Effective 10 May 2022

PKP, ICPKP, the Kinesiology and Kinesiology Plus apps owned and operated by PKP International Limited, headquartered in New Zealand (“PKP”).

At PKP we believe that privacy and security of your personal information is a basic human right and we work hard to protect your privacy. This policy is our way of letting you know what information we collect, why we collect it, how we use it and steps you can take to learn more about this. This policy should be read in conjunction with:

PKP End User Terms (app.icpkp.com/end-user-terms)
And if you represent a licensed College, your college Agreement.

This policy describes our practices in connection with information that we collect through our websites, mobile and web apps, APIs and backend platforms (together our “Service”). It also describes your data protection rights, including a right to object to some of our processing.

The Policy does not apply to information collected by any third party, including through any third-party application, integration, use of our API or content (including advertising) that links to or is accessible from our Service.

If you do not agree with our policies and practices, you may choose not to use our Service.

Who is this Policy for?

Firstly, some definitions:

STUDENTS: are individuals who are accessing and studying PKP courseware for their own personal and/or professional development.
COLLEGES: are organizations (such as companies, businesses, charities, trusts, government agencies or other entities) that have entered into an agreement with PKP to teach PKP courseware to students.

This policy applies to the following classification of individuals that interact with PKP:

USERS: Users are individuals that create a User Profile on the Service. They may also be employees, contractors, volunteers or associates of our Customers, including Customer personnel that are authorized to access and use our Service pursuant to an active. Additionally, Users include individuals who self-register to access our Service.
VISITORS: Individuals that interact with our Websites or the Service (for instance, to read about our Courseware products and services) without creating a User Profile.

What types of personal data do we collect?

When a User creates a profile in our Service they upload personal information that includes their name, email address, profile photo, and may optionally include information they upload such as an about me description. A User’s record of study of PKP materials is collected as they use the Service and this includes: any Colleges they are registered with; their courseware enrollments; online test marks; marks entered by a College they are studying at; recognition for prior learning; achievement certificates; any correspondence between a College and PKP related to a User’s study; any correspondence between a User and PKP; and any notes or annotations to Courseware that a User makes on the Service.

If a User is directly connected to a Customer organization then their role at that Customer is recorded, as well as various permissions they have on the Service based on this Customer connection.

If a User is an account holder for a Customer we may, depending on the contract payment method they select, record their credit card or other financial details and relevant billing and contact information for billing purposes only.

What types of personal data do our Customers collect?

Our Service is flexible and allows our Customers to collect a variety of personal data from and about their Users. Customers have access to information in the profiles of any User who is connected with their organization.

Location Information

Our Service stores and displays location information for Customer Organizations office addresses only. No other geo-location information is obtained, processed, or stored, either from Customers or Users.

How do our Customers collect personal data?

When Users enter the information about themselves into the Service.
When our Customers enter information about a User into our Service for the legitimate purpose of teaching the Courseware.
Automatically, as Users interact with our Service.

How do our Customers use personal data?

Our Customers use personal information to interact with Users in the normal course of delivering their teaching services. In such instances, Customers act as data controllers towards the User under the European Economic Area (“EEA”) data protection laws. Therefore, PKP cannot and does not take responsibility for the privacy practices of Customers.

The information practices of our Customers are governed by their privacy policies. We encourage Users to review Customers’ privacy policies to understand their practices and procedures.

Does PKP use or sell personal data collected by our Customers?

PKP does not use personal data of Users for any purposes other than to provide the, or as required by law. PKP does not sell the personal data of our Customers or Users.

How does PKP collect and process personal data from our Customers and Users?

We collect personal data from our Customers in order to facilitate communication and delivery of the Service to our Customers. For example, we may collect Customer contact information, whether through the execution of a contract, use of our services, a form on our website, an interaction with our sales or customer support team, signing up for an event, or a response to one of our surveys or marketing emails. We may also collect credit card information (e.g. credit card number and expiration date, billing address, etc.) or other customary bank information needed for billing and payment purposes.

