PRIVACY POLICY

Last updated: 30 November 2020

Maxava Limited and each of our related companies (together “Maxava”, “we”, “us”, or “our”) are committed to respecting the privacy and security of information received from Users of our website, products or services. This Privacy Policy sets out our compliance with both New Zealand privacy laws (including the Privacy Act 2020), and the European Union General Data Protection Regulations.

We’ve updated our Privacy Policy to ensure that we communicate to Users, in the clearest way possible, how we collect, use, disclose or transfer personal information supplied by Users or collected by us and the ways in which Users can protect their privacy.

Our Privacy Policy also specifies other requirements, such as how Users may access, correct and delete information held about them.

By using our products and services, or accessing our website, Users agree to comply with the terms and conditions of this Privacy Policy and agree that Maxava may process (i.e. collect, use, store, transfer, disclose and otherwise process) User’s personal information in accordance with this Privacy Policy (as well as for any other use authorised by the User).

Our Privacy Policy explains:

  1. User Consent;

  2. What information we collect and how;

  3. How we use personal information;

  4. Who we share personal information with and why;

  5. The steps taken to protect personal information under our control;

  6. Users’ data protection rights;

  7. Communications;

  8. Links and connections to third party services;

  9. International data transfers;

  10. How Maxava retains and deletes personal information;

  11. How to access and update personal information; and

  12. How to contact us.

1. USER CONSENT

Maxava provides high availability and disaster recovery software products and a full array of Cloud-related services and other services for those products (all of our products and services together are referred to as “our services” in this Policy).  We collect personal information in order to be able to provide and improve our services, and for the other uses described below.

By using our services or providing personal information to us, Users consent to our collection, storage, use and disclosure of personal information (including any sensitive information provided) in accordance with this Privacy Policy.

2. INFORMATION WE COLLECT

There are three ways we collect information:

(a) Information Users give us.

(b) Information we collect when Users use our services.

(c) Information we collect from third parties.

(a) Information Users Give Us

In order to trial, purchase or use our services, a User must provide us with certain contact, billing and personal information including name, address, phone number, email address and company information.  Users may also at times provide us with financial information.

Users may also provide us with information when they:

  • Register product licenses or information with us;

  • Create user accounts and logins;

  • Subscribe to receive the latest news on our services; or

  • Contact our support team.

Users can always choose not to provide us with personal information, however this may mean that we are unable to supply our services.

(b) Information We Collect from Use of Our Services

Cloud-hosted Services​

Our cloud-hosted disaster recovery services replicate and store User Content on our data-centre servers in order to provide Users with access to their User Content in the event of failure of the user’s primary system. The nature of our cloud-hosted services means that all selected User Content (including all documents, files, communications, personal information and sensitive information stored on the User’s primary system) is replicated or copied to our servers. This will include any personal or sensitive information (i.e. information regarding medical health or conditions, race or ethnic origins, political opinions and other sensitive information) collected and stored by the User.

The confidentiality and security of User Content is a fundamental priority for Maxava. While User Content may be transferred/disclosed amongst the Maxava entities for the purposes of providing the services, User Content will be stored separately, and will not be accessed, used or disclosed by Maxava except for the purposes of providing, monitoring or managing the services, in which case we will limit our interaction with User Content to a minimum.

System Health Checks

Maxava offers a remote access service to assist in monitoring and analysing the performance of our services, and diagnosing and resolving any technical and system issues. This process allows us to remotely access a User’s system to determine any problems and either repair it or provide advice on what options are available to fix the issue. By taking advantage of this service, Users are giving permission to us to log into the User’s system which may contain personal information. We will only search a User’s computer to determine the cause of the problem and will attempt to limit our interaction with User files to a minimum. Users shall be responsible for ensuring that all User files, especially those containing personal information, are secure to prevent any type of data loss or corruption.

All Other Services

We may automatically collect information (which may include personal information) when Users interact with or use our services (including visiting our website or requesting technical support). This information may include:

  • System information: we may collect information about User system(s), including, but not limited to, the CPU serial number, processor group, operating system, applications, IP address and, where applicable, host ID, and other User system environment information.

