BLACK INTERNATIONAL LIMITED
PRIVACY POLICY

Last updated July 2018

Black International Limited, a company based in New Zealand, together with its affiliates (collectively we, our or us in this Privacy Policy) is committed to maintaining the privacy of the information of its customers and other users of its products and services.

In the course of our business dealings with you we may collect, use, disclose, and hold information about identified or identifiable persons (Personal Information), as well as other business or technical data.

This Privacy Policy describes how we collect, use, store and distribute Personal Information and other data, and describes the purposes for which we may use, disclose or hold such Personal Information and other data.

Information that we collect from you

During the course of your relationship with us, your use of our apps or websites (Sites), or your use of our ORCHID location device subscription service (Service), we may collect the following information:

1) We will collect personal details from you during the course of your establishing and maintaining an account or subscription with us via the Service, such as your name, user name, passwords, address, email address and phone numbers.

2) We will collect data that users input into the Service about their tools, equipment and other personal property (User Property). This may include serial numbers, product descriptions. information about the ORCHID location device installed in that User Property, and other information.

3) We will collect data that users input when they use the Service to locate their User Property, and data that is generated from the use of the Service for that purpose. This will include data about when the Service is being used and by whom, the User Property being sought, and location data generated through use by the Service of GPS and GSM technologies.

4) We will collect data that is inputted or uploaded by users when they purchase ORCHID location devices or other goods or services from us via the Sites, such as the user’s name, address, email address and phone numbers.

5) We will collect data that is inputted, uploaded or provided by users via any online helpdesk or support service we may provide in connection with the Service or the other goods or services we provide.

6) We will collect other data related to the use of the Service or Sites, including details of the pages visited, the reports generated and the data accessed.

7) We may collect other Personal Information and data during the course or as a result of your relationship with us, including where necessary to enable us to provide products and services to you, to provide warranty support and after-sales service, or to respond to requests for further information.

We don’t collect credit card information

We do not collect, store or process any credit card information. Any credit card payments made by users in connection with the Service will be processed by third-party payment platform providers.

How we use Personal Information and other data

We will use, disclose and hold Personal Information and data collected by us for the following purposes:

1) to enable us and our agents to operate the Service for the benefit of subscribers. This includes using the data inputted by users about their User Property to help them to locate that User Property, in response to location requests submitted by them using the Service;

2) to enable us and our agents, affiliates, carriers and distributors to supply ORCHID™ location devices or other goods or services ordered from us via the Sites;

3) to assist law enforcement authorities in response from requests from those authorities or from users seeking data about particular User Property or about the location of particular ORCHID location devices;

4) to establish and maintain any account you hold with us;

5) to complete sales transactions, including billing, credit card processing, payment, receipt, credit check and verification services;

6) to respond to your queries or requests for additional information or support;

7) to provide any warranty and after-sales service required by you;

8) to maintain our records;

9) to provide technical support and administration services in relation to the Service and any goods or services ordered by you;

10) to keep you informed about products, services, events, promotions or any other marketing activities, but only to the extent permissible under applicable laws, and subject to any other restrictions contained in this Privacy Policy;

11) for product development or research purposes; and

12) to evaluate customer satisfaction and the performance of marketing activities.

Stolen property and law enforcement purposes

Users must not use the Service or Sites in relation to property that they do not own or have the right to possess. You acknowledge and agree that we may use and disclose Personal Information and other data collected by us where we reasonably believe that such use and disclosure may assist law enforcement authorities in the investigation and prosecution of property offences and other criminal activities, or may assist in the return of lost or stolen property to its rightful owner.

If we reasonably suspect that a user’s Asset Register includes stolen property, or that a user has registered an ORCHID location device against stolen property, we may provide that user’s details and details of the property in question and its location, to any person we believe to be the rightful owner of that property, and to police or other law enforcement authorities.

Lawful basis for processing Personal Information

We will always make sure that we have a lawful basis for the processing of your Personal Information.

In particular, we may need to process your Personal Information to pursue our legitimate business interests. This includes to enable us to operate the Service and Sites for the benefit of users and subscribers. In claiming legitimate business interests to process your Personal Information, we will balance those legitimate business interests against your own interests – which may in some cases override our legitimate business interests.

