Skip to main content

Privacy Policy

1. INTRODUCTION
365 Ventures Limited (NZCN 8266340) and its subsidiary companies, including but not limited to Safe365 Limited (NZCN 5906372), Safe365 Global (UK) Limited (UKCN 12087969), and Safe365 (Australia) Pty Limited (ACN 646 551 877) (referred to herein, as applicable, as “365 Ventures”) take privacy very seriously.

365 Ventures operates and provides various self-assessment services via platforms, apps and websites, including, but not limited to the following (referred herein as the “365 Ventures Services”):

a) the online health and safety self-assessment and continuous improvement service known as ‘Safe 365” which is accessible at https://be.safe365.co.nz and other various platforms and domains controlled by 365 Ventures and/or its subsidiary;

b) the online health and safety self-assessment service in connection with ‘Totika Pre-Qualification’, which is accessible at https://www.qualify365.co.nz and other various platforms and domains controlled by 365 Ventures and/or its subsidiary;

c) the online organisational wellbeing self-assessment service in connection with ‘Totika Pre-Qualification’, which is accessible at https://app.workwell365.com and other various platforms and domains controlled by 365 Ventures and/or its subsidiary;

d) the custom solutions developed under 365 Ventures Platform-as-a-Service (PaaS) using the 365 Ventures maturity index technology; and

e) any other solutions, services and/or products developed by 365 Ventures which uses or otherwise applies the 365 Ventures ‘Maturity Index’ (being the index developed and owned by 365 Ventures which provides a clear, easy to communicate score of where a Subscriber’s business sits in connection with a 365 Ventures Service assessment).

This Privacy Policy (“Policy”) applies to all 365 Ventures Services that 365 Ventures owns and operate. For the purposes of this Policy “Subscriber” and “You” means any person that subscribes with 365 Ventures to use or have access to a 365 Ventures Service. We have prepared this Policy to ensure that we communicate with all Subscribers and authorised users of the 365 Ventures Services, in the clearest way possible, how we treat personal information. We encourage You to read this Policy carefully. It will help You make informed decisions about sharing Your personal information with us.

365 Ventures Limited is responsible for these services. If you are in the United Kingdom or the European Union, the controller of Your personal information will be Safe365 Global (UK) Limited.
In relation to some of our self-assessment services, your employer may be a Controller in relation to Your Personal Information. If you have any questions in relation to who controls your personal information or how you can exercise your rights, please see our contact details at the end of this Policy.

2. SCOPE
This Policy applies to all Subscribers and authorised users of any 365 Ventures Service.

3. PRIVACY OBLIGATIONS
365 Ventures complies with the privacy laws applicable to the jurisdiction of the Subscriber when dealing with personal information of each Subscriber.  This policy sets out how we will collect, use, disclose and protect your personal information.

4. PERSONAL INFORMATION
When You use/access a 365 Ventures Service you may from time to time provide us with Your own materials, content and related data and information.  Such information can include personal information. Personal information is information about an identified or identifiable individual, and may include information such as the individual’s name, email address, telephone number, age or birthdate, occupation, details of the services you have purchased from us and any other information relating to You.

Your credit card details do not come within the scope of personal information that will be stored. If You choose to (and have authority to) pay for a 365 Ventures Service by credit card, Your credit card details are not stored by 365 Ventures and cannot be accessed by 365 Ventures staff. Your credit card details are encrypted and securely stored by www.braintreepayments.com (a Paypal Company) to enable 365 Ventures to bill your credit card automatically on a recurring basis. You can review Braintree Payments Privacy Policy to ensure you are happy with it.

5. COLLECTION OF PERSONAL INFORMATION
365 Ventures may collect personal information about You when You:

  • register to use/access any 365 Ventures Service;
  • use any 365 Ventures Service;
  • post to any 365 Ventures Service Community forum or on our blog;
  • contact the 365 Ventures support team;
  • visit any 365 Ventures Service website, platform and/or App; and
  • apply for employment with us (and/or applying to become a contractor with us).

We may also collect Your personal information through a third party if they provide Your personal information to us when using/accessing a 365 Ventures Service (see the section headed “Consent to Provide Personal Information from Third Party” below)

If You apply for a job with us or You are an employee, we may collect:

  • for example, Your full name, contact details (including address, phone number and email address), job title, passport details, employment history and education details, names and contact details of referees, next of kin details (in the event of an emergency) and superannuation fund and Tax File Number details, if required by law, for example, under the Kiwisaver Act 2006, Superannuation Guarantee (Administration) Act, the Superannuation Industry (Supervision) Act, Income Act 2007, the Income Tax Assessment Acts and Taxation Administration Act; and
  • Your personal information from recruiters or referees or from background check providers (with your consent if a background check is relevant to the role for which you are applying).

