Privacy Policy
Effective as of November 30, 2020
Aimy Limited, a company registered in New Zealand, together with its affiliates (collectively we, our or us in this Privacy Policy) is committed to maintaining the privacy of the information of its customers and other users of its products and services.
In the course of our business dealings with you, we may collect, use, disclose, and hold information about identified or identifiable persons (Personal Information), as well as other business or technical data. This Privacy Policy describes how we collect, use, store and distribute Personal Information and other data, and describes the purposes for which we may use, disclose or hold such Personal Information and other data.
Information that we collect from you
During the course of your relationship with us, your using our apps or websites, or your use of our online management services under the brand names aimyPlus and/or AimyOne, we may collect the following information:
-
We will collect personal details from you during the course of your establishing and maintaining an account or user profile with us, such as your name, user name, passwords, address, email address and phone numbers.
-
We will collect data that is inputted or uploaded by users into our online management services, or that is inputted, uploaded or provided by users via any helpdesk or online chat service we may provide. The information inputted or uploaded into our online management services may include information about children and their legal guardians or caregivers, including in some circumstances medical information and other sensitive data.
-
We will collect data related to the use of our online management services, including details of the pages visited, the reports generated and the data accessed.
-
We may collect other Personal Information and data during the course or as a result of your relationship with us, including where necessary to enable us to provide products and services to you or to respond to requests for further information.
We don’t collect debit or credit card information
We do not collect, store or process any debit or credit card information. Any debit or credit card payments made by users in connection with our online management services will be processed by third-party payment platform providers.
How we use Personal Information and other data
We will use, disclose and hold Personal Information and data collected by us for the following purposes:
-
to enable us to operate our online management services (where applicable) for the benefit of you or the applicable organisation subscriber;
-
to establish and maintain any account you hold with us;
-
to complete sales transactions, including billing, payment, receipt, credit check and verification services;
-
to respond to your queries or requests for additional information or support;
-
to maintain our records;
-
to provide technical support and administration services in relation to our online management services;
-
to keep you informed about products, services, events, promotions or any other marketing activities, but only to the extent permissible under applicable laws, and subject to any other restrictions contained in this Privacy Policy;
-
for product development or research purposes; and
-
to evaluate customer satisfaction and the performance of marketing activities.
Lawful basis for processing Personal Information
We will always make sure that we have a lawful basis for the processing of your Personal Information. In particular, we may need to process your Personal Information to pursue our legitimate business interests. This includes to enable us to operate our online management services, and our other apps or websites on which we may make available products, services or information from time to time (Apps and Websites), for the benefit of users and subscribers. In claiming legitimate business interests to process your Personal Information, we will balance those legitimate business interests against your own interests – which may in some cases override our legitimate business interests.
In addition to our legitimate business interests
-
We obtain the consent of aimyPlus and AimyOne users and subscribers (or in the case of children, their legal guardians or caregivers) to the collection, use and processing of Personal Information, where possible. We do this by requiring anyone who subscribes or registers to aimyPlus, AimyOne, or the Apps or Websites to confirm their acceptance of the terms of this Privacy Policy;
-
Some of the Personal Information is collected and processed to assist with medical emergencies or to keep children safe from harm. For example, medical information, information about allergies, and parental contact details. This information may be used, collected and disclosed where necessary to protect the vital interests of natural persons; and
-
In some circumstances, we will have a legal obligation to process certain Personal Information.
Cookies
Our online management services and the Apps and Websites may use cookies. “Cookies'' are small text files that are placed on computers, devices or browsers used to access websites, apps or other internet content. We may use cookies to remember information about your personal preferences and user settings for aimyPlus, AimyOne or those Apps and Websites, to analyse aimyPlus, AimyOne, or App and Website traffic and trends, and to generally understand the behaviours and interests of people who use our online management services or our Apps and Websites.
Our cookies will only use information about your personal preferences and user settings so that our online management services or our Apps and Websites will remember your details next time you visit. We may use, disclose or sell other data collected by us from cookies for other purposes, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such information. You may be able to change the settings on the device that you use to access aimyPlus, AimyOne, or the Apps and Websites in order to reject or limit the use of cookies, but this may reduce the functionality of aimyPlus, AimyOne, or our Apps and Websites.
