Issue Date: June 2017
About this Policy
Rubberduck Consulting Limited, a registered company in New Zealand (Company Reg. 5360621), hereafter referred to as “Company, we, us, our, ourselves” is the owner and operator of the Toast Mobile Application (“Toast App”).
The Toast App has been developed as a practical and entertaining way for any adult who likes wine to remember the wine they like and to share it along with their wine moments with friends.
We are committed to protecting the privacy of any personal information it holds about individuals in accordance with and to comply with its obligations under the relevant New Zealand privacy laws (NZ Privacy Act 1993 ("the Act")) and will deal with personal information we collect in accordance with the respective Privacy Principles ("APPs") set out in the Act. In summary, "personal information" is information or an opinion, about an identified individual, or an individual who is reasonably identifiable, regardless of whether or not the information or opinion is true and regardless of whether the information or opinion is recorded in material form.
What information does Toast collect?
Toast collects your personal information to allow it to perform its business functions.
We may automatically collect the following information:
- details entered necessary to create a Toast account (“Account”);
- log-in information;
- user behaviour;
- all content (text or any other type) entered, captured or uploaded by the user;
- IP Address(es)
- unique identifiers associated with your mobile device (for example an IMEI address) also referred to as device identifiers*; and
- information obtained from Geotagging**
*A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software, or data sent to the device by Toast. Also, a device identifier may deliver information to us or to a third party partner about how you browse and use the Service and may help us or others provide reports or personalized content and ads.
**Geotagging is the process of adding geographical information to various media in the form of metadata. The data usually consists of coordinates like latitude and longitude and is most commonly used for photographs and can help people get a lot of specific information about where the picture was taken or the exact location of a friend who logged on to a service.
You can also sign up and create a Toast account using your Facebook credentials.
We will not collect your Facebook username or password, but we may collect details from Facebook that confirm whether you are logged-in to Toast using your Facebook account.
There are three categories of personal information that we may collect about you:
- personal information provided to us when you create an account. When you sign up, we will ask you to provide information such as your email address, gender, age and country. You will also have a unique password which enables you to access your Account.
- information that you provide to us in the course using the Toast App, such as details you manually enter in shared posts which may include (but are not limited to) location, favourite restaurants and wineries, personal food preferences, frequency of visits to specified locations; and
- information we receive from third parties such as wineries, restaurants and retailers which we have business partnerships with ("Our Partners")
If necessary, we may also ask you to provide additional personal information from time to time. Importantly, we would not collect any personal information that is not needed to perform a business function, and generally it will not collect any information about you without your prior consent.
Use of personal information
We may use your personal information in the following ways:
- to supply you with our products and services;
- user service and assistance;
- help you efficiently access your information after you sign in;
- provide personalized content and information to you and others, which could include online ads or other forms of marketing (“direct or target marketing”);
- provide, improve, test, update and monitor the effectiveness of the Toast App;
- develop, test new products and features and diagnose/fix technology problems;
- to obtain information from you to research and improve our services and develop new services;
- to market and promote products and services by us and our Partners *;
- if and when required by law.
* expressed consent is obtained during sign-up, or prior to any new promotions, surveys or campaigns offered during the use of Toast .
We will not send marketing messages and material directly to your mobile phone or email address unless you provide us express consent. Where express consent has been provided and you want to withdraw the consent, please contact us by sending an email to firstname.lastname@example.org
- Any government, law enforcement or regulatory authorities as required;
- Where it is authorised by law to adhere to legal requirements (in receipt of a subpoena, search warrant or other legal process received by Rubberduck Consulting Pty Ltd);
- to enforce Rubberduck Consulting Pty Ltd’s policies and terms or to protect our rights;
- Your legal advisers, upon request by you; or
- Our professional advisers, auditors and lawyers.
Security of your personal information
We take reasonable steps to ensure personal information it holds about you is protected from risks such as loss, unauthorised access, use, destruction, modification or disclosure. Only authorised personnel or consultants will access your personal information for legitimate business purposes.
No data transmission over the internet is totally secure. As a result, any personal information you send to Toast over the Internet (including via email) is sent at your own risk. If we determine it no longer requires your personal information, Toast will take reasonable steps to de-identify or securely destroy that information as soon as practicable.
We store the personal information collected in a database on our servers. We use commercially reasonable safeguards to help keep the information collected through the Service secure and take reasonable steps to verify your identity before granting you access to your account.
Please do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and ourselves, at all times. Your privacy settings may also be affected by changes the social media services you connect to via the Toast App make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.
We take precautionary steps to ensure that our computers have adequate security measures (such as a firewall, secure work environments and work flows, secure servers, access privileges etc.) in place to protect against the loss, misuse and alteration of the information under our control. We require Our Partners to do the same. Notwithstanding such measures, we cannot guarantee that the security measures will prevent our computers from being illegally accessed and the individual information on them stolen or altered. In the event of an eligible data breach, we will comply with any relevant territory reporting obligations as required where the data loss is related to.
Access to and correction of personal information
You have a general right to access the personal information we hold about you. You may contact us to request details of your personal information by email to email@example.com. We can deny your request in some circumstances and if it does so, will provide you with written reasons for that denial.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
When you use the Toast App, cookies and similar technologies like pixels, web beacons, and local storage may be used to collect information about how you use Toast and provide features to you.
This information may be used to collate data for the purposes of providing an enhanced user experience, retargeting, cross-selling and service enhancements. Additionally, we may use other new and evolving sources of information in the future.
The length of time a cookie will stay on your computer or mobile device depends on whether it is a persistent or "session" cookie. Session cookies will only stay on your device until you stop browsing or close the browser. Persistent cookies stay on your computer or mobile device until they expire or are deleted. More information on session cookies is available at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html.
We use social media plugin functionality such as Facebook (Like and Share buttons), their policy is listed here http://www.facebook.com/about/privacy/
We do not take any responsibility for social media obligations to privacy and your personal information once redirected out of the Toast App.
Cross border disclosure
We may be required to transfer your personal information to Our Partners in jurisdictions outside of New Zealand. Our Partners provide us with data hosting and technical support and are subject to strict controls that protect your information from unauthorised use or disclosure and limit their access to your personal information to the extent necessary to do their job. We take all reasonable steps to ensure that Our Partners commit to high standards of data protection and comply with applicable data protection regulations in their respective jurisdictions. Such measures are clearly stipulated in the contractual agreement between ourselves and Our Partner(s). The contracts require Our Partners to meet the privacy standards we set for ourselves in protecting your personal information and comply with the appropriate privacy and data protection regulations.We will only disclose personal information to Our Partners for the purposes disclosed in this Policy or for another reason for which we have permission from you.
Dealing with unsolicited personal information
If we receive unsolicited personal information about you, we will take all reasonable steps to ascertain if the information is necessary for our activities and business and that you have provided consent for the information to be disclosed. If deemed not appropriate and in line with your consent, we will determine if the information obtained must be de-identify/destroy and take the necessary measures to destroy the information securely.
Other websites and services
The Toast App may, from time to time, feature ads that contains links to other websites. Where a user clicks on this ad and is redirected, we are not responsible for the privacy policies or practices of third party websites. If you are using a third-party website or service and you allow them to access your User Content you do so at your own risk.