Privacy Policy

Privacy is given serious importance at Stuart Riddell Portrait Design Limited (“Stuart Riddell”, “we”, “us”). We take steps to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.

We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us. Our General Terms should be read together with this Privacy Policy as the defined terms all share the same meaning. When you access our website and/or engage us to provide any service, including web services, under the General Terms (the “Services”), you automatically consent to the terms of this Privacy Policy and agree to be bound by it and our General Terms. If there is any conflict between this Privacy Policy and the General Terms then the General Terms prevail.

This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.

  1. Collection of Personal Information

    We are a provider of Services to our clients who have agreed to the General Terms. The Services includes the collection and storage of personal information of our clients and other visitors to our website and/or office/s. The information collected from an identifiable individual may include that individual’s name, date of birth, country of residence, IRD number, bank account information, Credit Card details and contact details (physical address, email address, Facebook name and address and landline and/or mobile number or other contact details you provide us). We also collect information about how you use our website (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, information contained in your correspondence with us or survey responses and other information required to provide a service or information you have requested from us.

    We collect and hold such personal information that we may collect directly from you when you:

    • make a request for provision of our Services,
    • become a client and we provide you with the Services,
    • use our website as a client,
    • contact the Stuart Riddell support team,
    • visit our website.

    You may choose to not disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.

  2. We may receive personal information from you about others

    Through your use of the Services, we may also collect information from you about someone else where you have authorised us to do so (for example, by recommending who you think may be interested in our services) or where the information is publicly available.  This could include personal information collected when users you have invited use our Services or website (“User Data”).  If you provide us with personal information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy.

    This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, our identity, and how to contact us.

  3. We collect, hold, and use your personal information for limited purposes

    We collect the personal information to assist us in providing you with the Services that you have requested. This information may be used for purposes including to:

    • verify your identity and undertake credit checks (if necessary),
    • provide the requested Services to you,
    • market our Services and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
    • carry out training of our personnel in relation to the Services,
    • ensure we comply with laws and regulations in applicable jurisdictions,
    • keep open lines of communication with you, including in response to a complaint,
    • send you our bills and to collect any money owing to us. This includes authorising us to process credit card transactions,
    • ensure that you are adhering to our General Terms, and
    • any other use that is authorised by you or relevant privacy laws.

    In the event of a sale, merger, consolidation, liquidation, reorganisation or acquisition, your information may be transferred.

    When we collect and process User Data we act as an agent of you for the purposes of the New Zealand Privacy Act 1993 and any other relevant privacy laws. If applicable, we also act as the data processor for the purposes of the General Data Protection Regulation of the European Union (“GDPR”). Such User Data will only be processed in accordance with this Privacy Policy and in compliance with all applicable privacy laws.

    By using our website or Facebook Page or asking us to provide you with the Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. We will only use your personal information in the ways outlined in this Privacy Policy or if we have your express permission. If you have any personal information related to your engagement with our Services such as a password, it is your responsibility to keep that safe. If you become aware of any breach of your security, you should contact us immediately and change your password.

  4. We can collect your non-personally identifiable data

    When you use our Services, you are agreeing to us accessing, aggregating and using non-personally identifiable data collected from you. This data does not identify you nor any other individual.

    This data may be used to:

    • help us understand how our clients are engaging with our Services and website, for example, the busiest days of the month, quantity and timing of payments and most popular web pages;
    • provide clients with further information regarding the uses and benefits of our Services;
    • increase business productivity as the aggregated data can provide relevant business insights; and
    • otherwise improve our website and Services.
  5. Transfer and storage of personal information

    All information that you provide to us or is entered into our website or Facebook Page or collected from your visiting our website or Facebook Page is automatically transferred to the Stuart Riddell servers. When you use our Services, you consent to your personal information being held by our servers as outlined in this Privacy Policy.

    As at the date of this Privacy Policy, our servers are located in New Zealand, hosted by Stuart Riddell Portrait Design Ltd and supported by Spark Digital and in the Cloud, hosted by Microsoft Azure and Microsoft Office 365 and supported by Spark Digital. Your personal information will be transmitted through and stored on, those servers as part of the Services. In addition to this, we have backups that are stored on the premises and offsite backups stored in Auckland. If the location of our servers changes in the future, we will update this Privacy Policy. We would encourage you to frequently review our Privacy Policy so you are aware of any changes.

    We are based in New Zealand and may access your personal information from New Zealand or overseas when travelling outside New Zealand. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection. This decision provides our basis for transferring personal information to New Zealand.

    By providing your personal information to us, you consent to us storing your personal information on servers hosted by us and accessing your personal information from New Zealand or overseas when travelling outside New Zealand using a secure encrypted connection. If your personal information is stored on servers located in other countries, it will remain within our effective control at all times. The server host’s role is limited to providing a hosting and storage service to us, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.

    If you are not comfortable with your personal information being transferred to a server in another jurisdiction, you should not provide us with your personal information or use our website.

  6. We are committed to protecting your personal information

    At all times, we will work to ensure that we are taking all the steps to protect your personal information. The information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all data transferred between you and the website for the provision of the Services is encrypted.

