Diversitas Limited Privacy Policy

This Privacy Policy is current as at 25 June 2018

1. Introduction

1.1 Our Business

Diversitas Limited is a specialised consultancy that provides consulting services to help organisations benchmark itself against industry peers and develop effective Diversity &Inclusion (“D&I”) strategies that make sense for where an organisation is at and what it wants to achieve.

1.2 Our Privacy Policy

Diversitas Limited respects your Personal Information that it collects and uses. This Privacy Policy sets out our, and your, rights and obligations in relation to Personal Information you provide in relation to the potential or actual provision of Services or any other form of business engagements between by us, whether face to face, or, by phone, letter, email or through our Website.

Please read this Privacy Policy carefully.

2. Definitions

In this Privacy Policy the following terms are defined:

  • “GDPR” means the General Data Protection Regulation (GDPR) (EU) 2016/679.
  • our “or "we" or "us" means Diversitas.
  • “Personal Information” means information or an opinion about an identified individual or an individual who is reasonably identifiable. Under the GDPR, the similar definition is “Personal Data”. 
  • Policy” means this Privacy Policy.
  • “Diversitas” means Diversitas Limited, a company incorporated under the laws of New Zealand (Company number4342379) with a principal place of business at Level 31, Vero Centre, 31 Shortland Street, Auckland, 1010, New Zealand.
  • "Services" means the exchange or interaction between you and us concerning our business services, D&I consulting services (“D & I Services”) or when you access and use our Website or any other incidental activity relating to our business.
  • you" means you where you are any of:
    i.     A potential or actual customer for the provision of D&I Services by us to you; or 
    ii.    A person who visits our Website or subscribes to our newsletter or other publications or downloads our whitepapers, ebooks or other educational or marketing, promotional or publicity materials or who participates in our market research and surveys; or
    iii.    Any other person that we engage with in relation to a potential or actual business relationship or engagement including on behalf of a service provider.
  • Website“ means https://www.diversitas.co

3. What Personal Information we collect

We may collect and hold the following Personal information, as applicable:

  • First name and surname
  • Age
  • Gender
  • Ethnicity
  • Country of location
  • Phone number
  • Email address
  • Details of the Web browser used, the IP address of your device when connected to the internet, and the record of the pages within our Website that you visit and the date and time of your visits. Additionally when you complete a survey, via Survey Monkey (our third party cloud service provider), we collect your IP address and the date you use this service.

4. How we collect Personal Information

We may collect:

  1. Personal Information about you:
    i.    when you commence discussions as personnel of a potential customer for the provision of D&I Services, or, where a customer, in the provision of D&I Services, and arising from ongoing contractual and accounts management; or
    ii.    in your capacity as personnel of a customer:
        where we undertake D&I reviews and as provided by the customer from its payroll system.
        where as part of a D&I review or other subject matter survey we survey you via use of Survey Monkey (our third party cloud service provider).
        where as part of a D&I review we interview you in person or by phone.
        where we, on an anonymous basis, seek and obtain your feedback as part of our gender training service.
        as part of our 360 review service to a customer and through the use of Qualtrics (our third party cloud service provider); or
    iii.    when you are a participant in Diversitas marketing campaign and you provide it via our landing page; or
    iv.    through the use of Mail Chimp (https://mailchimp.com/) (our third party cloud service provider). we send emails on an opt in/ opt out basis including containing certain marketing materials or concerning D& I Services. Note Diversitas stores your contact details by use of the Mail Chimp application; or
    v.    via our Website when you provide it to sign up to download our whitepapers, e books other educational or marketing, promotional or publicity  materials or subscribe to our newsletter or other periodic publications; or
    vi.    in the course of you requesting a meeting with us in relation to potential provision of the D&I Services; or     
    vii.    when you apply for employment or we request or you propose a contract for services with Diversitas and we may collect such information from your referees; or
    viii.    in your capacity as personnel of a proposed or actual service provider to Diversitas; or
    ix.    indirectly, without us asking for it, for example, if you engage with us on the following social media, Face book (& Instagram), Twitter and LinkedIn; or
    x.    in any other circumstances including face to face or by email or phone exchange.
  2. Aggregate anonymous information generated by our IT systems which tracks and analyses traffic to our Website but do not relate to you personally. This is further described in Section 6.1 herein (final paragraph).

5. Online Links to Third Party and Co-Branded websites

We may establish relationships with advertisers, content providers and other third parties that may allow visitors to our Website to link directly to sites operated by such entities. Some of these sites may be "co-branded" with our trademarks including logos; however, these websites are not operated or maintained by or on our behalf. These sites may collect Personal Information from you that may be shared with us. This Policy will apply to any Personal Information we obtain in this manner.

Diversitas is not responsible for the content or practices of such third parties including their operation of website(s) linked to our Website (if any). These links are meant for the website user convenience only. Links to third party sites do not constitute sponsorship, endorsement or approval by Diversitas of the products, services, other content, policies or practices of those third party websites. Once you have left our Website via such a link, you should check the applicable privacy policy of the third party website.

