We understand that completing transactions online and providing personal information involves a great
which Safe Surfer (Safe Surfer, we,
our, or us) will collect, use, disclose, and keep secure: (i) the data
you provide to us via telephone, email, facsimile, or mail; and (ii) the information we collect through
use of the Safe Surfer services, apps, and websites.
We comply with applicable privacy and data protection laws including the New Zealand Privacy Act 1993 (NZPA), the General Data Protection Regulation of the European Union (GDPR), and the California Consumer Privacy Act 2018 (CCPA) when dealing with personal information.
This policy does not limit or exclude any of your rights under applicable privacy and data protection laws, including the NZPA, GDPR, or CCPA. For further information on the New Zealand Privacy Act 1993, see www.privacy.org.nz. For further information on the GDPR, see https://ec.europa.eu/info/law/law-topic/data-protection_en. For further information on the CCPA, see https://oag.ca.gov/privacy/ccpa.
This policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed. Any request for further information should be sent to firstname.lastname@example.org.
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 31/08/2021 NZDT.
In this policy:
Account Owner means the person who manages, controls, or has access to the Safe Surfer account that can monitor and manage the digital activity of persons who use a device on which the Safe Surfer mobile/desktop app is installed or who connect to the internet via a modem router/modem/router on which a Safe Surfer monitoring device (e.g. our Lifeguard hardware) is installed.
Browsing Activity means information about internet browsing activity, including websites and pages visited, links clicked, media downloaded, time spent on websites and website pages, IP address, device location, device name, app installations and use, operating system, and browser type that is collected:
Personal information means information about an identifiable individual (a natural person), and includes personal data, personally identifiable information, and equivalent information under applicable privacy and data protection laws.
Safe Surfer offers public DNS services worldwide. If you use our public DNS services, we do not record your information. All blocked sites attempted to be accessed through our public DNS will be forwarded to an NXDOMAIN (non-existent domain). We apply the following filter categories made by us to our public DNS services:
You can contact us regarding the status of any site that we have blocked at email@example.com.
When the Safe Surfer mobile or desktop app is installed on a device that you use, or you connect to the internet via a modem router/modem/router on which our Lifeguard hardware is installed, or you connect to our domain name system (DNS) in any way (e.g. by changing your modem router/modem/router, device, or browser settings), we will collect and have access to information about your internet browsing activity, including websites and pages visited, links clicked, media downloaded time spent on websites and website pages, IP address, device location, device name, app installations and use, operating system, and browser type.
You are able to opt-in to our screencast detection/blackout feature which will monitor your screen content for offensive content. If you opt-in to screencast detection/blackout, images of your screen and its associated metadata (including the name of your device, the time the image was captured, and the confidence levels of the offensive nature of the material) (Screencast Data) will be automatically stored by us. Images are blurred before being stored to obscure personal information while preserving the rough content of the image.
We cannot access or use the Screencast Data unless you opt-in on your device to send this data to Safe Surfer. If you opt-in to send this data to Safe Surfer, both the Account Owner and us will be able to access the Screencast Data, and it will be stored for 30 days.
The Account Owner of your account will be able to view and/or delete the Screencast Data.
You are also able to opt-in to our social media monitoring feature through the Safe Surfer Android app. If you opt-in to social media monitoring, the text of system notifications on your device may be stored by us, given that the notification has matching keywords. Notification text is not obscured before being stored and may contain personal information. The Account Owner of your account will be able to view and/or delete the Notification text.
We cannot access or use the Notification text unless you opt-in on your device to send this data to Safe Surfer. If you opt-in to send this data to Safe Surfer, both the Account Owner and us will be able to access the Notification Data, and it will be stored until manually deleted.
The Account Owner has full control over which types of content are blocked or filtered on devices associated with their account. If you believe a page is being blocked from you without reason, you may contact us at firstname.lastname@example.org.
The Account Owner is able to monitor Browsing Activity for devices associated with their account. If you believe your Browsing Activity is being monitored without the Account Owner having a legitimate basis for that monitoring, you may contact us at email@example.com.
We use this data:
We may also use this information:
We may transfer Browsing Activity collected in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
When you access and use our website and web services, including creating an account, filling out a contact enquiry form, purchasing products or services, using the Safe Surfer Web Services to configure and manage Safe Surfer apps and monitoring devices, or signing up to our newsletter, we may collect the following information from you:
Some personal information that we collect directly from you may be mandatory and some may be optional. We will let you know which of these applies at the time we collect the relevant personal information. While you do not have to provide us with some information we may request, this might mean that our website or web services may not perform as well as they should, or that we may not be able to provide some parts of our website or web services to you. If you require further information about the consequences of not providing us with any information, please contact us at firstname.lastname@example.org.
