CATAS Limited (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect your personal information.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
CHANGES TO THIS POLICY
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM
We collect personal information about you from:
- You, when you provide that personal information to us, including via the website and any related service, through any registration process, through any contact with us (e.g. telephone call or email), or when you buy or use our services
- Third parties where you have authorised this or the information is publicly available.
If possible, we will collect personal information from you directly.
We may collect the following personal information about you:
- Contact information including phone and email address
- Entity you are associated with
- Bank account
- IRD details
- Tax details
- Pay information
- Other information relevant to customer surveys
HOW WE USE YOUR PERSONAL INFORMATION
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- To provide services and products to you
- To respond to communication from you
- Internal record keeping.
- We may use the information to improve our products and services.
- We may send promotional emails about new services or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail.
- For any other purpose authorised by you or the Act
Providing some information is optional. If you choose not to enter the following, we'll be unable to provide our payroll services:
- Full name
- Contact information
- Bank account
- Tax code
- IRD number
- Pay frequency
- Annual salary or hourly wage rate
- Hours per week
- Superannuation scheme
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to:
- the IRD in order to report income earnings and tax deductions
- your employer in order to advise payroll information for their accounting records
- your employer's qualified auditor in order to provide payroll information necessary for their engagement
- other third parties (for anonymised statistical information)
- a person who can require us to supply your personal information (e.g. a regulatory authority)
- any other person authorised by the Act or another law (e.g. a law enforcement agency)
- any other person authorised by you.
Unless there is a sale, merger, consolidation, liquidation, reorganisation or acquisition, CATAS will not disclose your personal information to a third party unless we have your express consent. It is important to note however, that we may have to do so without your consent to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, required by law. If it is possible and appropriate, we will endeavour to notify you to let you know this has occurred.
Your personal information is not controlled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.
TRANSFER AND STORAGE OF PERSONAL INFORMATION
CATAS is based in New Zealand and may access your personal information from New Zealand. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection. This decision provides our basis for transferring personal information to New Zealand.
By providing your personal information to CATAS, you consent to us storing your personal information on servers hosted by Microsoft OneDrive for Business, Flexitime and Xero and accessing your personal information from New Zealand. If your personal information is be stored on servers located in other countries, it will remain within CATAS’ effective control at all times. The server host’s role is limited to providing a hosting and storage service to CATAS, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
If you are not comfortable with your personal information being transferred to a server in another jurisdiction, you should not provide CATAS with your personal information or use our website.
PROTECTING YOUR PERSONAL INFORMATION
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
When you use our services, you consent to us accessing, aggregating and using non-personally identifiable data collected from you. This data does not identify you nor any other individual.
This data may be used to:
- help us understand how our clients are engaging with our services and website, for example, the busiest days of the month, quantity and timing of payments and most popular web pages;
- provide clients with further information regarding the uses and benefits of our services;
- provide statistical reporting to clients and third parties (such as reporting on church donation trends);
- increase business productivity as the aggregated data can provide relevant business insights;
- otherwise improve our website and services.
PRIVACY COMPLAINTS PROCESS
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation:
- Email: email@example.com
- Post: PO Box 21145, Edgeware, Christchurch 8143
- Send you an initial response to your query or complaint within ten (10) business days; and
- Look into and seek to resolve the issue within twenty (20) business days. If necessary, we may need a longer period to do this but will notify you of this delay.