EFFECTIVE DATE JUNE 17, 2021
QYTO is committed to protecting your privacy. We are committed to gaining and maintaining your trust by following a core set of Privacy Principles.
How We Collect Information
Information you provide directly to Website. You are not required to provide information about yourself when you visit a Website. QYTO may ask you for different types of information only when you log in or directly contact the QYTO such as contact information (full name and email address) or call our offices or provide feedback, comments or ask questions about Website.
Information we collect automatically on Website. Also Website may collect some information automatically, such as:
- Your device type and settings, software used and browser type and operating system;
- Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
- Websites or other services you visited before and after visiting a Website;
- Web pages and advertisements you view and links you click on within Website;
- Unique identifiers and connection information, including mobile device identification numbers (e.g. Apple’s Identifier for Advertising IP (IDFA) or Google’s Android Advertising ID (AAID)) and internet connection means (e.g. mobile operator, ISP, WiFi connection) that can identify the physical location of such devices in accordance with applicable law;
- Information collected through cookies, web beacons, and other similar technologies;
- Standard server log information.
Combining Information. Please note that all of the information we collect about you may be combined, including to help us prolong our communications with you, provide online advertising based on your interests, and to develop rich online content on our Website. Your consent will be obtained where it is required.
Use of Information
QYTO may use your personal information to let you know about news, bonus programs or other things we think may be interested to you. If we will decide to use your personal information for direct marketing purposes, we will give you the opportunity to opt out of receiving any marketing material. We may share the personal information that you have given to us with associates and affiliates. We may also use your personal information for related purposes that you would reasonably expect. We take particular care with any sensitive information that we may have (if any).
Data Subject Rights
Data subjects have the following rights under the Act:
The right to access information – the right to both:
confirmation as to whether (or not) an agency holds information about that person; and
access to such personal information, where such personal information may be readily retrieved.
The right to correction of information – the right to request correction of information. The agency must, on request or of its own initiative, take steps that are reasonable in the circumstances to ensure (having regard to the purposes for which the information may lawfully be used), the information is accurate, up to date, and not misleading.
Object to direct marketing — while there is not a specific right to object to direct marketing under the 2020 Act, it is worth noting that the Unsolicited Electronic Messages Act 2007 (‘UEMA’) prohibits the sending of unsolicited electronic messages (such as SMS or e-mail) for direct marketing purposes. Additionally, under the Telecoms Code, telecommunication information may only be used for direct marketing if the individual has been advised that such authorisation may be withdrawn at any time (Rule 10 of the Telecoms Code).
Rights not included in the 2020 Act
There is no express right to object to processing in New Zealand. If the information had yet to be provided by the individual, then she/he may refuse to provide the relevant information (provided it is being collected directly), or otherwise complain of an interference to privacy to either the OPC or the agency itself.
Note that there is no broad right to data portability in New Zealand. For completeness, there is ‘number portability’ whereby local and mobile numbers may be transferred, which is regulated under different legislation outside the scope of this Guidance Note (the Telecommunications Act 2001).
Similarly, there is not a ‘right to be forgotten’ or ‘right to erasure’ in New Zealand. It is arguable that an individual may request their information to be corrected (as described above), and such a correction may constitute deletion of information, but this is not typically what is thought of when referring to a right to be forgotten. However, of note in this area is the Harmful Digital Communications Act 2015, which aims to deter, prevent, and mitigate harm to individuals caused by digital communications (often known as ‘cyber-bullying’), and provide victims with efficient means of redress. This can involve a court takedown order, requiring harmful digital communications to be removed.
Disclosure of Information
- Transfers. QYTO may share your information in connection with a transaction of the corporate rights, such as the sale of a Website, a merger, consolidation, asset sale, or in the event of bankruptcy.
- Legal requirements. QYTO may disclose information about our users, including contact information, to respond to subpoenas, court orders, legal process, and other law enforcement measures, and to comply with other legal obligations. There may be circumstances where the law requires QYTO to disclose the information, or where disclosure is required for law enforcement purposes.
Finally, we also may share aggregated or anonymized information with third parties, to help us develop content that, we hope, will be interesting to you or to help these third parties develop their service offerings.
You can choose to view content and features on the Website without providing us directly with any information about you; however, as described above, some information may be collected automatically. There may be times when we ask for personal information from you and you do not wish to provide it. You can opt out of receiving commercial email or text messages from a particular Website or other service by following the instructions contained in any such message or by contacting us directly. You also have choices about whether cookies and other similar technologies are placed on your computer or mobile device. You also may choose to opt out of use of data that our authorized third party service providers or we collect about your visits to our business partners’ websites that may be used to deliver advertisements tailored to your interests. Finally, you also have choices about the collection and use of your information by third parties to display relevant advertisements.
Protection of Information
We are committed to protecting your information. We have adopted commercially reasonable technical, administrative, and physical procedures to help protect your information from loss, misuse, unauthorized access, and alteration. Please note that no data transmission or storage can be guaranteed to be 100% secure. We want you to feel confident using the Website but we cannot ensure or warrant the security of any information you transmit to us.
Transfer of Data Internationally
Please be aware that information you provide to us or that we obtain as a result of your use of the Website may be collected in your country. The privacy and data protection laws in the country to which your information is transferred may not be equivalent to such laws in your country of residence. Your personal information may be subject to the laws of the country to which it is transferred and may be accessible without notice to you by the courts, law enforcement and national security authorities of that country. By using and visiting the Website or providing us with your information, you consent to the collection, international transfer, storage, and processing of your information.
The key legislation in New Zealand in relation to data protection that we use is Privacy Act 2020 (‘the 2020 Act’). The 2020 Act empowers the Office of the Privacy Commissioner (‘OPC’) to issue codes of practice, which comprise part of the privacy law in New Zealand. The intention of these codes is to modify the operation of the act for specific types of information, or for certain industries. Separate to the 2020 Act, privacy principles can be found within New Zealand’s common law. The New Zealand courts have developed a tort of privacy (i.e. the right of one person to sue another for breach of privacy). The tort of privacy relates to the public disclosure of private facts, where such disclosure would be considered to be highly offensive to a reasonable person of ordinary sensibilities, balanced against the wider public interest (Bradley v. Wingnut Films Ltd  1 NZLR 415).