Effective as of: 30 June 2023
- A link to SuiteFiles’ Customer Terms and Conditions can be found here.
1. Introduction
1.1
The privacy of your data is important to SuiteFiles Limited, Floor 4 Petherick Towers, 38 Waring Taylor Street, Wellington, New Zealand 6011 (“us”, “we” or “our”). We are a New Zealand based business providing cloud-based document management solutions for small-to-medium sized businesses all around the world.
1.2
This privacy policy (the “Privacy Policy” or “Policy”) is intended to inform our customers and users of our Services (“you” or “your”) about how SuiteFiles will collect, use and handle your information. This Policy only applies to our collection and use of Personal Data.
1.3
In addition to our privacy obligations under the New Zealand Privacy Act 2020, to the extent that we collect personal information about individuals residing in the United Kingdom (“UK”) or European Economic Area (“EEA”) , we are a data controller for the purpose of the UK Data Protection Act 2018 and EU General Data Protection Regulation (EU) 2016/679 (“GDPR”).
1.4
Please read this Privacy Policy carefully. By accessing any of our Services or otherwise providing your Personal Data to us, you acknowledge that you have read and understood this Privacy Policy and that you agree to its terms. In particular, by registering an account with us you are required to consent to the processing of your Personal Data as described in this Privacy Policy.
1.5
We will never sell your Personal Data to anyone.
1.6
This Privacy Policy may need to be updated from time to time. Any minor or administrative changes will take effect from the date the revised Policy is posted on our Site. If there is a significant change, we’ll let you know in advance via email. By accessing or using any of our Services after the effective date of any revised version of this Policy, you will be deemed to have accepted the changes. If you do not agree to the changes, you must immediately notify us and stop using or accessing our Services.
2. Definitions
2.1
In this Policy, unless the context otherwise requires:
Customer means a customer of SuiteFiles and includes a customer to whom SuiteFiles is providing the Services free of charge (for trial purposes or otherwise);
Customer Data means Personal Data, addresses, reports, files, folders or documents in electronic format that an End-User of the Service stores within the Service;
Data Security Breach means any unauthorised or accidental access or disclosure, alteration, loss or destruction of the Data where the access or disclosure, alteration, loss or destruction occurs through bypassing the security mechanisms of the SaaS Systems, or an action that prevents SuiteFiles from accessing the Data on either a temporary or permanent basis;
End-User means an employee, agent or representative of the Customer who uses any of the applications of the Service , including the Connect Service and Digital Signing Service, or any other person who is provided access to any of the Services for the purpose of viewing, updating or signing documents or any related or similar purpose;
Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or any updated definition of ‘Personal Information’ from time to time in Privacy Law;
Privacy Law means means any applicable statute, regulation, subordinate legislation or the common law and in force from time to time that the Parties are subject to and includes, without limitation, the New Zealand Privacy Act 2020, and any applicable codes or practice, directive, orders, guidelines or other requirement of any regulator having the force of law;
Service means the SuiteFiles applications, portals and Site provided by SuiteFiles;
Site means the website hosted by SuiteFiles and accessible via www.suitefiles.com;and
Visitor means a person who is not a User who accesses our Site (or otherwise engages with us outside of our Services.
3. The Information We Collect
3.1
We collect different types of information when you visit our Site or use our Services. How we collect Personal Data can be broadly categorised into the following:
- (a) End-User provided information. This is information that is provided directly from an End-User or Visitor when they access parts of our Site or Services or otherwise engage with us. It includes, but is not limited to, name, email address, phone number, physical and postal address, electronic signature, CVs, credit card or other billing information . Examples of when End-User provided information may be collected include but is not limited to signing up for a trial, creating a login to access one of our Services, applying for a job, responding to an email, participating in training or events we run, contacting us with questions, requesting support or connecting with us on social media. If you don’t want to provide us with Personal Data you don’t have to but it may mean you can’t use some parts of our Site or Services.
- (b) Automatically collected information. When an End-User or a Visitor accesses Our Site or Services, we may collect information automatically. This information may include IP address, web browser, device type, operating system, content being accessed, dates and times of access or use of the Service. We may also collect information about a Visitor’s or End-User’s interaction with email messages such as whether an email has been opened, clicked on or forwarded by the End-User or Visitor.
