1. Arachne Digital Limited (we/us/our/Arachne Digital) acknowledges and respects the privacy of individuals. This policy (Privacy Policy) sets out:
1.1 how we collect, use, manage and protect personal information;
1.2 your rights in relation to any of your personal information that we hold;
1.3 details of any overseas countries in which your personal information may be stored or processed on our behalf; and
1.4 how to contact us.
2. If not defined in this Privacy Policy, capitalised terms used in this Privacy Policy have the meanings given to them in our Terms of Use (at www.arachne.digital/terms-of-use).
3. This Privacy Policy is governed by New Zealand law. For more information about privacy issues in New Zealand and protecting your privacy, visit the New Zealand Privacy Commissioner’s website at www.privacy.org.nz.
4. When handling personal information, we will comply with all privacy laws that we are legally obliged to comply with (Applicable Privacy Laws), including (as applicable), the New Zealand Privacy Act 2020, the General Data Protection Regulation (EU) 2016/679 (EU GDPR) and/or the United Kingdom Data Protection Regulation (UK GDPR).
5. This Privacy Policy is subject to change. Any changes will be effective when a notice of the change is posted on www.arachne.digital/privacy-policy. Please check this Privacy Policy periodically so that you are aware of any changes.
6. We may collect and hold personal information:
6.1 Provided when you (in your own right or on behalf of the service user organisation for whom you are acting) sign up to the Service and/or as you use the Service and/or our Website. Examples of personal information we may collect and process includes, without limitation:
6.2 When you elect to schedule a demo or trial of the Service we collect your personal information, including your name, company name, email address, phone number, industry category, time zone, and your use of the Service during your demo or trial.
6.3 ervice users may use the Services in such a way that the personal information of other persons is collected through the Service (Third Party Personal Information). In such situations we are strictly a data processor, and for that reason the relevant user organisation is responsible for making sure it has the appropriate permission for us to collect and process the personal information as its service users direct.
7. This information is usually collected directly from you (or from your use of the Service or Website) but occasionally, where it is unreasonable or impractical to do so, or where it is collected as part of the Service as directed by users (as noted above), it may be provided by third party service providers or obtained from publicly available sources. You may choose not to provide any personal information to us, however as a result we may not be able to provide services to you (or the service user organisation for whom you are acting).
8. We will not process Personal Information, other than as outlined in this Privacy Policy, without having a lawful basis to do so.
9. We may process your personal information:
9.1 to create and administer service user accounts;
9.2 invoice and charge for Services and collect money that is owed; and
9.3 deliver the Services and otherwise comply with our obligations under the Terms of Use,
and such processing is necessary for the performance of the contract between you (or the entity on whose behalf you are acting) and us.
10. We also process your Personal Information:
10.1 to verify your identity;
10.2 to communicate with you (including responding to feedback and information requests relating to our Service, to let you know when we are experiencing technical difficulties, and to alert you of new features or developments);
10.3 to communicate with, and comply with our obligations to, our third-party service providers, suppliers and other users of our websites and Service;
10.4 to send administrative messages, reminders, notices, updates, security alerts, and other information relevant to your use of the Services;
10.5 to track access to the Services in order to help detect and prevent any fraudulent or malicious activity;
10.6 to analyse Arachne Digital service user behaviour, preferences and intentions for the purpose of:
10.7 to send you marketing and promotional messages and other information that may be of interest to you where you (or the organisation on whose behalf you are accessing the Service) have consented to receiving such material. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link) or by emailing us at privacy[at]arachne[dot]digital;
10.8 to protect and/or enforce our legal rights and interests, including defending any claim; and
10.9 to comply with our legal obligations, including any notification and reporting obligations and any access directions imposed on us by an applicable Government agency, law enforcement agency or regulatory authority,
and such processing is necessary for the purposes of a legitimate interest pursued by us, and we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms.
11. We may also process your Personal Information for such other purposes that are compatible with the original purposes described above, or that you otherwise consent to.
12. We may anonymise and aggregate information such that no person could be re-identified from the information. This aggregated and anonymised data is not Personal Information and this privacy policy does not apply to it.
13. We may use other companies and individuals to perform services on our behalf, or otherwise in connection with the Service and/or Website. They may have access to your personal information as needed to perform and provide these services or otherwise obtain the benefit of the Service (as applicable), but we will not authorise them to use your personal information for any purpose that is inconsistent with this Privacy Policy.
14. We may disclose personal information:
14.1 to meet the purpose for which it was gathered;
14.2 for the purpose of processing and delivering a service related request;
14.3 if we are required to disclose the information under any agreement or arrangements we have with our third party providers or service users;
14.4 to other third parties to anonymise and aggregate statistical information;
14.5 to respond to due diligence requests and/or transfer personal information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business;
14.6 to protect and defend our rights or property and those of our third party providers (and, where applicable, their end users);
14.7 to protect the safety of users of the Service or services provided by our third party providers, or the public; and
14.8 to any other person or entity authorised by you.
15. We may preserve or disclose your personal information if we are authorised by (or believe that disclosure is reasonably necessary to comply with) any law, regulation, legal process or Governmental request (including any notification or reporting obligations and any access directions) or to address fraud, security or technical issues. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s (including any Governmental) request to disclose your personal information.
16. We may disclose your personal information to our affiliated companies and to any prospective purchasers of us or a substantial portion of our assets.
17. The rights of disclosure in this section may, if applicable, be subject to further restrictions contained in data processing agreements with our third party service providers (as applicable).
