Electric City Scooters Privacy Policy
The only details required from you to make a booking are your first and last names, your email address, telephone number and the details of the booking itself (i.e. the date, and number of bookings made by you and the number of adults included in that booking). Any other information that we collect is information which you “voluntarily” provide to us.
When you book through the website booking system the information forwarded to the operator is the minimum information necessary to confirm the booking. Customer information may be used to build up non-personal data about both the website and geographic regions such as total visitor numbers, number of bookings and demographics of those using the site. However no names will be used to identify individual customers.
Information registered on the Electric City Scooters website remains the property of Electric City Scooters. Electric City Scooters does not sell or rent your personal information to third parties. We release account and other personal information only when we believe release is appropriate for legal compliance and law enforcement (including to government agencies with statutory law enforcement responsibilities); to facilitate court proceedings; enforce or apply our terms and conditions; or protect the rights, property, or safety of Electric City Scooters users, or others. Government agencies with statutory roles enabling them to request data from us includes but is not restricted to Police, IRD and the Ministry of Business, Innovation and Employment. Members can contact Electric City Scooters to ask whether such information has been provided.
1. Storage of Information and Security of Payment
We have taken all practicable steps from both a technical and systems perspective to ensure that all of your information is securely protected. We may need to contact you via email or telephone if there are matters affecting your booking or if you choose to make amendments or cancellations.
Such information will not be held any longer than is required by Electric City Scooters.
A secure payment gateway is used to process all transactions and credit card details.
We may store data, or your personal information, and any data including personal information, on secure servers in New Zealand. We may access your personal information, and that data including any personal information, in New Zealand from time to time for marketing purposes.
2. Links to Third Party websites
This website may contain hyperlinks to website operated by parties other than Electric City Scooters. Such hyperlinks are provided for your reference only. Electric City Scooters does not control such web sites and is not responsible for their contents. Electric City Scooters’ inclusion of hyperlinks to such web sites does not imply any endorsement of the material on such web sites or any association with their operators.
3. Insurance
It is recommended that all customers purchase comprehensive travel insurance at the time of booking.
4. Cookies
A cookie is a small text file written to your hard drive that contains information about you. Cookies do not contain any personal information about users. We use cookies so that we can personalise your experience of the website. If you set up your browser to reject the cookie, it may not be possible to use the website.
5. General Conditions
We may modify these terms and conditions at any time by publishing the modified terms and conditions on the website. Any modifications shall take effect 3 days after posting on the website.
6. Governing law
These terms are governed by and to be construed in accordance with New Zealand law. Any disputes shall be subject to the exclusive jurisdiction of the New Zealand courts.
7. GDPR Addendum
If you are based in the European Union (EU) and use this website or our products or services, these additional terms (GDPR Addendum) form part of our privacy policy.
The General Data Protection Regulation (GDPR) regulates the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in our privacy policy is personal data under the GDPR. We are committed to complying with the GDPR when dealing with Account and Marketing Data about our website visitors and product or service users based in the EU.
This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to tours@electriccityscooters.co.nz.
For the purposes of the GDPR
we are the data controller (as defined in the GDPR) when processing Account and Marketing Data; and our customers are the data controller when processing Customer Data We will not process Customer Data except as provided in our agreements with our customers and we require our customers to comply with applicable privacy and data protection laws. If we receive any data subject requests relating to Customer Data, such as requests to access personal data, we will forward this request to the relevant customer.
The remainder of this GDPR Addendum applies to Account and Marketing Data only, and does not apply to Customer Data.
Processing Personal Data
The personal data we may process consists of the Account and Marketing Data described in our privacy policy. This Account and Marketing Data may be processed for the purposes outlined in our privacy policy.
The legal basis for our processing of Account and Marketing Data is your consent and, for certain Account and Marketing Data, processing is necessary for the performance of a contract to which you are a party or for our legitimate interests (except where such interests would be overridden by your fundamental rights and freedoms which require the protection of personal data).
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
You do not have to provide us with your name or contact information to access and use certain parts of the website. You do have to provide us with information that is automatically collected by Google Analytics during your use of the website (location, browser and operating system details), however, this is not personal information. For further information on cookies, please see our Cookies Policy. You must provide us with your name and contact information to access your account or if you wish to contact us. The consequence of not providing your name and contact information is that we will not be able to provide you with an account or contact you.
Your rights in relation to your personal data under the GDPR include
Right of access – if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
right to rectification – if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible.
Right to erasure – we delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.
right to withdraw consent – if the basis of our processing of your personal data is consent, you can withdraw that consent at any time.
right to restrict processing – you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.
right to object to processing – you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.
Rights related to autonomous decision making, including profiling – you have a right to not be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision making is necessary for entering into, or the performance of, a contract with you, is authorised by applicable laws or is based on your explicit consent.
Right to data portability – you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
the right to complain to a supervisory authority – you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority. Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at tours@electriccityscooters.co.nz. If you are not satisfied by the way your query is dealt with by our data protection officer, you may refer your query to your local data protection supervisory authority.
8. Children
Our tours are intended for adults over the age of 18 years and do not accept tour bookings from persons under the age of 18. You may be refused your tour booking if you cannot provide identification or proof of age. We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please contact us at tours@electriccityscooters.co.nz.
9. International transfer of data
The Account and Marketing Data may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision when transferring personal data from the EEA to New Zealand.
10. Third party processors
The Account and Marketing Data we collect may also be processed by the third parties set out below.
Some of the Account and Marketing Data we collect is processed in New Zealand (where our operations are located). New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision in transferring personal data to New Zealand.
Some of the Account and Marketing Data we collect is processed by us and/or third party data processors in other countries, including the United States. Where Account and Marketing Data is transferred outside the EEA, it will only be transferred to countries or specified sectors within a country that have been identified as providing adequate protection for EEA data (e.g. organisations in the United States under the EU-U.S. Privacy Shield framework), or to a third party where we have approved transfer mechanisms in place to protect your personal data (e.g. by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact us using the details set out in set out in our privacy policy.
PayPal
Payment Processor
https://www.paypal.com/en/webapps/mpp/ua/privacy-full
MailChimp
Email service provider
https://mailchimp.com/legal/privacy/
Google, Inc.
Analytics Advertising
https://policies.google.com/privacy?hl=en&gl=nz
Facebook
Advertising
https://www.facebook.com/privacy/explanation
11. Data Retention policy
Account and Marketing Data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer. The criteria we use to determine the period of time for which we keep Account and Marketing Data includes:
the nature and type of Account and Marketing Data that you provide to us
the purpose for which you provide Account and Marketing Data
the necessary business and operational requirements to continue to supply you with the services or functionality that you have requested
12. Contacting Us
You can contact us as set out in our privacy policy. The name and contact details of our representative are Ryan Habberjam – tours@electriccityscooters.co.nz.