  • Usage information: we collect information about how Users and their system environment interact with our services. This may include:

    • Information relating to the features used;

    • The performance of the services and any problems experienced by Users;

    • The pages that Users visit on our website;

    • Website content accessed by Users;

    • Length of the Users’ stay on a specific page; and

    • Browser information.​

  • Device information: some of our services (e.g. Maxava Monitor Mi8 and MaxView solutions) provide up-to-date system information anywhere, anytime and on any device. When Users download or use these services we may receive information about the User device, such as the hardware model, operating system version, unique device identifier and mobile network information (including phone number).

  • Location: when Users use our services (including our website), we may collect and process information about the User’s location. We use various technologies to determine location, including IP addresses and web analytics.

  • Cookies and similar technology: we use cookies, web beacons and similar technologies to provide our services, and to help collect data. For example, when Users visit our website, we collect information about the pages visited, the User’s browser and the User’s device. A cookie is a small element of data that a website can send to the User’s browser, which may then be stored on the hard drive (session ID cookies will terminate once Users simply close the browser, persistent cookies may however be stored on the User’s hard drive for an extend period of time). A cookie does not identify a User personally, but it does identify the User’s computer. Cookies allow us, among other things, to monitor traffic patterns, store user preferences and settings, analyse how our services are performing and enable Users to login. Most web browsers are set to accept cookies by default, but allow settings to be adjusted to remove or block cookies and web beacons. Please note however that removing or rejecting cookies could affect the availability and functionality of our website features, or our services.

  • Analytics and advertising:  Our website uses the following analytics and advertising services to assist our marketing and promotional activities:

    Google Analytics: For the purpose of customising and continually optimising our website, we use Google Analytics, a web analytics service provided by Google Inc ("Google").
    In this service, pseudonymised usage profiles are created and cookies are used to generate information about your use of this website such as browser type / version, operating system, referrer URL (the previously visited page), IP address for your computer or device, date and time. This information is transmitted to a Google server in the US and stored there.  The information is used to evaluate the use of our website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and our website design. This information may also be transferred to third parties if required by law or if third parties process this data. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised. You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en). For more information about privacy related to Google Analytics, see the Google Analytics information at https://support.google.com/analytics/answer/6004245?hl=en ).
    To statistically record the use of our website and to evaluate it for the purpose of optimising our website, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the User visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google can detect that the User had previously clicked on the ad and was redirected to this page. Every Adwords customer receives a different cookie. Cookies cannot be tracked via the websites of Adwords customers. The information obtained through the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed about the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/en.html).

    Facebook Pixel:  Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).  These allow the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website.  This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.  The data collected is anonymous to us as operators of our website and we cannot use it to draw any conclusions about our users’ identities. However, the data is stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.  Check out Facebook’s privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.  You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.  If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

    LinkedIn Conversion Tracking and Insight Tag:  The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we have added to our websites to enable in-depth campaign reporting and to help us obtain valuable insights about our website visitors. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts.  The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor's browser until they delete the cookie or the cookie expires (there’s a rolling six-month expiration from the last time the visitor’s browser loaded the Insight Tag).  You can opt out of cookies from LinkedIn on your LinkedIn settings page and recommend you read their Cookie Policy for more information, at https://www.linkedin.com/legal/cookie-policy.

  • Social Media Modules: Our website has built in social media modules from the social networks Facebook, Twitter, YouTube, Vimeo and LinkedIn to make our Company better known, and personalise usage.

    Facebook:  If you visit a page of our website that contains a Facebook module, your browser establishes a direct connection to the Facebook servers. The content of the module is transmitted by Facebook directly to your browser. By integrating the module, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account.  If you interact with the Facebook functions, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there.  The information will also be posted on Facebook and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research and tailoring Facebook pages. For this purpose, Facebook uses user, interest and relationship profiles (for example, to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to further inform you about the use of related services). If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.  For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy of Facebook at https://www.facebook.com/about/privacy/.

    Twitter:  Our website integrates plugins of the messaging network of Twitter Inc. (“Twitter”). When you visit a page of our website that contains a Twitter plugin, a direct connection is established between your browser and the Twitter server.  Twitter receives the information that you have visited our site with your IP address.  If you click on the Twitter "tweet button" while logged in to your Twitter account, you can link the contents of our pages to your Twitter profile.  This allows Twitter to associate your visit to our pages with your user account.  We are not aware of the content of the transmitted data and their use by Twitter.  If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account before visiting our website. Further information can be found in the privacy policy of Twitter at https://twitter.com/privacy.

