In this Policy "we" and "our" means Qrious Limited (a subsidiary of Spark New Zealand Trading Limited) who provide services to You (our clients who have accepted use of Qrious' products and services).
Qrious respects your privacy
We collect some information as we develop and deliver services to you and other Qrious clients. We value and respect privacy, and manage any personal information that we collect or hold with care.
- We recognise our responsibility, as an agent, in relation to the storage and processing of the personal information supplied to us.
- We comply with the Privacy Act 1993, and apply good privacy governance practices, including privacy impact assessments and external audits.
- We will only use, reproduce, publish, disclose, copy or transit data and materials provided by our clients for the purpose of supplying and developing Our Products and Services.
- We take reasonable safeguards to keep any personal information secure.
- We require You to comply with the Privacy Act 1993, and to have transparent privacy policies and practices that fulfil those policies.
- Data may be processed by Our related companies in order to provide Our services.
- You should not take any steps to de-anonymise or de-aggregate any anonymised or aggregated data that We provide You.
- We respect the privacy commitments that You make to third parties and expect You to honour those commitments when using Our services.
- While We take all reasonable steps to maintain the confidentiality of the Personal Information we hold, We are not responsible for Your activities or actions in connection with such Personal Information.
- You are responsible for ensuring that You comply with any privacy or other laws applicable to Your data, materials or similar that contain Personal Information.
Using personal information to deliver Qrious products and services
We follow strict processes to make sure individual privacy is protected. Below You can find additional information about the key products and services that We deliver and the data privacy policies We have in place for each of these.
The UbiQuity Platform
- The UbiQuity platform holds and processes a range of personal information about individuals on behalf of You and other clients. Data provided by clients may include, but is not restricted to, name, email address, contact preferences, and transactions. The information that You provide to us is only held and processed in accordance with Your requests - it is not combined with or added to any other data or data set without Your instruction (which must be provided in compliance with applicable law). In line with Our Terms and Conditions, it is Your responsibility to ensure You have received the appropriate customer consent for any data collection, use, processing and disclosure within the UbiQuity platform.
- As a UbiQuity client, You must ensure that You have obtained proper consent from Your customers in relation to the collection, holding, use, processing and disclosure of their personal information in relation to the services, and relevant consents to send emails (in compliance with the Privacy Act 1993 and the Unsolicited Electronic Messages Act 2007).
- We will only process, disclose, adjust or purge data in line with a request by You, unless required to do so by law. Once UbiQuity data is purged, there will be a 30-day period where this data can be retrieved through a data backup. Once 30 days have expired, this data will be irretrievable. We reserve the right delete Your data if We have reason to believe that the data is, or is alleged to be, defamatory, illegal, or not appropriate. We will consult with You and provide reasonable notice where possible before doing so.
- We use Revera Limited, located in Auckland, New Zealand, for hosting UbiQuity data, as well as AWS Sydney and Azure Sydney for data related to UbiQuity Web Tracking, UbiQuity Web Hooks, and UbiQuity Engagement Scoring.
- We may disclose information in accordance with production orders or other lawful authorities, or with the prior written consent from the relevant Qrious client. The data in the UbiQuity Platform is controlled and managed by You - in the first instance We seek to direct such enquiries to You in relation to your customers, where permitted by law. The same principle applies in circumstances where individuals make requests in relation to their Personal Information under the Privacy Act 1993.
Anonymised Location Data
- We receive a feed of anonymised network usage data from Spark New Zealand that tells Us where mobile devices use the Spark network.
- We only use this in an anonymised and aggregated form to understand movement patterns within New Zealand.
- We will sometimes leverage statistical demographic data to assign attributes to the data sets.
- This data is used to help New Zealand organisations improve infrastructure and services. Examples include improving transport decisions, helping organisations better understand their customers, and supporting tourism in regional New Zealand.
- Location data is hosted in AWS Sydney, as well as a Cloudera on premise environment.
- Spark has received appropriate consent for data collection and usage.
- Spark is responsible for ensuring it has received appropriate customer consent for data collection and usage.
- If you are a Spark customer and would like to learn more, click here.
- If you would like to opt-out of your information being used by Spark and Qrious for this purpose, or if you have any queries or concerns, please email firstname.lastname@example.org.
CUE: Spark Public WiFi and On-Site WiFi
- CUE is a Qrious product that uses real time WiFi data to provide Our clients with customer insights while helping You to deliver relevant messaging and digital experiences, through online captive portals and on-site digital signage.
- For the CUE solution that We offer, a third party supplier processes Spark WiFi usage data, and Your on-site WiFi usage data for users who visit a location and log in to the available WiFi. This data is hosted in Azure Sydney and is used to provide aggregated, anonymised insights on customer movement patterns and site optimisation insights.
