The purpose of this Policy is to communicate to You, in a concise, transparent, intelligible and easily accessible way, how we treat Your personal information. We encourage You to read this Policy carefully. It will help You make informed decisions about sharing Your personal information with us.
This Policy applies to A2X, the Service and the Website and all other interactions (e.g., customer service inquiries) You may have with A2X. If You do not agree with the terms of this Policy, do not access or use the Service, Website or any other aspect of the A2X business.
This Policy applies to and covers all of A2X's "data processing" activities, whether as an "agency" (under the Privacy Act 2020 of New Zealand) (Privacy Act), as a "controller" (under the EU General Data Protection Regulation (GDPR)) or otherwise. Such "data processing" activities include all activities relating to our use of Your Personal Information, from its collection through to its storage and disposal and everything in between.
This Policy does not apply to any third party applications or software that integrate with A2X, or any other third party products, services or businesses.
A2X connects to the following ecommerce sales channels.
A2X integrates with the following accounting systems.
A2X is a provider of ecommerce accounting integration services, including automated posting of sales from ecommerce sales channels to integrated accounting systems.
The Service involves the storage of Data about a company or individual. That Data can include personal information. 'Personal information' is information about an identified or identifiable individual, and may include information such as the individual's name, email address, telephone number, taxation details, and accounting and financial information and any other information relating to You or a combination of information which, if put together, means that You can be identified.
YOU CAN ALWAYS CHOOSE NOT TO PROVIDE YOUR PERSONAL INFORMATION TO A2X, BUT IT MAY MEAN THAT WE ARE UNABLE TO PROVIDE YOU WITH THE SERVICE.
Through Your use of the Service, A2X may also collect information from You about someone else. If You provide A2X with personal information about someone else, You must ensure, and hereby warrant to A2X, that You are authorised to disclose that information to A2X and that, without A2X taking any further steps required by applicable data protection or privacy laws, A2X may collect, use and disclose such information for the purposes described in this Policy.
This means that You must take reasonable steps to ensure the individual concerned is aware of and/or has given his or her informed consent to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to obtain access to that information, A2X's identity, and how to contact A2X.
Where requested to do so by A2X, You must also assist A2X with any requests by the individual to access or update the personal information You have collected from them and entered into the Service.
A2X receives Your financial information from these 3rd party services including but not limited to the following data:
A2X collects Your personal information so that we can provide You with the Service and any related services You may request. In doing so, A2X may use the personal information we have collected from You for purposes related to the Services including to:
By using the Service, You consent to Your personal information being collected, held and used in this way and for any other use You authorise. A2X will only use Your personal information for the purposes described in this Policy or with Your express permission.
It is Your responsibility to keep Your password to the Service safe. You should notify us as soon as possible if You become aware of any misuse of Your password, and immediately change Your password within the Service or via the Google Account forgotten password process.
By using the Service, You agree that A2X can access, aggregate and use anonymised data A2X has collected from You. This is a set of data about many people that excludes personal identifiers such as names, addresses and phone numbers. It protects your privacy because it will in no way identify You or any other individual.
We may also use aggregated anonymized data to provide insights to other organizations such as our advertisers, customers and partners and may provide aggregated anonymized data to third party data analytics service providers.
A2X is committed to protecting the security of Your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authority LetsEncrypt, and all Data transferred between You and the Service is encrypted.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that Your information will be secure at all times. Transmission of personal information over the Internet is at Your own risk and You should only enter, or instruct the entering of, personal information to the Service within a secure environment.
We will advise You as soon as reasonably practicable and in any event within 72 hours upon discovering or being advised of a security breach where Your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
A2X will also comply with its mandatory notification obligations to the Privacy Commissioner, affected individuals and/or the public (as applicable) under the Privacy Act in relation to all "notifiable privacy breaches", being unauthorised or accidental access to, or disclosure, alteration, loss or destruction of, personal information that it is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so.
A2X will only disclose the personal information You have provided to us to entities outside the A2X group of companies if it is necessary and appropriate to facilitate the purpose for which Your personal information was collected pursuant to this Policy, including the provision of the Service.
A2X will not otherwise disclose Your personal information to a third party unless You have provided Your express consent. However, You should be aware that A2X may be required to disclose Your personal information without Your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify You if we are required by law to disclose Your personal information.
If You choose to pay for the Service by credit card, Your credit card details are not stored by the Service and cannot be accessed by A2X staff. Your credit card details are encrypted and securely stored by our payment providers (including Stripe, Paypal, Braintree and CheddarGetter) to enable A2X to bill Your credit card automatically on a recurring basis. You should review these payment providers privacy policies to ensure You are happy with them.
It's Your personal information and You have certain rights and responsibilities under New Zealand law relating to it. Pursuant to the GDPR, the California Consumer Privacy Act (CCPA) and other applicable laws and regulations, individuals in certain jurisdictions may have additional data subject rights enabling them to opt-out of third party sharing or selling, to delete or remove, or request to access and receive a copy of their personal information in A2X's possession or for which A2X is otherwise responsible. A2X will comply with all applicable laws to which it is subject in relation to such rights.