In addition to our legitimate business interests:

1) we obtain the consent of Service subscribers to the collection, use and processing of Personal Information, where possible. We do this by requiring anyone who subscribes to the Service to confirm their acceptance of the terms of this Privacy Policy; and

2) In some circumstances, we will have a legal obligation to process certain Personal Information.

Cookies

Our Service and Sites may use cookies. “Cookies” are small text files that are placed on computers, devices or browsers used to access websites, apps or other internet content. We may use cookies to remember information about your personal preferences and user settings for the Service or Sites, to analyse Service or Site traffic and trends, and to generally understand the behaviours and interests of people who use the Service or Sites.

Our cookies will only use information about your personal preferences and user settings so that the Service or Sites will remember your details next time you visit. We may use, disclose or sell other data collected by us from cookies for other purposes, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such information.

You may be able to change the settings on the device that you use to access the Service or Sites in order to reject or limit the use of cookies, but this may reduce the functionality of the Service or Sites.

Please note that users based in the European Union will be asked to accept the use of cookies before these can be enabled on their devices.

Third parties and your IP address

By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion and language translation. You also agree to have that currency and language stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency and language to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency and language.

Statistical data that we collect

During your use of the Service or Sites we may collect statistical data about such use, such as the date, time and length of your use, the pages of the Service or Sites that you visit, and information about the device you are using to access the Service or Sites. This information may be collected by software operating on the Service or Sites, or by third party service providers on our behalf.

We may use and disclose such statistical data for the following purposes:

1) to measure the effectiveness of any services or features provided via the Service and Sites;

2) to better direct users to goods or services that might interest them;

3) to identify user behaviour and user trends on the Service and Sites;

4) to maintain and optimise the technical performance, operation and security of any products or services (including the Service and Sites) provided by us; and

5) to assist in resource planning. We may disclose or sell such statistical data to others for any purpose, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.

User Property data

We may use, sell or disclose any data inputted by users of the Service about their User Property, including information about the types or models of that User Property, in order to provide targeted advertising via the Service and Sites about products and services that might interest users. We will only disclose such information to third parties for such purposes in a way that ensures that no individual is able to be identified from such data.

User and subject data

We may use, sell or disclose any of the data about subscribers, users of the Service and other persons that we collect for any purpose other than those purposes expressly permitted under this Privacy Policy, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.

Marketing

We may use Personal Information and other data collected by us or via the Service or Sites to send or email to you marketing or promotional information about our services or products, or the services or products of other companies (Direct Marketing Information), but only if you have expressly given us permission to do so.

If you have given us permission to send to you Direct Marketing Information, and you later decide that you do not want us to send you any further Direct Marketing Information, you can contact us at any time to request that we stop sending you such information. You can either contact our Data Protection Officer (see the details at the end of this Privacy Policy) or use the “Unsubscribe” facility at the bottom of any Direct Marketing Information email or communication that we send you.

We will not sell your Personal Information or other data to direct marketers unless you have expressly given us permission to do so.

Business acquisition

We may transfer your Personal Information and other data to another entity in connection with a sale of our business or assets, or a merger or consolidation or restructuring of our business or company, or any other transaction in which a third party acquires ownership of any rights in the Service and Sites.

If we transfer any of your Personal Information and other data in such circumstances, we will ensure that such Personal Information and other data remain protected and that the recipient of that Personal Information and other data agrees to be bound by privacy practices and obligations that are consistent with our own under this Policy.

Disclosure of information to third-parties

We will not use your Personal Information and other data, or disclose your Personal Information and other data to third parties, except:

1) to the extent reasonably necessary to achieve any of the purposes described in this Privacy Policy; or

2) where we reasonably believe that such use or disclosure is required or expressly permitted under any applicable law.

Holding Personal Information

We will not hold your Personal Information and other data for longer than is reasonably required for the purposes for which we may lawfully use that Personal Information or data.

In particular, we will hold your Personal Information for so long as you continue to use the Service and Sites, and for a period of up to 12 months after this. The only reason why we may hold any Personal Information for longer than this period is where we are required by law to do so.

