Privacy policy

The business of EasiYo includes an online marketplace which is made available by and through a number of partners, including content sharing partners, distribution partners and implementation partners (all of whom are referred to as ‘affiliates’ for the purpose of this Privacy Policy).

We operate in numerous countries, including: New Zealand, Australia, EU countries, the US and several Asian countries and are continually expanding our global reach. We acknowledge our obligations to all recipients of our services and products, including visitors to our website at www.easiyo.com, our registered users and administrators of our software portals on behalf of our users (‘administrators’) (collectively, ‘users’) to collect, manage, process and use personal information in accordance with the laws and regulations of each of the countries in which we operate, including the General Data Protection Regulation that applies to the European Union.

EasiYo is made up of different legal entities in the countries that we operate in: EasiYo Products Ltd (New Zealand); EasiYo Products (UK) Limited (United Kingdom and EU); EasiYo Products (Aust) Limited (Australia) This Privacy Policy is issued on behalf of the EasiYo group of companies so when we mention EasiYo, we, us or our in this Privacy Policy, we are referring to the relevant company in the EasiYo group responsible for processing your personal data. We will let you know which entity will be the controller for your data when you purchase a product or service with us. EasiYo Products Limited is the controller responsible for this website.

Our Privacy Policy explains:

  • Data protection principles
  • What information we collect and why we collect it;
  • How we collect, use and secure that information;
  • How long we hold information
  • Individual rights, including how to access and update information; and
  • How we will respond to data breaches.

Data protection principles

EasiYo will comply with the following data protection principles when processing personal
information:

  • we will process personal information lawfully, fairly and in a transparent manner;
  • we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
  • we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
  • we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay;
  • we will keep personal information for no longer than is necessary for the purposes for which the information is processed; and
  • we will take appropriate technical and organisational measures to ensure that personal information are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

What we collect and why

Personal data (sometimes referred to as personal information) means any information about a living individual from which that person can be identified.  It does not include information where your identity has been removed or which not associated with or linked to your personal data (anonymous data).

We collect personal information including the name, email address, phone number and country of residence.  If you are a customer we may retain details about your transactions with us including the products or services you have purchased or, if you sign up for a customer account, your login/profile details. From time to time we might also collect other information volunteered by users (that is, entered on our system or our website or provided to our team) or given to us with consent of users or by use of cookies (e.g. IP addresses – please refer to the Cookies and log files heading below). The credit card details provided by users, when they pay for our products and services, are passed directly to our payment processor and are not retained by us.

The reasons we collect, store, process and use this kind of information include

  • to identify and authenticate users;
  • for support or response purposes, when users request support or make an inquiry;
  • to plan, improve, tailor, optimise and promote our products and services for users, in accordance with our legitimate interest in developing our business including our products and services;
  • to provide users with relevant information and offers of products and other services that we believe might be of interest to users, which we may do by email in accordance with our legitimate interest in developing our business including our products and services;
  • to manage users’ accounts and transactions, including the performance of our contract with you;
  • to collate and analyse any survey responses (where not completed anonymously), for our legitimate interest in understanding our customers, developing our business and informing our marketing strategy;
  • to protect and improve our business and our website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data as necessary for our legitimate interest in running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation, sale or group restructure exercise;
  • for contractual and other lawful legitimate business purposes, where we need to comply with a legal or regulatory obligation (including prevention of crime), or for the establishment, exercise or defence of legal claims;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We do not collect more data than is necessary for the above purposes.

Where we process personal data on the basis of a legitimate interest, as set out in this Privacy Policy, legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Our affiliates and other third party service providers to EasiYo, which may include cloud based customer relationship, content management and hosting services and involve application programming interfaces, are also given access to some or all of the above information for similar purposes. For example:

  • our distribution partners, who offer our products for sale through their own platforms or who otherwise integrate with our software, may collect and handle the same information; and
  • our implementation partners may have access to the information we collect for the purpose of assisting us and our distribution partners to develop our systems to offer and deliver our products and services.

All such third parties are bound by the same laws and regulations that we are, wherever they are located in the world, and we require them to adopt and apply data protection policies and practices that are consistent with this Privacy Policy.

Users need to understand that their choice not to provide certain personal information, as described above, will limit or prevent their ability to access and use our products and services.  In this case we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services that you request) and we may have to cancel an order you have placed but we will notify you if this is the case at the time.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Policy.

How we collect personal information

We ordinarily ask for consent from users to collect, process, manage, store and use personal information, as set out in this Privacy Policy. This is ordinarily done on-line, as part of registration. When users ‘Contact Us’ via the contact page on our website or place an order, whether on our website or by telephone (in which case we will complete the order details as a guest purchase on our website) they will voluntarily provide the kind of information set out above.

How long we hold personal information

We hold personal information only for so long as is necessary for the purposes set out above; in this, we are guided by our contractual obligations and by other lawful legitimate business interests including the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. If, at any time, a user wishes us to delete or transfer their record, they may do so as set out below.

Individual rights on accessing, updating and deleting personal information

Upon registration, administrators and users have ongoing access to their online accounts, within which they can correct inaccuracies or update or add information.