It is Your responsibility to ensure that the personal information You provide to us is accurate, complete and up-to-date. You may request access to the information we hold about You, or request that we update, erase (where legally applicable) or correct any personal information we hold about You, by requesting the Personal Data Erasure Form via email from the A2X Privacy Officer or Data Protection Officer (details are provided at the end of this Policy).
A2X will process Your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet Your request, we will let You know why. For example, it may be necessary for us to deny Your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process Your request in the manner You have requested. In some circumstances, it may be necessary for us to seek to arrange access to Your personal information through a mutually agreed intermediary (for example, the Subscriber).
We'll only keep Your personal information for as long as we require it for the purposes of providing You with the Service. However, we may also be required to keep some of Your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
In relation to the personal data A2X holds You have rights to:
You can make these requests at any time by emailing the A2X Privacy Officer or the Data Protection Officer (details are provided at the end of this Policy).
We'll keep Your personal information only for as long as we require it for the purposes for which it was collected (see section above entitled "A2X collects, holds, and uses Your personal information for limited purposes"). As a general rule, customer data (some of which may include Your personal information) is stored for a period of 7 years. However, we may also be required to keep some of Your personal information for longer periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation. In accordance with our legal obligations under the GDPR and other applicable laws, all of Your personal information collected by A2X will be retained, safeguarded and deleted in accordance with A2X's data retention policy and related data retention schedule (which specifies retention periods for each type of data) and this Policy should be read in conjunction with those documents.
In providing the Service, A2X utilizes "cookies". A cookie is a small text file that is stored on Your computer for record-keeping purposes. A cookie does not identify You personally or contain any other information about You but it does identify Your computer.
We and some of our affiliates and third-party service providers may use a combination of 'persistent cookies' (cookies that remain on Your hard drive for an extended period of time) and 'session ID cookies' (cookies that expire when You close Your browser) on the Website to, for example, track overall site usage, and track and report on Your use and interaction with ad impressions and ad services.
You can set Your browser to notify You when You receive a cookie so that You will have an opportunity to either accept or reject it in each instance. However, You should note that refusing cookies may have a negative impact on the functionality and usability of the Website.
We do not respond to or honour 'Do Not Track' requests at this time.
A2X sends billing information, product information, Service updates and Service notifications to You via email. Our emails will contain clear and obvious instructions describing how You can choose to be removed from any mailing list not essential to the Service. A2X will remove You at Your request.
A2X may communicate with You via email or in-app message based on Your user profile or company profile. For example if Your A2X account has no connection to an accounting system, we may email You with advice and suggestions on how to connect. You can opt-out of these filtered or profile-based messages at any time by emailing the A2X privacy officer (details are provided at the end of this Policy).
Please note that if you withdraw your consent, (a) this will not render unlawful any use which we made of your personal information before you withdrew your consent and (b) it may mean that we are unable to provide you with the Service in whole or in part.
To the extent prohibited by applicable law, A2X does not allow use of our Service and Website by anyone younger than 16 years old. If You learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.
A2X is hosted in Google Cloud, using servers located in the USA. When You use the Service Your data will be stored and processed on Google Cloud servers within Google's data centers in the USA.
Google Cloud is a top-tier server infrastructure and managed server provider that complies with important US and EU data protection:
By entering personal information into the Services, You consent to that personal information being hosted on servers located in the U.S. While Your personal information will be stored on servers located in the U.S., it will remain within A2X's effective control at all times. Each data hosting provider's role is limited to providing a hosting and storage service to A2X, and we've taken steps to ensure that our data hosting providers do not have access to, and use the necessary level of protection for, Your personal information. They do not control, and are not permitted to access or use Your personal information, except for the limited purpose of storing the information. This means that (a) for the purposes of s 11 of the Privacy Act, such personal information is treated as held by A2X because it is held by Google as A2X's agent and not for use or disclosure for Google's own purposes, and (b) for the purposes of Australian privacy legislation and Australian users, A2X does not currently 'disclose' personal information to third parties located overseas.
If You do not want Your personal information to be transferred to a server located in the U.S., You should not provide A2X with Your personal information or use the Service.
When A2X shares data, it may be transferred to, and processed in, countries other than the country you live in - such as to the United States, where our data hosting provider's servers are located. These countries may have laws different to what you're used to. In situations where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data - i.e., by entering into the European Commission's Standard Contractual Clauses.
As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield to transfer data that originated in the EEA or the UK to the U.S. However, with respect to EU,UK, and Swiss personal information received or transferred pursuant to the Privacy Shield Framework, A2X is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If You wish to complain about how we have handled Your personal information, please provide us with full details of Your complaint and any supporting documentation by e-mailing the A2X privacy officer (details are provided at the end of this Policy).
We will endeavour to:
A2X reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. A2X will make every effort to communicate any significant changes to You via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy.
A2X Limited is incorporated in New Zealand. Company address: 7 Grace James Road, Pukekohe, Auckland, 2120, New Zealand.
You may contact the A2X privacy officer by email at email@example.com.
You may contact the Data Protection Officer by email at firstname.lastname@example.org.