When you access and use our website or web services we may automatically collect information about your device and usage of our website and web services, including your IP address, operating system, browser type, time spent on certain pages of the website, pages visited and links clicked. Some of this information is collected through third party tools, web beacons and similar storage technologies. Please refer to the Cookies section below for further information, including information on how you can disable these technologies.
We may use this information:
You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails.
We may transfer your information collected through in this section in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We may disclose personal information to:
We do not sell or make any other commercial use of Browsing Activity. We may disclose Browsing Activity to any law enforcement agency if such disclosure is required by law.
A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.
If a parent or guardian installs one of our apps on their child’s devices or connects one of our monitoring devices (e.g. our Lifeguard device) to their modem, this will collect and transmit to our servers information on their child’s Browsing Activity, and the parent or guardian that is the Account Owner will be able to view that Browsing Activity.
If your child visits a house or business premises and connects to the internet via a modem on which one of our monitoring devices is installed, this will collect and transmit to our servers information on the child’s Browsing Activity, and the relevant Account Owner will be able to view that Browsing Activity.
In the situations above, we do not collect the name or other personally identifiable information about the child (other than information that is collected incidentally as part of the Browsing Activity, which we use only for the limited purposes above) and we do not attempt to deduce whether the user is a child.
If you have reason to believe that we have collected or used personal information from or about a child under the age of 16 other than as set out in this policy, please contact us at email@example.com.
Cookies are small pieces of information stored on your computer tied to information about you. We use both session ID (or temporary) cookies, which terminate when you close your browser, and persistent cookies, which are stored on your hard drive. Cookies allow you to login to our web services without having to type your login name each time, allowing you to simply provide your password to access the system. Cookies also enable us to track and monitor the use of some features of our website and web services and maintain security. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. If you choose to reject cookies, you may still use our website and web services; however, your access to some areas of our website and web services will be limited.
A business that supports our website, products and services may be located outside of New Zealand (the country where we are incorporated) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.
If you are located in the European Economic Area (EEA), your personal information may be transferred outside of the EEA. Under the GDPR, the transfer of personal information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information if other appropriate safeguards are in place.
Where we transfer personal information outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where approved transfer mechanisms are in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact us at firstname.lastname@example.org.
Some of the personal information we collect is processed in New Zealand. New Zealand is recognised by the European Commission as a country that has an adequate level of data protection and we rely on this decision in transferring personal information to New Zealand.
As required by applicable law, we will take steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks inherent in processing personal information.
We have processes in place to ensure the security of your personal information, including encryption of all data when transferred to our service providers and limitations on access to personal information within our organisation.
You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services. You should not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.
Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.
If you want to exercise either of the above rights, email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).
Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
Unless required otherwise under applicable law, if we receive any request or enquiry relating to Browsing Activity, we will forward this request to the relevant Account Owner.
In addition to the rights to access and correct your personal information:
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION
Our lawful basis for processing (as that term is defined in the GDPR) personal information that we collect, use and disclose depends on the personal information collected and the context in which we collect it.
Generally, we collect personal information from you where we have your consent, where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).
Where we process personal information based on your consent, you may withdraw your consent at any time.
Despite the above, we may process your personal information where such processing is necessary for compliance with applicable laws.
If you have any question about the legal basis on which we process personal information or need further information, please contact us at firstname.lastname@example.org.
YOUR RIGHTS UNDER THE GDPR
If you are located in the European Union, your rights in relation to your personal information include:
Where personal information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at email@example.com. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.
The CCPA provides consumers that are California residents with specific rights regarding their personal information. This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under CCPA.
Any terms defined in the CCPA have the same meaning when used in this notice.
COLLECTION, USING, AND SHARING INFORMATION
For more details about the personal information we have collected over the last 12 months, including the categories of sources, and the purposes for which we use that information please see the What Personal Information Do We Collect And How Do We Use It section above. We share this information with the categories of third parties described in the Disclosing Your Personal Information section above. We do not sell the personal information we collect (and will not sell it without providing you a right to opt out).
ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
DELETION REQUEST RIGHTS
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive a verified request from you, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, and deletion rights described above, please submit a request to us by emailing firstname.lastname@example.org. From there we will walk you through the verification process.
Only you or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.
Your request must:
We will take all reasonable precautions to verify your identity in connection with fulfilling our responsibilities under the CCPA. The verification steps may vary. We evaluate each request based on the individual submitting the request and the category of data related to the request.
If you are a customer making a request for personal information or deletion of information in your account, we will verify your identity before processing the request. If you are a user of the Service and you are requesting access to or deletion of your own personal information, we may pass your request along to the relevant customer who owns the account under which the Service is provided to you to verify your request.
RESPONSE TIMING AND FORMAT
We will try to respond to a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by email. Any disclosures we provide will only cover the 12-month period preceding your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: