Adeption’s Privacy Policy

Adeption Privacy Policy
This privacy policy was last updated on 23 November 2O23.

Introduction
Adeption is strongly committed to protecting personal information. This privacy policy describes why and how we collect and use personal information and provides information about individuals’ rights. It applies to personal information provided to us, both by individuals themselves and by others. We may use personal information provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

In this Privacy Policy, Adeption is used to represent the Legal Entities it is provided by: in the United States of America – KtoAct Limited (DBA Adeption) 6 Liberty Square # 2800, Boston, MA 02109; Rest of world – Adeption Limited (New Zealand Registered Company NZBN 9429030988699) of Suite 10790, 17b Farnham Street, Parnell, Auckland, 1052, New Zealand, and any entity owned or controlled by these entities’ operations in New Zealand (together “Adeption”, “we”, or “our”). This policy explains how Adeption handles personal information and complies with the requirements of privacy legislation in the countries in which Adeption operates. As Adeption’s parent organisation is based in New Zealand, this policy will reference the New Zealand Privacy Act 2020 (“Privacy Act”) and the transfer of information and data in and out of New Zealand. If you have any further questions in relation to this policy, please contact our Privacy Officer at security@adeption.io

Personal information or personal data is information about an identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal information.

Processing is how we sometimes refer to the handling, collecting, protecting or storing of your personal information. When collecting and using personal information, our policy is to be transparent about why and how we do that.

Exclusions
This policy relates to Adeption’s collection and handling of personal information that is covered by the Privacy Act. It is not intended to cover categories of personal information that are not covered by the Privacy Act unless otherwise specified.

This policy relates to the content and information collected through Adeption’s website and excludes any software applications developed by Adeption. A specific privacy policy for Adeption’s software platform is retrievable at https://app.adeption.io/terms/Terms&Privacy.

Collection of personal information
Adeption collects, holds and processes personal information from clients, suppliers, employees, job applicants, contractors and other individuals. We collect and hold this information for our necessary business purposes.

The types of personal information we collect, hold and process include:

  • The contact details and organisational roles of our actual and prospective clients, suppliers and other business contacts. Typically, this information includes names, addresses,
    telephone numbers, e-mail addresses and job titles.
  • Personal information collected in the course of providing products and services to our clients (for instance strategic details if we are engaged to perform development services about strategic vision).
  • Personal information collected in relation to persons who register to attend seminars or other events we run, sponsor or are otherwise involved in.
  • Personal information collected when individuals communicate with us (including via email).
  • Personal information collected from job applicants when they apply for a job with us and individual contractors when performing a role for us (in some instances this may include
    sensitive information such as health information if related to the role being applied for or being performed).
  • Personal information collected from our employees during the course of carrying out our duties and activities as an employer (in some instances this may include sensitive
    information such as health information if related to the employee’s role).
  • We might also collect general user information such as users' internet protocol addresses, browser type and internet service provider details, and other technical information when you visit our associated websites.

We generally do not intend to collect, and we ask you not to submit, any special categories of personal information. Special categories of personal information include information about an individual’s race or ethnic origin; political opinions or political affiliations; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data that uniquely identifies someone; sexual life or sexual orientation; and criminal records. If you choose to provide special categories of personal information about yourself to us for any reason, the act of doing so constitutes your explicit consent, (where such consent is necessary), for us to collect and use that information as necessary in the ways described in this privacy policy or as described at the point you choose to disclose this information.

We collect most information directly from individuals when we deal with them. The personal information we collect may be provided in forms filled out by individuals, face-to-face meetings, email messages, telephone conversations, when you use our websites or our social media, or by third parties. If you contact us, we may keep a record of that contact.
Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (for example, when seeking staff or client feedback generally).

Legal grounds for processing your personal information
We rely on one or more of the following conditions to justify processing your personal information:

  • Our legitimate interests in the effective delivery of information and services to you and in the lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us (provided these do not interfere with your fundamental rights);
  • Our legitimate interests in developing and improving our businesses, services and offerings and in developing new Adeption technologies and offerings (provided these do not interfere with your fundamental rights);
  • Our legitimate interests in maintaining the security of our and our client’s data and in ensuring the quality of our services;
  • To satisfy any requirement of law, regulation, or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
  • To perform our obligations under a contractual relationship with you; or
  • Where no other processing condition is available if you have agreed to us processing your personal information for the relevant purpose.

