination of graphic and information materials, as well as computer programs and databases, making them available on the Internet at the network address https://www.nzfirst.org.nz/;
- 2.4. personal data information system – an aggregate of personal data contained in databases and information technologies and technical means ensuring processing of personal data;
- 2.5 Impersonalization of personal data – actions, as a result of which it is impossible to determine, without the use of additional information, the attribution of personal data to a specific User or other subject of personal data;
- 2.6 Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
- 2.7 Operator – a state body, municipal authority, legal entity or individual, independently or together with other persons, arranging and (or) carrying out processing of personal data, as well as determining the purpose of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data;
- 2.8 Personal data – any information relating directly or indirectly to an identified or identifiable User of the website https://www.nzfirst.org.nz/;
- 2.9 User means any visitor to the https://www.nzfirst.org.nz/ website;
- 2.10. Provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
- 2.11. Dissemination of personal data – any action aimed at disclosure of personal data to an indefinite range of persons (transfer of personal data) or to make personal data available to an unlimited number of persons, including publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;
- 2.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, foreign natural person or foreign legal entity;
- 2.13. Destruction of personal data – any action, as a result of which personal data is destroyed irretrievably with the impossibility of further restoration of the content of personal data in the information system of personal data and (or) destruction of material media of personal data.
3. The operator may process the following personal data of the user
- 3.1 Surname, first name, patronymic;
- 3.2. phone number;
- 3.3 E-mail address;
- 3.4 The Website also collects and processes visitors’ anonymised data (including cookies) using Internet statistics services (Yandex Metrika and Google Analytics, etc.).
- 3.5 The above-mentioned data hereinafter in the text of this Policy are combined with the general concept of Personal Data.
4. Purposes of personal data processing
- 4.1 The purpose of processing of the User’s personal data is to enter into, execute and terminate civil contracts; to provide the User with access to the services, information and/or materials contained on the https://www.nzfirst.org.nz/ website; to clarify order details.
- 4.2 The Operator shall also be entitled to send the User notices about new products and services, special offers and various events. The User can always refuse receiving information messages by sending the Operator an e-mail marked as ‘Unsubscribe from notifications about new products and services and special offers’.
- 4.3 The anonymised User data collected via web statistics services is used to collect information about the Users’ activities on the website and to improve the quality of the website and its contents.
5. Legal basis for the processing of personal data
- 5.1 The operator processes the User’s personal data only if the User fills in and/or sends the personal data themselves via the special forms on the website https://www.nzfirst.org.nz/. By completing the relevant forms and/or submitting their personal data to the Operator, the User expresses their consent to this policy.
6. Procedure for collecting, storing, transferring and other processing of personal data
The safety of personal data, which the operator processes, is ensured by implementing the legal, organisational and technical measures necessary to comply fully with the requirements of current legislation in the area of personal data protection.
- 6.1 The operator ensures safety of personal data and takes all possible measures, which exclude access to personal data by unauthorised persons.
- 6.2 Personal data of the User shall never, under any circumstances, be transferred to third parties, except in cases related to the execution of applicable laws.
- 6.3 If inaccuracies in the personal data are identified, the User can update the personal data themselves by sending a notification to the Operator’s email address, marked “Update of personal data”.
- 6.4 The time period for processing personal data is unlimited. The user may withdraw their consent to the processing of personal data at any time by sending the Operator a notification via e-mail to the Operator’s e-mail address marked “Withdrawal of consent to the processing of personal data”.
7. Cross-border transfer of personal data
- 7.1 Before the transfer of personal data takes place across-borders, the data controller must ensure that the foreign country to whose territory the personal data is to be transferred provides adequate protection of the rights of the data subject.
- 7.2 Cross-border transfer of personal data to foreign countries, which do not comply with the above requirements, may take place only if the personal data subject gives his/her written consent for cross-border transfer of his/her personal data and/or executes an agreement, to which the personal data subject is a party.
8. Final provisions
- 8.1 The user can obtain any clarifications on questions of interest regarding the processing of his personal data by contacting the Operator by e-mail.
- 8.2 This document will reflect any changes to the operator’s personal data processing policy. The policy is valid indefinitely until replaced by a new version.
- 8.3 The current version of the Policy is freely available on the Internet at https://www.nzfirst.org.nz/privacy-policy/.