Privacy Policy

Thank you for your interest in how we handle your data

At Cubro, we're committed to providing you with the highest level of protection for your data and privacy. As a New Zealand company, we always strive to be compliant with some of the most stringent data protection laws in the world.

Thousands of customers already trust Cubro with their data and we ensure that the highest safety standards for data storage and processing are always met. We only collect data when it's truly necessary, and in our customers' best interests, e.g. to send you product updates via email.

The following outlines how we are applying the guidelines with specific reference to how they align with the relevant privacy regulations that apply.

Introduction

This Data Protection Policy is intended to provide information on the processing of personal data in our companies. We hereby fulfil our statutory obligations under NZ legislative requirements as well as align with relevant overseas regulation, such as the EU General Data Protection Regulation (EU-GDPR, EU 2016/679).

Please read this Data Protection Policy carefully and make sure that you understand it. If you have any further questions or there is something you do not understand, please contact us.

For Cubro the protection of your privacy always has the highest priority. We have safeguards against malware, viruses, and other digital threats on our own systems and the protection of your personal data is very important to us.

This Data Protection Policy describes how we handle data which may be directly or indirectly related to natural persons (personal data) and which hardware and software is used.

In this document we also explain how we use cookies and analysis tools throughout our websites and in our products and services.

We comply with relevant privacy laws and this Data Protection Policy at all times. We only share data with others as described in these provisions. Please note that further information may be added to our Data Protection Policy depending on the product or service concerned.

How can you contact us?

Cubro Ltd is responsible for data protection. If you wish to contact us regarding your data, you can do so in the following ways:

  • Call our Customer care team on 0800 656 527 between 8am to 5pm, Monday to Friday
  • Email sales@cubro.co.nz
  • Visit our Headquarters at 149 Taurikura Drive, Tauriko, Tauranga 3171 or
  • Write to us at Cubro, PO Box 9144, Greerton, Tauranga 3142

What do we mean by certain terms?

Anonymisation

By modifying the data, identification of a natural person is no longer possible.

Activity data

Data stored about the user's activities.

Analytical tools

Programs allowing analyses of user behaviour.

Cloud

Use of IT infrastructures and services that are not kept locally but are hired as a service and can be accessed via a network (e.g. the internet).

Cookies

Cookies are small text files that are stored on your computer or in your browser.

GDPR

General Data Protection Regulation, revision of data protection regulations for the European Union.

Devices

A (portable) object, such as a smartphone, tablet, notebook, or PC, used to access apps or programs and information services.

IP address

An address within the computer network based on the Internet Protocol (IP). This address is assigned to the device and thus allows the device to be addressed and so accessed.

MAC address

Address of each individual network adapter.

Personal data

This information relates to a specific or identifiable natural, living person.

Pseudonymisation

Modification of data in such a way that it is no longer possible to allocate it to a certain data subject without additional supplementary information.

Malicious software

Programs developed to cause damage to a device or system.

Smart

Synonymous for ‘intelligent, clever’ devices (e.g. smartphone, smart TV, smart watch)

SSID

Freely selectable wireless network name.

Web console

Internet based software solution for managing your account or your settings.

What personal data is processed by us?

We process different data when you use our online products or visit our websites. This may be personal, either directly or indirectly, i.e. by involving other data sources.

Most of the data is collected in a pseudonymised or anonymised form. This includes the following information:

Information when you visit our websites

When you visit one of our websites or access one of our online services, we may process information on the region you are visiting us from, information on your device, its operating system and browser, your user behaviour on our site during the current session, and whether you have visited us before. For this, we use cookies.

Registration information

To activate or use some of our products or services, you need to create an account. During the process of setting up your Account, we will ask you for certain personal information such as your name, email address, possibly supplemented by additional information, such as your telephone number and address details.

Support inquiries

If you contact us for support inquiries, we will store your data in connection with this particular inquiry, such as contact details, information on your enquiry and any related material that may help us provide the service you request. In some cases we may ask you to provide us with additional information to handle your support inquiry.

Usage information

When using our products and services, we collect and process personal data at various points. The respective collection and processing of personal data depends on the product used and the associated services and product features. In some cases, you may deliberately submit or provide us with files for verification. If these contain personal data, processing is carried out in accordance with the guidelines set out in this Data Protection Policy.

For example:

Cubro online ordering - With Cubro Online Ordering, we provide a web console which you can use to manage your account and our services that you use. For this, we collect and process personal data at various points to help us optimise the services you use.

