Last updated: May 2022
- Circle Software Limited (trading as CirclePOS, and also known as circlepos.com) is committed to protecting personal information and privacy rights generally.
- This policy applies worldwide to all Personal Information under the control of Circle Software and/or our employees as a result of their work. It does not apply to other entities outside of our control (i.e. our clients, their customers, and their suppliers) or to the Personal Information of our employees, contractors, directors, or officers.
- Circle Software provides a bookshop management software system that includes a point of sale system and an eCommerce website through which Personal Information (together with other information) is uploaded, stored, and otherwise dealt with (“CirclePOS Services”).
- This policy does not limit or exclude any of rights under the Applicable Privacy Laws in the countries in which we provide the CirclePOS Services. For more information, see:
- For Australian residents, the Australian Privacy Act 1988.
- For New Zealand residents, the New Zealand Privacy Act 2020.
- For United Kingdom residents, the United Kingdom Data Protection Act 2018.
- For Switzerland residents, the Switzerland Federal Act on Data Protection 1992 and its ordinances.; and
- For European Union Residents, the General Data Protection Regulation (“GDPR”).
Collection of Personal Information
- We may collect Personal Information:
- About you as our client from you when you provide that Personal Information to us, including via the CirclePOS Services, through any registration or subscription process, through questionnaires, through any contact with us (e.g. telephone call or email), or when they buy or use our services;
- About you as our clients’ customer and/or supplier when our clients input that Personal Information via the CirclePOS Services, subject to our clients’ own contractual arrangement with you;
- About you when you provide that Personal Information to us through any contact with us (e.g. via the contact form on our website or email);
- From third parties where you have authorised this, or if the information is publicly available.
- Where possible, we will collect Personal Information directly from the individual concerned.
- When you visit our website, we do not automatically collect any Personal Information. However, we do collect information that does not identify you for the purposes of improving our service to you. This website information is collected by:
- Using cookies;
- Collecting website use information including user location, and internet protocol (IP) addresses; and
- You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website. While we take reasonable steps to maintain secure internet connections, if you provide us with Personal Information over the internet, the provision of that information is at your own risk.
- We may collect Personal Information:
Storage and security of Personal Information
- We take the security of your Personal Information seriously, and ensure that all of our staff comply with their legal obligations to protect your Personal Information, except in a limited number of circumstances as required by the Applicable Privacy Laws.
- When any Personal Information is uploaded via the CirclePOS Services, it is sent over the Internet using Secure Sockets Layer. We encrypt information to help prevent others from reading it while it is in transit.
- All Personal Information stored through the CirclePOS Services is encrypted or otherwise securely protected, including backups.
- Other security measures including firewalls, and the Google Armor service.
How we may use Personal Information
- We may use Personal Information:
- to verify your identity;
- to provide the CirclePOS Services to you;
- to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose);
- to improve the services that we provide to you;
- to respond to communications from you, including a complaint;
- to conduct research and statistical analysis (on an anonymised basis);
- to protect and/or enforce our legal rights and interests, including defending any claim; and
- for any other purpose authorised by you or Applicable Privacy Laws.
- We may use Personal Information:
- If there are additional purposes (other than those identified above) for which we propose to use your Personal Information, the purposes will be specifically notified to you and your consent requested to the proposed use, either when we collect your Personal Information for that specific use or when that additional purpose arises (if it does so after the Personal Information has already been collected).
- We will always give you the option to decline to provide your Personal Information or to decline to allow us to use that Personal Information for the purposes for which we have proposed to use it, and will comply so long as doing so does not prevent us from meeting our legal obligations under Applicable Privacy Laws.
- How we use aggregate information and statistics
- Circle Software may use aggregated information from the CirclePOS Services to improve the quality of our service and for statistical and market research purposes. This aggregated information is not associated with any individual person. We may use this data in aggregate form as a statistical measure, but not in a manner that would identify any individual personally. This type of aggregate data enables us to analyse the use of CirclePOS Services, compare sales from one year to another, and identify market trends.