6. How we use your Personal Information 

6.1 Expected use

We may use the Personal Information we collect from you:

(a)    to provide you with (and assist you with using) D&I Services; or

(b)    specifically to fulfil administrative functions associated with the provision of D&I Services, for example, entering into contracts with you and invoicing; or

(c)    where you have opted in to receiving such information (see Section 11 of this Policy) for the provision of whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials (including the carrying out of direct marketing, market research and surveys) and any other related materials or in your subscription to our newsletter or other periodic publications, but only for the provision of information that is most relevant to you and your interests; or

(d)    for any other use that you expressly authorise by email or our opt-in process (see Section 11 of this Policy).

(e)    to comply with the law including where required by a regulator; or

(f)     as we determine necessary to prevent illegal activity; or

(g)    in the protection and/or enforcement of our legal rights and interests including defending any claim; or

(h)    in relation to our relationship with you as an employer.

In addition when we collect certain non-Personal Information concerning the Website pages you visit from your device (e.g. the identity of your Web browser, the type of operating system you use, your IP address and the identity of the host or host's name), we may use such non-Personal Information for internal purposes, including, but not limited to, improving the content of our Website. This information may come from server logs and or cookies (see Section 8).

6.2 GDPR lawful processing grounds

The ‘lawful processing’ grounds on which Diversitas will rely to collect and use Personal Data about you will be (as applicable):

i.    in relation to potential or actual contractual engagements for the provision by Diversitas of D&I Services including incidental activities to such relationships; or

ii.    in relation to potential or actual contractual engagements with you as personnel of a service provider to Diversitas; or

iii.    express consent to the proposed use obtained prior to our processing.

6.3 Data retention

We will keep Personal Information (or Personal Data) about you, to use for the above purposes, for a reasonable period of time necessary for the operation and management of our business but subject to our obligations under Sections 10 and 11.

7. Will we share your Personal Information with anyone else?

We will only share Personal Information with other organisations or individuals or government agencies in the following limited circumstances:

(a)    Where we engage service providers to perform services on our behalf or assist us in providing D& I Services. In particular, Diversitas contracts with these cloud service providers:

    i.    Microsoft Office 365 SharePoint cloud service to host process and store Diversitas data including that arising from D& I Services. As at the current date of this Policy, the Microsoft Office 365 instance for the applicable software service is located Australia;

    ii.    Mail Chimp (https://mailchimp.com/)-as at the current date of this Policy with its IT database in the USA;

    iii.    Qualtrics (https://www.qualtrics.com/)- as at the current date of this Policy with its IT database in the USA;

    iv.    Survey Monkey (https://www.surveymonkey.com/)- as at the current date of this Policy with its IT database in the USA;

    v.    Xero (https://www.xero.com/nz/)- as at the current date of this Policy with its IT database in the USA;

    vi.    ROLL (https://www.rollhq.com/)-as at the current date of this Policy with its IT database in Australia (AWS).

    Our third party service providers are bound by contract to only use your Personal Information on our behalf, for the specified purposes and in accordance with their privacy policies; or

(b)    We may share your Personal Information with any member of our corporate group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in the New Zealand Companies Act 1993) for any of the purposes set out in this Privacy Policy and necessary business purposes; or

(c)  Where we (or any of our group companies) sell Diversitas business (equity or asset sale), we may provide your Personal Information as part of a database to the buyer, so that they can contact you about any transition plans for the business but subject to our and the buyer’s privacy policy obligations; or

(d)  Where we need to disclose your Personal Information to third parties to satisfy any mandatory applicable law, regulation, judicial or other legal process or government agency request.

8. Cookies and tracking analytics

8.1 Analytics and performance cookies

We may use cookie files containing information that can identify the computer you are working from (as referred to in Section 3, Paragraph 2). A cookie file is anonymous and is only used to identify visits from the same web browser.

We may use the information generated by such cookie files to: (a) track traffic patterns to and from the Website; (b) ensure any communications are being shown to the most appropriate person in relation to our business engagement with you; and (c) enable you to enter the Website.

8.2 Third Party Cookies

Because Diversitas may have or has a presence on various social networks (Facebook, Instagram, LinkedIn and Twitter) we may try to share content and to see what content is popular on those networks. We add buttons to allow people to easily share to such networks. When we include these social 'plugins', it gives those sites the flexibility to use their own cookies. They can't read any cookies we set from the Website (www.diversitas.co.nz), and we can't read any cookies they set, but it lets them do the same kind of traffic measuring that we do on the rest of the Website (www.diversitas.co.nz), and it also lets them know whether you're logged into their site. We never know whether you're logged in or not.

