Last updated on 13 July 2021
This Policy applies to all Personal Information processed by ImpactLab. It describes the categories of Personal Information we gather, how we use it, how we share it with others, how we protect it and how you can access and control it.
If you have any queries about this Policy or our data protection processes, please get in touch with us using the contact form on our website.
In this Policy, unless the context otherwise requires:
Administrator means any individual acting on behalf of a Client that has certain elevated permissions or decision making in respect of the Services provided to the Client.
Authorised User means any individual who is invited by an Administrator to:
Client means any organisation that engages us for our Services. Clients are typically either:
Data Protection Laws means the data protection and privacy laws applicable to the processing of Personal Information that we are legally obliged to comply with, including the Privacy Act.
Impact Lab, we, us, our means Impact Lab Limited (New Zealand company number 7233576).
Personal Information has the meaning given to that term in the Privacy Act.
Policy means this Privacy Policy.
Privacy Act means the New Zealand Privacy Act 2020.
Services means the products and services provided by ImpactLab to its Clients, including the “GoodMeasure” information and dashboard accessible via our Website and any “GoodMeasure” report.
Websites means any website operated by ImpactLab, including https://impactlab.co.nz/.
When a Client engages us we collect Personal Information about the Administrators and Authorised Users, including:
Identity Information (first and last name);
Contact Information (email address and phone number); and
Profile Information (business name and address, job title, level of permissions in respect of the Services, a record of our correspondence, preferences and feedback in respect of the Services).
We may also collect Identity, Contact and Profile Information about individuals connected with prospective Clients, including from individuals contacting us using the form on our Website.
When Administrators and Authorised Users access and use the Services provided via our Websites, we collect Personal Information through cookies (or similar technologies) and other tracking technologies including:
Technical Information (IP address, device information, the date and time, location information); and
Usage Information (logins, page views, usage of specific features and errors).
We may also collect Technical and Usage Information about individuals that visit the publicly available sections of our Websites.
We may combine and analyse the information that we have collected (including via Google Analytics). This analytical information is collated in such a way so that it no longer reflects any individual Administrator, Authorised User or Website visitor, and is therefore not considered Personal Information. For example, we may aggregate Usage Information to calculate the percentage of users accessing a specific Service feature.
Except in exceptional circumstances, we will not ask Clients to provide us with the Personal Information of individuals who participant in the programmes run by Service Providers (Participants).
The information Clients provide to us (Service Provider Data) will be derived from the Personal Information of Participants. However, prior to sharing the Service Provider Data with us, Clients must collate or aggregate information in such a way that no Participant can be identified within the data. Therefore, the Service Provider Data is not considered Personal Information.
The non-personal Service Provider Data, together with other non-personal information available to us from third-party sources, forms the basis of the Services we provide to our Clients.
We may ask Clients to provide photographs that can be used to make our Service reports more compelling and memorable. To the extent that an individual is identifiable within the image (which may include Participants), the photograph and any inferences that can be drawn from the photograph’s context within the report shall be considered that individual’s Personal Information and subject to this Policy.
ImpactLab has no direct relationship with any person other than Administrators and Authorised Users. For that reason, to the extent Impact Lab is provided with any person’s Personal Information, the Client is solely responsible for:
We will only use Personal Information for:
We use Personal Information in order to provide the Services to our Client, including account creation and authentication for Administrators and Authorised Users.
We use your contact Personal Information in order to communicate with you about our Services. For example, we send you emails for confirmations, customer support, updates to the Services, technical notices and security notifications.
When you fill out a contact form on our Website, we use the contact Personal Information to get in touch with you to resolve your query.
We may use your Personal Information in order to send promotional information to you that may be of specific interest to you. Our goal is to make the communication as meaningful as possible for you.
We continuously improve our Services and may use your Personal Information for this purpose. For example, we may track how you use and navigate through our Websites and Services, and how and if you use a specific feature.
We use your Personal Information to protect the safety and security of our Websites and Services. For example for verifying your account, detecting fraudulent activities and anything else that would make our Services more secure.
We will not sell or rent your Personal Information to anyone.
We may work with third-party service providers for various ImpactLab organisational tasks, including billing, marketing, customer relationship management and support, data analytics, accounting, data hosting and designers.
If we transfer your Personal Information to a third-party service provider, we will make sure that the service provider only processes the data based on our instructions and guarantees the same privacy safeguards as we do.
We may share Personal Information in the case of any merger, sale, financing or acquisition of a part or the whole of our business. We will notify you accordingly in case this situation should arise.
We will share your Personal Information with a third party (including law enforcement authorities) if we believe that sharing is necessary to comply with any applicable law or governmental request.
We are committed to protecting the security of your Personal Information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure.
Measures that may be taken include the following:
We have put in place procedures to deal with any suspected Personal Information breach and we will advise affected individuals and any applicable regulator upon discovering or being advised of a security breach where we are legally required to do so.
We will only retain Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for. To determine the appropriate retention period, we consider:
We keep Personal Information connected to a Client’s account for the term of the Client’s engagement with us. On the date that is 12 months after the end of the engagement period, we will either delete the Personal Information connected to the Client’s account or anonymise the information (so that the data is no longer considered Personal Information).
We may retain your Personal Information for a longer period:
Under the Privacy Act, you have the right to:
If you wish to exercise your rights, please contact us using the information provided at the beginning of this Policy. We may require you to provide verification of your identity. Any such requests will be replied to within 30 days. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
ImpactLab reserves the right to change this Policy. We will provide notification of material changes through our website at least 14 days prior to the change taking effect. Your continued use of the Websites and Services after the update has become effective indicates that you have read, understood and agreed to the new version of this Policy.
We help impact organisations know, show and grow their social impact. Let’s work together to do good, better!