- (c) Other services. To use SuiteFiles a Customer must have a Microsoft Office 365 account. Where an End-User is an employee, agent or representative of a Customer, the End-User’s Office 365 credentials are used to authenticate and log into the Services . During this process we may collect Personal Data from the Office 365 account to provide the Service required, such as your name, work email address, and business address .
- (d) Other sources. It’s possible that we will obtain information about you from publicly available sources and third parties, including Personal Data, to assist us in providing our Services and for other business-related purposes. Third parties could include, for example, our reseller partners, implementation partners, referral partners , trade show organisers, or event, marketing and research partners who may give or sell us marketing lists or create marketing lists for us using publicly available sources . Any Personal Data provided by a third party or obtained through publicly available sources will be treated the same as any other Personal Data we collect in accordance with this Policy.
- (e) Customer provided information. Customer Data may be uploaded or stored in the Service by a Customer or an End-User. SuiteFiles has no direct relationship with the individuals whose Personal Data it hosts as part of the Customer Data. Customers are responsible for their own privacy practices and policies, and ensuring that their use of the Service complies with applicable privacy laws and that their customers are notified of the purpose for which their Personal Data is being processed in the Service. For more information about Customer Data, please see the “Processing of Customer Data” section below.
- (f) Special categories of Personal Data. Generally, we do not collect any special categories of Personal Data, such as information that reveals racial or ethnic origin, political opinions , religious or philosophical belief, trade union membership, genetic data, biometric data, health status, sex life or sexual orientation. However, if such information is required in order for us to provide you with our Services, we will only collect and process this type of Personal Data with your explicit consent and for the purposes set out in this Privacy Policy.
4. How We Use the Information We Collect
4.1
The lawful bases and purposes upon which we rely on to collect, process and use Personal Data are:
- (a) to perform a contract with you (e.g. to operate and provide the Services, customer support and facilitate personalised features, as well as performing safety and security measures in connection with the Service);
- (b) where we have a legitimate interest to process the Personal Data (e.g. for research and development purposes, marketing and promotional purposes, and to protect our legal rights and interests) and that interest is not overridden by your statutory rights;
- (c) where the processing is necessary to comply with our legal obligations; or
- (d) where you have given consent for a specific purpose.
4.2
If we don’t collect your Personal Data we may be unable to provide you with all of our Services. In some circumstances, it is a contractual requirement to provide us with certain Personal Data to facilitate the provision of the Services, for security purposes and to manage billing requirements.
4.3
As noted above, we use the information that we collect to operate our Site and provide you with the Services that you have requested (including providing non-SuiteFiles customers with access to our Services for the purposes of sharing or signing documents). We may also use your Personal Data in other ways, including but not limited to:
- (a) Operations. We use information, other than Customer Data, to operate, maintain, enhance and provide all features of the Service. We do this to provide you with the services and information that you request, to provide support and respond to your comments and questions. We only access Customer Data upon directions from the applicable Customer or End-User.
- (b) Improvements. To provide the best possible service we use information to analyse and understand how End-Users and Visitors use the Services so they can be improved, and new features, functionality, services or products can be developed.
- (c) Communications. We may use an End-User or Visitor’s email address or phone number to communicate directly with them. Communications are generally related to providing support, answering questions, informing End-Users and Visitors about updates to the Service, addressing issues of privacy, intellectual property violations, providing information about promotions and upcoming events, and for marketing and sales purposes. You may opt out of receiving promotional communications at any time by following the instructions set out in the “Your Rights” section below.
- (d) Tracking. We automatically collect information about the Service using cookies and other technology to better customise the Service for you. We use the information to monitor and analyse the Service performance, collect metrics about visits to our Site and functionality being used and track the effectiveness of Service email notifications and marketing initiatives. Whenever you visit and interact with our Service, you accept that we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages and features in our Service are visited and by how many people. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.
- (e) Analytics. We use Google Analytics to analyse the effectiveness of our Site www.suitefiles.com and www.suitebackups.com. Google has its own privacy policy and we strongly recommend that you review this. We do not collect Personal Data from Google Analytics so cannot identify individual End-Users or Visitors from this. To find out more about data privacy at Google please visit https://support.google.com/analytics/answer/6004245.
