Privacy Policy | Safe Surfer

Privacy Policy

Introduction

We understand that completing transactions online and providing personal information involves a great deal of trust on your part; we take this trust very seriously. This Privacy Policy describes the ways in which Safe Surfer (Safe Surfer, we, our, or us) will collect, use, disclose, and keep secure: (i) the data you provide to us via telephone, email, facsimile, or mail; and (ii) the information we collect through use of the Safe Surfer services, apps, and websites.

We comply with applicable privacy and data protection laws including the New Zealand Privacy Act 1993 (NZPA), the General Data Protection Regulation of the European Union (GDPR), and the California Consumer Privacy Act 2018 (CCPA) when dealing with personal information.

This policy does not limit or exclude any of your rights under applicable privacy and data protection laws, including the NZPA, GDPR, or CCPA. For further information on the New Zealand Privacy Act 1993, see www.privacy.org.nz. For further information on the GDPR, see https://ec.europa.eu/info/law/law-topic/data-protection_en. For further information on the CCPA, see https://oag.ca.gov/privacy/ccpa.

This policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed. Any request for further information should be sent to privacy@safesurfer.co.nz.

Changes to this Policy

We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.

This policy was last updated on 31/08/2021 NZDT.

Definitions

In this policy:

Account Owner means the person who manages, controls, or has access to the Safe Surfer account that can monitor and manage the digital activity of persons who use a device on which the Safe Surfer mobile/desktop app is installed or who connect to the internet via a modem router/modem/router on which a Safe Surfer monitoring device (e.g. our Lifeguard hardware) is installed.

Browsing Activity means information about internet browsing activity, including websites and pages visited, links clicked, media downloaded, time spent on websites and website pages, IP address, device location, device name, app installations and use, operating system, and browser type that is collected:

  • from a device on which the Safe Surfer mobile/desktop app is installed; or
  • when a person or device connects to the internet via a modem router/modem/router on which our Lifeguard hardware is installed.

Personal information means information about an identifiable individual (a natural person), and includes personal data, personally identifiable information, and equivalent information under applicable privacy and data protection laws.

Terms of Use means our terms of use set out at http://safesurfer.io/terms-and-conditions.

Capitalised terms not defined in this privacy policy have the meaning given in our Terms of Use.

What Personal Information Do We Collect, and How Do We Use It?

Public DNS

Safe Surfer offers public DNS services worldwide. If you use our public DNS services, we do not record your information. All blocked sites attempted to be accessed through our public DNS will be forwarded to an NXDOMAIN (non-existent domain). We apply the following filter categories made by us to our public DNS services:

  • Adult & Pornography;
  • Phishing & Malware;
  • Proxy & VPNs; and
  • Torrents.

You can contact us regarding the status of any site that we have blocked at info@safesurfer.io.

Browsing Activity

When the Safe Surfer mobile or desktop app is installed on a device that you use, or you connect to the internet via a modem router/modem/router on which our Lifeguard hardware is installed, or you connect to our domain name system (DNS) in any way (e.g. by changing your modem router/modem/router, device, or browser settings), we will collect and have access to information about your internet browsing activity, including websites and pages visited, links clicked, media downloaded time spent on websites and website pages, IP address, device location, device name, app installations and use, operating system, and browser type.

You are able to opt-in to our screencast detection/blackout feature which will monitor your screen content for offensive content. If you opt-in to screencast detection/blackout, images of your screen and its associated metadata (including the name of your device, the time the image was captured, and the confidence levels of the offensive nature of the material) (Screencast Data) will be automatically stored by us. Images are blurred before being stored to obscure personal information while preserving the rough content of the image.

We cannot access or use the Screencast Data unless you opt-in on your device to send this data to Safe Surfer. If you opt-in to send this data to Safe Surfer, both the Account Owner and us will be able to access the Screencast Data, and it will be stored for 30 days.

The Account Owner of your account will be able to view and/or delete the Screencast Data.

You are also able to opt-in to our social media monitoring feature through the Safe Surfer Android app. If you opt-in to social media monitoring, the text of system notifications on your device may be stored by us, given that the notification has matching keywords. Notification text is not obscured before being stored and may contain personal information. The Account Owner of your account will be able to view and/or delete the Notification text.

We cannot access or use the Notification text unless you opt-in on your device to send this data to Safe Surfer. If you opt-in to send this data to Safe Surfer, both the Account Owner and us will be able to access the Notification Data, and it will be stored until manually deleted.

The Account Owner has full control over which types of content are blocked or filtered on devices associated with their account. If you believe a page is being blocked from you without reason, you may contact us at info@safesurfer.io.

The Account Owner is able to monitor Browsing Activity for devices associated with their account. If you believe your Browsing Activity is being monitored without the Account Owner having a legitimate basis for that monitoring, you may contact us at info@safesurfer.io.

