Olive Leaf Network Ltd Privacy Policy – March 2023

Privacy is given serious importance at Olive Leaf Network Limited (“Olive Leaf”, “we”, “us”, “our”). We maintain to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.

We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us. When you access our website and/or engage us to provide any service, including web services (the “Services”), you automatically consent to the terms of this Privacy Policy and agree to be bound by it.

If you are primarily based in the European Union and use our website and/or Services, we have some additional terms laid out in the addendum (“GDPR Addendum”) which apply to you.

This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.

1.0 Collection of Personal Information

Olive Leaf collects personal information to enable us to provide a service to you, raise financial support from you or otherwise engage with you. The information that we collect may include your name, date of birth, country of residence, and contact details (physical address, email address, and landline and/or mobile number or other contact details you provide us) as well as other information that will help us provide you with the requested support. We also collect information about how you use our website (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, information contained in your correspondence with us, or survey responses and other information required to provide a service or information you have requested from us.

We collect and hold such personal information that we may collect directly from you when you:
– make a request for provision of our Services,
– access our Services and we provide you with the Services,
– use our website,
– contact the Olive Leaf support team,
– visit our website.

You may choose to not disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.

2.0 We may receive personal information from you about others

Through your use of the Services, we may also collect information from you about someone else where you have authorised us to do so (for example, by choosing a feature of the website that contemplates the interaction with a third party website or feature or user) or where the information is publicly available. This could include personal information collected when users you have invited use our Services or website (“User Data”). If you provide us with personal information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy.

This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Olive Leaf’s identity, and how to contact us.

3.0 We collect, hold, and use your personal information for limited purposes

Olive Leaf collects personal information to assist us in providing you with the Services that you have requested. This information may be used for purposes including to:
– provide the requested Services to you,
– market our Services and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
– carry out training of our personnel in relation to the Services,
– ensure we comply with laws and regulations in applicable jurisdictions,
– keep open lines of communication with you, including in response to a complaint,
– accept and process your donations. This includes authorising us to process credit card transactions, and
– any other use that is authorised by you or relevant privacy laws.

In the event of a sale, merger, consolidation, liquidation, reorganisation or acquisition, your information may be transferred.

When we collect and process User Data we act as an agent of you for the purposes of the New Zealand Privacy Act 2020 and any other relevant privacy laws. If applicable, we also act as the data processor for the purposes of the General Data Protection Regulation of the European Union (“GDPR”). Such User Data will only be processed in accordance with this Privacy Policy and in compliance with all applicable privacy laws.

By using our website or asking us to provide you with the Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. We will only use your personal information in the ways outlined in this Privacy Policy or if we have your express permission. If you have any personal information related to your engagement with our Services such as a password, it is your responsibility to keep that safe. If you become aware of any breach of your security, you should contact us immediately and change your password.

4.0 We can collect your non-personally identifiable data

When you use our Services, you are agreeing to us accessing, aggregating and using non-personally identifiable data collected from you. This data does not identify you nor any other individual.

This data may be used to:
– help us understand how people engage with our Services and website, for example, the busiest days of the month, quantity and timing of payments and most popular web pages;
– provide you with further information regarding the uses and benefits of our Services;
– increase business productivity as the aggregated data can provide relevant business insights; and
– otherwise improve our website and Services.

5.0 Transfer and storage of personal information

All information that you provide to us or is entered into our website or collected from your visiting our website is automatically transferred to our website servers. When you use our Services, you consent to your personal information being held by our servers as outlined in this Privacy Policy.

The website and Services may be supported by businesses that are outside of your country. If you are situated within the European Economic Area (EEA), please refer to the GDPR Addendum. This will outline how personal data is transferred from the EEA.

As at the date of this Privacy Policy, our servers are located in Auckland, New Zealand. Your personal information will be transmitted through and stored on, those servers as part of the Services. If the location of our servers changes in the future, we will update this Privacy Policy. We would encourage you to frequently review our Privacy Policy so you are aware of any changes.

Olive Leaf is based in New Zealand and may access your personal information from New Zealand. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection. This decision provides our basis for transferring personal information to New Zealand.