- (f) Consent. We may also use your Personal Data for other purposes where you have expressly authorised us to do so. Where we rely solely on your express consent to process Personal Data, you can withdraw that consent at any time by contacting us at privacy@suitefiles.com, but this will not affect any processing that has already taken place.
5. Processing of Customer Data
5.1
This Policy does not apply to any Personal Data that forms part of Customer Data which we process solely on behalf of a Customer. If you are not an End-User or Visitor of our Site or Services but believe that a Customer of ours has entered your Personal Data into our Site or Services as a part of their Customer Data then this Privacy Policy does not apply. The management and use of Customer Data is subject to the Customer own privacy policy and practices, and any requests to access, amend or delete that Personal Data should be made directly to the Customer responsible for uploading such data into the Service. If the Customer requests in writing that we remove the Personal Data from the Service we will respond within the applicable statutory timeframes. If we have a legal right or obligation to retain such Personal Data we will provide the Customer with the reasons why we are legally entitled or required to retain it. Where permitted by applicable law, we also reserve the right to retain a copy of the data for archiving and backup purposes or to defend our legal rights.
6. How We May Share Your Data
6.1
From time to time we may need to share your Personal Data with others. We will only disclose this information to:
- (a) Service Providers. We use tier one service providers to provide us with database and infrastructure hosting, maintenance, web and application services. They may access Customer Data or Personal Data as part of their processes in supplying those services to us. We limit the information that we supply them to only that necessary to provide the services we require from them. Where required by applicable law, we will enter into data processing agreements with those third parties to ensure the protection of the Personal Data to which they may have access to.
- (b) Our Partners. We employ partners around the world who provide marketing, sales, reseller, implementation and support services to us and our Customers. Customer Data and Personal Data may be provided to our partners to enable them to perform their services effectively. Only the minimum amount of information necessary for them to undertake their services is provided. Our agreements with our partners require them to maintain the confidentiality of this information.
- (c) Law Enforcement and Regulators. We may be required to provide Personal Data to law enforcement and government agencies, courts or other third parties where it is necessary to comply with applicable laws and regulations. Where permitted under applicable law, we also reserve the right to disclose Personal Data to certain third parties where we reasonably believe, in good faith, it is appropriate or necessary to defend our legal rights.
- (d) Change of Ownership. Should there be an actual or potential change in the ownership of our organisation we may share Personal Data with the buyer (or potential buyer), its agents and advisors to facilitate any purchase, merger or acquisition of the whole or any part of our business. In such cases, we ensure the recipient is bound by appropriate confidentiality obligations and has a privacy policy that has terms substantially consistent with this Privacy Policy.
- (e) Any Other Person. Other than the disclosures set out above, we will only disclose your Personal Data to third parties where we have your express consent. Where you have expressly consented to the disclosure of your Personal Data, you can withdraw your consent at any time by contacting us at privacy@suitefiles.com.
7. Your Rights
7.1
Access to and Correction of your Information. You have the right to request access to all Personal Data that we hold about you. You may also request that we amend any Personal Data that we hold about you where you consider it is incorrect, incomplete or out of date. If we are unwilling to correct your Personal Data as requested, you have the right to request that we attach a statement to the information noting the correction sought.
7.2
Additional Rights for UK and EEA residents. If you reside in the UK or EEA, in certain circumstances you also have rights under applicable privacy laws to:
- (a) receive the Personal Data we hold about you in a structured, commonly used and machine-readable format and the right to request that we transfer such data to another party;
- (b) request that we delete your Personal Data;
- (c) object to the processing of any of your Personal Data; and
- (d) ask us to restrict the processing of your Personal Data.
7.3
If you object to the use or processing of your information, this may mean that the Service might no longer be available to you.
7.4
Opting Out. You may opt out from the collection of navigation information about your visits to our Site by Google Analytics using the Google Analytics opt out feature – https://tools.google.com/dlpage/gaoptou.t
7.5
You may also opt out of any commercial communications you are receiving from us by either using the opt out instructions included in any emails or by contacting us at privacy@suitefiles.com. Please note, if you opt out of receiving commercial information (e.g. direct marketing messages) you will still continue to receive administrative communications from us about the Service.
