Privacy Policy

Why we have this policy:

Aware Group offers premium and custom software consulting services as well as products that utilise AI to enhance business practices. To effectively deliver these services, Aware Group collects personal information. This policy details Aware Group’s commitment to handling personal information using best practice methods and in a way that respects the privacy rights of individuals.

Aware Group collects personal information from you, dependent on the service in which you engage with us.

This Privacy Policy explains the framework in which Aware Group ensures the privacy of personal information. We have supplementary Privacy Statements to provide targeted information for various scenarios; for specific information on what personal information is collected and how it is handled, the relevant Privacy Statement should be read.

Definitions:

Personal Information is any information which tells something about a specific individual. This information does not need to name the individual as long as they are identifiable in other ways. Personal Information may include (but is not limited to):

  • Name.
  • Contact details.
  • Video/Photograph content.
  • Emails/notes.
  • Job title/company.

Legislation:

This Privacy Policy is guided by the New Zealand Privacy Act 2020 (commencing 1 December 2020).

Commitment to privacy:

Aware is committed to maintaining best privacy practice through:

  • Ensuring all staff understand privacy rights and are kept up to date through training.
  • Ensuring that requests for disclosure of personal information or new projects involving personal information are referred to the Privacy Officer for review.
  • Undertaking audits of privacy policies and procedures on at least a biennial basis and following up any specific privacy issues which may arise.
  • Keeping abreast of privacy law developments, technology updates and following best practice guidance from the Privacy Commissioner.
  • Responding to privacy concerns and/or complaints in a timely and constructive manner.

For all projects requiring the handling of personal information or where it is felt that the project may affect any individual’s privacy, we will complete a brief privacy analysis to determine whether a full privacy impact assessment may be required.

How we collect information:

Aware Group collects and stores information from:

  • Users of the Aware Group websites via cookies and form completions.
  • People who engage with Aware Group social media channels.
  • People and companies who are referred by Aware Group Partners for the provision of Aware Group’s products and services.
  • People who approach Aware Group for the provision of products and services (including attendees at workshops/events).

The Aware Group website and social media pages may provide links to external websites. Please be aware that Aware Group is not responsible for the content or privacy of your personal information on any external sites.

Aware Group staff are trained in data collection processes that maintain the security of personal information.

What information we collect:

Aware Group will collect information specific to the service with which you engage. This specific information will be detailed in the relevant Privacy Statement.

When you interact with Aware Group staff, via email or other communication means, you may inadvertently give your personal information (including contact details) to Aware Group outside of specific situations covered by our Privacy Statements. We will only collect the information you give to us, or that is publicly available, and will deal with such information in line with this policy. Aware Group collects this personal information in order to identify appropriate products and services that best meet your needs, and to deliver those services.

Privacy Statements:

In an effort to provide full transparency of how your individual data will be used, we have individual Privacy Statements that are supplementary to this policy and relevant to a range of specific services with which you have engaged and provided personal information for.

Where a service that you have engaged with has a specific Privacy Statement available, the information in that statement will take precedence over this policy. These statements outline situation specific information on what and how data is being collected, how it will be stored, and how long it will be stored for. Our current statements are:

Why we collect information:

Aware Group collects your personal information in order to identify appropriate products and services that best meet your needs and to deliver those services. We may use your personal information to:

  • Deliver our services and products.
  • Contact you about our services and products that may be of interest to you.
  • Contact you about your enquiry.
  • Improve our website and the delivery of our services.
  • Conduct internal statistical analysis to improve our customer experience.

Storage of your information:

Aware Group stores your personal information in third party secure cloud infrastructure and using contracted third-party software including CRM systems. Prior to engagement, all third-party providers undertake a rigorous screening process, including a review of their privacy management.

For our internal systems including emails, data is stored in Microsoft Azure (https://www.microsoft.com/en-nz/trust-center).

Further specifics on where personal data will be stored will be communicated in the relevant Privacy Statement for each service with which you engage.

Personal information will only be held by Aware Group for as long as the information is needed. Personal data no longer required to be held will be securely destroyed.

Sharing your information:

Only Aware Group staff and contractors who need to see your information to deliver the company’s services will have access to do so. Aware Group staff have a confidentiality agreement in place to maintain confidentiality.

Aware Group may share personal information if required by law, or to report a threat to health and safety. If our staff are threatened or abused, we may refer details to the police.

Other sharing of information will only occur in line with the relevant Privacy Statement for each service in which you engage.

Information shared by customers:

Through customer engagements, Aware Group may also collect personal information of people partaking in solutions delivered to customers. Aware Group will take all reasonable steps to ensure this information is protected against loss, damage, misuse, and unauthorised access. To ensure the privacy of personal information, Aware Group takes the following steps:

  • Only using that information for the intended project requested by the customer through the associated statement of work or binding contract.
  • Only allowing staff and contractors who are working on the relevant project to have access to the information.
  • Acting in adherence with the relevant customer’s privacy policy.
  • Housing all information in secure cloud infrastructure.

If you don’t provide information:

Aware Group collects personal information in order to deliver a seamless service to you. You may choose not to provide information; however this may hinder, or fully prevent you, from receiving services from Aware Group.

Further specific impacts of not providing information are detailed in individual Privacy Statements.

Breaches:

Inadvertent privacy breaches may happen despite good processes and the best of intentions. Where a potential breach is identified Aware Group will act quickly and openly by following these steps:

Alert:

As soon as Aware Group staff are notified of an actual or suspected privacy breach, they will immediately notify their Manager and the Privacy Officer (by emailing [email protected]) detailing all information related to the privacy breach.

Containment and assessment:

The Privacy Officer in collaboration with the Manager will immediately conduct an initial assessment and take all practicable steps to contain the breach.

Evaluation and notification:

The Privacy Officer will then conduct an evaluation of the privacy breach, including identification of what information is involved, the cause, and the extent of the breach. As part of this evaluation, the likelihood of serious harm resulting from the breach will be assessed, taking into consideration:

  • Any action taken by Aware Group to reduce the risk of harm following the breach.
  • Whether the personal information is sensitive in nature.
  • The nature of the harm that may be caused to affected individuals.
  • The person or body that has obtained or may obtain personal information as a result of the breach (if known).
  • Whether the personal information is protected by a security measure.
  • Any other relevant matters.

This evaluation will inform the next steps and where necessary the Privacy Officer will notify relevant people of the breach. If the breach is identified to have caused serious harm, or be likely to cause serious harm, Aware Group will report this breach to both the affected individuals whose personal information is at risk and the Privacy Commissioners Office.

Review:

The Privacy Officer will lead a review that puts steps in place to prevent any future breaches from occurring.

Contact:

If you cannot find the information you need, would like to know what information we have about you, would like to amend/correct personal information we hold about you, or you have concerns about the way we are managing your personal information please contact our Privacy Officer:

All requests for personal information will be responded to within 20 business days of receipt.

Changes to policy:

Aware Group may, at its discretion, update or revise this Privacy Policy and associated Privacy Statements at any time. Any changes will take effect immediately as soon as the new Privacy Policy is published on www.awaregroup.com/privacy/

The Privacy Policy will be published on the website and all reasonable steps taken to communicate updates to Aware Group partners and customers. This may be through announcements on the website or email communications to customers. Ultimately, it is your responsibility to check the Aware Group Privacy Policy regularly to ensure you are familiar with the most recent version.

Your continued engagement with any Aware Group services indicates your acceptance of the most recent Privacy Policy.