Privacy Policy of Minimum Viable Protection Ltd

This policy explains how Minimum Viable Protection Limited, a company incorporated in New Zealand (company number 8174182) (Minimum Viable Protection, us, we), collects, holds and processes personal information and other data.  We only provide services to our business customers and not directly to individuals, but we recognise that in doing so we will be dealing with our customers’ data and that may include personal information of their customers, clients, employees, users or others to whom they provide their services.

We take the privacy of personal information seriously, and we comply with the Privacy Act 2020 (NZ Privacy Act), and the Privacy Act 1988 (Cth) which incorporates the Australian Privacy Principles (AU Privacy Act).

Personal information” means any information relating to a particular individual that can identify that person either directly or indirectly (i.e.  by reference to other information we have access to). The term “processing” includes collection, storage, and all of the ways we use personal information when we provide our Site and services.

1. How we collect personal information

(a) Personal information provided to us

  • We do not collect personal information directly from individuals other than under our contracted services provided to our business customers.  We rely on our customers having appropriate authorisation to allow us to use their customers’, users’, clients’, employees’, or other third parties’ data, including personal information which is necessary for the provision of our services.  Where a customer does not have that authority, it will indemnify us fully should the lack of that authority cause us any loss, damage or cost (including our full legal costs).

  • When a customer engages us to provide services, we collect that customer’s name, business address, phone number, the client contact person’s name and contact detail, and other information that a customer provides to us which is reasonably necessary to enable us to provide our services.

  • When a customer contacts us for support or other enquiries, we may collect the customer’s name, contact person’s name, telephone number, email address and any other information the contact person provides to us.

(b) Technical information we may collect automatically:

  • When you interact with our site (www.minimumviableprotection.com) (Site) we may collect technical information about your equipment, browsing actions and patterns. This includes internet protocol (IP) address, browser type and version and time zone settings, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site. We collect this information by using cookies and other similar technologies. Please refer to the Appendix for further details on our use of cookies.  

  • When you access our Site through a location enabled device we collect and process real time GPS-based information about your device’s location. If you do not consent to us collecting location-based information you can disable the GPS or other location tracking functions from your device, if your device allows you to do this. 

(c) Information about minors. Our Site and services do not address anyone under the age of 18. We do not knowingly collect personal identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

2. How and why we use personal information 

We collect, hold, and use personal information and technical information for the primary purpose of providing our services to our business customers.  

We may also use personal information for the following secondary purposes:

  • to provide our customers with support and customer care services;

  • to improve our Site and services;

  • to let our customers know about new services that we think they may be interested in;

  • to provide our customers with updates that they have subscribed to receive, such as our cyber guidance update. Customers can unsubscribe at any time by contacting us at the address set out in are set out in paragraph 14 below or clicking on the unsubscribe link found on the email;

  • to bill our customers for services they have engaged us to provide;

  • to conduct research and statistical analysis to improve our services;

  • to protect and/or enforce our legal rights and interests, including defending any claim; and

  • to provide to a government agency or law enforcement as allowed under the AU Privacy Act  and the NZ Privacy Act (and any amendment). For further information how we share information for legal purposes please see paragraph 3.

3. How we may share personal information 

We may disclose or share personal information with third parties in the following circumstances:

  • With customer consent. We may share personal information with third parties where a customer has consented or requested us to do so.

  • Third party service providers.  We may share personal information with companies that support our Site and our services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our Site or services.    

  • Legal purposes. Where it is legally required by a third party, government agency or law enforcement authority in any jurisdiction (in which case we will generally require a production order or similar court order. Where we are to make any disclosure of customer data, we will provide our relevant customers with as much advance notice as is reasonable in the circumstances, provided we are not prevented by law from doing so.

  • To enforce our rights, prevent fraud and for safety. To protect and defend our rights, property or safety or that of third parties, including enforcing our privacy policy and any terms of use, or in connection with investigating and preventing fraud or other suspected illegality or security issues.