    Youtube:  If you visit a page of our website that contains a Youtube plugin, your browser connects directly to the servers of Youtube.  The content of the plugin is transmitted from Youtube directly to your browser and integrated into the page.  Through this integration Youtube receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Youtube profile or are currently not logged in to Youtube.  This information (including your IP address) is transmitted by your browser directly to a server of Youtube and stored there.  If you are logged in to Youtube, Youtube can directly assign your visit to our website to your Youtube account.  If you interact with the plugins, for example by pressing the "Youtube" button,  this information will also be transmitted directly to a Youtube server in the USA and stored there.  If you do not want Youtube to directly assign the data collected via our website to your Youtube account, you must log out of Youtube before visiting our website.  For more information, see Youtube’s privacy policy at https://policies.google.com/privacy?hl=en .

    Vimeo:  Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.  If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established, and Vimeo is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.  If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.  For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

    LinkedIn:  Our website uses LinkedIn's social module operated by the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you visit a page of our website that contains such a module, your browser connects directly to LinkedIn's servers. The content of the module is transmitted by LinkedIn directly to your browser and integrated into the page. Through this integration, LinkedIn receives the information that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn profile or are currently not logged in to LinkedIn. This information (including your IP address) is sent directly from your browser to a LinkedIn server and stored there. If you are logged in to LinkedIn, LinkedIn can instantly associate your visit to our website with your LinkedIn account. If you interact with the modules, for example by clicking on the "LinkedIn" button, this information will also be transmitted directly to a LinkedIn server in the US and stored there.  If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account.  If you do not want LinkedIn to directly associate the data collected through our website with your LinkedIn account, you must log out of LinkedIn before visiting our website. For more information, see LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy.

Consent to Disclosure/Collection: By using our website or social media pages, you:

  • Acknowledge that, for information transmitted to Google (through use of Google Analytics, AdWords, cookies or similar technology) and the other Analytics, Advertising and Social Media modules and services identified above, those third parties may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020; and

  • Authorise the disclosure of your information to those third parties, or collection of your information by those third parties.

(c) Information We Collect from Third Parties

We work closely with third parties (for example, our reseller partners, other business partners and service providers) in order to be able to develop our services, and provide them to Users.

We may receive the same kinds of information described in (a) and (b) above from third parties.

Personal Information Received from Users about Others

When using our services, Users may disclose, and we may collect, personal information about someone else. For example, User Content may contain personal information relating to the customers or employees of Users.

Before disclosing personal information to us about someone else, Users must ensure that they have obtained sufficient consent to disclose that information to us, and that, without taking any further steps required by applicable data protection or privacy laws, we may collect, use, transfer and disclose such information for the purposes described in this Policy.

Users shall remain responsible for all personal information collected and processed by the User, and for compliance with applicable privacy and data protection laws.

3. HOW WE USE PERSONAL INFORMATION

We collect information in order to be able to provide our services (which may include technical support services) and to improve our services.

We also use personal information to:

  • Communicate, interact and build our relationship with Users, including to better understand user needs and interests, and ensure a quality experience for Users;

  • Monitor, develop or optimise the performance of our services;

  • Protect and enhance the safety and security of our services;

  • Provide information and technical support, including training;

  • Carry out billing and licence administration;

  • Market and make recommendations on our services;

  • Allow our partners and third party providers to provide their services and support to Users;

  • Conduct, manage, develop and protect our business;

  • Comply with laws and regulations in applicable jurisdictions;

  • Verify user identities and prevent fraud or other unauthorised or illegal activity;

  • Enforce our terms of service or other usage policies; and

  • Enable third parties to provide products and services to us.

For these purposes we may receive, use, store, share, send, combine, reformat, transform, encrypt, mask, organise, geomap, update and delete personal information (and undertake any further processing activities expressed or implied in this Policy). The personal information that we collect will not be further processed in ways that are incompatible with the initial purposes for which the data was collected.

