Introduction
Ditto Plus AI Limited NZCN 8321784 trading as Dittocom (we, us or our), understands that protecting
your personal information is important. We provide a cloud-based, software as a service platform
where customers can purchase a chatbot to use on their website (Platform). This Privacy Policy sets
out our commitment to protecting the privacy of personal information provided to us, or otherwise
collected by us when providing our Platform and support services (Services) to you.
This Privacy Policy takes into account the requirements of privacy laws, codes and regulations in New
Zealand, including the Privacy Act 2020 (Privacy Laws).
In addition to the Privacy Laws, individuals located in the European Union (EU) may also have rights
under the General Data Protection Regulation 2016/679 and individuals located in the United
Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK
GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the
details of the additional rights of individuals located in the EU and UK as well as information on how
we process the personal information of individuals located in the EU and UK.
This Privacy Policy explains:
the types of personal information we may collect about you;
how we might collect your personal information;
how we may use and disclose your personal information;
how we will store your personal information;
our use of cookies and analytics tools in connection with our Services;
your rights to request access to and correction of your personal information; and
how you can contact us if you have any other questions regarding our collection, use, storage and
disclosure of your personal information.
Personal information
Personal information means identifiable information about you, for example your name, email,
address, telephone number and so on. If you cannot be identified (for example, when personal
information has been aggregated and anonymised) then certain parts of this policy may not apply to
that information.
The personal information we collect
The types of personal information we may collect about you include:
Identity Data including first name, last name, date of birth, company details including the country you operate in, and job title.
Contact Data
including billing address, delivery address, email address and telephone numbers.
Financial Data
including bank account and payment card details (through our third party payment
processor, Stripe).
Background Verification Data
including photographic identification or other details requested as
part of our verification process to comply with our due diligence obligations, anti-money laundering
laws and related ongoing monitoring commitments.
Transaction Data
including details about payments to you from us and from you to us and other
details of services you have purchased from us or we have purchased from you.
Technical and Usage Data
including internet protocol (IP) address, your login data, your browser
session and geo-location data, your location information (for example your GPS location), device and
network information, statistics on page views and sessions, acquisition sources, search queries
and/or browsing behaviour, information about your access and use of our website, including through
the use of Internet cookies, your communications with our website, the type of browser you are
using, the type of operating system you are using and the domain name of your Internet service
provider.
Profile Data
including your username and password for our Services, profile picture, purchases or
orders you have made with us, support requests you have made, your interests, preferences,
feedback and survey responses, additional personal information that you provide to us, directly or
indirectly, through your use of our Services, associated applications or accounts from which you
permit us to collect information.
Marketing and Communications Data
Including your preferences in receiving marketing from us and
our third parties and your communication preferences.
Professional data
Including where you are a worker of ours or applying for a role with us, your
professional history such as your previous positions and professional experience.
Requested data
including any other personal information requested by us and/or provided by you
or a third party.
How we collect personal information
We collect personal information in a variety of ways, including:
Directly
We collect personal information which you directly provide to us, including when you
register for an account, through the ‘contact us’ form on our website or when you request our
assistance via email, our online chat or over the telephone.
Indirectly
We may collect personal information which you indirectly provide to us while interacting
with us, such as when you use our website, in emails, over the telephone and in your online
enquiries.
From third parties
We collect personal information from third parties, such as details of your use of
our website from our analytics and cookie providers and marketing providers. See the “Cookies”
section below for more detail on the use of cookies.
From publicly available sources
We collect personal information from publicly available sources
such as the New Zealand Companies Office and professional networking sites such as LinkedIn.
Collection and use of personal information
Personal information
We may collect, hold, use and disclose personal information for the following
purposes:
to enable you to access and use our Services, including to provide you with a login;
to assess whether to take you on as a customer;
to provide our Services to you, including to provide you with access to the Platform, and, where you
have opted to receive them, support services;
to enable you to access and use our associated applications;
to contact and communicate with you about our Services and any enquiries you make via our
website;
for internal record keeping, administrative, invoicing and billing purposes;
for analytics, market research and business development, including to operate and improve our
Services and associated applications;
to detect and/or prevent any illegal activity that may threaten us or our Services;
for advertising and marketing, including to send you promotional information about our products
and services and information that we consider may be of interest to you, noting we will comply with
all laws that are relevant to marketing (including the Unsolicited Electronic Messages Act 2007 and
Fair Trading Act 1986);
to comply with our legal obligations and resolve any disputes that we may have;
if you have applied for employment with us; to consider your employment application; and
if otherwise required or authorised by law.
