This Policy applies to any personal information we collect, store or access when we provide our Services or when you interact with us.
When we say "your personal information" in this Policy, we mean your or your end users’ personal information (and includes any personal information that is accessed or extracted by us from a cloud computing system such as Xero).
Whenever we collect, store and use your information, we comply with all applicable laws in New Zealand, including the New Zealand Privacy Act 2020.
We collect personal information.
We deliver an advisory platform and small business app, designed especially for accountants, bookkeepers and their clients, through a single point of access to information available to you from various third party providers (“Service”).
The Service includes the collection, storage and use by us of personal information relating to you and your end users.
Personal information is information about an identifiable individual, and may include information such as an individual’s name, email address, telephone number, bank account details, taxation details, and accounting and financial information.
We may collect personal information from you.
We may collect personal information from you when you:
• register to use the Service;
• use the Service, including making requests about your information;
• share any information from the Service;
• post to the AIDER Community forum or on our blog;
• contact our team for support and guidance on use of the Service; and
• visit our website.
You can always choose not to provide your personal information to us, but it may mean that we are unable to provide you or your end users with the Service.
We will only collect information relevant to our business relationship with you.
The personal information we collect will generally include:
• Your and your end users’ name, address, telephone numbers, email address, credit card or bank account details, and information about your use of our services; and
• Various business, bank, and accounting information from source apps such as Xero.
You are required to keep us informed of changes to your information to enable us to have proper administrative processes.
We collect, hold and use your personal information for limited purposes.
We collect personal information so that we can provide you with the Service and any related services that you may request. In doing so, we may use the personal information that we have collected from you for purposes related to the Service including to:
• verify your identity;
• administer the Service;
• notify you of new or changed services offered in relation to the Service;
• carry out marketing or training relating to the Service;
• assist with the resolution of technical support issues or other issues relating to the Service;
• comply with laws and regulations in applicable jurisdictions;
• communicate with you; and
• address any related purpose in connection with the above.
By using the Service, you consent to your personal information being collected, held and used in this way and for any other use that you authorise. We will only use your personal information for the purposes described in this Policy or with your express permission.
It is your responsibility to keep all your passwords, to the various third party applications used by the Service, safe. You should notify us as soon as possible if you become aware of any misuse of your passwords, and immediately change your password using the process set out in the relevant third party applications.
AIDER can aggregate your non-personally identifiable data.
The information that we collect may include non-personally identifiable data. By using the Service, you agree that we can access, store, aggregate and use non-personally identifiable information that we have collected from you. This information will in no way identify you, your end users or any other individual.
We may use this aggregated non-personally identifiable information for our business purposes, including to:
• assist us to better understand how you and your end users are using the Service;
• provide you and your end users with further information regarding the uses and benefits of the Service;
• provide insights into enhancing your and your end users’ productivity, including by creating useful business insights from the aggregated data and allowing benchmarking of business’ performance against the aggregated data; and
• otherwise to improve the Service.
We hold your personal information on servers located overseas.
We store data on third party servers located in the United States of America. This means that the personal information collected by us will be transferred to the United States of America, although remaining under our effective control.
We take reasonable steps to ensure that the personal information that we collect is accurate and up-to-date, and is stored in a secure environment protected from unauthorised access, use, modification or disclosure.
We take steps to protect your personal information.
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised use access, modification or disclosure. These precautions include the following:
• We store your personal information on secure servers that have SSL Certificates issued by leading certificate authorities Entrust & GTE Cybertrust;
• Personal information accessed by us (whether at rest or in transit) is encrypted via at least Transport Layer Security (TLS) v1 .2 with no TLS version, with fall-back options enabled;
• We use access control and multi-factor user authentication with access rights being subject to an internal audit from time to time and when necessary;
• We document information security policies and procedures which are reviewed at least annually or when new threats emerge; and
• We regularly back up all information and follow processes that ensure information is recoverable in a timely manner.
We ensure all our personnel:
• are properly educated and trained in the use of information;
• have been the subject of an appropriate background and reference checks and have received a satisfactory result in relation to such a checks;
• have entered into appropriate binding confidentiality obligations in relation to the use of information; and
• receive appropriate and regular training on confidentiality, privacy laws, data security and any other related matters, as they may apply from time to time to the use of information.