Disclosing Personal Information
- We will not sell, lend, or trade Personal Information to any third party.
- We will not disclose Personal Information to any third party, except for the purposes for which it was collected, and for directly related purposes (including those required by Applicable Privacy Laws), including but not limited to:
- Communicating with you by (e.g. by phone or email);
- For internal record keeping and administrative purposes;
- To keep you informed about our services and/or carry out marketing;
- When you have authorised us to do so;
- When we reasonably believe we are required or permitted to do so by law;
- If we believe that the disclosure is reasonably necessary to enforce any legal rights or obligations we may have;
- If we sell/transfer our business to a third party;
- Where it is necessary to do so to resolve a complaint you make about us; and
- If in an emergency situation it is necessary or desirable to share your Personal Information with a civil defence or government organisation, or another emergency service.
- We will primarily collect and process Personal Information in New Zealand and Australia. However because we operate around the world, Personal Information is collected in any country where we operate. It may therefore be stored and accessed in those countries. That Personal Information is collected and transferred pursuant to and in accordance with Applicable Privacy Laws. If at any time we need to send Personal Information outside of a country in which we operate to an overseas agency that may use the information for its own purposes, we will:
- take steps to ensure that we believe on reasonable grounds that the overseas agency receiving the Personal Information is subject to privacy protections that, overall, provide comparable safeguards to those provided under the Applicable Privacy Law;
- enter into a binding contractual agreement with the overseas agency receiving the Personal Information confirming that it will protect the Personal Information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law; or
- obtain the express authorisation of the individual concerned to disclose their Personal Information overseas after expressly informing them that the overseas agency may not be required to protect the information in a way that, overall, provides comparable safeguards to those provided under the Applicable Privacy Law.
Accessing and correcting Personal Information
- Subject to certain grounds for refusal set out in the Applicable Privacy Laws, you have the right to access your readily retrievable Personal Information that we hold, and to request a correction to your Personal Information.
- In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the Personal Information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the Personal Information that you requested the correction.
- You have the right to object to our processing of your Personal Information, in certain conditions. You also have the right to request that we transfer your Personal Information to another organisation, or directly to you, under certain conditions.
- If you want to exercise your rights in respect of your Personal Information, please email us email@example.com. Before you exercise these rights, we will need evidence to confirm that you are the individual to whom the Personal Information relates.
- We may charge you our reasonable costs of providing to you copies of or correcting your Personal Information.
Retention and destruction of your Personal Information
- We will only retain Personal Information for as long as is required for the purpose/s for which it may lawfully be used. Once Personal Information is no longer required, we will securely destroy it or otherwise delete all identifying details or information so that only anonymised data is retained.
- You have the right to request that we erase your Personal Information, or restrict the processing of your Personal Information, under certain conditions.
Accuracy of Personal Information
Mandatory reporting of notifiable privacy breaches
- We have an active management plan for actual, likely, and suspected privacy breaches, including a data incident response plan as required by Applicable Privacy Laws.
- If your Personal Information is involved in a privacy breach which we reasonably believe is notifiable / must be reported in accordance with Applicable Privacy Laws (“Notifiable Privacy Breach”), we will inform the affected individual/s and report the Notifiable Privacy Breach to the relevant supervisory authorities as required by Applicable Privacy Laws (such as the New Zealand Office of the Privacy Commissioner, the Australian Office of the Australian Information Commissioner, the United Kingdom Information Commissioner’s Office).
- Address: 11 Leamington Street, Addington, Christchurch 8024, New Zealand
- Phone: +64 03 377 9698
- Email: firstname.lastname@example.org
Making a complaint
- The Privacy Officer will investigate any complaints that are received and respond to you as soon as possible.
- If you are not satisfied with how we have handled your complaint, you can contact the relevant supervisory authority:
- In New Zealand, the Office of the Privacy Commissioner.
- In Australia, the Office of the Australian Information Commissioner.
- In the United Kingdom, the Information Commissioner’s Office.
- In Switzerland, the Federal Data Protection and Information Commissioner.
- In the European Union, the supervisory authority in the relevant Member State.