- As a CUE client, You are responsible for ensuring You have received appropriate consent for data collection and usage from Your customers. While we have put in place processes to limit the risk of individuals being identified through the CUE product, we expect You not to use CUE for this purpose or in a way that will allow individuals to be identified.
- The third party supplier may publish aggregated information relating to the use of the Services, such as aggregated customer movement patterns. However information is not disclosed in a form that could reasonably be expected to identify WiFi users.
- The third party supplier will sometimes leverage statistical demographic data to assign attributes to these data sets.
- If you are a Spark Public WiFi customer and would like to learn more click here.
Other Qrious Data Solutions
- We can help You uncover and interpret insights from Your data (i.e. first party data). In doing such analysis, Your first party data may be enhanced through second and third party data.
- The environment where this data is housed will be fully dependent on Your preference. This will be addressed in the relevant agreement between You and Qrious.
- As our client, You are responsible for ensuring that You have received appropriate customer consent for collecting, enhancing and using Your first party data to uncover insights.
As a Qrious Client
As a client using a Qrious solution, We may collect and store Personal Information about You and Your users of Our Product or Services, such as name, place of work, phone number, email address, or location.
This data is used to:
- Enable Us (including Our related companies, providers and suppliers) to provide the services to You.
- Allow us to bill You and receive payment for products and services, including recovering and reporting on money owed to Us, help prevent fraud, refer debts to debt collection agencies, or enforce Our rights.
- Allow Us to enforce Our rights and obligations under Our agreement with You.
- Communicate with You (and your Users) in relation to Your use of Our products and services, process Your transactions and respond to Your requests.
- Personalise Your experience in using Our products and services.
- Send You (and your Users) information about our products and services.
As a client, You (and/or Users) may receive updates from Us on any new features and related communications. You (and/or Users) may unsubscribe from these marketing updates at any time through the unsubscribe link at the bottom of all emails, or by contacting us at email@example.com.
Aggregated, non-personally identifiable information
As a client using a Qrious solution, we may collect and store data related to Your use of the solution. We use this information to improve our solutions for You and our clients generally. Although We may publish aggregated information about usage patterns, We do not disclose information about individual persons.
Aggregated, non-personally identifiable information is information that has been converted to a form that cannot be used to identify You, and combined with data from other customers that has been de-identified in the same way. For example, aggregated, non-personally identifiable information may show that X% of clients used part of Our services in January, but only Y% in February.
- Use this type of information to improve Our products and services, client support and website.
- Share insights derived from this information publicly – for example, to understand how often and in what ways people use Our Services and show trends about the general use of our Site, products, services and apps.
- Share this type of information with Our third-party partners or related companies
Products and Services with passwords
For products and services with passwords, this process forms part of Our security measures to protect the loss, misuse, and alteration of Personal Information when You enter, submit, or access Your instance of the relevant product or service.
It is important that You and Your Users:
- Select strong password(s) and unique pin number(s), and ensure these are changed regularly.
- Protect password and/or other sign-on mechanism appropriately.
- Limit access from computer or device and browser application by signing out after You have finished accessing Your account.
- Actively manage on a regular basis who You have granted system access to and what privileges You assigned them to ensure that these are still valid and appropriate for You.
Other ways information may be used
- Law enforcement and government agencies may request information that is about You or others.
- Third parties who We engage to provide services to You may request information for the purposes of providing those services to You.
- Individuals who believe that the information held in respect of Your Account includes personal information about them (e.g. email addresses of your customers) may request access to their own information.
We may also disclose information about You or Your use of Our products and services if We are compelled by law to provide the information or have reasonable grounds to believe that disclosure is allowed by law, for example in accordance with the Privacy Act 1993, to prevent or lessen a serious threat to public health or safety, or to the life or health of an individual.
We may also share Your information with anyone we transfer, sell or assign, all or any part of our business to, in respect of which You are a client or potential client. In addition, We may disclose information to third parties that has been converted to a form that cannot be used to identify You or any other individual.
Access and Correction of an individuals Personal Information
Individuals have the right to request access to Personal Information We hold about them where it is stored in such a way that it can readily be retrieved. Qrious respects this right, and the following will be considered by Qrious when We consider our obligations in this area:
- There may be instances where We cannot grant individuals access to the Personal Information We hold about them. For example, if this request interferes with the privacy of others or would result in a breach of confidentiality.
- If the Personal Information We hold about an individual is not accurate or complete, then they may ask Us to correct it.
- Individuals may also request We delete any data We hold in relation to them.
Please note that any requests by an individual relating to their Personal Information which has been provided to Us by one of Our UbiQuity clients will generally be directed to the applicable Qrious UbiQuity client as the controller of this information. Where permitted We will help individuals to direct their request to the right person if they need assistance.
Data breach notification
Wherever possible We will provide You with notice in the event that we become aware of a notifiable privacy breach relating to Personal Information of Your customers that we hold on your behalf. Such notice will be provided in accordance with any legal requirements.