Diversitas Limited is a specialised consultancy that provides consulting services to help organisations benchmark itself against industry peers and develop effective Diversity &Inclusion (“D&I”) strategies that make sense for where an organisation is at and what it wants to achieve.
We may collect and hold the following Personal information, as applicable:
We may collect:
We may establish relationships with advertisers, content providers and other third parties that may allow visitors to our Website to link directly to sites operated by such entities. Some of these sites may be "co-branded" with our trademarks including logos; however, these websites are not operated or maintained by or on our behalf. These sites may collect Personal Information from you that may be shared with us. This Policy will apply to any Personal Information we obtain in this manner.
We may use the Personal Information we collect from you:
(a) to provide you with (and assist you with using) D&I Services; or
(b) specifically to fulfil administrative functions associated with the provision of D&I Services, for example, entering into contracts with you and invoicing; or
(c) where you have opted in to receiving such information (see Section 11 of this Policy) for the provision of whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials (including the carrying out of direct marketing, market research and surveys) and any other related materials or in your subscription to our newsletter or other periodic publications, but only for the provision of information that is most relevant to you and your interests; or
(d) for any other use that you expressly authorise by email or our opt-in process (see Section 11 of this Policy).
(e) to comply with the law including where required by a regulator; or
(f) as we determine necessary to prevent illegal activity; or
(g) in the protection and/or enforcement of our legal rights and interests including defending any claim; or
(h) in relation to our relationship with you as an employer.
In addition when we collect certain non-Personal Information concerning the Website pages you visit from your device (e.g. the identity of your Web browser, the type of operating system you use, your IP address and the identity of the host or host's name), we may use such non-Personal Information for internal purposes, including, but not limited to, improving the content of our Website. This information may come from server logs and or cookies (see Section 8).
The ‘lawful processing’ grounds on which Diversitas will rely to collect and use Personal Data about you will be (as applicable):
i. in relation to potential or actual contractual engagements for the provision by Diversitas of D&I Services including incidental activities to such relationships; or
ii. in relation to potential or actual contractual engagements with you as personnel of a service provider to Diversitas; or
iii. express consent to the proposed use obtained prior to our processing.
We will keep Personal Information (or Personal Data) about you, to use for the above purposes, for a reasonable period of time necessary for the operation and management of our business but subject to our obligations under Sections 10 and 11.
We will only share Personal Information with other organisations or individuals or government agencies in the following limited circumstances:
(a) Where we engage service providers to perform services on our behalf or assist us in providing D& I Services. In particular, Diversitas contracts with these cloud service providers:
i. Microsoft Office 365 SharePoint cloud service to host process and store Diversitas data including that arising from D& I Services. As at the current date of this Policy, the Microsoft Office 365 instance for the applicable software service is located Australia;
ii. Mail Chimp (https://mailchimp.com/)-as at the current date of this Policy with its IT database in the USA;
iii. Qualtrics (https://www.qualtrics.com/)- as at the current date of this Policy with its IT database in the USA;
iv. Survey Monkey (https://www.surveymonkey.com/)- as at the current date of this Policy with its IT database in the USA;
v. Xero (https://www.xero.com/nz/)- as at the current date of this Policy with its IT database in the USA;
vi. ROLL (https://www.rollhq.com/)-as at the current date of this Policy with its IT database in Australia (AWS).
Our third party service providers are bound by contract to only use your Personal Information on our behalf, for the specified purposes and in accordance with their privacy policies; or
(d) Where we need to disclose your Personal Information to third parties to satisfy any mandatory applicable law, regulation, judicial or other legal process or government agency request.
We may use cookie files containing information that can identify the computer you are working from (as referred to in Section 3, Paragraph 2). A cookie file is anonymous and is only used to identify visits from the same web browser.
We may use the information generated by such cookie files to: (a) track traffic patterns to and from the Website; (b) ensure any communications are being shown to the most appropriate person in relation to our business engagement with you; and (c) enable you to enter the Website.