However, the internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of your personal information over the internet is at your own risk and you should only enter, or ensure the entry of, your personal information to the Service within a secure environment.
In the event of a suspected breach.
In the unlikely event that a suspected or actual breach of your personal information occurs, we will investigate the breach as soon as reasonably practicable. We will notify the affected individual and the Privacy Commissioner if we reasonably believe that the breach has caused you or your end users serious harm, or is likely to cause you or your end users serious harm.
We ensure that there are appropriate policies and procedures in place to identify, assess, mitigate, address and report any breach of personal information, in accordance with applicable privacy laws.
We only disclose your personal information in limited circumstances.
We will only disclose any personal information that you have provided to us to third parties if disclosure is necessary and appropriate to facilitate the purpose for which the personal information was collected under this Policy, including the provision of the Service.
In particular, the third parties to whom we may disclose personal information include:
• our employees, contractors, and related entities;
• Government departments or law enforcement agencies (including the police);
• liquidators, administrators or other persons appointed to administer Your financial affairs; and
• debt collection services or credit reporting agencies.
We will not otherwise disclose your personal information to a third party unless you or your end users have provided express consent. However, we may be required to disclose personal information without your or your end users’ consent in order to comply with any court orders, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you or your end users if we are required by law to disclose personal information about you or your end users.
We may disclose, sell or transfer to third parties any non-personal, aggregated information that we collect from you, your end users and our other customers.
We do not store your credit card details.
If you or your end users choose to pay for the Service by credit card, your credit card details are not stored by the Service and cannot be accessed by our staff. Your credit card details are encrypted and securely stored by Stripe or Apple’s iTunes Store to enable us to automatically bill your credit card on a recurring basis.
You may request access to your personal information.
It is your responsibility to ensure that the personal information you provide to us in relation to you and your end users is accurate, complete and up-to-date. You may request access to the information we hold about you or your end users, or request that we update or correct any personal information we hold about you or your end users, by setting out your request in writing and sending it to us at email@example.com.
We provide you with the ability to erase your personal information.
You may request that we erase any personal information we hold about you or your end users, by setting out your request in writing and sending it to us at firstname.lastname@example.org. If you request that we erase any of your end users’ personal information, you warrant that you are authorised by the end user to make the request.
We will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner that you have requested.
Retention of personal information.
We’ll only keep personal information for as long as we require it for the purposes of providing you with the Service. Once the personal information is no longer required we will delete or anonymise it. However, we may also be required to keep some of personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
In providing the Service, we use “cookies”. A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you or your end users personally or contain any other information about you or your end users but it does identify your computer.
We and some of our affiliates and third-party service providers may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on our website to, for example, track overall site usage, and track and report on your use and interaction with ad impressions and ad services.
You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance, and you will be able to block all cookies as well. However, you should note that refusing cookies may have a negative impact on the functionality and usability of our website.
We do not respond to or honour “Do Not Track” requests at this time.
You can opt-out of any email communications that are not essential to the Service.
We send billing information, product information, Service updates and Service notifications to you via email. You can choose to be removed from any mailing list that is not essential to the Service by clicking on the “unsubscribe” option at the bottom of the email. We will then remove you from non-essential mailing lists.
You are responsible for transfer of your and your end users’ personal information to third-party applications.
The Service may allow you to transfer information (including personal Information) electronically to and from third-party applications. We have no control over, and take no responsibility for, the privacy practices or content of these applications.
We have a privacy complaints process
If you wish to complain about how we have handled your or your end users’ personal information, please provide our Privacy Officer with full details of your complaint and any supporting documentation:
• by email at email@example.com or
• by letter to The Privacy Officer, Aider International Limited, B:Hive, Smales Farm, 74 Taharoto Road, Auckland 0622, New Zealand.
Our Privacy Officer will endeavour to:
• provide an initial response to your query or complaint within 10 business days; and
• investigate and attempt to resolve your query or complaint as soon as reasonably practicable and notify you.
This policy may be updated from time to time.
We reserve the right to change this Policy at any time, and any amended Policy is effective upon posting to our website. We will make every effort to communicate any significant changes to you via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy.
Last updated: May 2023