Disclosure of personal information to third parties
We may disclose personal information to:
third party service providers for the purpose of enabling them to provide their services, to us,
including (without limitation) IT service providers, data storage, web-hosting and server providers,
debt collectors, couriers, maintenance or problem-solving providers, marketing or advertising
providers, professional advisors and payment systems operators;
our employees, contractors and/or related entities;
our existing or potential agents or business partners;
anyone to whom our business or assets (or any part of them) are, or may (in good faith) be,
transferred;
courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have
provided to you;
courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by
law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise
or defend our legal rights; and
third parties to collect and process data, such as Google Analytics (To find out how Google uses data
when you use third party websites or applications, please see
www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time),
Facebook Pixel or other relevant analytics businesses; and
any other third parties as required or permitted by law, such as where we receive a subpoena.
Google Analytics
We may have enabled Google Analytics Advertising Features including
Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store
Visits, Google Display Network Impression reporting etc. We and third-party vendors may use first-
party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party
cookies (such as Google advertising cookies) or other third-party identifiers together.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out
Browser add-on found here . To opt-out of personalised ad delivery on the Google content network,
please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even
when all cookies are deleted from your browser you can install their plugin here . To opt out of
interest-based ads on mobile devices, please follow these instructions for your mobile device: On
android open the Google Settings app on your device and select “ads” to control the settings. On iOS
devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad
tracking using this identifier, visit the settings menu on your device.
Overseas disclosure
Where we disclose your personal information to third parties listed above,
these third parties may store, transfer or access personal information outside of New Zealand which
may not have an equivalent level of data protection laws as those in New Zealand. Before disclosing
any personal information to an overseas recipient, we will comply with Information Privacy Principle
12 and only disclose the information if:
you have authorised the disclosure after we expressly informed you that the overseas recipient may
not be required to protect the personal information in a way that, overall, provides comparable
safeguards to those in the Privacy Act 2020;
we believe the overseas recipient is subject to the Privacy Act 2020;
we believe that the overseas recipient is subject to privacy laws that, overall, provide comparable
safeguards to those in the Privacy Act 2020;
we believe that the overseas recipient is a participant in a prescribed binding scheme;
we believe that the overseas recipient is subject to privacy laws in a prescribed country; or
we otherwise believe that the overseas recipient is required to protect your personal information in
a way that, overall, provides comparable safeguards to those in the Privacy Act 2020 (for example
pursuant to a data transfer agreement entered into between us and the overseas recipient).
Where the disclosure of your personal information is solely subject to the Privacy Laws, you
acknowledge that some third parties may not be regulated by the Privacy Laws and if any such third
party engages in any act or practice that contravenes the Privacy Laws, it would not be accountable
under the Privacy Laws and you will not be able to seek redress under the Privacy Laws.
Your rights and controlling your personal information
Your choice
Please read this Privacy Policy carefully. If you provide personal information to us, you
understand we will collect, hold, use and disclose your personal information in accordance with this
Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may
affect our ability to provide our Services to you and your use of our Services.
Information from third parties
If we receive personal information about you from a third party, we
will protect it as set out in this Privacy Policy. If you are a third party providing personal information
about somebody else, you represent and warrant that you have such person’s consent to provide the
personal information to us.
Restrict and unsubscribe
To object to processing for direct marketing/unsubscribe from our email
database or opt-out of communications (including marketing communications), please contact us
using the details below or opt-out using the opt-out facilities provided in the communication.
Access
You may request access to the personal information that we hold about you. An
administrative fee may be payable for the provision of such information. Please note, in some
situations, we may be legally permitted to withhold access to your personal information.
