privacy policy
Effective 10 May 2022
PKP, ICPKP, the Kinesiology and Kinesiology Plus apps owned and operated by PKP International Limited, headquartered in New Zealand (“PKP”).
At PKP we believe that privacy and security of your personal information is a basic human right and we work hard to protect your privacy. This policy is our way of letting you know what information we collect, why we collect it, how we use it and steps you can take to learn more about this. This policy should be read in conjunction with:
This policy describes our practices in connection with information that we collect through our websites, mobile and web apps, APIs and backend platforms (together our “Service”). It also describes your data protection rights, including a right to object to some of our processing.
The Policy does not apply to information collected by any third party, including through any third-party application, integration, use of our API or content (including advertising) that links to or is accessible from our Service.
If you do not agree with our policies and practices, you may choose not to use our Service.
Firstly, some definitions:
This policy applies to the following classification of individuals that interact with PKP:
When a User creates a profile in our Service they upload personal information that includes their name, email address, profile photo, and may optionally include information they upload such as an about me description. A User’s record of study of PKP materials is collected as they use the Service and this includes: any Colleges they are registered with; their courseware enrollments; online test marks; marks entered by a College they are studying at; recognition for prior learning; achievement certificates; any correspondence between a College and PKP related to a User’s study; any correspondence between a User and PKP; and any notes or annotations to Courseware that a User makes on the Service.
If a User is directly connected to a Customer organization then their role at that Customer is recorded, as well as various permissions they have on the Service based on this Customer connection.
If a User is an account holder for a Customer we may, depending on the contract payment method they select, record their credit card or other financial details and relevant billing and contact information for billing purposes only.
Our Service is flexible and allows our Customers to collect a variety of personal data from and about their Users. Customers have access to information in the profiles of any User who is connected with their organization.
Location Information
Our Service stores and displays location information for Customer Organizations office addresses only. No other geo-location information is obtained, processed, or stored, either from Customers or Users.
Our Customers use personal information to interact with Users in the normal course of delivering their teaching services. In such instances, Customers act as data controllers towards the User under the European Economic Area (“EEA”) data protection laws. Therefore, PKP cannot and does not take responsibility for the privacy practices of Customers.
The information practices of our Customers are governed by their privacy policies. We encourage Users to review Customers’ privacy policies to understand their practices and procedures.
PKP does not use personal data of Users for any purposes other than to provide the, or as required by law. PKP does not sell the personal data of our Customers or Users.
We collect personal data from our Customers in order to facilitate communication and delivery of the Service to our Customers. For example, we may collect Customer contact information, whether through the execution of a contract, use of our services, a form on our website, an interaction with our sales or customer support team, signing up for an event, or a response to one of our surveys or marketing emails. We may also collect credit card information (e.g. credit card number and expiration date, billing address, etc.) or other customary bank information needed for billing and payment purposes.
We collect Customer usage information about how our Customers and Users interact with our Service. This includes which webpages or app screens they visit and use, what they click on, when they perform certain actions, what language preference they have, and so on.
We process Customers’, Users’ personal data in the following manner:
We aggregate and anonymize information about (i) Customers and Users, and (ii) the use of our Service in order to improve our Service and to create benchmark and other business intelligence products. None of the aggregated and anonymized information contains personal data (i.e. does not identify any individual).
For individuals that are from the European Economic Area (EEA), our legal basis for collecting and using their personal information will be our legitimate interest where the processing is in our, or a third party's, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. These interests are to provide individuals with access to the Service and features of the Service; to send them information they have requested; to ensure the security of our Service by trying to prevent unauthorized or malicious activities; or to enforce compliance with our terms of use, contracts and other policies. In some EEA countries, we are relying on consent as a legal basis for using data for marketing purposes.
Since our Users and Customers rely on us to keep an accurate academic record for each student, records of learning and the identifying personal information related to those records are maintained indefinitely, as is information about the College where the teaching was provided. Information related to Colleges and their financial transactions are maintained for seven years, or as may be required by New Zealand law. Information such as access log files and other usage information is maintained for a period of up to 12 months and automatically deleted.
A User can delete their notes and annotations at any time and these are not retained by the system if deleted. A User may choose to edit their Profile and remove their personally identifying information such as their name, photo and email address. Once these are removed the User will no longer have access to the system and PKP will no longer be able to provide them with an Academic Record of learning.
In various countries, including countries in the EEA, upon their request, Users have the right to access their personal data and, if necessary, have it amended, removed or restricted. Users can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format.
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent (see the PKP contact section below). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Users also have the right to complain to a supervisory authority for data protection in the country where they live, or where they work – although we hope that we can assist with any queries or concerns you have about our use of your personal data.
Other than User Profile information and information users enter themselves, PKP processes User data under the direction of our Customers and has no direct control or ownership of the personal data we process for Customers. Customers are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to PKP for processing purposes. Any User that seeks to access, correct or delete data, other than User Profile information, should direct their query to the Customer. If the Customer requests PKP to remove the personal data of a User to comply with data protection regulations, PKP will process this request within 30 days.
We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.
Customers have the same rights to access, correct or remove their personal data as do Users.
Any Customer that seeks to access, correct or remove data, can do so by submitting a request to admin@icpkp.com. PKP will process this request within 30 days.
We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.
We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.
Cookies and Web Beacons
We use cookies or similar automatic data collection technologies as individuals interact with our Service to collect certain information about their equipment, browsing actions and patterns, including:
Below are the technologies we use for automatic data collection.