Why we process personal information
The primary purposes for which we collect, hold and process personal information are:

  • To provide professional services to our clients: we provide a diverse range of services to our clients, several of which require us to collect and process personal information in order to provide advice and deliverables. For example, we will review strategic documents and employee feedback data as part of a programme design process and we often need to use personal information to provide services to programme participants;
  • To respond to an individual’s request;
  • To communicate and maintain contact with clients;
  • Administering and managing our business and services: This includes:
    • Managing our relationship with clients and prospective clients;
    • Managing our business and services (such as identifying client needs and
      improvements in service delivery);
    • Analysing and evaluating the strength of interactions between Adeption and a
      contact;
    • Administering and managing IT systems, websites and applications; and
    • Hosting or facilitating the hosting of events.
  • Providing our clients and prospective clients with information about us and our range of services that we think will be of interest. This includes industry updates and insights, other
    services that may be relevant and invitations to events;
  • For general management and reporting purposes, such as invoicing and account
    management;
  • For recruitment purposes;
  • For purposes related to the employment of our personnel and providing internal services to our staff;
  • Security, quality and risk management activities: we have security measures in place to protect our and our client’s information (including personal information), which involves
    detecting, investigating and resolving security threats. This may include:

     

    • Automated scans to identify harmful emails;
    • Monitoring the services provided to clients for risk and quality purposes, which may involve processing personal information stored on the relevant client file;
    • Carrying out conflict and risk searches to ensure there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputation issues);
  • Complying with any requirements of law, regulation, or a professional body of which we are a member; and
  • Other purposes related to our business.

If you choose not to provide us with personal information which we have requested from you, we may be unable to fulfill any of the above purposes, including providing professional services to you, responding to your requests, paying your invoices, or processing your application for employment.

We may collect, hold and use personal information about individuals to market our services, including by email. However, individuals always have the opportunity to elect not to receive further marketing information from us by writing to the Privacy Officer at security@adeption.io. Please allow 20 working days for your request to be processed.

Alternatively, if we have contacted you by email, you may use the unsubscribe function in that email to notify us that you do not want to receive further marketing information from us by email. If we collect, hold or use personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.

Disclosure of personal information
Adeption does not disclose personal information unless:

  • Disclosure is permitted by this policy;
  • We believe it is necessary to provide you with a product or service which you have requested (or, in the case of a partner, employee or contractor of Adeption, it is necessary
    for maintaining, or is related to, your role at Adeption);
  • To protect the rights, property or personal safety of any member of the public or a customer of Adeption or the interests of Adeption;
  • Some or all of the assets or operations of Adeption are or may be transferred to another party as part of the sale of some or all of Adeption’s business;
  • You give your consent; or
  • Such disclosure is otherwise required or permitted by law, regulation, rule or professional standard.

We may also disclose personal information under the following circumstances:

  • To our professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business;
  • When explicitly requested by you;
  • When required to deliver publications or reference materials requested by you;
  • When required to facilitate conferences or events hosted by a third party; or
  • To third-party contractors, subcontractors, and/or their subsidiaries and affiliates (for example independent contractors and consultants, printing service providers, mail houses,
    off-site security storage providers, information technology providers, event managers, credit managers, debt collecting agencies, providers of identity management, website hosting and management, data analysis, data backup, security, and cloud storage services).

We may also share non-personal, de-identified, and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to or trade personal
information with third parties.

Please note, in accordance with the above, sometimes individuals and organizations outside of Adeption will have access to personal information held by Adeption and may collect or use it from or on behalf of Adeption. Some of these third-party providers may use their own third-party subcontractors that have access to personal information (sub-processors). It is our policy to use only service providers and third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by Adeption and in accordance with our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorized purposes. We also require the flow of those same obligations down to their sub-processors. We will only share personal information with others when we are legally permitted to do so.

Retention
We retain personal information for as long as is necessary for the purpose for which it was collected. Personal information may be held for longer periods where extended retention periods are required by law or regulation and as necessary in order to defend our legal rights.

Transfer of information outside New Zealand
In addition to disclosures permitted under this policy, we may disclose your personal information to other Adeption affiliate organisations within the Adeption and Adeption network and select business partners involved in the delivery of services. These organisations are located in New Zealand, Australia, India, the United States, and the United Kingdom.We may share personal information with other Adeption affiliates where necessary, for example for administrative purposes and to provide professional services to our clients (e.g. when providing
services involving advice from Adeption network firms in different territories) or for any of the purposes set out above.

