Public Privacy Policy

TPT Group and its related business entities (we, our, us) are committed to protecting your personal information that is collected and used as part of carrying out our business activities. This Privacy Policy has been created to help you understand how we collect, use and protect your personal information when you visit our website https://www.tptgroup.co.nz and interact with us or use our products and services.

If you have any questions, you can contact our Privacy Officer at privacy@tptgroup.co.nz.

We care about your privacy.

We are committed to protecting your personal information and ensuring compliance with the New Zealand Privacy Act 2020 (“the Act”). All reasonable steps will be taken to ensure that personal information collected and retained by us is accurate, complete, and protected from unauthorised access, modification and disclosure.

This policy tells you about:

• What personal information we may collect and hold about you.
• How we collect your personal information.
• How TPT Group uses your information.
• Sharing with third parties.
• Who has access to your personal information.
• How we store your personal information.
• How we safeguard your personal information outside of New Zealand.
• Accessing and updating your personal information.
• Cookies and internet use.
• Updating our Privacy Policy.

What personal information we may collect.

TPT Group may collect personal information about you depending on the particular interaction we have with you.  We collect personal information from you directly and may collect it from third parties. Information we collect includes, but is not limited to:

• Customer details such as name(s), address, phone numbers, e-mail address, for organisations, what it is you do.
• Stakeholder communication data such as notes of consultation with you as a customer, a member of our community, answers to surveys you complete online or via telephone, or at events.
• Information about your business such as employee details, the systems and technology you employ,
• Details of service providers such as your other service providers and subcontractors for the services we provide.
• Claims, complaints and disputes information such as the date of the event, what happened, who was involved, what others involved say about what happened, any documents or other information provided to us in relation to the event, emails and other correspondence about the event, recordings of phone calls with us about the event, details relevant to insurance claims, and information that helps us assess the event.  If we need to pay you, we’ll collect information such as your bank account number.
• Information we automatically collect from you such as your calls to us, notes of discussions and meetings, emails, and interactions through our website and social media accounts. If you visit our sites across New Zealand and Australia, you may be recorded by our Visitor Management System, our access control systems or our onsite CCTV security cameras.  These systems operate 24 hours a day with data stored for about 30 days (or longer, if part of an investigation).
• Publicly available information such as details from the Companies Office website, results of online searches, media reports, council records and archives.

How we collect your personal information.

We collect personal information directly from you whenever you interact with us.

We may also collect personal information about you from others where we consider it appropriate or necessary to do so, such as our contractors and suppliers, your service providers.

If you choose not to provide us with your personal information, we may not be able to properly provide the assistance or services you require.

How do we use your information?

We may collect, use, hold and share your personal information for purposes connected with our businesses such as:

• bringing technology solutions to you, including electronic security, information technology, technology solutions, safely, reliably and efficiently;
• upgrading, changing or disconnecting your services and solutions;
• understanding and monitoring the requirements and performance of our customer offerings;
• planning and arranging works;
• updating and maintaining our customer records;
• contacting you (including in an emergency);
• answering your questions and queries;
• responding to claims, complaints or disputes that involve you;
• keeping our business, our people and the public safe;
• meeting our internal and external reporting requirements and obligations;
• running and improving our website and social media engagement;
• for any other purpose that you give your consent to; and
• to comply with our legal, government and regulatory obligations.

In some cases, we may remove personal identifiers from your personal information and maintain it in an aggregate form. We may combine this information with other information that we hold to produce anonymous, aggregated statistical information, which is helpful to us in improving our business activities and/or customer service levels to you. Once your personal information is anonymised, it may no longer be capable of identifying, or being re-linked, to you.

Sharing with third parties.

From time to time, personal information will be shared with third parties. You authorise us to disclose your information to:

• Our related entities to use for the same purposes as us;
• Anyone who hosts or maintains data centres, service platforms, cloud based solutions and other infrastructure and systems for or on behalf of us and our Group companies, where your information is processed, hosted or stored;
• Service providers who undertake services on behalf of TPT Group;
  • reconciliation and billing processes;
  • Credit reference agencies and debt collection agencies (as outlined in the terms and conditions of application for credit and debt); or
  • Any other person as authorised by you.

However, your personal information may be disclosed without your consent as permitted under the Act including for the following reasons:

• to prevent a serious and imminent threat to public health or public safety;
• with a court, tribunal or authority in the course of proceedings or investigations;
• with legal and regulatory authorities, and to others who we are permitted or required by law or regulation to share it with; and
• to report a cyber incident or for cybersecurity purposes (including to prevent unauthorised access to, or attacks on, our systems).

Who has access to your personal information.

We will take reasonable steps to protect your personal information we collect, use or disclose, with access restricted to TPT Group personnel and approved contractors who require it to carry out their role/duties.

How we store your personal information.

We may send data to providers (in NZ or overseas) to hold or process for us e.g., cloud storage providers. The data we send may include personal information. Because the providers are our ‘agents’, the personal

information is treated as being held by us (not ‘shared’ with the provider), and we’re responsible for how it’s dealt with.

We take reasonable steps to destroy personal information when we no longer need it for the reasons for which it was collected.

How we safeguard your personal information outside of New Zealand

From time to time, we may disclose, and you authorise us to disclose, your personal information to an overseas service provider for any of the purposes identified in this privacy policy. We make sure that the overseas service provider is:

a. a participant in a prescribed binding scheme for international disclosures of personal information; and/or

b. is located in a country that provides comparable safeguards to New Zealand’s privacy laws, approved by the Privacy Commissioner.

If not, then we will take reasonable steps to ensure that the overseas service provider is required to protect your personal information in a way that, overall, provides comparable safeguards to those required under New Zealand’s privacy laws. Examples of these steps include a written agreement between us and the overseas service provider or making reasonable enquiries regarding data protection standards of the country in which the overseas service provider is located.

Accessing and updating your personal information.

Under the Act you can ask to access your personal information as well as request we correct or update the personal information we hold about you.

To make a request to access or update your personal information, please send an email to: privacy@tptgroup.co.nz or visit us at our offices at Unit D, 363 East Tamaki Road, East Tamaki, Auckland and we will explain the process.  If there is a valid reason why we can’t meet your request, we’ll give you an explanation.

In some cases, there may be a fee associated with providing copies of your personal information to you. If so, we will advise you of this prior to sending your information to you.

Cookies and internet use.

We make every effort to maintain the security of our internet connections, however, for reasons outside of our control, security risks may still arise. Any personal information transmitted to us or from our online products or services will therefore be at your own risk.

Like many websites, we use cookies and similar technologies to collect additional website usage data and to operate our services. Cookies are not required for many parts of our services. Although most web browsers automatically accept cookies, many browsers’ settings can be set to decline cookies or alert you when a website is attempting to place a cookie on your computer. However, some of our services may not function properly if you disable cookies.

When your browser or device allows it, we use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage patterns, and to personalise and otherwise operate our services such as remembering your language preferences.

Updating our Privacy Policy.

We will regularly review this privacy policy to ensure its accuracy and relevance and will inform you of any changes in the policy by updating the policy on our website.  Any changes made will take effect from the date in which it was published on the website.