Psoda Privacy Policy

About us

This Site is operated by Psoda Limited trading as Psoda, registered in New Zealand with registered address: 13 Marama Terrace, Eastbourne, Lower Hutt 5013, New Zealand.

Information Notice

We take your privacy very seriously. For the purposes of New Zealand’s Privacy Act 1993, and, if you are based in the European Union, the General Data Protection Regulation ( GDPR), this Policy is intended to provide you with clear and transparent information about how we will treat the personal information that we process. Please read this Policy carefully.

Updates to this Policy

We may change this Policy from time to time and the change will take effect once the revised Policy is available on our home page. We will notify our customers, License Administrators and Users of any material changes which you can review as the updated Policy.

The information you provide

Who we process personal information from

We provide cloud portfolio, programme and project management software ( Services). We process personal information from:

• our customers, provided the customer is a natural person ( Customers);
• the persons who administer our customers use of the Services ( License Administrators);
• the users authorised by the License Administrators to use the Services ( Users); and
• other persons who are visitors to our Site, engage with us, who we target our Services to, or whose personal information is submitted by Users into the Services, provided those other persons are natural persons ( Third Parties).

What personal information we process

We process the following categories of personal information of Customers:

• name, title, address, telephone number, email, together with information about the professional activities performed, or products or services provided by the customer ( Identification Data); and
• invoicing details including, credit card and/or other payment method information, tax numbers, and bank account numbers ( Payment Data).

We process the following categories of personal information of License Administrators and Users:

• Identification Data;
• in respect of the Services: passwords, security codes, levels at which permissions are granted, and other such information required to access the Services ( Services Access Data);
• if the human resources tools within the Services are used by the License Administrators, then payroll information ( Payroll Data);
• how the Services are used, the current responsibilities (including projects, billable hours, hours worked), IP addresses, cookies, and connection moments within the Services ( Service Analytics Data); and
• any evaluation of the Services we receive ( Evaluation Data).

We process the following categories of personal information of Third Parties:

• Identification Data;
• Evaluation Data;
• how the Site is used, including IP addresses, browser type, operating system, language, cookies, and pages on the Site that you visit ( Site Data); and
• personal information submitted to the Services by Users, which may include information about correspondence with, the purchase goods and/or services from, or participate in promotions of advertisers or sponsors showing their goods and/or services through the Services ( User Submitted Data).

Where reasonably practical we aim to collect personal information directly from the person who is the subject of the personal information (the data subject). However, Psoda may collect personal information about data subjects from other sources where we believe on reasonable grounds that:

• the personal information is publicly available information;
• the data subject has authorised the collection of their personal information from someone else (for example, when personal information of a Licensed Administrator or User is provided to Psoda by a Customer for the purposes of that Customer’s use of the Services).
• any other situation where the exceptions in section 6(2) of the Privacy Act may apply (or, in the case of EU subject, in accordance with and subject to Article 14 of the GDPR).

We collect the personal information outlined in this Policy when people register for, and use, the Services or the Site, through cookies on the Site and Services, using analytics tools imbedded in the Site and Services, and directly from people (including via web forms or similar methods of input on the Site, and information provided to us by email, phone, or in person).

How Psoda uses the information

Purpose of processing personal information

We process Identification Data, Payment Data, Services Access Data, and Payroll Data for the following legitimate purposes:

• to carry out customer administration tasks, and to manage and delivery the Services;
• to manage any disputes (including disputes over invoices or delivery of Services);
• to answer any inquiries about Psoda by Third Parties; and
• to personalise marketing and advertising, and to canvass for prospective customers.

We process Service Analytics Data, Evaluation Data and Site Data for the following legitimate purposes:

• to analyse User and License Administrator behaviour, preferences and intentions for the purpose of marketing additional Services, or determining Service developments;
• on an aggregate basis, to deliver statistical results that may help Psoda make announcements, and to help in planning and decision making about the Service and Psoda’s market position;
• to ensure the security of the Services and the Site;
• to combat and prevent breaches of our Policy and any Subscription Agreement; and
• to manage any disputes (including disputes over invoices or delivery of Services);
• to answer any inquiries about Psoda by Third Parties; and
• to personalise marketing and advertising, and to canvass for prospective customers.

We process User Submitted Data but do not determine what specific personal information will be transferred to us. User Submitted Data transferred to us from Users is processed by us for the sole purpose of providing the Services to the relevant customer.

