- Notice/Awareness of our information practices
- Choice/Consent to provide information
- Access/Participation to/in your own data
- Integrity/Security of the Data Collected
- Enforcement/Redress through self-regulation.
1. User Supplied Information
- You control who has access to Your Data
- The Data entered, or imported on instruction, by You is stored securely in a database and is only accessible to any person You have authorised to use the Service (Invited Users).
- By using the Service, you (whether an individual or company or other legal entity), your Employee, and your Guests are asked to supply information in order for the Service to perform its core purpose – that being the management of people into and out of your organisation’s operations.
- When you register an account to become an MRI client, we record Employee and/or Contractor (User) profile information such as names, e-mail, department, phone, mobile and a password. If Add-ons are activated User information can include a photo and uploaded documents against their profile.
- When Guests check into and out of the Service we record their name, where they are from, and the date and time they arrived onsite and departed. Other information can be captured depending on the requirements of the client.
- We use this information to provide the core Service of MRI. Information is available to users via the Service tools or by your direct request to our helpdesk. The information we collect in this manner is not used for any other purpose. No personal customer, user, Employee or visitor data will be copied to, or shared with, any other party without the prior written consent of you.
- As the data entered into the Service is managed by you, we are not responsible for the integrity of the data entered into the Service nor any consequences resulting from incorrectly entered information.
2. It is Your responsibility to keep Your password safe
- MRI, MRI’s Employees and MRI’s partners do not have access to Your password and are therefore unable to access Your Organisation’s account or Data without receiving an invitation to do so from You via the Helpdesk.
3. Disclosure of Information
- We may disclose user information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property or other users of the Service, or anyone else that could be harmed by such activities. We may disclose user information when we believe in good faith that the law requires the disclosure.
- We do not use any customer data for testing.
- We may share aggregate information about our users with business partners and other third parties. For example, we may say x percent of our clients are Government Departments or y percent of our Clients operate in this sector.
- Subscribers to our Services, meaning You, are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of our Services by individuals (also referred to as “data subjects”) with whom our Subscribers interact. If you are an individual who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your personal information.
- We collect information under the direction of our Subscribers, and have no direct relationship with individuals whose personal information we process in connection with our Subscriber’s use of our Services. If you are an individual who interacts with a Subscriber using our Services (such as a visitor, or contractor of one of our Subscribers) and would either like to amend your contact information or no longer wish to be contacted by one of our Subscribers that use our Services, please contact the Subscriber that you interact with directly.
4. Your IP Address
- For Microsoft Internet Explorer: https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
- For Google Chrome: http://www.google.com/support/chrome/bin/answer.py?answer=95647
- For Mozilla Firefox: http://support.mozilla.com/en-US/kb/Enabling%20and%20disabling%20cookies
- For Apple Safari 5: http://docs.info.apple.com/article.html?path=Safari/5.0/en/9277.html
You may access the data collected by us about you by sending a request to the address listed below. If you believe that an error has been made in the accuracy of the data collected from you, we will correct such error upon adequate verification of the error and the identity of the person seeking the correction. If you wish to access, remove or correct any personally identifying data you have supplied to us you may do so by:
- Sending an e-mail request to firstname.lastname@example.org
Please understand that in order to protect your privacy and security, we may also need to take reasonable steps to verify your identity before granting access or making corrections.
4. Information Sharing, Data Protection, and Security of the Data Collected
1. Information Sharing
- Except as described in this Policy, MRI will not give, sell, rent or loan any personal information to any third party. We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. MRI may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Site information to reputable third-party vendors, but these statistics will include no personal information.
2. Protection of Information
- MRI is committed to ensuring the security of your personal information. We take every precaution to protect the confidentiality and security of the personal information placed on the Site or used within the Service, by employing technological, physical and administrative security safeguards, such as firewalls and carefully-developed security procedures. For example, when You enter sensitive information (such as login credentials and all your activity on our Service platform) We encrypt the transmission of that information using secure socket layer technology (SSL). These technologies, procedures and other measures help ensure that your data is safe, secure, and only available to You and to those You authorised access.
- The Service uses COMODO 2048-Bit Encryption to secure data information transfer, is EV SSL Certified, and is stored in a secure server facility in major Data Centres. The Data Warehouses are physically protected as there is no external signage identifying the buildings, there is a 24 hour Security Guard posted on-site, the facilities are monitored for intrusion 24 hours a day. Guests must provide Photo ID and are escorted throughout their visit. To minimise systems outage and Service down-time the facility employs multiple UPS’s and on-site generators. All servers are on a dedicated Firewall with robust check-point security.
- You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
3. Our Access to Your Information
- MRI Support may ask you to grant us login access in order to assist you with a question, issue or request.
- Granting login access allows MRI Support to view your account for one hour. MRI Support cannot view any customer account data unless permission is granted by a user like yourself.
- During the effective access period, they will be able to access your data in order to help you resolve any problems.
- MRI Support will never ask for your password, either via phone or email.
- If we need to log into the application we will always ask you or another of your users to grant login access. If you receive any email requests for your password from a source pretending to be from MRI, please report via email to email@example.com.
- Compliance With The Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles: In Australia, the key privacy legislation applying to MRI is the Privacy Act 1988 (Cth). The Privacy Act applies to most private sector organisations operating in Australia and sets a national standard for the collection, use and disclosure, quality and security of “Personal Information”. In particular, the Privacy Act establishes the Australian Privacy Principles (APPs) (effective from 12 March 2014) that sets out these key obligations.
- Compliance With The New Zealand Privacy Act and Privacy Principles: Similar to the Australian privacy principles, New Zealand law lays out 13 information privacy principles (NZ IPPs) for the proper handling of personal information of New Zealand citizens, and these principles can be found at https://www.privacy.org.nz/privacy-act-2020/privacy-principles/.
- Cross-border data flows are permissible in prescribed circumstances. MRI will continue to take steps to ensure its third-party processor either use the personal information solely in accordance with our instructions or will otherwise adequately protect the personal information.
- Personal Data collected, stored, used and/or processed by MRI, as described in the Agreement, is collected, stored, used and/or processed in compliance with MRI’s obligations under the General Data Protection Regulations (“GDPR”), a European privacy regulation which replaced the hitherto EU Data Protection Directive (“Directive 95/46/EC”).
- We detail our commitments and adherence to GDPR in our GDPR Policy Statement.
1. You can opt-out of any email communications
- MRI sends billing information, product information, Service updates and Service notifications to You via email, and via the Site notifications message board, Where appropriate communication will contain clear and obvious instructions describing how You can opt to be removed from the email mailing list. MRI will remove You upon Your request.
- The Service may contain links enabling the electronic transfer of data with third-party applications that your Account Owner has activated under the Add-ons function. MRI takes no responsibility for the privacy practices or content of these applications. This policy may be updated from time to time MRI reserves the right to change this policy at any time and any amended policy is effective upon the posting on:
- The login screen message board
- Email to Administrators.
Please read our Master Subscription Agreement
MRI OnLocation Customer Services
MRI New Zealand Holdings Limited
P.O. Box 27023
Marion Square, Wellington, New Zealand 6141
Last Updated on: 1 February 2023