Payment information

Cubro does not currently offer any online payment options on its website or online services. We will not request details of payment cards, and do not store payment card details on our systems and storage.

Why and on what legal basis do we store personal data?

Processing purposes

We process your data, whether it can be traced back directly or indirectly to a natural person or not, for the following purposes:

  • To provide services to you.
  • To process your registration and administer the services you have access to.
  • For correct operation of our products and services.
  • For convenient and straightforward use of our products and services.
  • To send you direct marketing, by post and electronic means, including by email, phone and text/SMS.
  • To offer you optimised advertising and product information.

Consent

Your consent is required for the processing of certain data. In these events we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.

In these cases we will inform you about the purpose of the data processing and about your right of revocation.

Storage and deletion periods

We store personal data only to the extent required to fulfil the purpose. The storage period depends on legal requirements and the duration of the contractual relationship.

Should the data no longer be used, it will be anonymised and/or deleted in accordance with legal regulation.

Should you wish to have your data deleted, please note that due to technical restrictions it may take up to 180 days to permanently delete your data from the live systems.

Further, please note that after the confirmation of your deletion request it is not possible to restore your data.

How do we use cookies, analysis and tracking tools, and social media registrations?

When you use a product or service, cookies are uploaded to your browser. Cookies may be used to identify your browser so that our website is displayed correctly. We also use cookies at various points on our website to analyse the use of our website and thereby optimize it, such as a shopping cart function for orders in the Cubro online store.

Cookies are stored on your individual device and you have full control over their use. You may deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time. Should you visit the Cubro site with cookies deactivated, you may possibly not be able to use all of the functions on our site to the full extent.

In addition to our own systems, we also use the following third-party tools for marketing purposes and to make your visit to our websites or the use of our products/services more user-friendly.

Analytical tools

Google Analytics 360

We use Google Analytics 360, a web analysis service from Google (Google Inc.). Google Analytics uses cookies that enable us to analyse your use of our websites. The data generated by cookies about your use of our website and may involve the transfer of data to servers in the USA. Prior to this, however, Google will shorten your IP address if it originates in a member state of the European Union or in other signatory states to the Agreement on the European Economic Area and thus make it anonymous (Google's anonymizeip process). The entire IP address is transferred to a Google server in the USA and saved there only in exceptional cases. Google uses this data to evaluate your use of the website, to generate reports on website activities for Cubro, and to provide other services associated with website and internet use. Google can transfer this information to third parties, where appropriate, if legally mandated or if Google contracts with third parties to process such data. Google will not associate your IP address with other Google data.

You still have the option to prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) as well as from processing this data by downloading and installing a browser plug-in provided by Google.

Further information on Google Analytics can be found here.

Adobe Analytics (Omniture)

We use Adobe Analytics by Adobe (Adobe Systems, Inc.). The program uses cookies and tracking pixels, which are either retrieved from your device or stored there and enable an analysis of your use of our website and online services. This process collects and saves data based on pseudonyms. These profiles are used to analyse visitor behaviour on our services and to adapt our offerings and design based on user needs.

Without your express consent, the pseudonymised usage profiles will not be merged with other personal information that we may have received from you. Adobe does not process your IP address and only saves it in a shortened form. You may also opt-out of the collection and storage of your information by Adobe at

Opt-out here

For more information about Adobe Systems' Privacy Policy, click here.

Hotjar

We use Hotjar, a web analytics service provided by Hotjar. Hotjar uses cookies to process information including standard internet log information and details of the visitor’s behavioural patterns upon visiting our site. This is done to provide you with a better experience, and to facilitate the use of certain functions. Cookies are small data files transferred onto computers or devices by sites for record-keeping purposes and to enhance functionality on our site. Hotjar stores this information in a pseudonymized user profile. Hotjar does not process this information to identify individual users or to match it with further data on an individual user.

For more info about the cookies we make use of in conjunction with Hotjar, please visit Cookie Information. You may opt-out of the collection and storage of your information by Hotjar at any time by following the instructions under the following link: Opt-out here

For more information about the software used and Hotjar’s Privacy Policy, just go here.

Why and who do we share personal data with?

Your personal data will not be transmitted to third parties for reasons other than those listed below.

  • You have expressly given us your consent for this,
  • it is legally permissible and necessary for the execution of our contractual relationships with you,
  • data transmission is based on a legal obligation,
  • data disclosure is justified by a particular interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time.

