This privacy notice was last updated on: 17th June 2020
1. Privacy Notice coverage
1.2 SAVVY REPORTS are the “controller” (as is defined in the GDPR) of any Personal Information collected via the Website and our contact details are set out below in Section 7 below.
2. Information collected by SAVVY REPORTS
2.1 We gather various types of Personal Information from our users, as explained more fully below. We use your Personal Information to:
I. allow our users to set up a user account and profile;
II. personalise and improve the Services – we analyse and log user login patterns, threats, risks, location and device data to identify and prevent security breaches. We also track user activity to better understand user behavior and improve the Services;
III. manage user accounts and provide customer service – we log activity in order to provide users with an enhanced experience. The Personal Information we collect includes user location and information, requested features and add-on package in order to optimize our relationship with users;
IV. process payments and for other billing purposes – we take payments using third party software. We collect user email, billing email, name and location. We also use this information for internal processes such as account management, sales, customer support and marketing;
V. send users product-related and marketing communications – SAVVY REPORTS uses user email, name and status (business owner or accountant) to facilitate product-related and marketing communications. Please see Section 2.4 below for more information on this and your right to object to marketing;
VI. contact users in relation to the Website and the Services;
VII. fulfill your requests for the Service;
VIII. analyse how users utilise the Website, and as otherwise set forth in this Privacy Notice;
IX. provide account management, education, success and engagement services. We analyse and log activity across our Services and with our team, such as login pattern, number of users added, number of add-ons added, last contacted, billing patterns and subscription details.
X. SAVVY REPORTS does not store your credit card details.
If you choose to pay for the Service by credit card, your credit card details are not stored by SAVVY REPORTS and cannot be accessed by SAVVY REPORTS staff. Your credit card details are encrypted and securely stored by a third-party payment gateway to enable SAVVY REPORTS to automatically bill your credit card on a recurring basis.
2.2 Information you provide
I. Your Personal Information: We receive and store any information you knowingly provide to us. For example, we collect Personal Information such as your name, email address, and browser information. You can choose not to provide us with certain information such as your credit card information, but then you may not be able to register with us or to take advantage of some of our features.
II. Your users’ Personal Information: In order to provide you with the Services, we also receive and store any information you choose to provide us with respect to your users (“End Users”). The End User information (“End User Information”) we receive and store includes names and email addresses of your users and will consist of any other information you choose to provide us with.
2.4 E-mail, marketing and other communications, we may use your Personal Information to contact you by email, about your use of the Website or the Services. If you provide us with your consent to subscribe to our newsletter or marketing emails, we will use your name and email address to send the newsletter to you via email. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails. Please note that if you do not want to receive newsletter or marketing emails from us, we may still send you legal notices which will govern your use of the Website and you are responsible for reviewing such legal notices for any changes.
3. Personal information storage
3.1 Data may be transferred to, and processed in, countries other than the country you live in – such as to New Zealand and Australia, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
3.2 SAVVY REPORTS uses various cloud-based systems and tools, including certain customer relationship management and marketing automation services (“Tools”) to allow us to provide our services to our users quickly and efficiently. As part of our use of the Tools, certain limited client and user profile information is sent to the providers of the Tools, some of whom are based outside Australasia and the EEA. Where users’ Personal Information is sent by SAVVY REPORTS to Tool providers based outside the Australasia and the EEA, we ensure such transfers are conducted in accordance with SAVVY REPORTS’s obligations under various Data Protection Acts.
3.3 By accepting this Privacy Notice, users’ acknowledge the above practices described in this Privacy Notice. SAVVY REPORTS will take all steps reasonably necessary to ensure that such Personal Information is kept confidential, secure and only used for the purposes that we have specified and informed you of in this Privacy Notice.
4. Sharing of Personal Information
4.1 We may share such Personal Information with third parties for the purposes described below.
I. To assist us in providing the Services and/or the Website. We employ other companies and people to perform tasks on our behalf and may need to share your Personal Information with them to provide the Services to you. Unless we tell you differently in this Privacy Notice, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us and they shall only process your Personal Information in accordance with this Privacy Notice. These third parties include third party companies and individuals employed by us to facilitate the Services and our Website, including the provision of maintenance services, database management, Web analytics and general improvement of the Services.
II. Users’ accountants and bookkeepers If a user is using a SAVVY REPORTS product that has been made available to them by a service provider who has signed as one of our partners/advisors (e.g., their accountant or bookkeeper), then all Personal Information uploaded by such users will be available to that partner/advisor and its authorised employees and agents who have access to the relevant partner/advisor dashboard site.
III. Business transfers, we may choose to buy or sell assets. In these types of transactions, customer information (including Personal Information) is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party. You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
IV. Protection of SAVVY REPORTS and others, we reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of SAVVY REPORTS, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. We also may be required to disclose Personal Information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
V. With Your consent, except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information where we need your “consent” to share your Personal Information, unless we have to disclose your Personal Information in the circumstances set out in this Privacy Notice or required by law.
5. Personal Information security
5.1 Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
6. Data breach
6.1 If we become aware of a data breach or are notified of a data breach, we shall notify the Privacy Commissioner’s Office and provide details to them of the data breach where we are required to do so. In most cases we are not required to provide any Personal Information on our users, however the PCO may request contact details for users who are or may be affected. If we encounter a data breach users will be notified where there is likely to be a high risk of any harm or damage to them as a result of the data breach. Should we be requested to provide Personal Information as part of the data breach process we will notify those users who we believe are affected.
7. Your rights
7.1 It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to email@example.com
7.2 Right of access, you have the right to apply for a copy of the Personal Information we hold about you. This is called a data subject access request and you can make a request to firstname.lastname@example.org. We may require you to verify your identity before we can disclose any Personal Information to you.
7.3 Right to rectification, you have the right to have any Personal Information which is inaccurate that SAVVY REPORTS holds, rectified, or any incomplete Personal Information which SAVVY REPORTS holds, completed. Alternatively, through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
name and password
credit card information
The information you can view, update, and delete may change as the Website changes. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com.
7.4. Right to restrict processing, you have the right to request SAVVY REPORTS restrict or block the Processing of your Personal Information in certain circumstances. If you exercise this right we will cease processing your Personal Information however we will still retain a copy of your Personal Information whilst we process your request. Once we have processed your request we will only retain the minimum amount of Personal Information to ensure we comply with our obligations.
7.5. Right to data portability, you have the right to request that SAVVY REPORTS transfers certain Personal Information which you have provided to us. Where the Processing is based on consent it is necessary for the Performance of a Contract or where the Processing is carried out by automated means.
7.6 Right to object, you have the right to object to the processing of your Personal Information by SAVVY REPORTS where the Processing is based on our legitimate interests, direct marketing or if SAVVY REPORTS is processing Personal Information based on research or statistical purposes.
8. Special categories of data
8.1. We ask that users do not send us, and that users do not disclose, or upload any special categories of data about themselves or their End Users (e.g., id/social/security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services.
9. Testimonials and blogs
9.1. We post customer testimonials/comments/reviews on our Website which may contain Personal Information. We will use the reviews that you have posted on review websites in relation to our Services and by using the Services you consent to this usage. Alternatively, we will post the comments that you have supplied to us after we have obtained your consent in order for us to do the same. To request removal of your Personal Information from Testimonials or comments please contact us at firstname.lastname@example.org with the subject ‘Data Protection’.
10. Your choice
10.1 You can always choose not to disclose Personal Information to us, but keep in mind some Personal Information may be needed to register with us or to take advantage of some of our special features.
10.2 You may be able to add, update, or delete information (including Personal Information) as explained in Section 7 above. When you update information, however, we may maintain a copy of the unrevised information in our records.
10.3 Except as set out in Section 7 above, we will retain your information (including Personal Information) for as long as your account is active or as needed to provide you Services. This may vary and is at the discretion of SAVVY REPORTS.
10.4 You may request deletion of your account and Personal Information by contacting us at email@example.com. Please note that some Personal Information may remain in our private records after your deletion of such information (including Personal Information) from your account due to our disaster recovery and backup purposes. We will retain and use your information and Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements but barring legal requirements, we will delete your Personal Information within 120 days.
10.5 We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
11. Privacy Notice changes
11.1 We may amend or update this Privacy Notice from time to time and the date it was last updated will be shown at the top of the page. Use of Personal Information we collect is subject to the Privacy Notice in effect at the time such Personal Information is used. If we make any significant changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Notice when you use the Website after such changes have been first posted.
12. Questions or concerns
12.1 If you have any questions or concerns regarding our Privacy Notice, please send us a detailed message to firstname.lastname@example.org. We will make every effort to resolve your concerns.
12.2 You also have the right to complain to the regulator, the Privacy Commissioner’s Office in relation to the Processing of Personal Information.