Because Diversitas may have or has a presence on various social networks (Facebook, Instagram, LinkedIn and Twitter) we may try to share content and to see what content is popular on those networks. We add buttons to allow people to easily share to such networks. When we include these social 'plugins', it gives those sites the flexibility to use their own cookies. They can't read any cookies we set from the Website (www.diversitas.co.nz), and we can't read any cookies they set, but it lets them do the same kind of traffic measuring that we do on the rest of the Website (www.diversitas.co.nz), and it also lets them know whether you're logged into their site. We never know whether you're logged in or not.
As at 25 June 2018, we disclose we make use of the following third party cookies:
We use our reasonable commercial efforts to ensure the security, integrity and privacy of your Personal Information and avoid unauthorised loss, use or disclosure. We use a variety of physical measures (for example, restricting physical access to our offices) and electronic security measures including password protected use of devices, and, in conjunction with our cloud service providers, use of IT firewalls and secure internet connections and databases.
As no data transmission over the internet can be guaranteed to be completely secure, we cannot ensure the security of any information you transmit. While as stated we take precautions to minimise related risks, you use the internet for transmission at your own risk.
If you post your Personal information on our Website (if applicable) or in any of our social media channels (LinkedIn, Twitter and Facebook (& Instagram)) you acknowledge and agree that the information you post is publicly available.
10.1.1 Subject to applicable laws, you have the right to access your Personal Information and to receive a copy of that information. We may need to verify your identity to respond your access request (and similarly where made under Sections 10.1.2 and 10.2). We will respond to any access request within a reasonable time period. We will give you access in a media form requested provided it is reasonable and practical. We do not expect to need to charge our time for this provided the access request is reasonable. If we cannot give you access, due to legal grounds, then we will inform you of this in writing.
10.1.2 You also have the right to request the correction of the Personal Information we hold about you. We will take reasonable steps to make appropriate corrections to Personal Information so that it is accurate, complete and up-to-date. Unless a lawful exception applies, we must update, correct, amend or delete the Personal Information we hold about you within a reasonable time period. If we have shared that Personal Information to others, as contemplated under Section 7, we will use our reasonable commercial efforts to contact them and arrange the relevant change.
We do not charge for making corrections.
To seek access to, or, correction of, your Personal Information, please contact our Data Privacy Officer as set out below in Section 13.
If you (a data subject under the GDPR) are located in country that is a member of the European Economic Area (EEA) you have a number of other GDPR rights in relation to our collection and use of your Personal Data. You have the right to:
Any request in relation to the exercise any of those rights; please contact our Data Privacy Officer as set out below in Section 13.
11.1 We will give you the option to: (a) opt out and not receive whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials ( including the carrying out of direct marketing, market research and surveys) and any other related materials ; or (b) opt in to agree to be contacted by us in relation to certain matters such as whitepapers, e books, educational email newsletters or other periodic publications, marketing, promotional and publicity materials (including the carrying out of direct marketing, market research and surveys) and any other related materials.
11.2 Diversitas advises that if you exercise your opt out rights per Section 11.1 (a) this may result in any of the services and materials referred to in Section 11.1 not being provided or made available to you.
We will review this Policy regularly, and we may update it from time to time by publishing the latest version on our Website or as otherwise notified to you in writing (including by email). You will ensure that you have read the most recent terms posted on the Website or as otherwise notified to you.
If you have a request or enquiry or a complaint about the way we handle your Personal Information (or Personal Data) or to seek to exercise your privacy rights herein in relation to the Personal Information (or Personal Data) we hold about you, you may contact our Data Privacy Officer as follows:
Name: Olivia Kruger
Title: Project Manager, Diversitas Limited
Mail: Diversitas Limited, at Level 31 Vero Centre, 31 Shortland Street, Auckland 1010
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Data Privacy Officer, by mail or email as above. We will acknowledge your formal complaint within 10 working days.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the New Zealand Privacy Commissioner by making a complaint online at https://www.privacy.org.nz/your-rights/complaint-form/, or writing to them at Privacy Commissioner PO Box 10094, Wellington 6143.
If you are a data subject in the European Economic Area, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.