4. WHO WE SHARE INFORMATION WITH

We share information, including personal information, as necessary to provide Users the services requested or authorised. For example, we may share information with:

  • Banks and other entities which process payment transactions when a purchase is made;

  • Affiliates, subsidiaries and related companies. Maxava is a global business with its headquarters centred in New Zealand;

  • Our partners and third party providers to provide products and services to the User, to communicate with Users (for example, information shared with communication service providers), to provide Users with information on the performance of our services or the products and services supplied by our partners and third party providers, to provide Users with remote access or to provide notifications ;

  • Our service providers or suppliers acting and working on our behalf. For example, companies we have hired to assist in protecting and securing our systems and services may need access to personal information to provide those services. In such cases, we will require these entities to abide by our data privacy and security requirements, and restrict use of any personal information received from us;

  • Our reseller and other business partners for the purpose of providing our services to Users;

  • A purchaser, as part of a corporate transaction such as an acquisition, merger or sale of assets;

  • To other third parties, when we have a good faith belief that doing so is necessary to:

    1. Comply with any applicable law, regulation, legal process or enforceable governmental request;

    2. Protect our Users;

    3. Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks;

    4. Detect, prevent or otherwise address fraud; or

    5. Protect our rights and property, including enforcing our terms.​

From time to time we may use third-party data processors to provide elements of services for us. We will have contracts in place with all of our data processors, to prevent them from doing anything with Users’ personal information unless we or the User has instructed them to do so.  Unless the User agrees otherwise, our data processors will.

  • Not share Users’ personal information with any organisation apart from us; and

  • Hold Users’ personal information securely and retain it for the period we instruct.

We require that our resellers and business partners agree to keep confidential all information we share with them and to use information only to perform their obligations in agreements we have with them. These parties are expected to maintain privacy and security protections that are consistent with our privacy and information security policies. While we provide these third parties with no more information than is necessary to perform the function for which we engaged them, Users should be aware that any information provided to these third parties independently/directly is subject to the third parties’ respective privacy policies and practices.

We may also share or use non-personal information (i.e. information that is related to an individual but does not personally identify that individual such as aggregated, anonymised or de-identified data) publically or with third parties, such as our partners or advertisers. For example, we may share or use information publically to show trends about the general use of our services. This data or information will in no way identify Users or any other individual.

5. STEPS TAKEN TO PROTECT PERSONAL INFORMATION

Protecting the security of user personal information is of the utmost importance to Maxava. We maintain a variety of organisational, technical and physical safeguards and procedures in order to protect personal information from unauthorised access, use, interference, modification or disclosure.

For example, we store personal information on computer systems that have password-controlled access . Before transferring personal information, we also protect it by using encryption techniques.

Some of our services do require use of the internet, and the internet is not itself a secure environment. We therefore cannot give an absolute assurance or guarantee that user information will be secure at all times. Transmission of information over the internet or third-party networks is at the user’s own risk. We will notify Users at the first reasonable opportunity if we discover or are advised of a material security breach which has resulted in unauthorised access, disclosure or loss of user personal information.

To help maintain the security of information, Users agree to keep their passwords and account details private and confidential.

6.  USERS’ DATA PROTECTION RIGHTS

Under data protection and privacy laws, Users have rights regarding the personal information that we hold/collect. The rights available to Users depend on our reason for processing Users’ information. These rights include:

  • Right of access: Users have the right to ask us for copies of their personal information. This right always applies.

  • Right to correction: Users have the right to ask us to update or correct information they think is inaccurate. Users also have the right to ask us to complete information that the User thinks is incomplete.  Users are responsible for ensuring that personal information provided to us is accurate, complete and up-to-date.  We will take reasonable steps to ensure that any further personal information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.

  • Right to erasure: Users have the right to ask us to erase their personal information in certain circumstances.

  • Right to restriction of processing: Users have the right to ask us to restrict or cease the processing of their information in certain circumstances.  This may (depending upon the circumstances) include the collection of personal information from third parties, collection of sensitive information, disclosure of personal information to third parties, transfer of personal information overseas, or processing of personal information in a particular way, or for a particular purpose, including direct marketing.

  • Right to data portability: This only applies to information Users have given us. Users have the right to ask that we transfer the information Users have given us from one organisation to another, or give it to the User. This right only applies if we are processing information based on Users’ consent, or under (or in talks about entering into) a contract and the processing is automated.

