- Case Studies
Your privacy and security is important to us.
1.2 In this policy, 'we' (or 'us' / 'our') means FileInvite Limited, a company incorporated in New Zealand. Our address and contact details are set out in Part 3 of this policy.
1.3 The FileInvite platform operates as a hosted document collection service on behalf of other organisations. If an organisation sends you an invitation to use the FileInvite platform, in this scenario FileInvite acts only as the data processor. In such cases, the organisation that has sent you the invite will be the data controller and you will need to contact that organisation if you have any questions about how they process your personal information.
2.1 “Personal information” is the New Zealand term for “personal data” as defined in the GDPR. It means any information that can identify you either directly or indirectly (i.e. by reference to other information we have access to).
2.2 The term “processing” is used as defined in the GDPR. It includes collection, storage, and all of the ways we use personal information when we provide the FileInvite Platform to you.
2.3 “Data controller” means the entity which determines the purposes and means of the processing of personal information and “data processor” means the entity which processes personal information on behalf of the data controller. For the purpose of this policy, FileInvite is the data controller of your personal information collected through the FileInvite platform.
3.1 We may collect, store and use the following kinds of personal information that you provide to us:
3.2 We may collect store and use the following kinds of personal information automatically when you use the FileInvite platform:
3.3 We may collect store and use the following kinds of personal information we receive from other sources;
3.4 Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with the terms of this policy. This includes where any Content contained in your clients' documents or files includes personal information. In respect of that Content, we will act as a processor of the personal information and process and use it only in accordance with your instructions. You will remain the controller of that information. Where the GDPR applies to that information, then the terms of our Data Processing Addendum (DPA) will apply (as between you and us) and sets out our responsibilities when it comes to our processing activities.
4.1 We rely upon a number of lawful grounds to ensure that our use of your personal information is compliant with applicable law. We set out the type of personal information, purpose for process and the legal grounds below.
4.2 However, we will only use Content (ie, information contained within documents and files sent by you or your clients using the Services) as strictly necessary to provide our services to you. We will never view, access or use that Content for our own purposes.
4.3 If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
4.4 Your account settings can be used to limit the publication of your information on our website.
45 We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
5.1 We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
5.2 This includes several service providers and sub-processors we use to provide you with our services, or who provide functionality contained within our services. Those sub-processors include:
Amazon Web Services
Cloud infrastructure service provider
Project And Issue Tracking
Ticketed Support Desk
Content Management Platform
Live Chat Support System
User Experience Analytics
Credit Card Payment Processor
SMS Service Provider And Transactional Email Processing
5.3 We may disclose your personal information:
6.1 Information that we collect may be stored transferred to, and stored or processed in, countries other than the country you live in. As a New Zealand-headquartered company, your information will be stored in (or accessible from) New Zealand, but it may also be stored in or accessible from countries where our service providers and sub-processors are located (including the United States). No matter which countries in the world your information is stored in, we take steps to ensure that it is kept secure and only used in accordance with this policy and with applicable privacy laws.
6.2 If you are located in the European Economic Area (EEA), this means that your information may be transferred outside the EEA. However, it will only be transferred to countries (like New Zealand) that have been recognised by the European Commission as providing an adequate level of protection of personal information, or to third parties who approved transfer mechanisms in place (such as the European Commission's Standard Contractual Clauses or by ensuring that the third party is Privacy Shield certified).
7.1 This Section 7 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
7.2 Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 Notwithstanding the other provisions of this Section 7, we will retain documents (including electronic documents) containing personal data:
8.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
8.2 We will store all the personal information you provide on our secure password and firewall-protected servers. Further information about our server security can be found at https://aws.amazon.com/security.
8.3 All data entered through our website or exchanged via our services will be protected by encryption technology. This includes the Content of any documents or files sent using the FileInvite platform.
8.4 You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot
guarantee the security of data sent over the internet.
8.5 You are responsible for keeping the password you use for accessing our services confidential; We will not ask
you for your password (except when you log in to our services).
9.1 We may update this policy from time to time by publishing a new version on our website.
9.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
9.3 We may notify you of changes to this policy by email or through the login area on our website.
10.1 We are committed to protecting and respecting your privacy; therefore, we have extended the following rights granted under the GDPR to all users of the FileInvite Platform, regardless of where you live you can:
11.1 Our website includes hyperlinks to, code snippets from, and details of, third party websites.
11.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
12.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
13.1 Subject to the rights you may have under the GDPR, this policy is governed by the laws of New Zealand and you submit to the jurisdiction of the New Zealand courts.
1.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
1.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
1.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
1.4 Cookies can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website.
2.1 We use both session and persistent cookies on our website.
2.2 The purposes for which they are used, are set out below:
3.1 We use Google Analytics, to analyse the use of our website.
3.2 Our analytics service providers generate statistical and other information about website use by means of cookies.
3.3 The analytics cookies used by our website currently have the following names: _ga, _gat.
3.4 The information generated relating to our website is used to create reports about the use of our website.
4.1 Most browsers allow you to refuse to accept cookies; for example:
4.2 Blocking all cookies will have a negative impact upon the usability of many websites.
4.3 If you block cookies, you will not be able to use all the features on our website.
5.1 You can delete cookies already stored on your computer; for example:
5.2 Deleting cookies will have a negative impact on the usability of many websites.
5.3 If you delete cookies, you will not be able to use all the features on our website.
1.1 The services are provided by FileInvite Limited.
1.2 We are a company registered in New Zealand with company registration number 4429222.
If you are resident outside the European Union:
1.3 Our registered office and principal place of business is at 669 Great South Road, Penrose, Auckland, New
1.4 Our registered postal address is PO Box 12018, Penrose, Auckland 1642, New Zealand. You can contact us by writing to the postal addresses given above, by using our website contact form https://www.fileinvite.com/contact or by telephone on +6499723040.
If you are resident in the European Union:
Please contact our data protection representative, DPR Group, by following the instructions from DRP Group
found on our website https://www.fileinvite.com/gdpr
Date last updated: 9th April 2020.