We use this data:

  • to block and filter certain content according to the Account Owner’s preferences;
  • to enable the Account Owner to monitor Browsing Activity; and
  • on an anonymised basis, for the continued improvement of Safe Surfer.

We may also use this information:

    to protect and/or enforce our legal rights and interests, including defending any claim; and
    for any other purpose authorised by the relevant individual or applicable law.

We may transfer Browsing Activity collected in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.

Website Users

When you access and use our website and web services, including creating an account, filling out a contact enquiry form, purchasing products or services, using the Safe Surfer Web Services to configure and manage Safe Surfer apps and monitoring devices, or signing up to our newsletter, we may collect the following information from you:

  • full name;
  • email address;
  • phone number;
  • credit card details;
  • billing address;
  • delivery address (when you purchase a monitoring device);
  • user and account settings and preferences; and
  • any other information you choose to provide to us.

Some personal information that we collect directly from you may be mandatory and some may be optional. We will let you know which of these applies at the time we collect the relevant personal information. While you do not have to provide us with some information we may request, this might mean that our website or web services may not perform as well as they should, or that we may not be able to provide some parts of our website or web services to you. If you require further information about the consequences of not providing us with any information, please contact us at info@safesurfer.io.

When you access and use our website or web services we may automatically collect information about your device and usage of our website and web services, including your IP address, operating system, browser type, time spent on certain pages of the website, pages visited and links clicked. Some of this information is collected through third party tools, web beacons and similar storage technologies. Please refer to the Cookies section below for further information, including information on how you can disable these technologies.

We may use this information:

  • to verify your identity;
  • to create a user profile;
  • to identify you when you sign in to your account and to verify your account is not being used by anyone else;
  • to provide our services and products to you;
  • to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose);
  • to deliver our products to you;
  • to bill you and collect money that you owe us, including authorising and processing credit card transactions;
  • to improve our services and products;
  • to respond to communications from you, including a complaint;
  • to conduct research and statistical analysis (on an anonymised basis);
  • to protect and/or enforce our legal rights and interests, including defending any claim; and
  • for any other purpose authorised by you or applicable law.

We use a third party service provider to process credit card transactions. The name of this third party provider will generally be displayed when you are requested to enter your credit card information. You can see further information about how they process your credit card information in their privacy policy.

You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails.

We may transfer your information collected through in this section in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.

Disclosing Personal Information

We may disclose personal information to:

  • any business that supports our website, products and services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our website, products or services or that we use to process payments;
  • a person who can require us to supply personal information (e.g. a law enforcement agency or regulatory authority);
  • any other person with the relevant individual’s consent;
  • any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition; and
  • any other person authorised by applicable law.

We do not sell or make any other commercial use of Browsing Activity. We may disclose Browsing Activity to any law enforcement agency if such disclosure is required by law.

A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.

Child Safety

We do not knowingly collect or solicit personal information from or about children under 16 without obtaining verifiable consent from that child’s parent or guardian. If you are a child under 16, please do not attempt to send any personal information about yourself to us before we obtain parental consent. Please review this privacy policy with your parent or guardian and make sure you understand it.

If a parent or guardian installs one of our apps on their child’s devices or connects one of our monitoring devices (e.g. our Lifeguard device) to their modem, this will collect and transmit to our servers information on their child’s Browsing Activity, and the parent or guardian that is the Account Owner will be able to view that Browsing Activity.

If your child visits a house or business premises and connects to the internet via a modem on which one of our monitoring devices is installed, this will collect and transmit to our servers information on the child’s Browsing Activity, and the relevant Account Owner will be able to view that Browsing Activity.

In the situations above, we do not collect the name or other personally identifiable information about the child (other than information that is collected incidentally as part of the Browsing Activity, which we use only for the limited purposes above) and we do not attempt to deduce whether the user is a child.

If you have reason to believe that we have collected or used personal information from or about a child under the age of 16 other than as set out in this policy, please contact us at privacy@safesurfer.co.nz.

Cookies

Cookies are small pieces of information stored on your computer tied to information about you. We use both session ID (or temporary) cookies, which terminate when you close your browser, and persistent cookies, which are stored on your hard drive. Cookies allow you to login to our web services without having to type your login name each time, allowing you to simply provide your password to access the system. Cookies also enable us to track and monitor the use of some features of our website and web services and maintain security. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. If you choose to reject cookies, you may still use our website and web services; however, your access to some areas of our website and web services will be limited.

International Transfers of Personal Information

A business that supports our website, products and services may be located outside of New Zealand (the country where we are incorporated) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.

If you are located in the European Economic Area (EEA), your personal information may be transferred outside of the EEA. Under the GDPR, the transfer of personal information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information if other appropriate safeguards are in place.

Where we transfer personal information outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where approved transfer mechanisms are in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact us at privacy@safesurfer.co.nz.

Some of the personal information we collect is processed in New Zealand. New Zealand is recognised by the European Commission as a country that has an adequate level of data protection and we rely on this decision in transferring personal information to New Zealand.

