HeyPenny Security and Privacy Policy

What is this Policy all about?

HeyPenny understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you

How we collect your data

When you engage with our website or the HeyPenny platform, we collect personal information to enable you to have access and usage of our service and product.

This information can be divided into three categories:

  1. Straight from you: While browsing our site or using the HeyPenny platform, we might pop a question or two about certain details which you can choose to answer (or not).

  2. Behind the scenes: Some data, like which device you're on or your IP address, is collected automatically when navigating the internet. It is anonymous.

  3. From your Employer: If you work for a HeyPenny customer who has signed-up to the platform, your employer may provide us with some high level professional data on you, such as your role and reporting structure, to enable smooth access and usage of the platform.

How We Use Your Data

The primary reason we collect personal information is to deliver products, services, and features tailored to meet your needs. Here are specific ways we use your data:

  • To communicate with you: To keep you informed about operational updates, marketing initiatives, and solicit feedback or participation in research we conduct.

  • Technical and Usage Data optimisation: When accessing our website or platform, details about your internet protocol (IP) address, login data, internet cookies, browser sessions and/or search queries may be collected. 

  • Security: To monitor for malicious or fraudulent activity and ensure our website and/or platform remains secure.

  • To validate the HeyPenny Platform product offering: We retain access and ownership to insights generated through the HeyPenny platform in an anonymised format, protecting the personal information of you and your people, to validate our offering and service.

  • Analysis and reporting: We may use your data, combined with others, to produce anonymised analytics and reports.

How we secure and manage your data

When we collect personal data about you, we only collect what is necessary, and security is key. That is why we protect your information using industry standard measures and limit access to this data to only those that really need it. Such as:

  • Legal entities when required under New Zealand Privacy Law Principles and/or the New Zealand Crimes Act (with prior notice when feasible).

  • Cases where you've given us explicit consent.

In order to prevent unauthorised access or disclosure to your data, we have put in place suitable physical, electronic and procedural safeguards. Such as:

  • Modern authentication and password management.

  • Least privilege concept towards administration access.

  • Observability of platform and website for threat monitoring and disruption.

  • Cloud hosted provider, Amazon (AWS), for resiliency and high availability. 

  • Testing, assurance and compliance measures.

The HeyPenny platform provides modern industry-standard levels of security and encryption. This means all traffic, including any containing personal information, is transmitted to and from the platform using strong end-to-end encryption. Further encryption is added to all file and data storage components, including any backups of said storage components.

These steps aim to secure your information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the internet. The transmission and exchange of information is carried out at your own risk.

Data Breaches

In the unlikely event of a data breach that compromises your personal data, we are committed to notifying you and relevant authorities within the timeframes prescribed by law, such as the New Zealand Privacy Act. We will also take all necessary steps to mitigate the effects and prevent future breaches.

Updates to the Privacy Policy

Our privacy policy may be updated periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify users of any significant changes through either email or a prominent notice on our website. We encourage you to periodically review our policy to stay informed.

Your Choice and Rights to Controlling Your Personal Information

Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Security and Privacy Policy v1.0