Motion Tech Lab Limited, trading as Scriptsee, (“we”, “us”, “our”) complies with the New Zealand Privacy Act 2020 (NZPA), the General Data Protection Regulations 2016/679 of the European Union (GDPR), the UK Data Protection Act 2018 and UK GDPR as that term is defined in that Act (together, UK Data Protection Laws), the California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act 2020 (CCPA) and other applicable privacy and data protection laws, (together, applicable privacy laws) when dealing with personal information.
Personal information is information about an identifiable individual (a natural person) , and includes personal data, personally identifiable information and equivalent information under applicable privacy laws. Under GDPR, UK Data Protection Laws, and some other applicable privacy laws, personal information is called personal data – we use these terms interchangeably in this policy.
We are committed to protecting your privacy.
This policy sets out how we will collect, use, disclose and safeguard your personal information. This policy does not limit or exclude any of your rights under applicable privacy laws.
For further information on:
NZPA, see www.privacy.org.nz
CCPA, see https://oag.ca.gov/privacy/ccpa.
This policy was drafted with brevity in mind. It does not provide exhaustive details of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation. Any request for further information should be sent to email@example.com.
CHANGES TO THIS POLICY
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 09 October 2023.
This policy applies to personal information that we collect from visitors to our website, our customers, and other persons with whom we deal directly.
As part of using our services or products, our customers may collect personal information from individuals (e.g. contact details) and upload, store or process that information on or through our systems. That information is described in this policy as User Data.
We only process User Data as authorised by our customers in our separate agreements with those customers. Unless required otherwise under applicable privacy laws, if we receive any request or enquiry relating to User Data, we will forward this request to the relevant customer.
SENSITIVE INFORMATION AND CHILDREN
We do not collect or process all types of personal information. We do not intend to collect:
personal information from or about children aged under 16
sensitive or special categories of personal information, including personal information of the following kind: genetic, biometric and health data (for the purpose of uniquely identifying a natural person), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or data concerning a person’s sex life or sexual orientation (Sensitive Information). Without limiting the previous sentence, we do not process, and you must not provide to us, or use our website or any of our services and products to process, personal information that is regulated by:
the Payment Card Industry Data Security Standards (PCI DSS)
the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
If you believe that we have collected information from or about children under 16 or Sensitive Information from or about you, please contact us at firstname.lastname@example.org.
WHAT PERSONAL INFORMATION DO WE COLLECT
Directly from you
We collect the following information directly from you.
When you sign up for an account, use our services or products, sign up for our newsletter, attend one of our product demonstration events, contact us through our website or interact with us through social media, or otherwise contact us, we collect the following information:
first name and last name (mandatory)
email address (mandatory)
telephone number (mandatory)
account details (mandatory)
profile picture (optional).
When you access and use our website or services and products, we may automatically collect information about your device and usage of our website and services and products, including your IP address and/or other device identifying data, time spent on certain pages of the website, pages visited, and links clicked. This information includes:
technical browsing information, including Internet Protocol (IP) address (mandatory); the date/time a webpage or feature is accessed; HTTP user agent (mandatory), being the user agent string that identifies the browser or operating system to the server; installed fonts; mime-types; browser language and time zone; installed plugins; HTTP headers; and screen resolution
transactional behaviour relating to purchases from our website or through invoices sent by us, including payment transaction numbers (mandatory). Any transactional information is used to improve your experience with us.
From third parties
We may collect personal information about you from third parties where you have consented to, or authorised, this. Also, we may collect information about you that is publicly available.
If possible, we will collect personal information directly from you.
HOW WE USE YOUR PERSONAL INFORMATION
We will use your personal information:
to verify your identity
to provide services and products to you, including to advise you of updates and changes to the services and products
to improve the services and products that we provide to you
to respond to communications from you, including a complaint, a support query, or general query about our services and products
to conduct research and statistical analysis (on an anonymised basis)
to bill you and to collect money that you owe us, including authorising and processing credit card transactions
to protect and/or enforce our legal rights and interests, including defending any claim
to respond to lawful requests by public authorities, including to comply with law enforcement requirements
for any other purpose authorised by you or applicable privacy laws.
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to:
any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products, or that Scriptsee uses to process payments. To receive a list of businesses that currently support our services and products, please contact us at email@example.com.
professional advisers, e.g. accountants, lawyers, or auditors
a person who can require us to supply your personal information (e.g. a law enforcement agency regulatory authority)
any other person with your consent.
We may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
PROTECTING YOUR PERSONAL INFORMATION
As required by applicable law, we will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks inherent in processing personal information. These measures include:
Periodic management review of privacy and security policies
Data encryption at rest and in transit
Login and Password management
Access Control Level
Two-Step verification (multi-factor authentication) for remote access.