Following that period (or following such longer period that we may be required by law to hold Personal Information) we will delete your Personal Information, or mask or anonymise your Personal Information so that it can no longer be used to identify you.

Security

We will use all reasonable endeavours to effect and maintain adequate security measures to safeguard your Personal Information and other data we hold from loss or unauthorised access, use, modification or disclosure.

Transfer of Information

We may transfer the information described in this Privacy Policy to or from other countries where necessary to enable us to operate the Service and Sites, and to supply any products or services ordered by you.

In particular, the Service and Sites are operated using servers and systems located in New Zealand. Personal Information is also transferred to the following data processors:

1) Our mobile app is provided via a platform called Heroku, which is a Salesforce product. App user data may be collected, transferred to and stored by Salesforce in the United States and by its affiliates in other countries where Salesforce operates. See https://www.salesforce.com/company/privacy/full_privacy.jsp#nav_info for details of Salesforce’s privacy practices.

2) We use Shopify and Stripe as payment gateways for purchasing ORCHID location devices and subscriptions for those devices. User data may be collected by these service providers during the payment and subscription process (including credit card and user identity information), and may be transmitted to the United States and other countries where those service providers operate. See https://www.shopify.com/legal/privacy for details of Shopify’s privacy practices, and https://stripe.com/nz/privacy#international-data-transfers for details of Stripe’s privacy practices.

The European Commission has recognised New Zealand and the United States (limited to the Privacy Shield framework) as providing adequate protection for the personal data of European Union subjects.

We will ensure that appropriate safeguards are in place as prescribed by the European Union’s General Data Protection Regulation (GDPR), before we transfer any Personal Information of any European Union subjects to any data processor based in any country that the European Commission has not recognised as providing adequate protection for the personal data of European Union subjects. As a minimum, we will ensure that the data processor agrees to be bound by the European Commission’s Standard Contractual Clauses for the protection of personal data, or (in the case of the US) will ensure that the entity is Privacy Shield certified.

When Salesforce, Shopify and Stripe process the Personal Information of European Union subjects they also ensure that appropriate safeguards are in place that are prescribed by the GDPR – i.e., by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring that the entity is Privacy Shield certified (for transfers to US based entities).

Use of third-party websites

If you access any third-party websites via a link from any of the Service or Sites, you will leave the Service or that Site. By accessing these links you are not covered by the policies relating to the Service or that Site. We are not responsible for the content of any third-party websites, or their use of your Personal Information or other data.

Your rights to access, correct and delete Personal Information

You have rights to information about your Personal Information that we collect and process. This information includes:

1) details of the Personal Information that we collect and process, including the categories of Personal Information concerned, and purposes of any processing;

2) the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;

3) where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period; and

4) where your Personal Information is not collected from you, any available information as to the source of that Personal Information.

You also have the right to request from us the rectification or erasure of your Personal Information, to request from us the restriction of processing of your Personal Information, and to object to our processing of your Personal Information.

If you want to access, correct or seek the erasure of your Personal Information or data, please contact our Data Protection Officer (see below) and he/she will tell you how to make a request and if any charges will apply.

EU subjects may complain to a supervisory authority

European Union subjects have the right to lodge a complaint about our Personal Information processing activities with a supervisory authority in the EU Member State where they are based or where the data processing activity took place.

Our Data Protection Officer can help you to identify who your supervisory authority is.

Data Protection Officer

For any queries or further information about our Privacy Policy, or about our privacy or data practices, please contact our Data Protection Officer. This person’s contact details are as follows:

Black International Data Protection Officer
8C Saturn Place, Rosedale, Auckland 0632
info@black-int.com
+64 9 968 9999

Amendments to the Privacy Policy

We may amend this Privacy Policy from time to time. Any such amendments will be effective immediately, unless we state otherwise. We will take reasonable steps to notify users of any such amendments.

Your continued use of the Service or our Sites after any such notice will constitute your acceptance of any amendments or revisions to this Privacy Policy.

You should periodically review this Privacy Policy for the latest information about our privacy practices.

Who we are

For the purposes of the GDPR, Black International Limited is both a controller and processor of data. Our registered office is located at Harts Chartered Accountants, Level 1, 320 Ti Rakau Drive, Burswood, Manukau 2013, New Zealand.