CarbonTrail Limited (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, store, disclose and protect your personal information.
By using our website, providing your personal information to us, corresponding with us, and/or using our services and products you agree to accept this policy.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
We may change this policy by uploading a revised policy onto the website and/or service. The change will apply from the date that we upload the revised policy.
We collect personal information about you from:
Wherever possible, we will collect personal information from you directly.
Personal information we collect about you may include your full name, telephone/mobile number, email address, other contact details, date of birth, payment and transaction information, information about entities that are associated with you, and information relating to your job/role.
If you do not want us to collect, or to provide us with, your personal information, we may be unable to communicate with you, provide you with our services and products, and/or provide an optimal experience of our website.
We will use your personal information:
We do not sell, rent, or exchange your personal information to any third party without permission.
We may disclose your personal information for the purposes for which it was collected, and for directly related purposes (including those required by law). Some of these third parties may include, but are not limited to:
Our internet and data services provider, Amazon Web Services, is located outside New Zealand. This may mean your personal information is held and processed outside New Zealand. If at any time we need to send personal information outside of New Zealand to an overseas agency that may use the information for its own purposes, we will:
We will take reasonable steps to keep your personal information secure and safe from loss, unauthorised access, use, modification, disclosure, or other misuse.
We will only retain your personal information for as long as is required for the purpose/s for which it may lawfully be used. Once personal information is no longer required (including if your account for using our services is deleted), we will securely destroy it or otherwise delete all identifying details so that only anonymised data is retained.
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If your personal information is involved in a privacy breach which we reasonably believe has caused or is likely to cause serious harm to you (“a Notifiable Privacy Breach”), we will inform you and recommend what steps you should take in response. We will also report a Notifiable Privacy Breach to the Office of the Privacy Commissioner.
If you are not satisfied with how we have handled your complaint, you can contact the Office of the Privacy Commissioner on 0800 803 909 or at www.privacy.org.nz.