Protecting Your Personal Information

As required by applicable law, we will take steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks inherent in processing personal information.

We have processes in place to ensure the security of your personal information, including encryption of all data when transferred to our service providers and limitations on access to personal information within our organisation.

You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services. You should not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.

Accessing and Correcting your Personal Information

Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.

If you want to exercise either of the above rights, email us at privacy@safesurfer.co.nz. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).

Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Unless required otherwise under applicable law, if we receive any request or enquiry relating to Browsing Activity, we will forward this request to the relevant Account Owner.

Other Rights

In addition to the rights to access and correct your personal information:

  • if you are based in the European Union, you have the additional rights set out in the GDPR Additional Terms section of this privacy policy below; or
  • if you are based in California and the CCPA applies to our collection of person information, you may have the additional rights set out in the CCPA Additional Terms section of this privacy policy below.

Internet Use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our website to another website, the owner of that website will have its own privacy policy relating to your personal information. We suggest you review that website’s privacy policy before you provide personal information to that owner or website.

Data Retention Policy

The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.

Contacting Us

If you have any question about this privacy policy, or our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us at privacy@safesurfer.co.nz.

GDPR ADDITIONAL TERMS

LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

Our lawful basis for processing (as that term is defined in the GDPR) personal information that we collect, use and disclose depends on the personal information collected and the context in which we collect it.

Generally, we collect personal information from you where we have your consent, where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).

Where we process personal information based on your consent, you may withdraw your consent at any time.

Despite the above, we may process your personal information where such processing is necessary for compliance with applicable laws.

If you have any question about the legal basis on which we process personal information or need further information, please contact us at privacy@safesurfer.co.nz.

YOUR RIGHTS UNDER THE GDPR

If you are located in the European Union, your rights in relation to your personal information include:

  • right of access – if you ask us, we will confirm whether we are processing your personal information and provide you with a copy of that personal information;
  • right to rectification – if the personal information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal information is rectified. If we have shared your personal information with any third party, we will tell them about the rectification where possible;
  • right to erasure – when your personal information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your personal information and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your personal information;
  • right to withdraw consent – if the basis of our processing of your personal information is consent, you can withdraw that consent at any time;
  • right to restrict processing – you may request that we restrict or block the processing of your personal information in certain circumstances. If we have shared your personal information with any third party, we will tell them about this request where possible;
  • right to object to processing – you may request that we stop processing your personal information at any time and we will do so to the extent required by the GDPR;
  • rights related to automated decision-making, including profiling – you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent. We do not undertake automated individual decision-making;
  • right to data portability – you may obtain your personal information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal information directly to another data controller; and
  • the right to complain to a supervisory authority – you can report any concern you have about our privacy practices to your local data protection authority.

Where personal information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.

If you would like to exercise any of your above rights, please contact us at privacy@safesurfer.co.nz. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.

 

CCPA ADDITIONAL TERMS

The CCPA provides consumers that are California residents with specific rights regarding their personal information. This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under CCPA.

Any terms defined in the CCPA have the same meaning when used in this notice.

COLLECTION, USING, AND SHARING INFORMATION

For more details about the personal information we have collected over the last 12 months, including the categories of sources, and the purposes for which we use that information please see the What Personal Information Do We Collect And How Do We Use It section above. We share this information with the categories of third parties described in the Disclosing Your Personal Information section above. We do not sell the personal information we collect (and will not sell it without providing you a right to opt out).

ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • the categories of personal information we collected about you;
  • the categories of sources for the personal information we collected about you;
  • our business or commercial purpose for collecting or selling that personal information;
  • the categories of third parties with whom we share that personal information;
  • the specific pieces of personal information we collected about you (also called a data portability request); and
  • if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) ‒ disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

DELETION REQUEST RIGHTS

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive a verified request from you, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • debug products to identify and repair errors that impair existing intended functionality;
  • debug products to identify and repair errors that impair existing intended functionality;
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • comply with a legal obligation; or
  • make other internal and lawful uses of that information that are compatible with the context in which you provided it.

EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS

To exercise the access, data portability, and deletion rights described above, please submit a request to us by emailing privacy@safesurfer.co.nz. From there we will walk you through the verification process.

Only you or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.

Your request must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative of that person; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will take all reasonable precautions to verify your identity in connection with fulfilling our responsibilities under the CCPA. The verification steps may vary. We evaluate each request based on the individual submitting the request and the category of data related to the request.

If you are a customer making a request for personal information or deletion of information in your account, we will verify your identity before processing the request. If you are a user of the Service and you are requesting access to or deletion of your own personal information, we may pass your request along to the relevant customer who owns the account under which the Service is provided to you to verify your request.

RESPONSE TIMING AND FORMAT

We will try to respond to a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by email. Any disclosures we provide will only cover the 12-month period preceding your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • provide you a different level or quality of goods or services; or
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.