7.6
Exercising Your Rights: To make a request to exercise any of your statutory data protection rights set out above you may contact us at privacy@suitefiles.com. We will respond to any request without undue delay and at least within the applicable statutory timeframe (which is usually a month ). You may be required to provide us with proof of identity before we can respond to any request to exercise your rights. Where we refuse any request, you have the right to make a complaint to us or to your local data protection authority. Generally, you will not be required to pay a charge for exercising your rights, unless permitted under applicable law.
7.7
Automated Decision Making. We do not undertake any automated processing of Personal Data, including profiling, which produces legal effects or similarly significantly affects any individual.
8. Data Security
8.1
We follow generally accepted industry standards to protect Personal Data both while being transmitted to us and once received. These standards are also used to protect such data against accidental or unlawful destruction, loss, alteration, disclosure, misuse or processing while in our possession.
8.2
No method of transmission or storage of data is 100% secure. We cannot warrant the security of any information you transmit to us or store in the Service and you do so at your own risk. We also cannot guarantee that such information will not be accessed, amended, destroyed or disclosed due to a breach of our technical and physical safeguards. If you believe that your data has been breached, please contact us as described in the “Contact Us” section of this policy.
8.3
We will comply with our obligations in relation to any Data Security Breach, including (where applicable)informing you and the relevant authorities in accordance with the requirements of applicable law.
9. Location of Data and Offshore Transfers
9.1
To use the Service, Customers must have a Microsoft Office 365 account as this governs their access rights; as such, the documents and Personal Data that Customers and End-Users upload, access and share through the Service are stored by Microsoft, and will generally be held in the location that is associated with the Customer’s Microsoft Office 365 logon, and we do not control that, or have any ability to change it. If you require further information about Microsoft’s data security and privacy practices please visit https://servicetrust.microsoft.com/.
9.2
As we are a New Zealand based company operating on a global scale, in some cases we may process your information outside of the location where the information was collected. We store Personal Data on secure third party hosted servers (e.g. Microsoft Azure and HubSpot) in Australia, Singapore, the UK, and the USA . Residents of the UK and EEA should be aware that Personal Data may be transferred and stored outside of the UK and EEA for processing in accordance with the purposes set out in this Privacy Policy.
9.3
Where Personal Data is transferred outside of your local jurisdiction, we will comply with all applicable laws in relation to such transfer, either by ensuring such transfer is to a country that has adequacy status under applicable law, by entering into the applicable model clauses set by data protection authorities which govern the safe transfer of data to third countries, or otherwise ensuring that the recipient party is contractually required to protect the information in a manner that provides comparable safeguards as those provided under applicable local laws. If you would like further information about our data transfer practices including where to find a copy of the relevant model contractual clauses please contact our data protection officer at privacy@suitefiles.com.
10. Data Retention
10.1
We retain Personal Data collected for as long as we have a relationship with you and for a period of time afterwards where we have a need to retain it as per our data retention policies. Once we have finished with the Personal Data we either securely delete it from our servers or anonymise it for statistical, research or other analytical purposes.
10.2
The length of time that we retain Personal Data depends on what that data is and whether we have a need to keep it in order, for example, to continue to provide you with a service you’ve requested or to comply with any accounting, tax or legal requirements.
11. Contact Us
11.1
Should you have any questions or comments about this Policy, the Personal Data that we hold and how we use it please contact our data protection officer at privacy@suitefiles.com.
11.2
If you continue to have concerns about our use of your Personal Data, you can complain to the Office of the Privacy Commissioner (as set out below) or your local data protection authority (if applicable). Details of the New Zealand Office of the Privacy Commissioner are set out below.
New Zealand Office of the Privacy Commissioner
PO Box 10 094, Wellington, New Zealand 6143
OPC website: https://www.privacy.org.nz/about-us/contact/
Helpline number: 0800 803 909
PO Box 10 094, Wellington, New Zealand 6143
OPC website: https://www.privacy.org.nz/about-us/contact/
Helpline number: 0800 803 909
UK Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk