At The Gap, we take privacy very seriously. This Privacy Notice is drafted with reference to the General Data Protection Regulation (EU) 2016/679 (GDPR) and describes how The Gap collects and uses the personal information you provide when using our website and services. This Privacy Notice applies across all websites that we own and operate, and all services we provide, including The Gap Portal, educational webinars, masterclasses, implementation programmes, and general support (“our Services”).
We’ve created this Privacy Notice to ensure our users understand how we treat Personal Data that we gather or process when you are using our Services. This Privacy Notice sets out the rights you have in relation to your Personal Data. Our Services are not intended for children and we do not knowingly collect data relating to children.
This Policy’s defined terms have the same meaning as in our Licence Agreement, which should be read together with this Privacy Notice.
Who are we?
‘We’, ‘our’ or ‘us’ refers to The Gap 2014 Limited. Our headquarters are in Mount Maunganui, New Zealand. We provide a web application (which we call a portal) for accountants and bookkeepers to deliver a wide range of Business Development services to their clients.
We act as a ‘Controller’ as defined in the GDPR which means we are responsible for your Personal Data. We act as a ‘Processor’ as defined in the GDPR of your clients’ Personal Data. You have the responsibility for ensuring that the Personal Data you collect about your clients is being processed in a lawful manner.
What Personal Data do we collect about you?
Information you provide to us:
Your Personal Data: We receive and store any information you knowingly provide us. We collect Personal Data such as your name and email address.
Your clients’ Personal Data: In order to provide you with the Services, we also receive and store any Personal Data you choose to provide us with in respect to your clients. This Personal Data includes your clients’ names and email addresses as well as any other information you choose to input into the portal.
We don’t process or use your clients’ Personal Data except for storage purposes.
Information we collect automatically:
Information we receive from third parties:
Most of the information we collect is collected directly from you. Sometimes we might collect Personal Data about you from other sources, such as publicly available materials or from trusted third parties (e.g. our marketing partners). We use this information to supplement the Personal Data we already hold about you, in order to better inform, personalise and improve our Services, and to validate the Personal Data you provide.
Where we collect Personal Data, we’ll only process it:
- To perform services as part of our contract with you; or
- Where we have a legitimate interest to process the Personal Data, which isn’t overridden by your rights; or
- In accordance with a legal obligation; or
- Where we have your consent
How will we use your Personal Data?
To provide you with our Services.
We need your name and email address in order to provide you with our Services and allow you to log in to our portal.
To support you.
We need your Personal Data to assist with the resolution of technical support issues or other issues relating to our Services, whether by email, phone or support ticket.
To communicate with you.
We may use your Personal Data to send you various communications. This may include:
- Notifications about new or updated services offered in relation to our Services
- Invitations to our training webinars and events
- Marketing communications
- Requests for feedback or to take part in research
- Providing you with information you’ve requested
To enhance our Services.
We track and monitor the use of our Services to determine which are most popular and which may need improvement. We also track and monitor the use of our website so we can optimise your user experience.
To market to you.
We use your Personal Data to send you marketing communications. We may obtain your Personal Data, such as name, email address, and place of employment from publicly available information and send you marketing communications where we have a legitimate interest to do so. You can unsubscribe from these at any time.
Where do we store your Personal Data?
Your Personal Data is processed on servers based in Tauranga, New Zealand. New Zealand has been identified as providing adequate protection for European Economic Area (EEA) data. This adequacy status means that Personal Data can be legally sent to New Zealand from Europe for processing without special additional measures being taken by European firms.
We use various online systems and tools, including certain customer relationship management, marketing automation and email delivery services (‘Tools’) to allow us to communicate with our users. As part of our use of these Tools, certain Personal Data is sent to the providers of the Tools. We ensure that providers of these Tools comply with the requirements of the GDPR.
Do we share your Personal Data?
There are times when we need to share your Personal Data with third parties. We’ll only share your Personal Data to:
Third party service providers and partners who assist and enable us to use the Personal Data to support the delivery of, or provide functionality, for our Services, or to market or promote our Services to you. Such third parties do not have any right to use the Personal Data we share with them beyond what is necessary to assist us and they shall only process your Personal Data in accordance with this Privacy Notice.
Regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. We will notify you of this type of disclosure where possible and appropriate.
An actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
Other people, where we have your consent.
How long will we keep your Personal Data?
The length of time we keep your Personal Data depends on whether we have an ongoing business need to retain it, e.g. to provide you with a service you’ve requested or to comply with applicable legal requirements.
We’ll retain your Personal Data for as long as we have a relationship with you, and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. We’ll make sure it’s deleted after this period.
What rights do you have?
You have a number of rights in relation to the processing of your Personal Data. Requests can be made verbally or in writing, to the contact details available at the bottom of this document. We will respond to all requests within 30 days of receipt of the request. We won’t charge you for this unless the request is manifestly unfounded or excessive. We may require you to verify your identity before we can disclose any Personal Data to you.
Right of access.
You have the right to request a copy of the Personal Data we hold about you. We will provide you with the following information:
- Confirmation that we are processing your Personal Data;
- A copy of the Personal Data we hold about you; and
- Other supplementary information relating to the processing of your Personal Data
Right to rectification.
You have the right to have inaccurate Personal Data rectified, and to have any incomplete data completed.
Members of The Gap can edit or delete some of their Personal Data within the portal, including their name and email address. Some of this data may be restricted to your firm’s Portal Administrator.
Right to erasure.
You have the right to have the Personal Data we hold about you deleted from our systems.
Right to restrict processing.
You have the right to request that we restrict or block the processing of your Personal Data in certain circumstances. We will continue to store your Personal Data, but we won’t use it in any other way.
Right to data portability.
You have the right to obtain the Personal Data we hold about you and reuse it for your own purposes, across different services. We will provide your Personal Data in a format that is structured, commonly used, and machine readable.
Right to object.
You have the right to object to us processing your Personal Data, where the processing is based on legitimate interests or direct marketing. If you request that we stop using your Personal Data for direct marketing purposes, we will suppress your details from our marketing lists to ensure your preference not to receive direct marketing is respected in the future. All of our direct marketing emails will contain a link for you to unsubscribe if you no longer wish to receive them.
How we keep your Personal Data secure
We’re committed to protecting your Personal Data and have appropriate technical and organisational measures in place to make sure your Personal Data is kept secure. We will take all reasonable steps to protect our Services from unauthorised access, modification or disclosure. Your Personal Data is stored on secure servers that have SSL Certificates.
Changes to this Privacy Notice
We may amend or update this Privacy Notice from time to time. The date of the last update is shown at the top of this document. Use of Personal Data we collect is subject to the Privacy Notice in effect at the time such Personal Data is collected.
We will notify you of changes to this Privacy Notice and changes to the way we use Personal Data by sending you an email and posting an announcement in The Gap Portal and/or on our website prior to the changes becoming effective. You are bound by any changes when you use our website or our Services after such changes have been announced.
Questions or concerns
If you have any questions or concerns regarding this Privacy Notice, or the way we use your Personal Data, please send us a detailed message to firstname.lastname@example.org. We will make every effort to resolve your concerns.
You also have the right to complain to your local Data Protection Authority. If you’re based in New Zealand, you have the right to complain to the Office of the Privacy Commissioner. If you’re based in the European Union, you have the right to complain to the Information Commissioner’s Office. If you’re based outside of New Zealand and the European Union, you have the right to make a complaint at any time to the supervisory authority for data protection issues of the country in which you are based, or to the New Zealand Office of the Privacy Commissioner.
How to contact us
You can contact us in the following ways:
a) Sending an email to email@example.com;
b) Calling us on 0800 275 848 (NZ) | 1800 839 246 (Aus) | +64 7 574 3474 (Int’l);
c) Sending a letter to The Gap, PO Box 10453, Bayfair 3152, New Zealand; or
d) Completing the enquiry form on our website.
Members of The Gap can also contact us by submitting a Support Ticket or posting in the Community Support page of our portal.