Other sites and services (including, for example, advertising networks, providers of external services like web site hosting or traffic analysis services and content recommendation engines) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

As at 25 June 2018, we disclose we make use of the following third party cookies:

  • Twitter -Advertising Targeting
  • LinkedIn - Advertising Targeting
  • On the Website being:
    i.     A cookie to detect if you have closed the homepage popup. This is deleted after 30 calendar days;
    ii.    Google Analytics service that captures user IP address, location, device being used and relevant web based activity;
    iii.   ShareThis (https://www.sharethis.com) for tracking social network sharing of website content.

8.3 How to turn Section 8 cookies off?

You can choose to refuse cookies by turning them off in your browser and/or deleting them from your hard drive. Some pages may not function properly if the cookies are turned off.

9. Security

We use our reasonable commercial efforts to ensure the security, integrity and privacy of your Personal Information and avoid unauthorised loss, use or disclosure. We use a variety of physical measures (for example, restricting physical access to our offices) and electronic security measures including password protected use of devices, and, in conjunction with our cloud service providers, use of IT firewalls and secure internet connections and databases.

As no data transmission over the internet can be guaranteed to be completely secure, we cannot ensure the security of any information you transmit. While as stated we take precautions to minimise related risks, you use the internet for transmission at your own risk.

If you post your Personal information on our Website (if applicable) or in any of our social media channels (LinkedIn, Twitter and Facebook (& Instagram)) you acknowledge and agree that the information you post is publicly available.

10. Your Personal Information rights

10.1     How to access or correct your Personal Information

10.1.1  Subject to applicable laws, you have the right to access your Personal Information and to receive a copy of that information. We may need to verify your identity to respond your access request (and similarly where made under Sections 10.1.2 and 10.2). We will respond to any access request within a reasonable time period. We will give you access in a media form requested provided it is reasonable and practical. We do not expect to need to charge our time for this provided the access request is reasonable. If we cannot give you access, due to legal grounds, then we will inform you of this in writing. 

10.1.2  You also have the right to request the correction of the Personal Information we hold about you. We will take reasonable steps to make appropriate corrections to Personal Information so that it is accurate, complete and up-to-date. Unless a lawful exception applies, we must update, correct, amend or delete the Personal Information we hold about you within a reasonable time period. If we have shared that Personal Information to others, as contemplated under Section 7, we will use our reasonable commercial efforts to contact them and arrange the relevant change.

We do not charge for making corrections.

To seek access to, or, correction of, your Personal Information, please contact our Data Privacy Officer as set out below in Section 13. 

10.2 GDPR data subjects - exercising your other rights

If you (a data subject under the GDPR) are located in country that is a member of the European Economic Area (EEA) you have a number of other GDPR rights in relation to our collection and use of your Personal Data. You have the right to:

  • opt-out of direct marketing and profiling for marketing- please note Section 11 below.
  • opt-out of processing for research / statistical purposes, or processing on the grounds of ‘public interest’ or ‘legitimate interest’ - please note Section 11 below.
  • erasure of your Personal Data.
  • Personal Data portability.
  • Object to or restrict processing of your Personal Data.

Any request in relation to the exercise any of those rights; please contact our Data Privacy Officer as set out below in Section 13.

11. Opt in/out

11.1 We will give you the option to: (a) opt out and not receive whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials ( including the carrying out of direct marketing, market research and surveys) and any other related materials ; or (b) opt in to agree to be contacted by us in relation to certain matters such as whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials (including the carrying out of direct marketing, market research and surveys) and any other related materials.

11.2  Diversitas advises that if you exercise your opt out rights per Section 11.1 (a) this may result in any of the services and materials referred to in Section 11.1 not being provided or made available to you.

12. Updates

We will review this Policy regularly, and we may update it from time to time by publishing the latest version on our Website or as otherwise notified to you in writing (including by email). You will ensure that you have read the most recent terms posted on the Website or as otherwise notified to you.

13. To contact our Data Privacy Officer

If you have a request or enquiry or a complaint about the way we handle your Personal Information (or Personal Data) or to seek to exercise your privacy rights herein in relation to the Personal Information (or Personal Data) we hold about you, you may contact our Data Privacy Officer as follows:

Name: Olivia Kruger
Title: Project Manager, Diversitas Limited
Email: olivia.kruger@diversitas.co.nz
Mail: Diversitas Limited, at Level 31 Vero Centre, 31 Shortland Street, Auckland 1010

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Data Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the New Zealand Privacy Commissioner by making a complaint online at https://www.privacy.org.nz/your-rights/complaint-form/, or writing to them at Privacy Commissioner PO Box 10094, Wellington 6143.

If you are a data subject in the European Economic Area, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.


To get our latest DEIB news and resources, sign up for our newsletter today:
By entering your email address, you agree to receive emails from Diversitas Limited that concern advertising or publicity materials, newsletters, promotional offers or other Diversitas Limited's business announcements. You can unsubscribe at any time from all future emails by clicking the "Unsubscribe" link included at the end of each communication Diversitas Limited sends you. Diversitas Limited shall collect and use your Personal Information in accordance with its Privacy Policy.