18. At no time will we sell your personal information to any third parties or transfer your personal information to any third parties, for a use not related to the provision or marketing of our products and services.
19. Arachne Digital Limited is located in New Zealand, so personal information may be transferred and/or stored there. For the purposes of the EU GDPR and the UK GDPR, New Zealand has been recognized as providing adequate protection.
20. We utilise the services of third party processors (or sub-processors, as applicable) in various countries who may access your personal information. An up-to-date list can be found at www.arachne.digital/third-party-suppliers. Consequently, we may transfer personal information to persons or entities located in these countries. Although we will endeavour to ensure that personal information is treated securely and in accordance with this Privacy Policy as well as Applicable Privacy Laws, we advise that some of these countries may not have an equivalent level of data protection laws as those in New Zealand.
21. If you are located in the EU or the UK and we transfer your personal information to a third party located in a country outside (as applicable):
21.1 the European Economic Union that the European Commission has not recognised as providing adequate protection, if required by the EU GDPR we will enter into an agreement with that third party that containing the standard contractual clauses approved by the European Commission; or
21.2 the United Kingdom that the United Kingdom Government has not recognised as providing adequate protection, if required by the UK GDPR we will enter into an International Data Transfer Agreement or Addendum (as appropriate) issued under section 119A of the UK Data Protection Act 2018.
22. We retain personal information for as long as the user organisation associated or linked with the personal information is active. We take steps to regularly destroy personal information that we no longer use, however we may:
22.1 in some cases, retain a copy of personal information to comply with our legal obligations, resolve disputes, enforce our agreements and to comply with our trust and safety obligations. Personal information retained for this purpose will be archived and stored in a secure manner after the relevant user organisation has stopped using Arachne Digital services, and will not be accessed unless required for any of these reasons; and
22.2 retain personal information in an aggregated, de-identified or otherwise anonymous form, such that there is no reliable way of identifying a person from the information.
23. You have the right to access your readily retrievable personal information that we hold about you, and to ask for it to be corrected if you think it is wrong.
24. If you are based in the EU or the UK you have the right, under the EU GDPR or the UK GDPR (as applicable), to:
24.1 in certain circumstances, have your personal information erased;
24.2 restrict the processing of your personal information;
24.3 move, copy or transfer your personal information easily for your own purposes across different services in a safe and secure way;
24.4 object to processing where we rely on our legitimate interests as the lawful basis for processing;
24.5 withdraw your consent at any time, where our processing of your personal information is based on consent; and
24.6 lodge a complaint with an appropriate supervisory authority, if you consider that our processing of your personal information has breached the EU GDPR or the UK GDPR (as applicable).
25. We will respond to any request made in respect of the above in accordance with the Applicable Privacy Laws.
26. Please note that in certain circumstances we may refuse to respond to a rights request where we have the right to do so under Applicable Privacy Laws, for example, where a request is manifestly unfounded or excessive.
27. Each time you visit our Website or use our Service our server collects some anonymous information, known as click-stream data, including the type of browser and system you are using; the address of the site you have come from and move to after your visit; the date and time of your visit; and your IP address.
28. We may collect this information for statistical purposes to find out how our Website and Service is used and navigated, including the number of hits, the frequency and duration of visits, and the most popular session times. We may use this information to evaluate and improve our sites and service performance or to identify individuals whom may threaten the security or integrity of our Website or the Service.
29. We may disclose your IP address to law enforcement authorities if requested by the authorities to do so or if directed to do so by the courts.
30. A cookie is a piece of information that our web server may send to your machine when you visit our Website. The cookie is stored on your machine, but does not identify you or give us any information about your computer.
31. The types of cookies we may use are strictly necessary cookies. These cookies are essential for the full functionality of our Website and Service. They enable you to navigate around our Website and/or the Service and use their features. Without these cookies, you may not be able to access all the functions of our Website or the Service.
32. The length of time a cookie will stay on your browsing device depends on whether it is a persistent or session cookie. Session cookies will only stay on your browsing device until you stop browsing. Persistent cookies will stay on your browsing device until they expire or are deleted.
33. With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. If you want to do this, refer to your browser instructions or help screen to learn more. If you reject the use of cookies, you will still be able to access our Website but please note that some of its functions may not work as well as if cookies were enabled. To learn more about how to enable, edit, or disable cookies on your computer, please visit the aboutcookies.org website.
34. We may provide links on our Website to other websites. If you use these links, you will leave our Website and we are not responsible for any third party websites, their content or their usage of your personal information. We advise that you check the terms and conditions of use, the privacy policies and any other guidelines for access and use on those websites as they will apply to your access and use of those websites and any services and information contained on such websites.
35. You authorise us to use and disclose your personal information for the purposes of validating the information you provide to us in the course of signing up to and using our Website and the Service.
36. We take reasonable measures to protect all personal information stored within our database. However, the transmission of information using the Internet is not completely secure. We therefore cannot guarantee the security of data transmitted to our site (or via our Service) and any transmission is at your own risk.
37. Please contact our privacy officer at privacy[at]arachne[dot]digital if you:
37.1 wish to discuss any privacy issues;
37.2 wish to raise any objections to the way in which we deal with your personal information;
37.3 have any concerns regarding your personal information; or
37.4 do not wish to receive any future communications from us.
38. By using our Website and/or providing (or allowing the provision of) your personal information to us, you are consenting to the collection, holding, use and disclosure of that information as set out in this Privacy Policy.