    Despite our best efforts, the internet itself cannot be trusted as a secure environment. Consequently, we are unable to give an absolute promise that your information will always be safe. Sharing of personal information over the internet is to be done at your own risk. You should only give out your personal information to the website within a secure environment.

    If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.

  7. We will only release your Personal Information in limited circumstances

    With the exception of the images we create, the personal information which you provide to us will only be disclosed if it is necessary, appropriate and achieves the outcome for which you engaged our Services and as outlined in our General Terms.

    Unless there is a sale, merger, consolidation, liquidation, reorganisation or acquisition, we will only disclose your personal information to a third party if we have your express consent. It is important to note however, that we may have to do so without your consent to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, required by law. If it is possible and appropriate, we will endeavour to notify you to let you know this has occurred.

    Your personal information is not controlled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.

    Our advertising and analytics partners may receive information about your use of our website through cookies, web beacons and similar storage technologies. More information on this can be found in the Cookies section of this Privacy Policy.

  8. We store your credit card details

    Your credit card details are encrypted and securely stored by us and/or our chosen payment provider. This enables us to automatically bill your credit card on a recurring basis if requested by you.

  9. Requesting access to your personal information excluding images

    It is up to you to ensure that the personal information you provide is accurate, complete and up-to-date. Unless there are certain legal grounds for refusing, you may ask to access the personal information we have that is readily available. You may also ask us to update or correct any information we have about you. This may be done by requesting in writing and sending it to us at Private Bag 94202, Howick, Auckland 2145 or by email to portraits@stuartriddell.co.nz. You will need to prove that you are the individual to whom the personal information relates.

    We will process your request as soon as reasonably practicable, unless there are legal grounds preventing us from doing so. We will explain why if we are unable to do so. One example for refusal would be if access would unreasonably impact the privacy of another individual. If you request a correction and we have to refuse, reasonable steps will be taken to note down that you requested that correction.

    If appropriate and reasonable, we may charge you the cost of providing and/or correcting your personal information.

    Your personal information will only be kept for as long as it is needed. There may be circumstances however where we have to keep the information for a specified amount of time to meet various legal and reporting requirements.

  10. We use cookies

    A cookie is a small text file that is stored on your computer for record-keeping purposes. It does not identify you personally or contain any other information about you but it does identify your computer. Our website uses these cookies.

    Along with some of our affiliates and third-party service providers, we may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on our website. Amongst other purposes, these can be used to track how the website is being used and the level of engagement with ads.

    You have the ability to get your browser to send you an alert when you receive a cookie. This then gives you the chance to accept or reject it. If you refuse a cookie, this can have a negative impact on how the website is used or functions. Note, we do not respond to or honour “Do Not Track” requests at this time.

    Performance and targeting cookies may be used when you visit our website.

    Performance cookies serve to collect information on how you use the website. This can tell us about our most popular pages, and if you have received any error messages while on the pages. No identifying personal information is gathered via these cookies. Instead, these cookies only work to improve the usage of the website. As a result of the cookies, we may be sent reports showing aggregate numbers and trends from third party analytics partners.

    Alternatively, targeting cookies provide you with personalised advertisements that are related to you and your interests. They can determine how often you see a particular advertisement and can measure whether the advertising campaign has been effective. They will remember that you have visited the website and may share this information with other parties such as advertisers. As a result, you may see advertisements about our Services in other areas of the internet. When you use our website, third party providers may display advertisements relevant to your interests. This information will have been generated by your previous use of the website and other browsing history. Your browser collects information about your internet use. Third party providers then use this information to place ads on websites throughout the internet that may relate to you and your interests.

    It is possible to opt-out of targeted advertising at http://www.youronlinechoices.eu/.  You can learn more about interest-based advertising and opt out of interest-based advertising from participating online advertising companies at the following links:

    Digital Advertising Alliance EU (EDAA) – http://www.youronlinechoices.com/

    DAA AppChoices page – http://www.aboutads.info/appchoices

    Network Advertising Initiative (NAI) – http://optout.networkadvertising.org/

    Digital Advertising Alliance (DAA) – http://optout.aboutads.info/

    You should be aware that opting out will not stop the advertising all together. You will instead be served with generic ads.

  11. You may opt out of any email communications

    We use email to send out information relating to billing, marketing our services and general communication. There are clear instructions on the emails explaining how to remove yourself from our mailing list. If you choose to opt out, this will not remove you from receiving emails about breaches (if relevant) or overdue accounts or any changes to the Privacy or General Terms policies.

  12. Your responsibility in transferring your data to third-party applications

    Our website may have links or ads that get you to follow a link to a third-party application or website.  It is your responsibility to be vigilant when giving out personal information on these links as we have no control, and take no responsibility for these websites and applications.

  13. Privacy complaints process

    If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation:

    We will:

    • Send you an initial response to your query or complaint within ten (10) business days; and
    • Look into and seek to resolve the issue within twenty (20) business days. If necessary, we may need a longer period to do this but will notify you of this delay.
  14. This Privacy Policy may be updated

    We reserve the right to change this Privacy Policy at any time. The amended Privacy Policy will be considered effective as soon as it is posted to this website.  If you continue to access and use our website and/or receive our Services, you will be considered to have accepted the amended Privacy Policy.

This Privacy Policy was last updated on 3 August 2020.