We collect Customer usage information about how our Customers and Users interact with our Service. This includes which webpages or app screens they visit and use, what they click on, when they perform certain actions, what language preference they have, and so on.

We process Customers’, Users’ personal data in the following manner:

To disclose to our subsidiaries and affiliates for the purpose of providing services to our Customers and their Users.
To disclose to contractors, service providers, and other third parties as reasonably necessary or prudent, to provide, maintain and support our Service for our Customers and their Users, such as, for example, payment processors and data center or Web hosting providers. PKP does not share, sell or trade any information with such third parties for promotional purposes.
To deliver the Service. Some examples include:

When a User registers on our Service we will use their provided email address to send them information and announcements relating to the Service.
When a User uses their social media credentials to log into our Service we will share the information required to facilitate that login with their social media account provider. The information we share will be governed by the social media site’s privacy policy.

To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all PKP’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by PKP about our Customers and Users is among the assets transferred.
For our internal business purposes that include administering access and use of our Service, data analysis, securely identifying Customers and Users upon logging onto the Service, enhancing or modifying our Service, determining the effectiveness of our promotional campaigns, billing for Services, and operating our business.
As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.
For other purposes when Users provide explicit consent.

We aggregate and anonymize information about (i) Customers and Users, and (ii) the use of our Service in order to improve our Service and to create benchmark and other business intelligence products. None of the aggregated and anonymized information contains personal data (i.e. does not identify any individual).

What is the legal basis for PKP to process personal data from the EEA?

For individuals that are from the European Economic Area (EEA), our legal basis for collecting and using their personal information will be our legitimate interest where the processing is in our, or a third party's, legitimate interests and not overridden by the individual’s data protection interests, or fundamental rights and freedoms. These interests are to provide individuals with access to the Service and features of the Service; to send them information they have requested; to ensure the security of our Service by trying to prevent unauthorized or malicious activities; or to enforce compliance with our terms of use, contracts and other policies. In some EEA countries, we are relying on consent as a legal basis for using data for marketing purposes.

How long does PKP store personal data collected by our Customers?

Since our Users and Customers rely on us to keep an accurate academic record for each student, records of learning and the identifying personal information related to those records are maintained indefinitely, as is information about the College where the teaching was provided. Information related to Colleges and their financial transactions are maintained for seven years, or as may be required by New Zealand law. Information such as access log files and other usage information is maintained for a period of up to 12 months and automatically deleted.

A User can delete their notes and annotations at any time and these are not retained by the system if deleted. A User may choose to edit their Profile and remove their personally identifying information such as their name, photo and email address. Once these are removed the User will no longer have access to the system and PKP will no longer be able to provide them with an Academic Record of learning.

How can a User access, correct or remove their personal data?

In various countries, including countries in the EEA, upon their request, Users have the right to access their personal data and, if necessary, have it amended, removed or restricted. Users can also ask for some types of personal data to be delivered to them, or another organization they nominate, in a structured and machine-readable format.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent (see the PKP contact section below). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Users also have the right to complain to a supervisory authority for data protection in the country where they live, or where they work – although we hope that we can assist with any queries or concerns you have about our use of your personal data.

Other than User Profile information and information users enter themselves, PKP processes User data under the direction of our Customers and has no direct control or ownership of the personal data we process for Customers. Customers are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to PKP for processing purposes. Any User that seeks to access, correct or delete data, other than User Profile information, should direct their query to the Customer. If the Customer requests PKP to remove the personal data of a User to comply with data protection regulations, PKP will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.

How can a Customer access, correct, or remove their personal data?

Customers have the same rights to access, correct or remove their personal data as do Users.

Any Customer that seeks to access, correct or remove data, can do so by submitting a request to admin@icpkp.com. PKP will process this request within 30 days.

We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.

How does PKP use cookies and similar technologies?

Cookies and Web Beacons

We use cookies or similar automatic data collection technologies as individuals interact with our Service to collect certain information about their equipment, browsing actions and patterns, including:

Details of their visits to our Service, such as the date and time they access our Service, length of time they spend on our Service, websites that linked to our Service or websites linked from our Service, the resources, functionality, and content that they access, upload and use on the Service.
Information about their computer and internet connection, such as their IP Address, computer type, screen resolution, language, Internet browser type and version.