Personal information that we collect is either held by us on our systems and storage facilities or is held by these parties on our behalf. Some information we hold will be stored in ‘the cloud’ in secure databases on our behalf by third parties based overseas. The use of these services, and the transfer of information overseas (if applicable) will not relieve us of our obligations under the Privacy Act and this Privacy Policy.

We share personal data with the following recipients or categories of recipients for the aforementioned reasons:

  • Employees (internal and external)
  • IT infrastructure service providers
  • Payment processors
  • Support service providers
  • Software service providers
  • Providers of analysis tools
  • Public authorities

For example:

SurveyMonkey (SurveyMonkey USA) - we use this platform to conduct surveys such as on your product satisfaction. For your protection, personal data is processed in a pseudonymised form.

How do we collaborate with partners on your behalf?

We may share anonymised and aggregated information (which is not capable of identifying you) with our contractors, affiliates, business partners and other third parties.

In providing and managing our customer products, we also contract with other businesses to provide services to us and we may disclose personal information to them to enable them to provide those services.

We require these service providers to adhere to our confidentiality requirements and to the requirements of the Privacy Act.

What do we use international partners for?

We use a global IT infrastructure including computers, cloud-based servers, networks, and software solutions of international companies to provide our services. In certain specific cases your personal data may be forwarded to third countries based on your express consent. In these countries, the same level of data protection is not always governed by and established in law as in the New Zealand.

For this reason, we have taken a number of measures in accordance with relevant standards and legislation to ensure the highest possible protection of your personal data.

We insist that our partners take reasonable technical and organisational precautions, including complying with generally accepted industry standards, to protect personal information that they hold. However, no method is completely secure and we cannot be responsible for any breach of security caused by third parties.

What data protection settings are available?

Browsers used to access our products offer you a number of options and settings. These are usually explained to you when you first install or use them. It is quite possible that by changing the settings, certain Cubro services may no longer function properly.

If you have given us your consent to process certain data, e.g. to receive a newsletter or third-party offers, you have the right to revoke this consent - also in part - at any time. You can do so by contacting us directly.

In the case of direct advertising, you have a general right to object without having to provide information on the particular situation. Please inform us of your objection in writing (e.g. email) or by telephone.

What are your rights?

You have the following rights in connection with your personal data, subject to possible legal restrictions:

The right to be informed, rectification, erasure, restriction of processing, portability, and object.

Right to information

If you would like to know what personal data we hold on you, please contact us directly. Following your request, we will send you information about the data we have via email. The provision of this information may take some time, depending on the scope of the activity data.

Right to rectification

You can request to change or update your data at any time by contact us directly.

Right to erasure

If you wish to delete your data, please contact us directly. We will then erase your data in accordance with legal requirements.

Wherever possible, we will block your data immediately, however due to technical restrictions it may take up to 180 days to permanently delete your data, provided there are no legal obligations and statutory rights preventing deletion.

Please note that after the confirmation of your deletion request it is not possible to restore your data.

Right to restriction of processing

You have the right to restrict the processing of your personal data. To this end, please inform us of the categories of data affected by your request and the reasons for your request. We will examine the facts immediately and inform you of the result.

Right to data portability

Please let us know in text form (e.g. email) which data you would like to transfer to whom. We will examine your request immediately and inform you of the result.

Right to lodge a compliant

If you are dissatisfied with our efforts in connection with data protection, you have the right to lodge a complaint with the data protection supervisory authority responsible in New Zealand.

  • Office of the Privacy Commissioner – PO Box 10094, Wellington 6143.
  • OR Click Here

How do we protect personal data?

We have put in place safeguards that are state-of-the-art and meet the requirements of data protection legislation to protect your personal data. These are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorised knowledge or access by third-parties.

To transfer data between our websites, our applications and backend systems, communication is encrypted using the latest SSL (Secure Socket Layer) procedure.

We protect the systems and processing by a series of technical and organisational measures. These include data encryption, pseudonymisation and anonymisation, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.

Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.

What possibilities are there for minors to use our services?

Our products and services may not be ordered or installed by minors.

What other information is important?

Public information

Remember that the data you send to forums, such as our web based social media facilities, will be classified and treated as information that is ‘manifestly made public’. If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum.

Changes to this data protection policy

This Data Protection Policy is revised on an ad-hoc basis to adapt it to current developments in relation to our company, our products and services, legal requirements and social developments.

Effective: 22 JUNE 2018