Please note that users based in the European Union will be asked to accept the use of cookies before these can be enabled on their devices.
Statistical data that we collect
During your use of our online management services or our Apps and Websites we may collect statistical data about such use, such as the date, time and length of your use, the pages of aimyPlus, AimyOne, or our Apps and Websites that you visit, and information about the device you are using to access aimyPlus, AimyOne or our Apps and Websites. This information may be collected by software operating on aimyPlus, AimyOne, or our Apps and Websites, or by third party service providers on our behalf such as Google Analytics.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms .
We may use and disclose such statistical data for the following purposes:
-
to measure the effectiveness of any services or features provided via aimyPlus, AimyOne and our Apps and Websites;
-
to identify user behaviour and user trends on aimyPlus, AimyOne and our Apps and Websites;
-
to maintain and optimise the technical performance, operation and security of any products or services (including aimyPlus, AimyOne and our Apps and Websites) provided by us; and
-
to assist in resource planning.
We may disclose or sell such statistical data to others for any purpose, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.
User and subject data
We may also use, sell or disclose any of the data about subscribers, children, legal guardians or caregivers and users of our online management services that we collect for any purpose other than those purposes expressly permitted under this Privacy Policy, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.
Marketing
We may use Personal Information and other data collected by us or via aimyPlus, AimyOne, or our Apps and Websites to send or email to your marketing or promotional information about our services or products, or the services or products of other companies (Direct Marketing Information), but only if you have expressly given us permission to do so. We will not sell your Personal Information or other data to direct marketers unless you have expressly given us permission to do so.
If you have given us permission to send to you Direct Marketing Information, and you later decide that you do not want us to send you any further Direct Marketing Information, you can contact us at any time to request that we stop sending you such information. You can either contact our Data Protection Officer (see the details at the end of this Privacy Policy) or use the “Unsubscribe” facility at the bottom of any Direct Marketing Information email or communication that we send you.
Business acquisition
We may transfer your Personal Information and other data to another entity in connection with a sale of our business or assets, or a merger or consolidation or restructuring of our business or company, or any other transaction in which a third party acquires ownership of any rights in our online management services and our Apps and Websites.
If we transfer any of your Personal Information and other data in such circumstances, we will ensure that such Personal Information and other data remain protected and that the recipient of that Personal Information and other data agrees to be bound by privacy practices and obligations that are consistent with our own under this Policy.
Disclosure of information to third-parties
We will not use your Personal Information and other data, or disclose your Personal Information and other data to third parties, except:
-
to the extent reasonably necessary to achieve any of the purposes described in this Privacy Policy; or
-
where we reasonably believe that such use or disclosure is required or expressly permitted under any applicable law.
Holding & Storing Personal Information
We will not hold your Personal Information and other data for longer than is reasonably required for the purposes for which we may lawfully use that Personal Information or data.
In particular, we will hold your Personal Data for so long as you continue to use our online management services and our Apps and Websites, and for a period of five years after this. The only reason why we may hold any Personal Information for longer than this period is where we are required by law to do so.
Following that period (or following such longer periods that we may be required by law to hold Personal Information) we will delete your Personal Information, or mask or anonymise your Personal Information so that it can no longer be used to identify you.
Security
We will use all reasonable endeavours to effect and maintain adequate security measures to safeguard your Personal Information and other data we hold from loss or unauthorised access, use, modification or disclosure.
Transfer of Information
We may transfer the information described in this Privacy Policy to or from other countries where necessary to enable us to operate aimyPlus, AimyOne and our Apps and Websites, and to supply any products or services ordered by you. In particular, aimyPlus, AimyOne and our Apps and Websites are operated using servers and systems located in New Zealand and Australia. Personal Information is also transferred to XERO for billing, invoicing and accounting purposes. XERO is an online accounting platform with servers based in New Zealand and many other countries and territories globally.
Use of third-party websites
If you access any third-party websites via a link from any of aimyPlus, AimyOne, or our Apps and Websites, you will leave aimyPlus, AimyOne, or our Apps or Websites. By accessing these links you are not covered by the policies relating to aimyPlus, AimyOne, or that App or Website. We are not responsible for the content of any third-party websites, or their use of your Personal Information or other data.