Below are the technologies we use for automatic data collection.

Browser Cookies. A cookie is a small file placed on a computer hard drive. Web browsers can be configured to restrict or entirely block cookies, to configure cookie notification settings and/or to delete cookies already present on the browser or device. Information on how to do this is provided by the web browser’s help/reference section. Limiting or restricting certain types of cookies may prevent a Customer or Users from using certain portions of our Service, depending on how the browser settings are configured. For example, our web application cannot function successfully if cookies are disabled in the web browser. Unless the browser setting has been adjusted so that it will refuse cookies, our system will issue cookies when the browser interacts with our Service. For more information about cookies and how to disable them, see www.allaboutcookies.org.
Session Cookies and Persistent Cookies. A "session" cookie lasts for a single browser session only and is deleted when the user closes the web browser. Session cookies allow website operators to link the actions of a user during a browser session. A "persistent" cookie remains on the user’s device (even while powered off) until it expires or is deleted. A persistent cookie will be reactivated when a user returns to the website which posted the cookie. We use persistent cookies to help customize your web experience when you return to a web page or our website.

Neither of these cookies can read or access other cookies or any data from a user’s hard drive. Further, neither of these cookies alone will personally identify a user; however, a cookie will recognize a user’s individual web browser or device through an IP Address, browser version, operating system and other information, and individuals who log in to their PKP accounts will be individually identifiable to the Service using session cookies.

Web Beacons. Pages in our Service and our e-mails will contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs). Web beacons differ from cookies in that the information is not stored on your hard drive, but invisibly embedded on web pages or in email. Web beacons permit us to track online movements of web users, for example: to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). This enables us to provide a website experience more tailored to our users’ preferences and interests.

At this time, we do not respond to browser ‘do not track’ signals, as we await a uniform standard put forth by regulators or the privacy industry. PKP earnestly considers an individual’s independent right to determine how their personal data is processed and continues to monitor developments in this area.

Third Party Analytics Providers

We use third party analytics providers, including Google, Apple, and others, to collect information about the usage of our Service and enable us to improve how our Service works. The information allows us to see the overall patterns of usage on the Service, helps us record any difficulties you have with the Service, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance. These third-party providers use cookies and other, similar technologies to collect information about the usage of our Service and to report website trends to us, without storing any personal data on external third-party analytics provider platforms. See below for more information, or to opt out of these practices:

You may opt-out of Google Analytics by clicking here.

How does PKP process data from Visitors?

PKP processes Visitor data separately and distinctly from the way we process Customer and User data. By visiting our websites, attending PKP events or providing us with your personal information, Visitors consent to the collection, processing, and storage of their personal information as described in this section.

Visitor Personal Data Collected

PKP collects personal data including name, title, postal address, e-mail address, telephone number, social media account ID, company information (including financial and billing information when purchasing PKP services), survey responses, message board posts, chat messages, contest entries and promotional enquiries. We use this information to provide you with additional details about our services, conduct research, provide whitepapers or to contact you after your visit.

We also collect personal data from third party sources, such as public databases, joint marketing partners, and social media platforms. For example, if a Visitor elects to connect her social media account to her account for our websites, certain personal data from the social media account will be shared with us, which may include personal data that is part of the Visitor’s profile or her friends’ profiles.

Additionally, we collect personal data from cookies and similar technologies to collect information about the pages Visitors view, links Visitors click on, Visitors’ web browser information, Visitors’ IP address and other actions Visitors may take when accessing our websites.

PKP’s Use of Visitor Personal Data Collected

PKP processes Visitor personal data to:

Analyze how our websites are accessed;

Personalize your browsing experience and present products or features that may be more applicable to you;
Identify website technical problems;
Discover, investigate and remediate fraudulent or illegal activity;
Transmit notices related to product, service, or policy changes;
Respond to your product and service enquiries;
Send you information such as product announcements, newsletters, whitepapers, relevant offers, and upcoming promotions or events (where required, dependent on jurisdiction, we will seek and obtain your explicit consent before sending marketing emails);
Plan and host PKP corporate events, host online forums and social networks in which Visitors may participate;
Analyze, evaluate and identify new prospects;
Create tailored advertising, sales and promotional programs; and
Bill customers for our services and assess the financial capability of prospective customers to afford PKP’s solutions.