You (in common with other data subjects) have the following rights in relation to your personal information:

  • to be informed about how, why and on what basis that information is processed;
  • to obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request;
  • to have data corrected if it is inaccurate or incomplete, although we may need to verify the accuracy of the new personal data that you provide to us;
  • to have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (this is sometimes known as ‘the right to be forgotten’);
  • to restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information but you require the data to establish, exercise or defend a legal claim; and
  • to restrict the processing of personal information temporarily where you do not think it is accurate (and EasiYo is verifying whether it is accurate), or where you have objected to the processing (and EasiYo is considering whether the organisation’s legitimate grounds override your interests);
  • to object to the processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms;
  • to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Similarly, users may withdraw their consent for us to hold any or all of their personal information by sending a request to Support@easiyo.com and may unsubscribe to any or all emails through the automated facility sent with each email.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you, and we will advise you if this is the case at the time you withdraw your consent.

As mentioned above, these actions or requests will limit the ability of users to access and use our products and services.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

It may be the case that, for contractual or other lawful legitimate business purposes, we retain and use an archived version of users’ personal information, which may be pseudonymised, anonymised or otherwise de-identified.

We have facilities in place to request affiliates and other third parties, as necessary, to amend or delete personal information held on their systems.

Information security

We work hard to protect EasiYo and our users from misuse, interference, loss, unauthorised access, modification or disclosure of information we hold. In doing so, we apply technical and organisational measures to ensure a level of security appropriate to the risk including:

  • analysing and assessing privacy and security issues, risks and impacts during the design and
    development of new features and solutions for our products, services and delivery platform,
    governed by guidelines and security standards for our IT developers;
  • ensuring confidentiality, integrity, availability and resilience of processing systems and services (for instance, we restrict access to personal information of EasiYo employees, contractors; affiliates and other third parties described above, who need the information for the purposes described above and who are subject to strict contractual privacy and confidentiality obligations);
  • the ability to promptly restore availability and access to personal data in the event of an incident;
  • regular review and testing of our information collection, storage and processing practices, including physical security measures, aimed to ensure security of data processing; and
  • as we deem necessary, pseudonymisation and encryption of data; for example, for the purpose of transfers, when data is encrypted and access is restricted at rest.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.  We urge you to take every precaution to protect your personal data when you are on the internet.

Our website may contain links to other websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third party websites and are not responsible for their privacy policies or for the content, accuracy or opinions express in such websites.  We do not investigate, monitor or check third party websites for accuracy or completeness and the inclusion of any linked website on or through our website does not imply approval or endorsement by us of the linked website.

If you decide to leave this website and access these third party websites, plug-ins and/or applications you do so at your own risk.  We encourage you to read the privacy policy of every website you visit.

International transfer

Given that EasiYo operates internationally, personal information of users may be transferred across national and continental borders, including for contractual and other lawful legitimate business purposes or at the request of users. Within the EasiYo organisation, such international transfers are governed by internal controls and rules, consistent with this Privacy Policy. For such international transfers to and from affiliates and other third parties, EasiYo has in place enforceable agreements containing privacy and data protection obligations consistent with this Privacy Policy.

Cookies and log files

We allow limited use of various technologies to collect and store information when users visit our website; this may include using cookies (i.e. a string of unique data that a website stores on a user’s computer and that the user’s browser provides to the website each time the user returns) or similar technologies to identify the user’s browser or device. This helps us to optimise our users’ experience and to continually improve and tailor our products and services for users.

Please refer to our cookies policy for further information.

Privacy breach

We acknowledge the various data breach obligations in each of the jurisdictions in which we operate.

A data breach may take many different forms, for example:

  • loss or theft of data or equipment on which personal information is stored;
  • unauthorised access to or use of personal information either by a member of staff or third party;
  • loss of data resulting from an equipment or systems (including hardware and software) failure;
  • human error, such as accidental deletion or alteration of data;
    unforeseen circumstances, such as a fire or flood;
  • deliberate attacks on IT systems, such as hacking, viruses or phishing scams; and
  • ‘blagging’ offences, where information is obtained by deceiving the organisation which holds it.

EasiYo will:

  • make the required report of a data breach to the Information Commissioner’s Office without undue delay and, where possible within 72 hours of becoming aware of it, if it is likely to result in a risk to the rights and freedoms of individuals; and
  • notify the affected individuals, if a data breach is likely to result in a high risk to their rights and freedoms and notification is required by law.

Changes to Privacy Policy

Our Privacy Policy may change from time to time. We will not reduce users’ rights under this Privacy Policy without their explicit consent. We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice (which may include email notification of Privacy Policy changes). We will also keep prior versions of this Privacy Policy in an archive for review by users upon request.

Complaints, inquiries and requests

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

As mentioned above, requests to exercise your legal rights can be made to Support@easiyo.com.

You may also contact the Chief Information Officer of Westland Milk Products (EasiYo’s parent company), to whom other inquiries about our Privacy Policy and data protection practices and complaints can be made.

They can be reached by:

Email: Privacy@easiyo.com

Writing: Chief Information Officer
56 Livingstone Street
PO Box 96
Hokitika, 7842
New Zealand

Telephone: +64 3 756 9800

If you are dissatisfied, you have the right to make a complaint with the relevant supervisory authority where you are based, and we will gladly provide the contact details of the relevant supervisory authorities within the countries in which we operate.  We would, however, welcome the opportunity to discuss and concerns that you have in the first instance if you have not already raised them with us.

 

We aim to respond to all inquiries and complaints within 30 days.  Occasionally it may take us longer than a month if your inquiry or complaint is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Last updated: 5 June 2020