This Privacy Statement provides an overview of the way Beca Group Limited and its subsidiary and affiliate companies (“Beca”) may collect, store, use, and share (“process”) personal information (including via Beca websites that link to this Privacy Statement) and running our business. It also explains how you can access or correct your personal information.
This Privacy Statement relates to the personal information (but not company information) we process about our clients, business partners, suppliers, agents, students or visitors to our website. It does not relate to job applicants or employees.
Beca is the data controller, which means that we determine the purposes for, and ways in which, we process personal information. We also use third party data processors, as outlined below.
Our lawful bases for processing personal information
We process personal information to meet our contractual obligations to clients, business partners and agents, to ensure we can deliver the services requested of us. We also process personal information to meet our legitimate interests, including continuously improving our products and services, and meeting our regulatory obligations.
What personal information we collect
We collect personal information from you directly when you engage with us via our websites, online portals, email, telephone or in writing. We might also collect personal information from third parties, such as credit reports, usually with your authorisation. Finally, you may generate some personal information by using services such as our websites.
If you choose not to provide us with your personal information when requested, we may be unable to offer certain services to you.
We may collect the following personal information about you:
- Contact details, including your address, phone number, and email address
- Personal details, including your name, title, date of birth, and occupation
- Your communications with us, including records of phone conversations, emails, and letters
- Credential information, including passwords, hints and other security information used for authentication and access to our websites, apps, online portals, accounts and services
- Your preferences for our services, where you tell us what they are (for example by completing a survey), or where we assume what they are, based on how you use our services
- Data generated during the performance of a contract or agreement between us, and other information stored in our client, supplier, and business partner databases
- Personal information you have entered into our websites, apps, online portals, or chatbots, or that is generated by the functionalities you have used in these forums
- Information about your use of our websites, apps or online portals, including your IP address, the internet browser you use, the pages you have visited, your click and surf behaviour, non-precise geolocation data, and the length of your session (see more about our use of cookies below)
- The communication channel you use to connect with us (such as Facebook or Twitter)
- Your location information where you enable location-based services or features on our websites, apps, online portals, or where deduced from your IP address or physical address
- Information we collect from third parties, such as credit reporters, fraud-prevention agencies, and from other information providers that may relate to your interactions with us.
Cookies
Our websites use cookies to monitor your browsing preferences, so we can show content relevant to you based on these preferences. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide personal information to the owners of the site. Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your computer or be notified before a cookie is stored on your computer. However, if you reject or erase the cookies referred to above some features of our websites will not function properly or may not be fully available. Please refer to your internet browser instructions if you want to find out more about rejecting or erasing cookies.
What we do with your personal information
We may use your personal information for the performance of a contract, including to:
- provide the services you have requested
- enter into or perform any agreement or contract between us
- provide any help you request from us
- manage our relationship with you, including allowing you to connect with us (e.g. via Facebook, Twitter, etc).
We may use your personal information to meet our legitimate interests, including to:
- personalise your experience on our websites, apps, online portals, and chatbots
- improve our websites, apps, online portals, and chatbots
- monitor and prevent illegal activity that threatens our websites, our computer systems or networks
- comply with any applicable laws and/or regulations
- develop and improve our services
- conduct data analysis, fraud monitoring and prevention activities
- identify usage trends.
We may use your personal information with your consent, including to:
- manage our news and publications subscriptions service
- communicate with you
- inform you of our other products and services.
We will generally only use personal information in the ways set out above. Where we need to use information in a way we have not anticipated here, we will only do so if required or permitted by law. We may also use personal information in other ways in an aggregated and anonymised form.
Who we share your personal information with and why
We may need to share personal information to deliver the services you have requested from us, to meet our legitimate interests, or to comply with contractual, government or regulatory requests or reporting requirements. Where we need to share information with an agency we have not anticipated here, we will only do so if required or permitted by law.
We may share your personal information with:
- Other entities in the Beca Group, which could be in other jurisdictions, for administrative purposes and to ensure we have a complete overview of your relationship with us.
- Third parties who assist us in delivering our services, such as:
- Partners, suppliers or agents involved in delivering our services to you
- Companies who are engaged to perform services on our behalf
- Third parties that we use for marketing such as approved media agencies and advertising companies
- Regulatory bodies, tax authorities and/or investigating authorities where we are obliged to do so by law or regulation, or if you have authorised us to share it.
We recognise that we are accountable for your personal information wherever it is in the world. Where we can, we will only send your personal information to countries that have equivalent or higher privacy standards to those in New Zealand. Where we cannot do this, we will take reasonable steps to ensure that your personal information is adequately protected. For example, if you are in the European Union, we will enter into EU Standard Contractual Clauses with that other country.
The third parties who we engage with will be contractually bound to keep all information confidential and to only process your information to the extent that it is necessary and in accordance with applicable law.
How we store and protect Personal Information
We take all reasonable steps to protect your personal information, whether it is stored by us or our trusted third parties. We have implemented generally accepted standards of technology and operational security to protect the personal information in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Most of the personal information we hold is stored on Microsoft cloud platforms, including Microsoft Azure. Microsoft takes privacy seriously and has several safeguards in place to protect the personal information it holds on our behalf. You can read more about Microsoft’s privacy and security practices here https://privacy.microsoft.com/en-ca/.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Retention of Personal Information
We will retain your personal information only for as long as we have a lawful purpose to use it. This means we may retain your personal information for a reasonable period after your last interaction with us. We take all reasonable steps to ensure that personal information we no longer need is securely destroyed.
Withdrawing consent and objecting to processing
Where we’re processing your personal information on the basis of consent, you can revoke your consent at any time. Where we’re processing your personal information on the basis of our legitimate interests (such as improving our services), you can object to this. If you believe we’re using your personal information in ways that are unlawful, or if we’re continuing to use information that you think is inaccurate, you can ask us to restrict this processing.
Please email your request to our Privacy Officer at [Enable JavaScript to view protected content]. Please note that we may ask for additional information to verify your identity.
Accessing, correcting or deleting your personal information
You have the right to request access to, and under certain conditions, the correction or deletion of, the personal information we hold about you. If we are unable to correct or delete your personal information (for example, where we do not agree that it is wrong, or we need the personal information for a lawful purpose), we will tell you.
Please email your request to our Privacy Officer at [Enable JavaScript to view protected content]. Please note that we may ask for additional information to verify your identity.
Changes to this Privacy Statement
We reserve the right to modify or amend this Privacy Statement at any time, to reflect changes to privacy regulations or our business practices. The effective date will be displayed at the beginning of this Privacy Statement.
Contact details of our Privacy Officer
Email: [Enable JavaScript to view protected content]