By providing your personal information to us, you consent to us storing your personal information on our website servers and accessing your personal information from New Zealand. If your personal information is be stored on servers located in other countries, it will remain within our effective control at all times. The server host’s role is limited to providing a hosting and storage service to us, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.

If you are not comfortable with your personal information being transferred to a server in another jurisdiction, you should not provide us with your personal information or use our website.

6.0 We are committed to protecting your personal information

Olive Leaf will at all times work to ensure that we are taking all the steps to protect your personal information. The information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all data transferred between you and the website for the provision of the Services is encrypted.

All personal information that we collect is stored securely. It is only accessed by members of the Olive Leaf team who need to access your information to fulfil the requirements of their role.

Despite our best efforts, the internet itself cannot be trusted as a secure environment. Consequently, we are unable to give an absolute promise that your information will always be safe. Sharing of personal information over the internet is to be done at your own risk. You should only give out your personal information to the website within a secure environment.

If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.

7.0 We will only release your Personal Information in limited circumstances

The personal information which you provide to us will only be disclosed if it is necessary, appropriate and achieves the outcome for which you engaged our Services.

Unless there is a sale, merger, consolidation, liquidation, reorganisation or acquisition, we will not disclose your personal information to a third party unless we have your express consent. It is important to note however, that we may have to do so without your consent to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, required by law. If it is possible and appropriate, we will endeavour to notify you to let you know this has occurred.

Your personal information is not controlled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.

Our advertising and analytics partners may receive information about your use of our website through cookies, web beacons and similar storage technologies. More information on this can be found in the Cookies section of this Privacy Policy.

8.0 We do not store your credit card details

If you need to use your credit card to donate to us, your credit card details will not be stored online and cannot be accessed by our staff. However your credit card details may be encrypted and securely stored by our chosen payment provider. This will enable us to automatically bill your credit card on a recurring basis.

9.0 Requesting access to your personal information

It is up to you to ensure that the personal information you provide is accurate, complete and up-to-date. Unless there are certain legal grounds for refusing, you may ask to access the personal information we have that is readily available. You may also ask us to update or correct any information we have about you. This may be done by requesting in writing and sending it to us at The Olive Leaf Network, PO Box 232, Paraparaumu 5254 or by email to support@oliveleaf.org.nz. You will need to prove that you are the individual to whom the personal information relates.

We will process your request as soon as reasonably practicable, unless there are legal grounds preventing us from doing so. We will explain why if we are unable to do so. One example for refusal would be if access would unreasonably impact the privacy of another individual. If you request a correction and we have to refuse, reasonable steps will be taken to note down that you requested that correction.

If appropriate and reasonable, we may charge you the cost of providing and/or correcting your personal information.

Your personal information will only be kept for as long as it is needed. There may be circumstances however where we have to keep the information for a specified amount of time to meet various legal and reporting requirements.

10.0 We may use cookies

Our website may use cookies. A cookie is a small text file that is stored on your computer for record-keeping purposes. It does not identify you personally or contain any other information about you but it does identify your computer.

Amongst other purposes, these can be used to track how the website is being used and the level of engagement with advertising.

11.0 You may opt out of any email communications

We use email to send out various information relating to billing, marketing our services and general communication. There are clear instructions on the emails explaining how to remove yourself from our mailing list. If you choose to opt out, this will not remove you from receiving emails about breaches (if relevant) or any changes to the Privacy or Terms of Use policies.

12.0 Your responsibility in transferring your data to third-party applications

Our website may have links or ads that get you to follow a link to a third-party application or website. It is your responsibility to be vigilant when giving out personal information on these links as we have no control, and take no responsibility for these websites and applications.

13.0 Privacy complaints process

If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation:
– Email: support@oliveleaf.org.nz
– Post: The Olive Leaf Network, PO Box 232, Paraparaumu 5254

We will:
– Send you an initial response to your query or complaint within ten (10) business days; and
– Look into and seek to resolve the issue within twenty (20) business days. If necessary, we may need a longer period to do this but will notify you of this delay.

14.0 This Privacy Policy may be updated

We reserve the right to change this Privacy Policy at any time. The amended Privacy Policy will be considered effective as soon as it is posted to this website. If you continue to access and use our website and/or receive our Services, you will be considered to have accepted the amended Privacy Policy.

