Privacy Statement

Privacy Statement

Effective from 4/9/2020

This Privacy Statement provides an overview of the way Beca Group Limited and its subsidiary and
affiliate companies (“Beca”) may collect, store, use, and share (“process”) personal information
(including via Beca websites that link to this Privacy Statement) and running our business. It also
explains how you can access or correct your personal information.

This Privacy Statement relates to the personal information (but not company information) we process
about our clients, business partners, suppliers, agents, students or visitors to our website. It does not
relate to job applicants or employees.

Beca is the data controller, which means that we determine the purposes for, and ways in which, we
process personal information. We also use third party data processors, as outlined below.

Our lawful bases for processing personal information

We process personal information to meet our contractual obligations to clients, business partners and
agents, to ensure we can deliver the services requested of us. We also process personal information to
meet our legitimate interests, including continuously improving our products and services, and meeting
our regulatory obligations.

What personal information we collect

We collect personal information from you directly when you engage with us via our websites, online
portals, email, telephone or in writing. We might also collect personal information from third parties,
such as credit reports, usually with your authorisation. Finally, you may generate some personal
information by using services such as our websites.

If you choose not to provide us with your personal information when requested, we may be unable to
offer certain services to you.

We may collect the following personal information about you:

  • Contact details, including your address, phone number, and email address
  • Personal details, including your name, title, date of birth, and occupation
  • Your communications with us, including records of phone conversations, emails, and letters
  • Credential information, including passwords, hints and other security information used for
    authentication and access to our websites, apps, online portals, accounts and services
  • Your preferences for our services, where you tell us what they are (for example by completing a
    survey), or where we assume what they are, based on how you use our services
  • Data generated during the performance of a contract or agreement between us, and other
    information stored in our client, supplier, and business partner databases
  • Personal information you have entered into our websites, apps, online portals, or chatbots, or
    that is generated by the functionalities you have used in these forums
  • Information about your use of our websites, apps or online portals, including your IP address,
    the internet browser you use, the pages you have visited, your click and surf behaviour and the
    length of your session (see more about our use of cookies below)
  • The communication channel you use to connect with us (such as Facebook or Twitter)
  • Your location information where you enable location-based services or features on our
    websites, apps, online portals, or where deduced from your IP address or physical address
  • Information we collect from third parties, such as credit reporters, fraud-prevention agencies,
    and from other information providers that may relate to your interactions with us.

Cookies

Our websites use cookies to monitor your browsing preferences. Cookies are small text files that are
placed on your computer by websites that you visit. They are widely used to make websites work, or
work more efficiently, as well as to provide personal information to the owners of the site. Most
internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on
your computer or be notified before a cookie is stored on your computer. However, if you reject or
erase the cookies referred to above some features of our websites will not function properly or may not
be fully available. Please refer to your internet browser instructions if you want to find out more about
rejecting or erasing cookies.

What we do with your personal information

We may use your personal information for the performance of a contract, including to:

  • provide the services you have requested
  • enter into or perform any agreement or contract between us
  • provide any help you request from us
  • manage our relationship with you, including allowing you to connect with us (e.g. via Facebook,
    Twitter, etc).

We may use your personal information to meet our legitimate interests, including to:

  • personalise your experience on our websites, apps, online portals, and chatbots
  • improve our websites, apps, online portals, and chatbots
  • monitor and prevent illegal activity that threatens our websites, our computer systems or
    networks
  • comply with any applicable laws and/or regulations
  • develop and improve our services
  • conduct data analysis, fraud monitoring and prevention activities
  • identify usage trends.

We may use your personal information with your consent, including to:

  • manage our news and publications subscriptions service
  • communicate with you
  • inform you of our other products and services.

We will generally only use personal information in the ways set out above. Where we need to use
information in a way we have not anticipated here, we will only do so if required or permitted by law.
We may also use personal information in other ways in an aggregated and anonymised form.

Who we share your personal information with and why

We may need to share personal information to deliver the services you have requested from us, to
meet our legitimate interests, or to comply with contractual, government or regulatory requests or
reporting requirements. Where we need to share information with an agency we have not anticipated
here, we will only do so if required or permitted by law.
We may share your personal information with:

  • Other entities in the Beca Group, which could be in other jurisdictions, for administrative purposes
    and to ensure we have a complete overview of your relationship with us.
  • Third parties who assist us in delivering our services, such as:
    o Partners, suppliers or agents involved in delivering our services to you
    o Companies who are engaged to perform services on our behalf
    o Third parties that we use for marketing such as approved media agencies and advertising
    companies
  • Regulatory bodies, tax authorities and/or investigating authorities where we are obliged to do so by
    law or regulation, or if you have authorised us to share it.

We recognise that we are accountable for your personal information wherever it is in the world. Where
we can, we will only send your personal information to countries that have equivalent or higher privacy
standards to those in New Zealand. Where we cannot do this, we will take reasonable steps to ensure
that your personal information is adequately protected. For example, if you are in the European Union,
we will enter into EU Standard Contractual Clauses with that other country.

The third parties who we engage with will be contractually bound to keep all information confidential
and to only process your information to the extent that it is necessary and in accordance with
applicable law.

How we store and protect Personal Information

We take all reasonable steps to protect your personal information, whether it is stored by us or our
trusted third parties. We have implemented generally accepted standards of technology and
operational security to protect the personal information in our possession or under our control and to
prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Most of the personal information we hold is stored on Microsoft cloud platforms, including Microsoft
Azure. Microsoft takes privacy seriously and has several safeguards in place to protect the personal
information it holds on our behalf. You can read more about Microsoft’s privacy and security practices
here https://privacy.microsoft.com/en-ca/.

You should be aware, however, that no method of transmission over the Internet or method of
electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the
security of your information and are constantly reviewing and enhancing our information security
measures.

Retention of Personal Information

We will retain your personal information only for as long as we have a lawful purpose to use it. This
means we may retain your personal information for a reasonable period after your last interaction with
us. We take all reasonable steps to ensure that personal information we no longer need is securely
destroyed.

Withdrawing consent and objecting to processing

Where we’re processing your personal information on the basis of consent, you can revoke your
consent at any time. Where we’re processing your personal information on the basis of our legitimate
interests (such as improving our services), you can object to this. If you believe we’re using your
personal information in ways that are unlawful, or if we’re continuing to use information that you think
is inaccurate, you can ask us to restrict this processing.
Please email your request to our Privacy Officer at privacyofficer@beca.com. Please note that we may
ask for additional information to verify your identity.

Accessing, correcting or deleting your personal information

You have the right to request access to, and under certain conditions, the correction or deletion of, the
personal information we hold about you. If we are unable to correct or delete your personal
information (for example, where we do not agree that it is wrong, or we need the personal information
for a lawful purpose), we will tell you.

Please email your request to our Privacy Officer at privacyofficer@beca.com. Please note that we may
ask for additional information to verify your identity.

Changes to this Privacy Statement

We reserve the right to modify or amend this Privacy Statement at any time, to reflect changes to
privacy regulations or our business practices. The effective date will be displayed at the beginning of
this Privacy Statement.

Contact details of our Privacy Officer

Email: privacyofficer@beca.com