Data protection and privacy policy
We are committed to protecting your privacy and the security of your information.
This privacy policy describes how we collect and use personal information about you when you use our Mosaiq Go app (‘App’) or otherwise in connection with our services.
When we collect, store, use, and disclose your personal information, we do so in accordance with the rules set out in the New Zealand Privacy Act 2020 (‘NZ Privacy Act’) and, to the extent applicable:
- the European Union General Data Protection Regulation (EU) 2016/279 (the ‘EU GDPR’); and
- the UK Data Protection Act 2018 and the legislation falling within the definition of ‘applicable data protection legislation’ under the UK Data Protection Act 2018 (together, the ‘UK GDPR’).
If you have any questions, please contact us at privacy@mosaiq.co.
Our App helps public transport network operators to keep track of vehicles on their network, including the operator of the network who has engaged you to operate a public transport vehicle (‘Your Organisation’). Your use of our App, in the context of your role, may be subject to additional policies and procedures in place at Your Organisation.
You should read this Privacy Policy alongside our Terms of Use, which tells you more about your obligations when using our App.
In this privacy policy, when we say:
- ‘applicable privacy law’, we mean the privacy law applicable to our processing of your personal data;
- 'personal information’, we mean information about, or relating to, an identified or identifiable individual, as well as the meaning given to the term ‘personal information’ or to the term ‘personal data’ by applicable privacy law;
- ‘processing’, we mean any operation or set of operations that is used in respect of personal information, whether or not by automated means;
- ‘Snapper’, ‘we’, ‘us’, and ‘our’, we mean Snapper Services Limited, a company incorporated in New Zealand (company number 1891262), having its registered office at Level 9, 1 Willis Street, Wellington 6011, New Zealand.
We may collect, store, use, and disclose the categories of personal information described in the table below:
When collected
When you provide it to us.
Why collected
So that we can register an account for you, facilitate your use of our App and our services, provide you with support (including if you forget your password), personalise our App for you.
When collected
When you are using or connected to the App.
Why collected
So that we can help Your Organisation to keep track of the public transport vehicle you are operating, by providing them live location and tracking data, and otherwise provide our App and services to you.
When collected
When you are using or connected to the App.
Why collected
To assist our App to function, and for analytics, research, and product development purposes (including to improve our App).
When collected
The circumstances described above and otherwise during our interactions with you.
Why collected
For the purposes set out in section 5 (Other use of your personal information).
Collecting your personal information is necessary so that you are able to access and use our App and services. If you do not provide us with your personal information, we may be unable to provide you with access to our App and services. If you do not wish to use our App or services, you should discuss this with Your Organisation.
Where we collect, hold, use and disclose your personal information to provide our services to Your Organisation, we do as agent for Your Organisation (in other words, as a ‘processor’ on behalf of Your Organisation, who is the ‘controller’ of the personal data as those terms are recognised under the UK GDPR and the EU GDPR). You should refer to the privacy policy of, and other privacy disclosures made by, Your Organisation to understand how your personal information will be processed by Your Organisation and your rights of access and other rights in respect of such personal data.
Where we collect, hold, use and disclose your personal information to provide any services directly to you (including to administer your login and/or personal user account), we do so on our own account (in other words, as a ‘controller’).’
The purposes for which we collect and use your personal information are set out in section 2 (Information we collect).
For our EU-based and UK-based users, we have to tell you about the reasons that we collect and use your personal information – this is called the ‘lawful basis for processing’.
Sometimes, we will ask you for permission to process your personal information in a certain way, including to send you marketing communications. When we process your personal information on the basis of your consent, you have the right to withdraw your consent. You can do so by contacting us at privacy@mosaiq.co or by using the unsubscribe facilities in our communications to you.
Other times, we process your personal information on the basis that we have a legitimate interest in doing so: to provide our App and services to you and to Your Organisation, for the purposes described in section 2 of this privacy policy.
We may also receive information about you from third parties who are permitted to disclose your personal information to us, including Your Organisation.
The collection, use, and disclosure of your personal information by a third party, including Your Organisation, will be governed by the terms and policies that those third parties have in place.
We only use your information in the way described in this notice, or in accordance with applicable privacy law.
In addition, to the other uses we describe in this privacy policy, we may use your personal information:
- to respond to your enquiries and communicate with you;
- to conduct research and statistical analysis on an anonymised basis;
- to provide you with important notices about our App; and
- for any other purposes for which you have given us your permission.
We access and store our data, including any personal information we hold about you, through our systems and servers located in the UK, EU, and our head office in New Zealand.
New Zealand is a ‘white list’ country for the purposes of both the EU GDPR and the UK GDPR, which means that the privacy protections provided by New Zealand law have been assessed as providing ‘adequate’ protections for personal information that is transferred to New Zealand.
Wherever your personal information is transferred, stored, or processed by us, we take reasonable steps to safeguard the privacy and security of your personal information. These steps may include implementing standard contractual clauses where recognised by applicable privacy law, obtaining your consent, or other lawful means of transferring your persona information.
We only share your information in the way described in this privacy policy or as otherwise permitted by applicable privacy law.
In addition to the specific ways we have described throughout this privacy policy, we may also share the personal information we hold about you with:
- Snapper Services Limited, which provides data storage and processing services, product development services to us, and any of or other affiliates;
- service providers who assist and enable us to use information that we hold, for example, to support and improve the functionality of our App, or to help us to communicate with you and other users;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it is necessary to share your information to comply with applicable laws, regulations, orders, or to exercise, establish, or defend our legal rights;
- other people with whom you have permitted, or Your Organisation has permitted on your behalf, us to share you information.
You have the right to:
- request access to personal information that we hold about you; and
- request that we correct personal information.
In addition to the other rights granted to you, if the EU GDPR or the UK GDPR applies to our collection of personal information from you, then you have the right:
- to receive access to your personal information that you have provided to us in a commonly-used machine-readable format;
- to restrict processing of your personal information if a basis for doing so exists under the EU GDPR or the UK GDPR;
- to have any personal information about you erased upon request if it is no longer relevant (the ‘right to be forgotten’);
- to not be subject to a decision based solely on automated processing, including profiling;
- to withdraw your consent to the processing of your personal information, where such consent forms the basis for the processing;
- to lodge a complaint with the appropriate data protection authority.
The security and integrity of your personal information is important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal information from unauthorised access, disclosure, use, and modification.
To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as the pseudonymisation and encryption of personal data, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
We will retain your personal information for the length of time necessary to fulfil the purposes that we have described in this privacy policy, unless a longer retention period is required or permitted by applicable privacy law.
If you have any questions, please contact our privacy office:
- By email, at privacy@mosaiq.co
- By post, at: Level 9, 1 Willis Street, Wellington 6011, New Zealand.