If you wish to remove yourself from communications about PKP, please send us an email at: admin@icpkp.com.

Storing of Visitor Personal Data

Where we process Visitor personal data for marketing purposes or with Visitor consent, we process the data until the Visitor asks us to stop. It typically takes up to 30 days to implement your request. PKP will not retain Visitor personal data longer than the statutory retention period permitted in the local jurisdictions where PKP services are marketed and provided. We also keep a record of when Visitors have asked us not to send direct marketing or to process Visitor data indefinitely so that we can respect the Visitor’s request in the future.

Sharing of Visitor Data

We may share information with third party service providers contracted to provide services on our behalf as well as third parties who resell our services.

We may also engage with business partners to jointly offer products, services or other programs, such as webinars or whitepapers, and from time to time, we may share personal data if you purchase or show interest in any jointly-offered products or services.

We will only share personal data of Visitors who attend a PKP marketing event with third parties if a) the Visitor explicitly consents, b) the Visitor permits their badge to be scanned, or c) it is permissible under applicable law.

Access, correct or delete Visitor data

Visitors have the same rights to access, correct or delete their personal data as do our Customers.

Any Visitor that seeks to access, correct or delete data, can do so by submitting a request to admin@icpkp.com. We will process this request within 30 days.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In such instances, we will inform the Visitor about the legal obligations that prevent us from fulfilling the request.

We will maintain an audit history of any requests to access, correct or delete personal information to maintain a record of compliance with regulatory requirements.

Do we process information of children under the age of 13?

Our Service is not intended for or to be used by children under 13 years of age. We do not directly solicit or collect personal data from children under 13. If you are under 13, do not (i) use or provide any information on our Services or on or through any of its features, (ii) register to use our Service, (iii) use any of the interactive or public comment features of our Service or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you will use.

Where do we transfer the data we process?

PKP is an Aotearoa New Zealand company and adheres to Aotearoa New Zealand Privacy laws (see #18 below) which the EU has deemed to provide adequate privacy protections for EU citizens.

EU-U.S. and Swiss-U.S. Privacy Shield

However, where we store and/or process data within the United States, we use the Google Cloud Platform infrastructure. Google have certified that they adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. PKP is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, in reliance on the Privacy Shield Frameworks to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit https://www.privacyshield.gov.

PKP is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PKP complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

Cross-Border Transfers other than to the E.U. or Switzerland

Personal data may be accessed by PKP personnel providing services in any country where we have facilities or in which we engage IT service providers, including New Zealand and the United States.

How do we secure the data we process?

We use a variety of organizational, technical and administrative measures to protect personal data within our organization. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at admin@icpkp.com.

How do you contact US or our Data Protection Officer?

For details about the DPO’s role or any privacy questions related to PKP’s Privacy Policy, please contact the us at admin@icpkp.com. You should also feel free to contact us regarding details of our implementation of our privacy program at: PKP International Limited, c/o McQueen & Associates Limited, Floor 4, 165 The Strand, Parnell, Auckland, 1010, Aotearoa New Zealand.

What privacy laws do we comply with?

As an Aotearoa New Zealand company, we are subject to and comply with the New Zealand Privacy Act 2020, along with any other guidelines, policy statements or rules issued by the Office of the New Zealand Privacy Commissioner / Te Mana Mātāpopo Matatapu. We also guided by and comply with the principles of the General Data Protection Regulation (EU GDPR) and the California Consumer Privacy Act (USA-CA CCPA).

How do we publicize changes to our Privacy Policy?

We will update this Privacy Policy to reflect changes to our information practices and update this on our website and within the Service. We may also notify you by in-app message within the Service or by email if we believe the changes are significant enough to warrant disturbing you with yet more messages.