You can always choose not to provide Your personal information to 365 Ventures (or to give consent to a third party to provide Your personal information to us), but it may mean that we are unable to provide You with the relevant 365 Ventures Service.

6. CONSENT TO PROVIDE PERSONAL INFORMATION FROM THIRD PARTY
Through Your use of a 365 Ventures Service, 365 Ventures may also collect information from You about someone else. If You provide 365 Ventures with personal information about someone else, You must ensure that You are authorised to disclose that information to 365 Ventures and that, without 365 Ventures taking any further steps required by applicable data protection or privacy laws, 365 Ventures may collect, use and disclose such information for the purposes described in this Policy.

This means that You must take reasonable steps to ensure the individual concerned is aware of and, where applicable, consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, 365 Ventures’ identity, and how to contact 365 Ventures.

Where requested to do so by 365 Ventures, You must also assist 365 Ventures with any requests by the individual to access or update the personal information You have collected from them and entered into the relevant 365 Ventures Service.

7. USE OF PERSONAL INFORMATION
365 Ventures collects Your personal information so that we can provide You with access to the 365 Ventures Services and any related services that You may request. In doing so, 365 Ventures may use the personal information it has collected from You for purposes related to the relevant 365 Ventures Service including to:

  • verify Your identity;
  • administer the 365 Ventures Service;
  • notify You of new or changed services offered in relation to the 365 Ventures Services;
  • carry out marketing or training relating to the 365 Ventures Services;
  • assist with the resolution of technical support issues or other issues relating to the 365 Ventures Services;
  • comply with laws and regulations in applicable jurisdictions;
  • communicate with You, and
  • manage our business.

For individuals in the United Kingdom or the European Union (and where applicable in New Zealand), the following lawful bases apply to our processing of Your personal information:

  • In relation to our delivery, administration and maintenance of the 365 Ventures Services, our lawful basis is ‘Legitimate Interests’. Where we process Your personal information on the basis of ‘Legitimate Interests’, we have balanced Your rights and freedoms against our legitimate interests, or those of any third parties, and determined Your rights are not infringed. Our legitimate interests relate to our commercial interests and our need to operate our business. Some typical examples of our legitimate interests include maintaining the security of our system, conducting data analytics, responding to Your communications, enhancing, modifying or improving our services and identifying usage trends.
  • In relation to marketing, our lawful basis is consent. Where required to do so, we will obtain Your consent before sending you marketing. You have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw Your consent.
  • In relation to account administration, including billing, our lawful basis is ‘contractual necessity.’ Where we process Your personal data for the purposes of fulfilling a contract with you, it will be a requirement for you to provide some personal information (particularly contact information). If you do not provide us with this personal information we may not be able to conclude the contract with you.

If You are a job applicant, employee, or contractor with 365 Ventures, we will use Your personal information to assess Your application for employment and for purposes relating to Your engagement, training, performance management, payroll, superannuation, health, and safety and for administration and staff management purposes. Where we consider it appropriate, we may also conduct background or reference checks (or engage a third party to do so on our behalf).

We may send you marketing communications and information about products and services that we consider may be of interest to You. These communications may be sent in various forms, including but not limited to, mail, SMS or email, in accordance with and subject to applicable marketing laws in Your jurisdiction.

If at any stage, You no longer wish to receive these notifications You may opt-out of receiving marketing communications from us by using the opt-out facilities provided (e.g., an unsubscribe link in a promotional email) or contacting us at support@safe365global.com.

We do not provide Your personal information to other organisations for the purposes of direct marketing unless expressly authorised by You.

365 Ventures will only use Your personal information for the purposes described in this Policy or with Your express permission.

It is Your responsibility to keep Your passwords to access the 365 Ventures Services safe. You should notify us as soon as possible if You become aware of any misuse of Your password, and immediately change Your password within the 365 Ventures Service or via the “Forgotten Password” process.

If You receive communications from us that You believe have been sent to You other than in accordance with this Policy, or in breach of any applicable law, please contact us.

8. DATA HOSTING PROVIDER/SHARING INFORMATION OVERSEAS
365 Ventures uses Microsoft Azure as its data hosting provider and, as applicable hosts access to 365 Ventures Services on servers located in Australia. If you are located in Australia then Your personal information will be stored on servers in Australia.

You are located in the United Kingdom, we will store Your personal information on servers located in the United Kingdom (with Microsoft Azure).

For all subscribers, other than United Kingdom subscribers, Your personal information will be stored on servers in Australia. You can review Microsoft Azure’s Privacy Policy to ensure You are happy with it.