All requests should be sent to us at privacy@maxava.com, and include the words 'Attention: The Privacy Officer'.  User choices in relation to personal information may affect our ability to provide our services, or the performance of the services.  We will respond to Users as soon as reasonably practicable regarding the impact of the User’s requests on the services, any other issues arising and to confirm the User’s intention to proceed.  If we are unable to comply with the request, we will give the User reasons for this decision when we respond (for example, the information may not be readily retrievable and it may not be reasonable or practicable for us to process the request in the manner sought.  In some instances, it may also be necessary for us to arrange access to User personal information through a third party e.g. a third party supplier).

7.  COMMUNICATIONS

We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.  By subscribing to email communications, or otherwise providing an email address, Users consent to receiving emails which promote and market our services, or the products and services of others, from time to time.  Users can unsubscribe from our email communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email, or by emailing privacy@maxava.com, and include the words 'Attention: The Privacy Officer’.  Once a User has unsubscribed from the email communications, the User will be removed from the corresponding email/distribution list as soon as is reasonably practicable.

8.  LINKS AND CONNECTIONS TO THIRD PARTY SERVICES

Our website contains links to (and may be used by Users in conjunction with) third-party services, tools, and websites that are not controlled or managed by us. This Privacy Policy does not cover how these organisations process personal information. These websites may use cookies. It is the responsibility of those third parties to collect appropriate consents from Users in order to permit their own cookies (to the extent this is required by law) and to inform Users about the cookies they use. Users should check the privacy policy on all third-party websites to ensure they are comfortable with third party cookies.

We have no responsibility for linked websites, and provide them solely for Users’ information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness.

Disclosure of personal information by Users to third party service providers is at the User’s own risk, and we encourage Users to read the privacy policies applicable to these third-party services. We are not responsible for the security or privacy of any information collected by these third-parties.

9. INTERNATIONAL DATA TRANSFERS

Maxava is a global organisation with operations, processes and systems which cross borders. We strive to comply with all applicable laws designed to protect privacy in the jurisdictions in which we do business.

Maxava has data-centres in several jurisdictions (including the United Kingdom, the United States, Australia and New Zealand). Personal information collected by us may be transferred to, accessed from, stored or processed in any other country in which we maintain facilities (including our technical support team located in Wellington, New Zealand).

We may also transfer personal information to third parties located outside of a User’s jurisdiction (for more information on who we share information with, see section 4).

For example, we use the CRM system of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München a subsidiary of salesforce.com, Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA (“Salesforce”) to collect personal information related to sales (name, contact information, company, job title and others) in order to follow up on inquiries and sales to our customers or potential customers. We use it to collect information for sales and marketing purposes in order to make customer communications relevant and help us understand the performance of our marketing campaigns.  Salesforce stores personal data mainly in the U.S, and in other locations also.  For more information, please read SalesForce Privacy Policy https://www.salesforce.com/company/privacy/

Users acknowledge that these locations/jurisdictions may or may not have the same minimum privacy standards that are applicable in the User’s location. Maxava is however committed to maintaining a consistent, high level of privacy and data protection across all of our operations, whether transferring or sharing information between the Maxava group or sharing personal information with our service providers/reseller partners.

This means that Users’ personal information may be transferred to locations outside of New Zealand, or from the European Economic Area to other countries.  However, where we disclose personal information to a third party in another country, we place or obtain safeguards to ensure Users’ personal information is protected (except as expressly disclosed in this Policy). Where Users’ personal information is transferred outside New Zealand, it will (except as expressly disclosed in this Policy) only be transferred to:

  • Countries that have been identified as being subject to privacy laws that, overall, provide comparable safeguards to those under privacy laws in New Zealand); or

  • A foreign person or entity where we have transfer mechanisms in place to protect Users’ personal information; or

  • A foreign person or entity that we believe on reasonable grounds is subject to the Privacy Act 2020 (NZ), or is a participant in a prescribed Binding Scheme, or is subject to privacy laws of a Prescribed Country; or

  • A recipient that has agreed to data protection and privacy commitments that, overall, provide comparable safeguards to those under privacy laws in New Zealand.

For further information, please contact us using the details set out in the contact section below.

10. RETENTION AND DELETION OF PERSONAL INFORMATION

Our cloud-hosted services involve real time replication of user content stored on the user’s system. This means that any information or data which is deleted from a user’s system is also deleted from our servers.

