EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR)



Privacy Statement



This Privacy Statement only applies to the collection and processing of ‘EU personal data’. ‘EU personal data’ means any personal information of an individual who is located in the European Union (‘EU’) (whether the individual is a citizen of an EU country or otherwise). This section will apply to you and the processing of your EU personal data if you are located in an EU country. This section does not apply with respect to your personal information if you are located outside of the EU countries, even though you may be a citizen of an EU country.

For the purposes of this Privacy Statement, the term ‘process’ has the same meaning given to it under the GDPR and may include any operation or a series of operations performed on EU personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

EU personal data that is collected by us may have been sourced directly from you, a third party or implied from your use of our products or services. We will process EU personal data in accordance with this Privacy Statement and our Privacy Policy. To the extent of any inconsistencies between other sections of our Privacy Policy and this Privacy Statement in relation to the processing of EU personal data, this Privacy Statement prevails.

This Privacy Statement was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. For further information, please contact us through the ‘Contact Details’.

GDPR Principles
Any EU personal data will be:

  • Processed lawfully, transparently and in a fair manner;
  • Collected only for the purposes identified in this Privacy Policy or any other agreed specified purposes and not further processed in a manner incompatible with those purposes;
  • Collected in an adequate and relevant manner and limited to what is necessary in relation to the purposes for which the EU personal data is processed;
  • Kept current and up-to-date in accordance with our Privacy Policy;
  • Stored in a form which permits us to identify you, but only for the period necessary in relation to the relevant purposes identified in our Privacy Policy;
  • Stored and processed securely to protect EU personal data against unlawful or unauthorized access and accidental loss, damage or disclosure in accordance with our Privacy Policy.

    Lawful basis for processing
    We will only collect and process EU personal data where we have lawful bases. This may include where:

  • You have given consent;
  • The processing of EU personal data is necessary for the performance of a contract with you (such as to deliver the services you have requested or that have been requested on your behalf); and
  • The processing of EU personal data is necessary for the purposes of our ‘legitimate interests’ and those of a related company of ours, provided that such processing does not outweigh your rights or freedoms.

    Where we rely on your consent to process personal data, you have the right to withdraw, restrict or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and process EU personal data you should contact us.

    We do not use automatic decision making, such as profiling, to make a decision that may produce a legal effect concerning a data subject of EU personal data.

    Rights of EU personal data subjects
    In addition to other rights you may have as set out in this Privacy Policy, you may exercise the data protection rights set out below in relation to your EU personal data:

    a. Access and Portability: a request can be made by you for a copy of your EU personal data (and any other information relating to your EU personal data permitted under Article 15 of the GDPR) held by us in accordance with the ‘Your Rights’ section of our Privacy Policy. In addition, you may request to be provided with EU personal data in a structured, commonly used and machine readable format (including for the purposes of transferring to another party).

    b. Restrictions and Objections: You may request that we limit our use of your EU personal data or processing by requesting that we no longer use your EU personal data or limit how we use your data, this may include where you believe it is not lawful for us to hold your EU personal data or instances where your EU personal data was provided for direct marketing purposes and you no longer want us to contact you. We will do so, if we are:

  • Relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
  • Processing your personal information for direct marketing.

    Our responsibilities as a ‘data controller’ and ‘data processor’
    We may act as the ‘data controller’, the ‘data processor’ or in some instances both the data collector and data processor simultaneously in relation to EU personal data. We will be a data controller where we determine the purposes and means of the processing of EU personal data alone or jointly with others. To the extent that we are a data controller with respect to EU personal data, we:

  • Set out in our Privacy Policy how we collect personal information (including EU personal data), how it is stored, to whom such personal information is disclosed and how the EU personal data is otherwise processed;
  • Only appoint processors under agreements that the processor will comply with the GDPR;
  • Will maintain a record of processing activities which are under our responsibility (where required by GDPR);
  • Co-operate with relevant authorities which enforce the GDPR;
  • Implement appropriate technical and organisational security measures to protect EU personal data and report any data breaches to authorities and affected individuals as required by the GDPR in accordance with our Privacy Policy.

    If a third party discloses EU personal data to us for a specific purpose, we will be acting as a data processor in processing the EU personal data for that purpose. Where we act as a data processor, we will:

  • Only act on the controller’s documented instructions;
  • Impose confidentiality obligations on all personnel who process the EU personal data;
  • Not appoint sub-processors without the prior written consent of the controller;
  • At the instruction of the controller, return or destroy the EU personal data in accordance with our Privacy Policy; and
  • Where applicable, assist the controller in complying with the rights of the data subjects of the EU personal data;
  • Maintain and keep accurate records of processing activities (where required by GDPR); and
  • Implement appropriate technical and organisational security measures to protect EU personal data and report any data breaches to controller without undue delay.

    Disclosure to third parties
    If we are required to disclose your EU personal data to third parties, including data processors or sub-processors, we will notify the third party that it has an obligation to handle any EU personal data in accordance with the GDPR.

    In the event we are responsible for a transfer of EU personal data outside of the EU, such transfer will be for the necessary and lawful performance of our services, including the establishment, exercise or defence of a legal right.

    Express consent to transfer
    By providing us with your EU personal data, you are consenting to the disclosure of your EU personal data to third parties outside of the EU. You also acknowledge that we are not required to ensure that those third parties comply with their obligations under the GDPR.

    If you have any questions, comments or complaints about our handling of your EU personal data, or wish to contact us regarding your EU personal data, please use the contact details set out below in the ‘Contact details’ section.

    How do you make a complaint?
    If you have a complaint about how we handle your EU personal data, you can contact us: info @ recoveredlivingnz [dot] com

    Phone: +64 [27 314 5306], Mon – Fri, 9am – 5pm NZT

    If you still feel your issue or request hasn’t been resolved to your satisfaction, then you can escalate your privacy concern to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights). If your complaint relates to how we handled your access and correction requests you may take your complaint directly to the New Zealand Privacy Commissioner or the authority in which you are located.

    Contact details for escalating complaints
    Office of the New Zealand Privacy Commissioner

  • Online: www.privacy.org.nz
  • Phone: +64 4 474 7590 or +64 9 302 8680
  • Email: [email protected]