Correction
If you believe that any information we hold about you is inaccurate, out of date,
incomplete, irrelevant or misleading, please contact us using the details below. We will take
reasonable steps to promptly correct any information found to be inaccurate, out of date,
incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to
not correct your personal information.
Complaints
If you wish to make a complaint, please contact us using the details below and provide
us with full details of the complaint. We will promptly investigate your complaint and respond to
you, in writing, setting out the outcome of our investigation and the steps we will take in response to
your complaint. You also have the right to contact the Office of the New Zealand Privacy
Commissioner.
Storage and security
We are committed to ensuring that the personal information we collect is secure. In order to prevent
unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial
procedures, to safeguard and secure personal information and protect it from misuse, interference,
loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is
stored by us or transmitted to or by us over the Internet. The transmission and exchange of
information is carried out at your own risk.
Cookies
We may use cookies on our online Services from time to time. Cookies are text files placed in your
computer's browser to store your preferences. Cookies, by themselves, do not tell us your email
address or other personally identifiable information. However, they do recognise you when you
return to our online Services and allow third parties, such as Google and Facebook, to cause our
advertisements to appear on your social media and online media feeds as part of our retargeting
campaigns. If and when you choose to provide our online Services with personal information, this
information may be linked to the data stored in the cookie.
We use the following cookies:
Strictly necessary cookies.
These are cookies that are required for the operation of our online
Services. They include, for example, cookies that enable you to log into secure areas of our online
Services, use a shopping cart or make use of e-billing services.
Analytical/performance cookies
These are cookies that allow us to recognise and count the number
of visitors to our online Services and to see how visitors move around our online Services when they
are using them. This helps us to improve the way our online Services work, for example, by ensuring
that users find what they are looking for easily.
Functionality cookies
These are used to recognise you when you return to our online Services.
These cookies enable us to personalise our content for you and remember your preferences (for
example, your choice of language or region).
You can block cookies by activating the setting on your browser that allows you to refuse the setting
of all or some cookies. However, if you use your browser settings to block all cookies (including
essential cookies) you may not be able to access all or parts of our online Services.
Links to other websites
Our Services may contain links to other websites. We do not have any control over those websites
and we are not responsible for the protection and privacy of any personal information which you
provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
Amendments
If you are in New Zealand, we may, at any time and at our discretion, vary this Privacy Policy by
publishing the amended Privacy Policy on our website. We recommend you check our website
regularly to ensure you are aware of our current Privacy Policy.
If you are in the EU, we may, at any time and at our discretion, vary this Privacy Policy. We will notify
you if we amend this Privacy Policy, by contacting you through the contact details you have provided
to us. Any amended Privacy Policy is effective once we notify you of the change.
For any questions or notices, please contact our Privacy Officer at:
Ditto Plus AI Limited NZCN 8321784
Address: Rewired, Level 2, 96 St Georges Bay Road, Parnell, Auckland 1052
Phone: 64220944254
Email: janitha@dittosoftware.com
Last update: 11 October 2023
ADDITIONAL RIGHTS FOR INDIVIDUALS LOCATED IN
THE EU OR UK
Under the GDPR individuals located in the EU and the UK have extra rights which apply to their
personal information. Personal information under the GDPR is often referred to as personal data and
is defined as information relating to an identified or identifiable natural person (individual). This
Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as
information on how we process the personal information of individuals located in the EU and UK.Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the
end of the Privacy Policy if you have any questions.
What personal information is relevant?
This Appendix applies to the personal information set out in the Privacy Policy above. This includes
any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories
of data’ under the GDPR.
Purposes and legal bases for processing
We collect and process personal information about you only where we have legal bases for doing so
under applicable laws. We have set out below, in a table format, a description of all the ways we plan
to use your personal information, and which of the legal bases we rely on to do so. We have also
identified what our legitimate interests are where appropriate. Note that we may process your
personal information for more than one lawful ground depending on the specific purpose for which
we are using your data. Please reach out to us if you need further details about the specific legal
ground, we are relying on to process your personal information where more than one ground has
been set out in the table below.