Adeption utilises the Adeption digital technology platform for many of its products and services. This is a cloud-based platform which is hosted on the Microsoft Azure data centre in Dublin, Ireland. The Adeption platform has a specific privacy and use of data policy which is retrievable at https://app.adeption.io/terms/Terms&Privacy

Adeption and Adeption affiliates with which we exchange information may also use overseas facilities or contractors to process or back up our information or to provide certain services to us (e.g. offshore cloud service providers). These Adeption affiliates, service providers and contractors may not be New Zealand entities or regulated by the Privacy Act and may not be subject to privacy laws that provide the same level of protection as New Zealand’s Privacy Act.

By providing personal information to us, you consent to the disclosure of your personal information to such Adeption affiliates, service providers and contractors on this basis. We will take all steps that are reasonably necessary to ensure your personal information is treated securely and in accordance with this privacy policy as well as applicable data protection laws.
Any such transfer of personal information does not change any of our commitments to safeguard your privacy and the information will remain subject to any existing confidentiality obligations.

Privacy on our Web Sites and Applications
This policy also applies to any personal information we collect via our websites, including adeption.io. This is in addition to the personal information, you provide to us directly (such as where you make a direct request to us or complete a registration form).

To properly manage our websites and applications, we may log certain analytic statistics about the users of these facilities, for example, the users’ domains and browser types. None of this information specifically identifies an individual and it is used solely to ensure that our websites and applications provide the best possible experience for users. You have some choices concerning our use of these analytics.

For instance, to prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.

Cookies are used on some Adeption websites. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. In most cases, you can refuse a cookie and still fully navigate the Adeption websites.

Because Adeption wants your user experience to be as informative and resourceful as possible, we provide several links to websites and embedded content operated by third parties that may also set cookies and other 3 party tracking technologies. Adeption is not responsible for the privacy practices or policies of those sites. We encourage you to review each website’s privacy policy, especially if you intend to disclose any personal information via that site. A link to another non-Adeption website is not an express or implied endorsement, promotion or warranty of the products or services offered by or accessible through that site or advertised on that site.

Our Policy Concerning Children
Adeption recognizes the privacy interests of children, and we encourage parents and guardians to take an active role in their children's online activities and interests. Children under the age of 13, or 16 if such children reside in the European Economic Area, should not use, or attempt to use our services. If we learn that we have collected personal information (as defined by applicable law) from a child under 13 or a child under 16 in the European Economic Area, we will take reasonable steps to delete such information.

Parents who believe that Adeption might have collected personal information from a child under the age of 13 may submit a request to the Privacy Officer security@adeption.io and request that the information be removed.

Security of Personal Information
Adeption will endeavor to take all reasonable steps to keep secure any information that we hold about you, whether electronically or in hard copy, and to keep this information accurate and up to date.

We also require our employees and data processors to respect the confidentiality of any personal information held by Adeption.

We have a framework of policies, procedures, and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Access to Information
We will provide access to personal information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information.
When you make a request to access personal information, we will require you to provide some form of identification (such as a driver’s license or passport) so we can verify that you are the person to whom the information relates to.

If at any time you want to know what personal information we hold about you, you may contact us by emailing the Privacy Officer at security@adeption.io

Agent and contact information
Where we process or hold personal information solely on behalf of another organization, we do so as an “agent” under the Privacy Act. Where we process, use, or disclose personal information for our own purposes, or for purposes related to our business, we will be an agency governed by the Privacy Act. If you have any questions about this privacy policy or how and why we process personal information, please contact the Privacy Officer at security@adeption.io

Corrections and Concerns
If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve those concerns.

You can direct any requests for correction or concerns to our Privacy Officer via email at security@adeption.io. If Adeption becomes aware of any ongoing concerns or problems concerning our privacy practices, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our privacy policy, or you have a problem or complaint, please contact our Privacy Officer.

If you are not satisfied with our handling of your problem or complaint you may make a complaint to the Office of the Privacy Commissioner (https://www.privacy.org.nz/about-us/contact/).

Marketing
Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.

If you opt into any subscriptions, you will receive automated emails when content is updated.

Unsubscribe
If you want to unsubscribe from mailing lists, you should look for and follow the instructions we have provided within the appropriate area(s) of the Websites or in the relevant communications to you.

If you do not wish to receive emails or marketing communications from us, you can at any time contact us to request that such communications cease.

If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honor your request.

Effect of and Changes to this Privacy Policy
This privacy policy was last updated on 23 November 2022.

Adeption operates in a dynamic business environment and we aim to review this policy annually to keep it current.

We may update this privacy policy at any time by publishing an updated version here. So you know when we make changes to this privacy policy, we will amend the revision date at the top of this policy. The newly amended privacy policy will apply from that revision date. Therefore, we encourage you to review this privacy policy periodically to stay informed about how we are protecting your information. Any amended policy will apply between us whether or not we have given you specific notice of any change.