Midwich Ltd and its related entities (herein after referred to as 'Midwich New Zealand', 'we', 'us' or 'our') are committed to protecting the privacy of your personal information in accordance with New Zealand privacy laws.
When you engage us to provide you with any goods or services, apply or complete an application for commercial credit, communicate with us through email, by telephone, in writing, participate in any of our promotional activities, or use any of our other services, including our websites, you agree to the use and disclosure of your personal information in the manner described in this policy. This policy is also relevant and applies to other individuals we deal with in connection with commercial credit we provide, such as guarantors and directors.
Where applicable we may require you to confirm your express, explicit consent when collecting your personal information for the purposes of compliance with the Privacy Act and the regulations set out in the General Data Protection Regulation (EU) ('GDPR'). In the event of the data being transferred to our European subsidiary or because our parent company is located in Europe, such transfer will be subject to the GDPR.
2. Types of personal information we collect
The kinds of personal information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:
3. Purpose for collecting your personal information
Midwich New Zealand only collects personal information as is necessary to conduct business with you. You will always know what information is being collected and will have the option to choose how Midwich New Zealand utilises your information to communicate with you.
Midwich New Zealand and its service providers will only use personal or business information you have supplied in order to:
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf who is also authorised to disclose your personal information.
Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (‘CRBs’) and your bankers.
We will take reasonable steps to ensure that you are aware of:
Aggregated data that contains no information specific to a particular person or business may be shared with our business partners, for example, aggregated statistical trend in a particular industry sector.
4. How we use and disclose your information
We may use your personal information for:
We may disclose personal information we collect from you:
Where the Privacy Act permits us to do so, we may also disclose your credit related information (in respect of commercial credit) to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request to increase in your commercial credit limit with Midwich New Zealand.
Where Midwich New Zealand collects information that we are likely to disclose to a CRB, please note:
We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.
5. How your personal information is stored and secured
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
6. What do we do if there is a data breach?
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act. Pursuant to our obligations under the Privacy Act, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the New Zealand Privacy and Information Commissioner will also be notified of eligible data breach.
7. Using our Website and Cookies
Many useful services are currently available at Midwich New Zealand websites and more services are being planned. Your information gives you authorised access so that you - and only you - can update your personal information, access online help or perform financial transactions. As with most websites, when you visit our website or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed, and documents downloaded type of browser and operating system.
We also use “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features.
Personal information that is submitted to Midwich New Zealand websites it is protected both on and offline. Midwich New Zealand web pages that request information or allow transaction processing use the Hypertext Transport Protocol Security (HTTPS) protocol (excluding Test Drive and Accountant updates) which allows data to be transmitted in an encrypted form known as Secure Sockets Layer (SSL) - visit secure for details.
You can confirm that any Midwich New Zealand data-entry page is secure by checking that:
8. Marketing and Opting-Out
We may use your personal information for:
We may exchange your personal information between our related entities and so they can also assist in the marketing of our products and services to you.
We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.
At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. You will generally be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request.
9. Cross border disclosure
Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of New Zealand who work for, or are engaged by us in other countries, including the United Kingdom. For example, we may use a server hosted overseas or a cloud-base accounting/business software to store data, which may include your personal information. We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’). The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in New Zealand. If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.
Data Subject Rights
Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal information stored with us:
Data Controller and Data Processor
You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal information that you collect and store and will be responsible for how such personal information is collected. You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal information.
When you use our website, we act as a data processor only in relation to personal information and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the Privacy Act or GDPR.
11. Accountability and legislative compliance
12. Accurate and up-to-date information
We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating its records whenever true and correct changes to the data come to its attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below.
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with its reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
13.Access to your personal information
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act, we will give you a notice explaining our decision to the extent practicable and your options.
To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.
14.Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
15.Anonymity when dealing with us
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
16.Collecting sensitive information
We do not use or adopt government identifiers (e.g. tax file numbers or Medicare number) to identify individuals.
18.Complaints and disputes
We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Were necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the New Zealand Privacy Commissioner:
Office of the Privacy Commissioner
Website: www.privacy.org.nz Phone: 0 800 803 909
19.Who should you contact for further information?
0800 947 336
Our Privacy Officer will consider your question or complaint and respond to you in a reasonable timeframe.