Our lawful basis for processing personal information

If we are unable to process the personal information from persons identified in this Policy, then the use of the Services may suffer from reduced functionality, and certain features may be disabled. Performance of a contract:  You acknowledge and agree that the processing identified below is necessary for the performance of a contract to which the data subject is party:

• to carry out customer administration tasks, and to manage and delivery the Services; and
• to manage any disputes (including disputes over invoices or delivery of Services).

Legitimate interest:  You acknowledge and agree that the processing identified below is necessary for the purposes of a legitimate interests pursued by us, and that such interests are not overridden by your interests or fundamental rights and freedoms of the data subject which require protection of personal data:

• to answer any inquiries about Psoda by Third Parties;
• to personalise marketing and advertising, and to canvass for prospective customers.
• to analyse User and License Administrator behaviour, preferences and intentions for the purpose of marketing additional Services, or determining Service developments;
• on an aggregate basis, to deliver statistical results that may help Psoda make announcements, and to help in planning and decision making about the Service and Psoda’s market position;
• to ensure the security of the Services and the Site;
• to combat and prevent breaches of our Policy and any Subscription Agreement;
• to manage any disputes (including disputes over invoices or delivery of Services); and
• to process User Submitted Data for the sole purpose of providing the Services to the relevant customer.

If you are EU based you have the right to object to the way Psoda processes your personal information where the processing is based on legitimate interests. For more information see “Rights of EU based persons” section below for further details.

Storage and deletion of personal information

We will process your personal information securely using technical and administrative security measures that reduce the risk of loss, misuse, unauthorised access, disclosure or alteration. Please note that personal information may be transferred via the internet. The internet is not an inherently secure system, and we cannot guarantee the security of personal information transferred via the internet. We will securely delete personal information held in connection with a customer use of the Services in accordance with any Subscription Agreement and when we are no longer required to comply with any legal obligations that necessitates the retention of personal information. Notwithstanding anything in this Policy, we may retain personal information in an aggregated and non-identifying form.

Third parties we transfer personal information to

We may transfer your personal information to:

• you, in order to respond to your enquiry;
• third party providers in order to supply the Services and Site (including website hosting, data analysis and storage, payment and invoice processing, information technology and related infrastructure, customer services, Services maintenance, e-mail delivery, and other similar services);
• our professional advisors (including in connection with any audits, professional advice, research, or process and product improvements) on a need to know basis;
• courts, law enforcement, and public bodies, in compliance with local laws and regulations, and only in the instance and to the extent where we reasonably believe that we are legally required to do so; and
• direct marketing providers, when we use such providers to send you information from time to time about Psoda and the products and services that we provide.

If you do not wish to receive information from direct marketing providers then please state this when you send your enquiry, or write to: The Data Protection Officer, Psoda, PO Box 24158, Wellington, New Zealand.

International transfers of personal information

In respect of EU based persons, please note that:

• Psoda will transfer your personal information to Psoda in New Zealand, and that the appropriate safeguard in place for such a transfer is an adequacy decision under Article 45 of the GDPR.

Your right to access and correct the information

You have the right to access and correct the personal information that Psoda holds about you. Please contact The Data Protection Officer, Psoda, PO Box 24158, Wellington, New Zealand for an application form. We may require you to provide verification of your identity and to pay an administrative fee to provide a copy of the information that we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under the NZ Privacy Act 1993, for example, where disclosing the information may reveal the identity of a third party.

Rights for EU based persons

Under the GDPR, if you are an EU based person you have the right to:

• access and correct your personal information.
• in certain circumstances, have your personal information erased.
• restrict the processing of your personal information.
• move, copy or transfer your personal data easily for your own purposes across different services in a safe and secure way.
• object to processing where Psoda is relying on its legitimate interests as the basis for processing and at any time to processing of personal information for direct marketing purposes.
• withdraw your consent to our processing of your personal information if your consent is being relied on by Psoda.

If you wish to exercise your rights, please contact the Psoda Data Protection Officer, Psoda, PO Box 24158, Wellington, New Zealand.  Psoda may require you to provide verification of your identity. Please note that in certain circumstances Psoda may refuse to respond to a GDPR rights request where it has the right to do so under the GDPR, for example, where a request is manifestly unfounded or excessive. Please also note that, if we are unable to collect or process your personal information, your use of the Services and the Site may suffer from reduced functionality, and certain features of the Services and the Site may be disabled.  Further, where we are not, or are no longer, in a position to identify you within the information we hold (including because of any de-identification techniques we have employed), then your rights described above may no longer apply.