This means that, for European Union subscribers, Your data will be transferred to servers in Australia. Regardless of where Your personal information is stored, we treat all personal information in line with applicable law, and this Policy. in the case of transfers to Australia, transfers are made using approved contractual safeguards. You can contact us if you would like a copy of these safeguards.

While Your personal information will be stored on servers located in Australia or United Kingdom, it will remain within 365 Ventures effective control at all times. The data hosting provider’s role is limited to providing a hosting and storage service to 365 Ventures, and we’ve taken steps to ensure that our data hosting provider does not have access to Your personal information. They do not control and are not permitted to access or use Your personal information, except for the limited purpose of storing the information. This means that, for the purposes of Australian and New Zealand privacy legislation and Australian and New Zealand users, 365 Ventures does not currently “disclose” personal information to third parties located overseas. For the avoidance of doubt, where You are located in the United Kingdom or the European Union, such information will be stored, used and accessed in accordance with General Data Protection Regulations (i.e. GDPR).

If You do not want Your personal information to be transferred to a server located in Australia or, where applicable, in the United Kingdom, You should not provide 365 Ventures with Your personal information or use the 365 Ventures Service.

If 365 Ventures shares Your information with agencies outside of your Jurisdiction, it will ensure that the overseas agencies comply with the privacy laws in your jurisdiction or otherwise seek Your consent.

9. DISCLOSURE OF PERSONAL INFORMATION
365 Ventures will only disclose the personal information You have provided to us to entities outside the 365 Ventures group of entities if it is necessary and appropriate to facilitate the purpose for which Your personal information was collected pursuant to this Policy, including the provision of the 365 Ventures Services.

From time to time, we need to share Your personal information with third parties, for example, with:

  • Suppliers, including those who help us to manage our technology systems, including our customer management system and our workflow systems.
  • Payment gateway providers, who we engage to process payments.
  • Third parties providing professional services to us (for instance, our accountants, legal advisors, recruitment agencies).

Where we share Your personal information with third parties, we take steps to ensure that they protect Your personal information and treat it carefully.

Your personal information may also be transferred to other third parties (where permitted under applicable law) if we sell, merge, purchase or transfer any part or all of our business or assets. If a change happens to our business, then the new owners may use Your personal information in the same way as set out in this privacy policy.

365 Ventures will not otherwise disclose Your personal information to a third party unless You have provided Your express consent. However, You should be aware that 365 Ventures may be required to disclose Your personal information without Your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities. Where possible and appropriate, we will notify You if we are required by law to disclose Your personal information.

10. TRANSFER OF INFORMATION TO THIRD PARTY APPLICATIONS
The 365 Ventures Services may allow You to transfer Your own materials and content (and other related information and data), including Your personal information, electronically to and from third-party applications.

We advise the service providers of these third-party applications to protect Your information against unauthorised use or disclosure.

Some of these service providers may be located overseas. We take reasonable steps to ensure that the overseas recipients of Your personal information do not breach the privacy obligations relating to Your personal information.

We do not provide Your personal information to other organisations for the purposes of direct marketing unless expressly authorised by You.

You are responsible for checking the privacy policy of any such applications so that You can be informed of how they will handle personal information.

11. PROTECTING YOUR PERSONAL INFORMATION
365 Ventures is committed to protecting the security of Your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all of Your material/content transferred between You, and the relevant 365 Ventures Service is encrypted.

However, the Internet is not in itself a secure environment, and we cannot give an absolute assurance that Your information will be secure at all times. Transmission of personal information over the Internet is at Your own risk.  You should take steps only to enter, or instruct the entering of, personal information to the Service within as secure an environment as possible.

We will advise You at the first reasonable opportunity upon discovering or being advised of a security breach where Your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.

12. YOUR RIGHTS
It is Your responsibility to ensure that the personal information You provide to us is accurate, complete and up-to-date. You may request access to the information we hold about You, or request that we update or correct any personal information we hold about You, by setting out Your request in writing and sending it to us at support@safe365global.com.

If you are in the United Kingdom or the European Union, You also have the following rights:

  • Right to request deletion of Your personal information: You have the right to request that we delete Your personal information, particularly where we no longer need to retain it.
  • Right to object to our use of Your personal information: For instance, You may object to our use of Your personal information for marketing purposes, and You can request that we stop using Your personal information for this purpose.
  • Right to restrict our use of Your personal information: For instance, if You believe that personal information we hold about You is inaccurate, You can request that we do not use Your personal information until we have verified the accuracy or corrected Your personal information.
  • Right to request data portability: You can request that we transmit to another organisation all personal information You have provided to us in a structured, commonly used, and machine-readable format, where technically feasible.

