Mosaiq Insights

Last updated: 6 March 2023

1. About us

We are Snapper Services Limited (‘we’, ‘us’, ‘our’), a company incorporated in New Zealand (company number 1891262).

Our registered office is Level 9, 1 Willis Street, Wellington, 6011, New Zealand.

2. What’s covered in this privacy statement

This privacy statement sets out:

what information we might collect about you when you use our web application known as ‘Mosaiq Insights’;
how we might use that information;
where we store that information;
who we might share that information with; and
your rights in connection with that information.

When we refer to:

‘New Zealand privacy law’ in this privacy statement, we’re referring to the law that applies to our collection, use, storage, and disclosure of personal data, including the Privacy Act 2020.
‘other applicable privacy law’, we mean legislation in other jurisdictions that may apply to our provision of the services to you, such as (where applicable):

the European Union General Data Protection Regulation (EU) 2016/279 (the EU GDPR); and/or
the UK Data Protection Act 2018 (and the legislation falling within the definition of ‘applicable data protection legislation’ under the UK Data Protection Act 2018 (together, the UK GDPR)).

‘personal data’, we mean data about, or relating to, an identified or identifiable individual, and otherwise the meaning given to the term ‘personal information or to the term ‘personal data’ by New Zealand privacy law and/or other applicable privacy law; and
‘processing’, we mean any operation or set of operations that is used or personal data, whether or not be automated means.

We are the ‘controller’ of the personal data that we collect from you through Mosaiq Insights.

3. Information we collect

We may collect the following information from you when you interact with us through Mosaiq Insights:

Personal data collected

Your name, email address, and/or phone number.

When collected

When it is provided to us by a system administrator with user account management privileges via our web application.

‍‍

Why collected/Legal basis for processing

So that we can identify you and communicate with you.

We have a legitimate interest in doing so, to enable us to offer our services to you in a secure and consistent manner.

Your interactions with our services, such as how you interact with our web application (which may include screen recording and enhanced logging).

When collected

When you provide it to us over the course of our interactions with you, or we otherwise collect it from you while you are using our web application.

‍

Why collected/Legal basis for processing

So that we can understand the usage of and improve our services and offerings, including to debug the web application and/or understand usage behaviour.

We have a legitimate interest in doing so, to enable us to offer our services to you in a secure and consistent manner.

All personal data we collect about you, including the above.

When collected

The circumstances described above, and otherwise during your interaction with us.

‍

Why collected/Legal basis for processing

For the purposes set out in paragraph 8 (Other use of your information).

We have a legitimate interest in doing so, to enable us to offer our services to you in a secure and consistent manner and/or to exercise our legal rights.

You don’t have to give us your information. But if you do not provide us with information, we may not be able to provide you with our services or information about our services.

4. Information others give us

We may receive your personal data from other persons, including the administrator who is responsible for your organisation’s access to Mosaiq Insights.

The collection and use of your information, and disclosure of your information to us by a third party will be subject to that third party’s terms and policies.

5. Information you give us about other people

We may collect information about someone else from you.

If you do provide us with someone’s personal data, you must make sure you have that person’s authority to do so and you must make sure that person knows that their information may be used by us in the circumstances set out in this privacy statement.

6. Cookies

Cookies are pieces of information that are automatically downloaded to your computer or mobile device when you use our web application.

We use cookies in our web application to identify you automatically, as well as to help us understand general behaviour and traffic in our web application.

7. Additional collection

We may gather more extensive information about your interactions with Mosaiq Insights, if we are concerned about abnormal web application usage patterns or security breaches.

8. Other use of your information

We only use your information in the way described in this privacy statement, or if we’re permitted or required to do so under New Zealand privacy law and/or other applicable privacy law.

In addition to the specific ways that we use your personal data outlined above in paragraph 3, we may also use your personal data to:

respond to your enquiries and communicate with you;
support you in using Mosaiq Insights;
provide you with important notices and information about Mosaiq Insights and other services we offer;
improve our services and the functionality of Mosaiq Insights, including testing new or modified functionality.

We might also combine data or information that we have collected about you, with the information we collect from others, for the purposes described in this privacy statement.

9. Where your personal data is held

Our service providers may store your information on our behalf (for instance, the service providers described in paragraph 10 (Transferring your personal data).

We may also hold your personal data ourselves – for instance, on servers or in physical files located on our premises in New Zealand. New Zealand is a ‘white list’ country for the purposes of both the EU GDPR and the UK GDPR, which means that the privacy protections provided by New Zealand law have been assessed as providing ‘adequate’ protections for personal data transferred to New Zealand.

Some of the personal data that we collect in respect of you is hosted on our behalf on servers maintained by our service providers, including by:

Amazon Web Services, Inc at its data centres in Australia, Ireland and/or the United States;
Posthog, Inc at its data centres in Frankfurt, Germany;

Wherever your personal data is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal data. These steps may include implementing standard contractual clauses where recognised by law, obtaining your consent, or other lawful means of transferring personal data.

10. Transferring your personal data

In addition to the specific ways that we’ve described throughout this privacy statement, we may also transfer the personal data we hold about you for the purposes contemplated by this privacy statement or as otherwise permitted by New Zealand privacy law.

In particular, we may transfer your personal data with the following persons, who will process that personal data on our behalf:

Amazon Web Services, Inc who we use to store and process your personal data;
Posthog, Inc who we use to store and process your application usage data in conjunction with your personal data;
our professional advisors, contractors, service providers, business associates, and others who have agreed to treat your personal data in accordance with this privacy statement;
our other service providers.

We will not transfer or disclose your personal data to any other person for that person to process your personal information for their own purposes, unless and to the extent that we are permitted or required to do so by New Zealand law and, to the extent relevant, other applicable privacy laws.

11. Your rights, and how to contact us

You have the right to request access to, and correction of, the personal data that we hold about you.

In addition to the other rights granted to you, if the EU GDPR or the UK GDPR applies to our collection of personal data from you, then you have the right:

to obtain the rectification of inaccurate personal data concerning you and, taking into account the purposes of our processing, the completion of any incomplete personal data;
to receive access to your personal data that you have provided to us in a commonly-used machine-readable format;
to restrict processing of your personal data if a basis for doing so exists under the EU GDPR or the UK GDPR;
to have any personal data about you erased upon request if it is no longer relevant (the ‘right to be forgotten’);
to not be subject to a decision based solely on automated processing, including profiling;
to withdraw your consent to the processing of your personal data, where such consent forms the basis for the processing;
to lodge a complaint with the appropriate data protection authority.

12. How to contact us

If you would like to exercise your rights, or otherwise contact us in relation to our privacy practices, please contact our privacy officer:

By post, at:
Attention: Privacy Officer
Snapper Services Limited
PO Box 11454
Manners Street
Wellington 6142
New Zealand
By email, at privacy@mosaiq.co

13. Retention period

We will retain your personal data for the length of time necessary to fulfil the purposes that we have described in this privacy statement, unless a longer retention period is required or permitted by law.

14. Keeping us updated

It’s important to us that the personal data that we hold about you is accurate and complete. Please let us know as soon as possible if you think we may need to make changes to that information.

15. Changes to this privacy statement

We may make changes to this privacy statement from time to time by publishing an updated version of this statement on our web application.