Neither of these cookies can read or access other cookies or any data from a user’s hard drive. Further, neither of these cookies alone will personally identify a user; however, a cookie will recognize a user’s individual web browser or device through an IP Address, browser version, operating system and other information, and individuals who log in to their PKP accounts will be individually identifiable to the Service using session cookies.
At this time, we do not respond to browser ‘do not track’ signals, as we await a uniform standard put forth by regulators or the privacy industry. PKP earnestly considers an individual’s independent right to determine how their personal data is processed and continues to monitor developments in this area.
We use third party analytics providers, including Google, Apple, and others, to collect information about the usage of our Service and enable us to improve how our Service works. The information allows us to see the overall patterns of usage on the Service, helps us record any difficulties you have with the Service, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance. These third-party providers use cookies and other, similar technologies to collect information about the usage of our Service and to report website trends to us, without storing any personal data on external third-party analytics provider platforms. See below for more information, or to opt out of these practices:
PKP processes Visitor data separately and distinctly from the way we process Customer and User data. By visiting our websites, attending PKP events or providing us with your personal information, Visitors consent to the collection, processing, and storage of their personal information as described in this section.
Visitor Personal Data Collected
PKP collects personal data including name, title, postal address, e-mail address, telephone number, social media account ID, company information (including financial and billing information when purchasing PKP services), survey responses, message board posts, chat messages, contest entries and promotional enquiries. We use this information to provide you with additional details about our services, conduct research, provide whitepapers or to contact you after your visit.
We also collect personal data from third party sources, such as public databases, joint marketing partners, and social media platforms. For example, if a Visitor elects to connect her social media account to her account for our websites, certain personal data from the social media account will be shared with us, which may include personal data that is part of the Visitor’s profile or her friends’ profiles.
Additionally, we collect personal data from cookies and similar technologies to collect information about the pages Visitors view, links Visitors click on, Visitors’ web browser information, Visitors’ IP address and other actions Visitors may take when accessing our websites.
PKP’s Use of Visitor Personal Data Collected
PKP processes Visitor personal data to:
If you wish to remove yourself from communications about PKP, please send us an email at: admin@icpkp.com.
Storing of Visitor Personal Data
Where we process Visitor personal data for marketing purposes or with Visitor consent, we process the data until the Visitor asks us to stop. It typically takes up to 30 days to implement your request. PKP will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where PKP services are marketed and provided. We also keep a record of when Visitors have asked us not to send direct marketing or to process Visitor data indefinitely so that we can respect the Visitor’s request in the future.
Sharing of Visitor Data
We may share information with third party service providers contracted to provide services on our behalf as well as third parties who resell our services.
We may also engage with business partners to jointly offer products, services or other programs, such as webinars or whitepapers, and from time to time, we may share personal data if you purchase or show interest in any jointly-offered products or services.
We will only share personal data of Visitors who attend a PKP marketing event with third parties if a) the Visitor explicitly consents, b) the Visitor permits their badge to be scanned, or c) it is permissible under applicable law.
Access, correct or delete Visitor data
Visitors have the same rights to access, correct or delete their personal data as do our Customers.
Any Visitor that seeks to access, correct or delete data, can do so by submitting a request to admin@icpkp.com. We will process this request within 30 days.
We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Visitor about the legal obligations that prevent us from fulfilling the request.
We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.
Our Service is not intended for or to be used by children under 13 years of age. We do not directly solicit or collect personal data from children under 13. If you are under 13, do not (i) use or provide any information on our Services or on or through any of its features, (ii) register to use our Service, (iii) use any of the interactive or public comment features of our Service or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you will use.
PKP is an Aotearoa New Zealand company and adheres to Aotearoa New Zealand Privacy laws (see #18 below) which the EU has deemed to provide adequate privacy protections for EU citizens.
EU-U.S. and Swiss-U.S. Privacy Shield
However, where we store and/or process data within the United States, we use the Google Cloud Platform infrastructure. Google have certified that they adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. PKP is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, in reliance on the Privacy Shield Frameworks to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit https://www.privacyshield.gov.
PKP is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PKP complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
Cross-Border Transfers other than to the E.U. or Switzerland
Personal data may be accessed by PKP personnel providing services in any country where we have facilities or in which we engage IT service providers, including New Zealand and the United States.
How do we secure the data we process?
We use a variety of organizational, technical and administrative measures to protect personal data within our organization. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at admin@icpkp.com.
For details about the DPO’s role or any privacy questions related to PKP’s Privacy Policy, please contact the us at admin@icpkp.com. You should also feel free to contact us regarding details of our implementation of our privacy program at: PKP International Limited, c/o McQueen & Associates Limited, Floor 4, 165 The Strand, Parnell, Auckland, 1010, Aotearoa New Zealand.
As an Aotearoa New Zealand company, we are subject to and comply with the New Zealand Privacy Act 2020, along with any other guidelines, policy statements or rules issued by the Office of the New Zealand Privacy Commissioner / Te Mana Mātāpopo Matatapu. We also guided by and comply with the principles of the General Data Protection Regulation (EU GDPR) and the California Consumer Privacy Act (USA-CA CCPA).
We will update this Privacy Policy to reflect changes to our information practices and update this on our website and within the Service. We may also notify you by in-app message within the Service or by email if we believe the changes are significant enough to warrant disturbing you with yet more messages.