365 Ventures will process Your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet Your request, we will provide You with a written reason for our decision. For example, it may be necessary for us to deny Your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process Your request in the manner You have requested. In some circumstances, it may be necessary for us to seek to arrange access to Your personal information through a mutually agreed intermediary (for example, the Subscriber).

Where we are not the controller of Your personal information, we will refer your request to the appropriate contact at the controller, if we are able to do so.

13. RETENTION OF PERSONAL INFORMATION
We’ll only keep Your personal information for as long as we require it for the purposes of providing You with the Service. However, we may also be required to keep some of Your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting.

14. USE OF NON-PERSONALLY IDENTIFIABLE DATA AND COOKIES
By using the Service, You agree that 365 Ventures can access, aggregate and use non-personally identifiable data 365 Ventures has collected from You. This data will in no way identify You or any other individual.
365 Ventures may use this aggregated non-personally identifiable data to:

  • assist us to understand better how our customers are using the 365 Ventures Services;
  • provide our customers with further information regarding the uses and benefits of the 365 Ventures Services;
  • enhance small business productivity, including by creating useful business insights from that aggregated data and allowing You to benchmark Your business’ performance against that aggregated data, and otherwise, to improve the 365 Ventures Services.

An example of non-personally identifiable data is cookies. In providing the 365 Ventures Services, 365 Ventures utilises cookies.

Cookies are small data files that are stored on a user’s hard drive at the request of a Website to enable the site to recognise users who have previously visited them and retain certain information such as customer preferences and history. When You visit our Site, some information is automatically collected through the use of log files, such as Your computer’s Internet Protocol (IP) address, Your computer’s operating system, the browser type, the address of a referring web site and Your activity on the Site. We use this information for purposes such as analysing trends, administering the Sites, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use. We also automatically collect certain information through the use of “cookies.”

We and some of our affiliates and third-party service providers may use a combination of “persistent cookies” (cookies that remain on Your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when You close Your browser) on any websites, platforms and applications, which comprise the 365 Venture Services to, for example, track overall site usage, and track and report on Your use and interaction with the Service.

We use the following Cookies:

Cookie Provider Cookie Type Purpose
Google Tag Manager Performance Cookie Analytics management
Google Analytics Performance Cookie Anonymous tracking of website performance and usage. Understanding how people are using the website to help improve the user experience.
Hotjar Performance Cookie Anonymous view of consumer usage of website. Records browsing across website detailing pages visited, elements engaged with etc.
Facebook Pixel Performance Cookie Audience data capture for tailored ad content delivery via Meta platforms (Facebook, Instagram)
Google Ad Pixel Performance Cookie Audience data capture for tailored ad content delivery via via Google Ad networks (both SEM and Display)
LinkedIn Ad pixel Performance Cookie Audience data capture for tailored ad content delivery via LinkedIn platform

If You wish to block, erase, or be warned of cookies, please refer to Your browser instructions or help screen to learn about these functions. You can find more information about deactivating here. However, if a browser is set not to accept cookies or if a user rejects a cookie, this may alter user experience on the 365 Venture Services platform, website and app.

15. EMAIL CORRESPONDENCE
365 Ventures sends billing information, product information and 365 Ventures Service updates and notifications to You via email. Our emails will contain clear and obvious instructions describing how You can choose to be removed from any mailing list not essential to the 365 Ventures Services. 365 Ventures will remove You at Your request.

16. COMPLAINTS
If You wish to complain about how we have handled Your personal information, or have any questions or concerns about this Policy, please contact our Privacy Officer with full details and any supporting documentation:

  • by e-mail at support@safe365global.com, or
  • by letter to The Privacy Officer, 365 Ventures Limited, Level 1, 17 Falcon Street, Parnell, Auckland 1052, New Zealand.

Our Privacy Officer will endeavour to provide an initial response to Your query or complaint within 10 business days and investigate and attempt to resolve Your query or complaint within 30 days or such longer period as is necessary and notified to you by our Privacy Officer. If You are located in Australia and You are not satisfied with our response to Your complaint, You may make a complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.

If You are located in the United Kingdom, You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the United Kingdom regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with Your concerns before you approach the ICO so please contact us in the first instance.

If You are located in the European Union, You have the right to make a complaint at any time to the data protection regulator in the country in which you are based. We would, however, appreciate the chance to deal with Your concerns before you approach the regulator so please contact us in the first instance.

17. CHANGES TO THIS POLICY
365 Ventures may change or update this Policy from time to time.

Any amended Policy will take effect from the date that we post it via the 365 Ventures Services. However, where changes to the Privacy Policy are material, 365 Ventures will provide You with reasonable notice of the changes via email or notification via the 365 Ventures Services before the changes take effect.

This Policy was last updated on 27 September 2023.

This policy is effective 25 October 2023. The previous Privacy Policy may be accessed here.