  • Business sale. In the event we sell our business we may disclose personal information to the prospective buyer. If substantially all of our assets are acquired by a third party, personal information will be one of the transferred assets. 

4. Security

We take reasonable precautions, including administrative, technical, and physical measures, to safeguard personal information against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction.

Unfortunately, no data transmissions over the Internet can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure please contact us immediately. Our contact details are set out in paragraph 14 below.

5. How long do we keep personal information 

We retain personal information for as long as it is needed to be able to provide our services to a customer. Once our services have been provided, we will only keep data if it is necessary or required to meet legal or regulatory requirements, resolve disputes, or to prevent fraud or abuse.

6. Third-party sites and services

Our Site may contain links to third-party websites, products, and services. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

7. Social media platforms

Please be aware that if you share any of your personal information on a third-party social media website or app (e.g. Facebook and LinkedIn), your personal information may be collected or used by the third-party website or app and/or the users of these sites, and could result in you receiving unsolicited messages. We encourage you to review the privacy policies and settings of the social media websites and apps you interact with.   

8. International transfer of data 

Our business is operated in Australia and New Zealand but businesses that support our services may be located outside Australia or New Zealand. This means that information may be held and processed outside Australia or New Zealand, and also transferred between Australia and New Zealand.

All data we collect is stored with major cloud service providers such as; AWS and Microsoft, which have data center's in various locations around the world but we require these providers whenever possible to store our content in servers located in New Zealand or Australia. 

9. Privacy breaches

A privacy breach occurs where there is:

  • unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information held by us; or

  • an action that prevents us from accessing personal information on either a temporary or permanent basis.

If we learn of a privacy breach involving any of our services we will assess whether the privacy breach is likely to cause serious harm to an affected individual or individuals.

If our assessment finds that the privacy breach has caused serious harm to an affected individual or individuals, or is likely to do so, we will notify the individual or individuals and the Australian or New Zealand Privacy Commissioner (as applicable) as soon as practicable after we become aware that a notifiable privacy breach has occurred.

10. Accessing and correcting your personal information 

Subject to certain grounds for refusal set out in the AU Privacy Act and NZ Privacy Act, you have the right to request confirmation from us that we hold personal information about you and a copy of such personal information. You are also entitled to request the correction of the information we hold about you. If you would like to exercise either of these rights, please contact us at [email protected].  

Your email should provide evidence of who you are and the details of your request (e.g. the personal information, or the correction, that you are requesting). 

11. Complaints

If you wish to complain about an alleged privacy breach, we encourage you to lodge the complaint with us in writing (using the contact details set out in paragraph 14). We will respond to your complaint within a reasonable time and within any applicable timing requirements prescribed by law, to try and work with you to resolve the issue.

12. Communications with you

You may opt out of emails you receive from us by emailing [email protected] or by clicking the unsubscribe link found in the email. 

13. Changes to this privacy policy

We may revise, modify, or update this privacy policy from time to time by publishing an updated privacy policy on our Site. We encourage you to regularly check our Site. We will notify you by email of any material changes to this privacy policy. 

14. How to contact us

If you have any questions about this privacy policy or your rights you may reach us at [email protected] or by filling out the form on our contact us page.

Date last updated 30th March 2021 (30/03/2021). 

 

Appendix

Cookies and other technologies

[To improve your experience, our Site may use “cookies” and other technologies such as pixel tags and web beacons. A cookie is a small text file that our Site may place on your device as a tool to remember your preferences.  These technologies help us better understand user behaviour, tell us which parts of our Site people have visited, and facilitate and measure the effectiveness of our products and services. Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

[Our Site uses service Google Analytics in order to better understand our users’ needs and optimise our service experience. Google Analytics is a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By visiting our Site, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our Site and your use of our services will be impaired.

[In some of our email messages, we use a “click-through URL” linked to content on our Site. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our Site. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communications. If you do not consent to us collecting information on your click-through activity, do not click text or graphic links in the email messages.

 

You can also view our Privacy Collection Statement here.