This Privacy Policy was last updated on 6 March 2023

GDPR Addendum

If you are located in the European Union (“EU”), and wish to use our website and/or Services, the GDPR applies to you. These additional terms (“GDPR Addendum”) apply to this and make up part of our Privacy Policy.

The EU General Data Protection Regulation (“GDPR”) was set up to control the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in the Olive Leaf Privacy Policy comes under the personal data in the GDPR. It is important to us that we comply with the GDPR when dealing with the personal data of EU-based visitors to our website.

This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to support@oliveleaf.org.nz.

For the purposes of the GDPR, Olive Leaf is the data controller (as defined in the GDPR) when processing personal information.

1.0 Processing personal data

The personal information outlined in this Privacy Policy is the personal data that Olive Leaf may process. Any processing done will be to achieve the purposes set out in this Privacy Policy.

As permitted under the GDPR we can process your information for the purposes described in the body of the Privacy Policy by relying on one or more of the following lawful grounds: (a) you have agreed with us explicitly that we may process your information for a specific reason; (b) the processing of personal information is necessary to perform the agreement we have with you (or to take steps to enter into an agreement with you); (c) the processing is necessary for us to comply with our legal obligations; or (d) the processing is actually necessary for our legitimate interests, which include: (i) to protect our business interests; (ii) to ensure that complaints are appropriately investigated; (iii) to evaluate, develop or improve products and services we offer; or (iv) to keep you informed of relevant products and services, unless you indicate that you do not wish us to be kept updated. While we will generally rely on your specific consent to process special categories of personal data (i.e., ‘sensitive information’), in some cases (for example, relating to an alleged offence), we may need to use some information to comply with our legal obligations.

It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.

2.0 Your rights

The GDPR grants you certain rights in relation to your personal data. These include:
– right of access – you have the right to ask, and we have the obligation to confirm, if we are processing your personal data. We can also provide you with a copy of that data.
– right to rectification – if we hold inaccurate or incomplete personal data about you, you may ask to have it corrected or completed. Once notified, we will do all that we can to ensure the information is made right. We will also endeavour to pass on the correction if possible to any third parties with whom we have shared your personal data.
– right to erasure – your personal data is deleted once it has fulfilled its intended purpose. Provided it does not contravene any applicable laws, we will also delete your personal data if you send a request. If we have shared your personal data with any third parties, we will take reasonable steps to inform them of your request.
– right to withdraw consent – as mentioned above, our legal basis for processing your personal data is your consent. Therefore if you wish for us to stop processing your personal data, you may withdraw your consent at any time.
– right to restrict processing – you have the right to ask us to restrict or stop the processing of your personal data in certain circumstances. We will pass this request on to third parties where possible.
– right to object to processing – at any point you may also request that we stop processing your personal data all together. We will do this to the extent required by the GDPR.
– rights related to automated decision making, including profiling – At the time of this GDPR Addendum, Olive Leaf does not make any automated decision making or profiling using the personal information. If this were to change, you have the right to not be subject to a decision based solely on this automated processing, including profiling which can have a significant legal impact. The exceptions to this occur where such automated decision making is necessary for entering into, or fulfilling a contract with you, where relevant laws authorise it and when you have given explicit consent.
– right to data portability – we will give you any personal data that you have requested from us in a commonly used, machine readable and interoperable format to ensure you can access it. Where possible, and if you have requested, we will send your personal data to another data controller.
– the right to complain to a supervisory authority – if you have any concerns about the way in which we have dealt with your personal data, you may contact the relevant data protection supervisory authority.

If your personal data is used or obtained for direct marketing purposes, you have the right to object.

If you wish to exercise any of your rights listed above, please contact support@oliveleaf.org.nz . If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.

3.0 Children

It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.

4.0 International transfer of data

As we are based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us, we may transfer the personal data, so long as there are suitable safeguards.

The Olive Leaf Privacy Policy states that some of the personal information we collect is processed by third party data processors in other countries, including Australia. We will only transfer this data outside the EEA if that country has been given the adequacy status mentioned above, or if we have approved transfer instruments set up to protect your personal data. If you wish to know more, please contact us using the details in our Privacy Policy.

5.0 Data Retention Privacy Policy

We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.

6.0 Contacting us

Please contact us via the details as set out in our Privacy Policy.