The period of time for which we continue to hold any other personal information which we have collected varies according to what the personal information is used or required for, and whether we have an ongoing need to retain it (for example, to provide Users with a service they have requested or to comply with applicable legal requirements such as financial record-keeping legislation). Unless there is a legal requirement or justification for us to keep the personal information, we will retain it for no longer than is necessary:

  • To provide the products and services requested by the user;

  • As part of our usual business record-keeping practices;

  • To fulfill the purpose(s) for which the personal information was originally collected;

  • In accordance with our internal retention policies and practices; or

  • For any other purpose(s) authorized by the User.

Once personal information is no longer required, the personal information will be deleted or securely destroyed.

11. ACCESSING AND UPDATING THE USER PERSONAL INFORMATION

Users are responsible for ensuring that personal information provided to us is accurate, complete and up-to-date. This includes personal or sensitive information contained in their User Content. We will also take reasonable steps to ensure that any personal information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.

We endeavour to provide Users with reasonable access to personal information we hold about Users, and Users may request that we update, correct or delete any personal information that is inaccurate or inappropriate for the purposes for which it was collected.

Requests for access to or the correction of personal information should be emailed to privacy@maxava.com

We will process requests as soon as reasonably practicable, provided we are not otherwise prevented from doing so by law. If we are unable to meet a user’s request, we will explain the reasons why. For example, the information may not be readily retrievable and it may not be reasonable or practicable for us to process the request in the manner requested. In some instances, it may also be necessary for us to arrange access to user personal information through a third party (for example, a reseller).

12. HOW TO CONTACT US

Please contact us if you have any questions or complaints about this Privacy Policy, if you wish to access, update and/or correct personal information, or if you otherwise have a question or complaint about the manner in which we, our service providers or our partners treat your personal information.

Users may write to Maxava at the relevant addresses below, or alternatively email us, including any supporting documentation at privacy@maxava.com.

Attention: Maxava Privacy Officer

PO Box 300523

Albany

Auckland

0632

New Zealand

Our Privacy Officer will endeavor to respond to your questions within 30 days.

Our headquarters are located at:

Building G, 1st Floor

29 William Pickering Drive

North Shore City

Auckland 0632

New Zealand

To contact Maxava in your country or region, please see our contact page.

Application of this Privacy Policy

Our Policy applies to all of the services offered by us. Our Privacy Policy does not cover the information practices of other companies and organisations (such as our reseller partners) that advertise or sell our services.

Children

Our services are not intended for – and we do not direct them towards – anyone less than 13 years of age. We therefore do not knowingly collect personal information from anyone under 13.

Changes to this Privacy Policy

We reserve the right to change this Policy from time to time, as our practices evolve to meet new requirements, standards, technologies and customer feedback. We will post any privacy policy changes on our website, and will update the “last updated” date at the top of this Policy. Continued use of our services by Users will be deemed acceptance of any amended Policy.

We recommend that Users regularly review this privacy statement to learn how we protect personal information.

Definitions

In this Policy, unless the context requires otherwise:

Binding Scheme means a binding scheme specified in regulations made under section 213 of the Privacy Act 2020 (NZ);

person means and includes any natural person, company, corporation, firm, partnership, joint venture, society, organisation or other group or association of persons (whether incorporated or not), trust, state or agency of state, statutory or regulatory body, local authority, government or governmental or semi-governmental body or agency (in each case whether or not having separate legal personality);

personal information means information about an identifiable individual and includes, without limitation, names, addresses, phone numbers, email addresses and IP addresses;

Prescribed Country means a country specified in regulations made under section 214 of the Privacy Act 2020 (NZ);

User(s) means all persons accessing our website and/or using our services (including any part of the services) and/or providing personal information to us;

User account means any User’s account with us;

User Content means any information and data that is uploaded or supplied by a User for use with our services (for example:  our disaster recovery software products allow Users to replicate information and data stored on primary servers to target severs through real time replication. These target servers may be provided by the User, our partners, third parties or us, depending on the particular services acquired by the User); and

we, us, our, Maxava means Maxava Limited and each of our related companies.

Need more details? Contact us

We are here to assist. Contact us by phone, email or via our social media channels.