Subscriber privacy practices
We have no control over the privacy practices of organisations that subscribe to aimyPlus or AimyOne. In particular, we cannot control what such organisations may do with the information you input or upload into our online management services, or the information that you provide to such organisations for the purposes of their inputting or uploading that information into our online management services. You should ensure that any organisation you provide Personal Information or other valuable data to has appropriate privacy practices in place that protect that Personal Information or data from misuse and unauthorised disclosure.
Your rights to access, correct and delete Personal Information
We provide users of aimyPlus, AimyOne and our Apps and Websites with tools and portals that enable them to manage their privacy settings, and to delete or disable certain Personal Information or our access to that Personal Information. Users may access these tools and portals at any time. Please note that the deletion or disablement of Personal Information may have an impact on the features and functionality of aimyPlus, AimyOne and our Apps and Websites. In particular, some features and functions of aimyPlus, AimyOne and our Apps and Websites will not work without the requested Personal Information being made available to us.
You also have additional rights to information about your Personal Information that we collect and process. This information includes:
-
details of the Personal Information that we collect and process, including the categories of Personal Information concerned, and purposes of any processing;
-
the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;
-
where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period; and
-
where your Personal Information is not collected from you, any available information as to the source of that Personal Information.
-
You also have the right to request from us the rectification or erasure of your Personal Information, to request from us the restriction of processing of your Personal Information, and to object to our processing of your Personal Information.
If you want to access, correct or seek the erasure of your Personal Information or data, please contact our Data Protection Officer (see below) and he/she will tell you how to make a request and if any charges will apply.
GDPR
If you are a resident of the European Economic Area (EEA), you have certain data protection rights which include:
-
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
-
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
-
The right to object. You have the right to object to our processing of your Personal Data.
-
The right of restriction. You have the right to request that we restrict the processing of your personal information.
-
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
-
The right to withdraw consent. You also have the right to withdraw your consent at any time where Aimy Limited relied on your consent to process your personal information.
The European Commission has recognised New Zealand and the United States (limited to the Privacy Shield framework) as providing adequate protection for the personal data of European Union subjects. Aimy Limited aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data. We will ensure that appropriate safeguards are in place as prescribed by the European Union’s General Data Protection Regulation (GDPR), before we transfer any Personal Information of any European Union subjects to any data processor based in any country that the European Commission has not recognised as providing adequate protection for the personal data of European Union subjects. As a minimum, we will ensure that the data processor agrees to be bound by the European Commission’s Standard Contractual Clauses for the protection of personal data, or (in the case of the US) will ensure that the entity is Privacy Shield certified.
When Xero processes the Personal Information of European Union subjects it also ensures that appropriate safeguards are in place that are prescribed by the GDPR – i.e., by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring that the entity is Privacy Shield certified (for transfers to US based entities).
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us. Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA). Our Data Protection Officer can help you to identify who your supervisory authority is.
As we are not based in the European Union, we have designated the following party to act as our representative in the European for the purposes of Article 27 of the GDPR:
DataRep
12 Northbrook Road
Dublin
D06 E8W5
Ireland
For a full list of contact information in each country click here
Our GDPR Representative is authorised to act on our behalf with regard to all questions or issues concerning our collection and processing of the Personal Information of European Union subjects.
Amendments to the Privacy Policy
We may amend this Privacy Policy from time to time. Any such amendments will be effective immediately unless we state otherwise. We will take reasonable steps to notify users of any such amendments. Your continued use of aimyPlus, AimyOne or our Apps and Websites after any such notice will constitute your acceptance of any amendments or revisions to this Privacy Policy.
You should periodically review this Privacy Policy for the latest information about our privacy practices.
Data Protection Officer
For any queries or further information about our Privacy Policy, or about our privacy or data practices, please contact our Data Protection Officer. This person’s contact details are as follows:
Aimy Limited Data Protection Officer
PO Box 305366
Triton Plaza
Auckland 0632
New Zealand
Email: privacy@aimy.io