Protection of Your Information
Where required under General Data Protection Regulation (GDPR) and where we rely on consent as the legal basis of the processing, we will only use your personal data for the purpose for which you have given your valid or explicit consent for, which we will ensure we have obtained before we process your information.
We care about your privacy and welcome your feedback. Please contact us if you have any questions or comments about this policy, or you wish to exercise the rights you have, which are explained further below. You can contact us by our email address:
Alternatively, you can write to us at: Data Protection, Flatpack Global, 14 Piermark Drive, Albany, Auckland New Zealand 0632.
We Kitset Assembly Service Limited, Flatpack Global Limited or another entity within the Flatpack global group of companies (Flatpack Global Group) may collect, store and use personal data about you or your business. Personal data includes:
- information that you provide to us when accessing our website and applying for our services (including your name, email address, phone number and physical address);
- information that you provide to us for subscribing to our email notifications, newsletters, customer surveys or when taking part in any competition or promotion (including your name, phone number and email address);
- information that you provide to us when using the services on our website, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
- information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication);
- information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
- any other personal data that you choose to send to us.
Before you disclose to us the personal data of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal data in accordance with this policy.
Personal data submitted to us through our website will be used for the purposes specified in this policy.
We may use your personal data to:
- perform our contract with you and respond to your related requests;
- process your enquiry and provide you with a service;
- manage the service we provide you, which includes answering your requests and complaints;
- administer our website and business;
- send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
- send you marketing communications relating to our business where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
- provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
- keep our website secure and prevent fraud;
- identifying opportunities to improve our services to you and improving our service to you;
- conducting market research to serve you better by understanding your preferences to ensure we send you appropriate promotions and campaigns;
- allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing, keeping our records up to date, being efficient about how we fulfil our legal and contractual duties).
Your privacy settings can be used to limit the publication of your information on our website, and can be adjusted using privacy controls on the website.
We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
Each time we process your personal data for the purposes set out above, we will ensure that we have a legal basis for that processing. This processing will be based on one or more of the following grounds (i) to fulfil a contract we have with you, or (ii) when you consent to it.
We may share your personal data to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal data to any member of Flatpack Global Group insofar as reasonably necessary for the purposes set out in this policy.
At your request, we will share your personal data with your representative or any person acting on your behalf (for example, financial advisers, lawyers, accountants, executors, administrators or trustees).
We may disclose your personal data:
- to the extent that we are required to do so by law;
- in connection with any ongoing or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data.
Except as provided in this policy, we will not provide your personal data to third parties.
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. We have safeguards in place to protect your information when it is transferred outside of the European Economic Area (EEA), New Zealand or Australia.
Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in the EEA: the United States of America, Russia, Japan, China and India.
We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be accessed or held. If we or our service providers transfer any of your personal data we collect from you out of the EEA, it will only be done with relevant protections in place. We will take steps to ensure that your personal data will be afforded the level of protection required of us under and in accordance with this policy and applicable data protection laws. Overseas organisations may be required to disclose information we share with them under an applicable domestic and foreign law.
Personal data that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to the transfers of personal data described in this section.
Our data retention policies and procedure are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Typically, we will usually delete personal data 7 seven years after date of receipt.
Notwithstanding the other provisions of this Section 6, we will retain documents (including electronic documents) containing personal data:
- to the extent that we are required to do so by law;
- if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.
We will store all the personal data you provide on our secure (password- and firewall-protected) servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
How to access your information: To the extent permitted by law, you have the right to access your personal data and to receive a copy of that information. You can ask us to access your personal data that we hold by emailing [email protected]. We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we’ll always confirm this with you first. We may also ask you for the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address). If we can’t give you access, we will tell you why in writing and how you can make a complaint about our decision.
How to correct your personal data: You have the right to correct your personal data and can contact us if you think there is something wrong with the information we hold about you. If you are worried that we have given incorrect information to others, we will tell them about the correction. If we can’t, then we’ll let you know in writing.
You also have the right in certain circumstances to request that:
- the personal data that we collect from you is erased;
- the right to request that the further processing of your information is restricted or to object to its processing and the right to data portability (to receive and have transferred the information you provided;
- that you withdraw your consent where provided or object to the further processing of your personal data under certain circumstances.
If we refuse any request you make in relation to this right, we will tell you why in writing and how you can make a complaint about our decision.
If you have a complaint about how we handle your personal data, we want to hear from you. You are always welcome to contact us. We are committed to resolving your complaint and doing the right thing by our customers. We aim to resolve complaints as quickly as we can.
You can contact us:
- by post, Data Protection, Flatpack Global, 14 Piermark Drive, Albany, Auckland New Zealand 0632;
- by telephone, on the contact number published on our website from time to time; or
- by email, using the email address published on our website from time to time.
If you still feel your issue or request hasn’t been resolved to your satisfaction, then you can escalate your privacy concern to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights). If your complaint relates to how we handled your access and correction requests you may take your complaint directly to the New Zealand Banking Ombudsman or the New Zealand Privacy Commissioner or the UK Information Commissioner. You are not required to let us try to fix it first.
Contact details for escalating complaints
Need more help?
Office of the New Zealand Banking Ombudsman • Online: www.bankomb.org.nz • Phone: +64 (0)4 915 0400 • Email: [email protected]
Office of the New Zealand Privacy Commissioner • Online: www.privacy.org.nz • Phone: +64 (0)4 474 7590 or +64 (0)9 302 8680 • Email: [email protected]
Office of the UK Information Commissioner • Online: www.ico.org.uk • Phone: 0303 123 1113 • Live chat: https://ico.org.uk/global/contact-us/live-chat
Zealand Banking Ombudsman or the New Zealand Privacy Commissioner or the UK Information Commissioner. You are not required to let us try to fix it first.