If you would like further information on those measures, please contact us at firstname.lastname@example.org.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
Subject to certain grounds for refusal under applicable privacy laws, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
Where you request a correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.
If you want to exercise either of the above rights, email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
Subject to applicable privacy law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
In addition to the rights to access and correct your personal information, if you are based in:
the EU or UK, you have the additional rights set out in the EU and UK Additional Terms set out in Appendix A
California, you have the additional rights set out in the CCPA Additional Terms set out in Appendix B.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
DATA RETENTION POLICY
The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable privacy law, whichever is longer.
If you have any questions about this policy, our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us at firstname.lastname@example.org.
Appendix A: EU and UK Additional Terms
These EU and UK Additional Terms set out additional details about the personal information we collect about individuals located in the EU or the UK and the rights afforded to them under the GDPR and/or UK Data Protection Laws.
LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION
Our lawful basis for processing (as that term is defined in GDPR and UK Data Protection Laws) personal information that we collect, use and disclose depends on the personal information collected and the context in which we collect it.
Generally, we collect personal information from you where we have your consent, where processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).
Where we process personal information based on your consent, you may withdraw your consent at any time.
Despite the above, we may process your personal information where such processing is necessary for compliance with applicable laws.
If you have any questions about the legal basis on which we process personal information or need further information, please contact us at email@example.com.
YOUR RIGHTS UNDER GDPR AND UK DATA PROTECTION LAW
If you are located in the EU or the UK, your rights in relation to your personal information include:
right of access - if you ask us, we will confirm whether we are processing your personal information and provide you with a copy of that personal information
right to rectification - if the personal information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal information is rectified. If we have shared your personal information with any third party, we will tell them about the rectification where possible
right to erasure – when your personal information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your personal information and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your personal information
right to withdraw consent – if the basis of our processing of your personal information is consent, you can withdraw that consent at any time
right to restrict processing - you may request that we restrict or block the processing of your personal information in certain circumstances. If we have shared your personal information with any third party, we will tell them about this request where possible
right to object to processing - you may request that we stop processing your personal information at any time and we will do so to the extent required by GDPR and/or UK Data Protection Laws (as applicable)
rights related to automated decision-making, including profiling – you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent
right to data portability – you may obtain your personal information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal information directly to another data controller
the right to complain to a supervisory authority - you can report any concern you have about our privacy practices to your local data protection authority.
Where personal information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at firstname.lastname@example.org. If you are not satisfied by the way that we deal with your query, you may refer your query to your local data protection authority.
Appendix B: CCPA Additional Terms
The CCPA provides consumers that are California residents with specific rights regarding their personal information. This Appendix B provides additional details about the personal information we collect about Californian consumers and the rights afforded to them under CCPA.
Any terms defined in the CCPA have the same meaning when used in this addendum.
COLLECTION, USING, AND SHARING INFORMATION
For more details about the personal information that we have collected over the last 12 months, including the categories of sources, please see the What Personal Information Do We Collect section above. We collect this information for the business and commercial purposes described in the How We Use Your Personal Information section above. We share this information with the categories of third parties described in the Disclosing Your Personal Information section above.
We do not sell the personal information that we collect.
YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have the following rights:
right to know - you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months
right to delete - subject to certain exceptions, you have the option to request that we delete personal information about you that we have collected from you, and tell our service providers to do the same
right to correct – you have the right to correct inaccurate information that we have about you (please also see the Accessing and Correcting Your Personal Information section above)
right to non-discrimination - you have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations. We will not discriminate or retaliate against you for exercising your CCPA rights
right to opt-out of sale – We do not sell your personal information in the ordinary sense. However, the CCPA definitions are broad and some authorities have indicated that, in some circumstances, the use of third party targeted advertising cookies and other tracking technologies could constitute a “sale” of personal information under the CCPA. To the extent our use or sharing of your personal information involves a “sale” as defined in the CCPA, you have the right to opt out of that sale
right to opt-out of sharing – you have the right to request that we do not share your personal information (including sensitive personal information, as defined in the CCPA) with third parties for cross-context behavioural advertising (i.e. targeted advertising)
right to limit use and disclosure of sensitive personal information – if we collect sensitive personal information about you (as defined in the CCPA, including your financial account information or precise geolocation data), you can direct us to only use your sensitive personal information for limited purposes, such as providing you with the services you requested. We do not collect sensitive personal information.
To exercise the rights described above, please submit a request to us by emailing us at email@example.com. Requests for access to or deletion of personal information are subject to our ability to reasonably verify your identity in light of the information requested and relevant CCPA requirements, limitations, and regulations.
An authorised agent may submit a request on your behalf using the same email address. Requests made by an authorised agent on your behalf are subject to our ability to reasonably verify that the agent has written permission signed by you and authorising the agent to make the request on your behalf, in light of the information requested and relevant CCPA requirements, limitations and regulations.