POLICY VERSION 0.4 – 07/09/2023
Contents
Privacy Statement
Any Customer or Personal data collected or shared as part of normal business practice by Temperzone, its distributors, dealers, subcontractors, or contracted agencies, is governed by the Temperzone Privacy Policy below:
Temperzone in this privacy policy means Temperzone Limited (a New Zealand registered company) and Temperzone Australia Pty Limited (a Australian registered company). “We”/” Us”/” Our” all means Temperzone in this privacy policy.
Temperzone Privacy Policy
This statement explains how Temperzone collects, holds, uses and discloses your customer and personal information and who we share it with.
What do we collect?
We may collect the following personal information/personal data from you (if you are an individual):
We may also collect the following information which may be personal information in certain contexts:
Why do we collect your personal information?
We collect personal information so that we can:
What happens if you don’t give us your personal information?
If we ask for your personal information and you don’t give it to us, we may not be able to provide you with any, some, or all the features of our products or services.
How we handle your personal information
Whenever possible we will collect your personal information directly from you. If this is unreasonable or impractical, or, with your consent, we may collect information from other people or organisations, including suppliers of products and services to Temperzone.
We’ll use a variety of methods to collect your personal information from, and disclose your personal information to, these persons and organisations, including written forms, telephone calls and via electronic delivery. We may collect and disclose your personal information to these persons and organisations during the information life cycle, regularly, or on an ad hoc basis, depending on the purpose of collection.
Before we use your personal information for any reason, we will make sure we’ve taken reasonable steps to make sure that information is up to date.
Under various laws in Australia, New Zealand, and other countries we either operate in or obtain products or services from, we will be (or may be) authorised or required to collect your personal information. These laws may be related to Workplace Health and Safety, Employment, Tax, Corporate, etc. We will use and disclose your personal information for the purposes we collected it as well as purposes that are related, where you would reasonably expect us to.
We may collect personal information from:
We may disclose your personal information to:
Your information may be stored onsite at one of Temperzone’s offices, in an offsite data centre or secure storage location contracted by Temperzone and may be stored electronically using a 3rd party hosted service e.g., Microsoft Office 365.
We will only keep your personal information for as long as we need to keep it, for the reason we collected it (the reason will be one of those set out under the “why do we collect your personal information?” heading further up in this policy). Overseas Disclosure and Data Storage
Sometimes, we need to provide your personal information to – or get personal information about you from – persons or organisations located overseas, for the same purposes as in ‘Why do we collect personal information?’ and ‘How we handle your personal information.’
The list of countries includes:
From time to time, we may need to disclose your personal information to, and collect your personal information from, parties in other countries not on this list. Nevertheless, we will always use all reasonable efforts to disclose and collect your personal information in accordance with privacy laws.
Your personal information and our marketing practices
We might, from time to time, let you know – including via mail, SMS, email, telephone or online – about news, special offers, products and services that you might be interested in.
We will use your personal information to engage in marketing unless you tell us otherwise. You can contact us to update your marketing preferences at any time.
To carry out our marketing, we collect your personal information from and disclose it to others that provide us with specialised data matching, trending or analytical services, as well as general marketing services, as set out in ‘How we handle your personal information’.
We may also collect your personal information for marketing through business dealings, seminars, trade shows, competitions and by accessing contact lists.
We, and other people who provide us with services, may combine the personal information collected from you or others, with the information we or our service providers already hold about you.
We may also use online targeted marketing, data and audience matching and market segmentation to improve advertising relevance to you.
Temperzone’s website and apps may use information from Google's Interest-based advertising or 3rd party audience data for in company analysis of site demographics and interests solely for marketing the Temperzone and Hitachi Air Conditioning Brands in Australia and New Zealand. All data collected is anonymous. Data and reports are not provided to third parties by Temperzone.
If you do not want your information to be used for promotional and marketing purpose, you can contact Temperzone either via the unsubscribe links available on our websites or in applications or contact us at unsubscribe@temperzone.com.
How to access and correct your personal information
You have the right to access, update and correct your personal information held by us. To do this, please send an email with your request and contact details to privacy@temperzone.com. We may need to contact you to verify your identity before we provide any data.
How to make a Complaint
The following complaint process can be used if you have a complaint about how we collect, hold, use or disclose your personal information or a privacy related issue such as refusal to provide access or correction.
By following the complaint handling process we can resolve your complaint effectively and efficiently.
Step 1. Contact Temperzone to let us know what the issue is
Step 2. Review by Temperzone Privacy Manager
If you are not satisfied with the outcome of the Temperzone review in Step 1, you can request the complaint be referred to the Temperzone Privacy Manager for review or you can contact the Temperzone Privacy Manager.
The Temperzone Privacy Manager will contact you to discuss if additional information is required and will usually contact you with a decision within 15 business days of receiving your complaint.
You can contact the Temperzone Privacy Manager by using the relevant contact in the Privacy Contact Information below.
Step 3. Seek review by an external service
Privacy Contact Information
Security and Privacy Incidents
Incident definitions
An incident is defined as any breach of security, privacy, continuity, legal or regulatory controls over information assets of any type. Examples of such incidents include:
Incident Reporting and Management
Every user of Temperzone Customer information must protect that information and ensure that it is used for relevant Customer business purposes only. Any incidents or questionable issues in the security of this information must be reported.
All staff accessing Customer information will be advised of any incident handling and reporting processes that are specific to that Customer. These processes will be detailed as part of the overall Customer solution design.
Incident Reporting
All Customer security and privacy incidents and (suspected) weaknesses will be reported to the Temperzone Security Manager as soon as possible by either Temperzone, its subcontractors, or the Customer.
Ongoing Incident Management
Incident Response Process
The Temperzone Security Manager will co-ordinate any required resources to investigate incidents and will report significant losses or threats to the Customer. Where an Incident Severity is 1 or 2 the Customer will be invited to participate directly as part of the Incident Team.
The following definitions (and examples) are used to assign severity and to ensure the appropriate level of urgency is applied until resolution.
Incident Severity | 1 | 2 | 3 | 4 |
Definition | Security/Privacy breach | Critical security/privacy threat | Possible security/privacy threat | Incidents with little or no business impact |
Business Impact | High | Medium | Medium – Low | Low – None |
Example | Denial of service (DOS) attack, systems penetrated | Critical security/privacy exploit or risk detected | Important threat identified by software vendor |
Based on the Incident severity the following are the targeted call back frequencies and restoration times:
Severity | Target Call Back Frequency | Target Resolution Time |
1 | Every 1 hour | 4 hours |
2 | Every 3 hours | 12 hours |
3 | Once every day | 24 hours |
4 | Once every second day | 96 hours |
Temperzone will work with the Customer before engaging any law enforcement or other authorities.
Incidents involving misuse by either Temperzone or Customer employees will be referred to Temperzone Human Resources for investigation.