1.1 SCANNABLE NZ LTD (NZCN 8032173) (Scannable, We, Us and our) is committed to protecting the personal information of the subscribers (Subscribers, you, your) of our services (Services) and users of our products (Products), content (Content) and website, being www.scannable.io (the Website).
1.2 When you visit the Website or use our Products and Services, We collect data (some of which may comprise personal information) and use this data to provide our Services to you. This privacy policy will help you to understand:
1.3 This privacy policy does not limit or exclude any rights that you have or may have under:
1.4 For further information, please see www.privacy.org.nz.
2.1 This privacy policy applies to all instances in which We collect personal information from you.
2.2 By accessing and/or using the Products, Content and/or Services, you consent to the collection, use, disclosure, storage and processing of personal information in accordance with this privacy policy.
2.3 Our Website may contain links to other third party websites and these third parties may have separate and independent privacy policies. We have no responsibility and We will have no liability for the content and activity of these linked sites.
3.1 We may change or update this privacy policy at any time by uploading a revised privacy policy to the Website.
3.2 By using the Services and Website you agree to be bound by the privacy policy that is in effect at that time.
4.1 The Company may collect the following personal information from you:
4.2 We collect and process data when you:
4.3 We may supplement the information you provide to Us with information We receive from third parties.
4.4 If you choose not to provide information when We ask for it, you may not be able to use the Products or Services.
4.5 We do not collect any other personal information about you, including details about your race, ethnicity, religious beliefs, sexual orientation, political information or any other genetic or biometric data.
5.1 The information that We collect from you may be used:
5.3 We reserve the right to use data (on an anonymous basis) in relation to your use of the Products for marketing and accounting purposes.
5.4 You may request that We stop sending marketing messages at any time, by contacting the Company on info@scannable.io.
6.1 We use cookies (being an alphanumeric identifier that We transfer to your computer’s hard drive so that We can recognise your browser) in order to monitor your use of the Website. This information is anonymous and is used to enable Us to enhance and customise your experience across the provision of our Website, Products, and Services.
6.2 You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the Website, Products and Services.
7.1 Unless expressly authorised by you or under this privacy policy, We will not disclose your personal information to any third party except where disclosure relates to the purposes for which the information was collected (as stated in clause 4.5 above) or where it may be required by law to do so.
8.1 We will take all reasonable steps to ensure the personal information collected, used or disclosed in accordance with this privacy policy is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure.
8.2 We will hold personal information collected in accordance with this privacy policy both before and after the provision of its Products and Services, but only for so long as We are legally entitled to do so.
9.1 You may request to see the personal information that We hold on your behalf.
9.2 If the personal information held by Us is not up to date or incomplete you may ask Us to correct the information by updating the information contained within your profile on the Website or contacting Us and advising Us of the correct information.
10.1 You have the following rights in relation to your personal information:
10.2 You may request access to all of the personal information that We hold about you by contacting Us at info@scannable.io.
If any part of this privacy policy is found by a court to be invalid, void or unenforceable, whether under the Privacy Act, GDPR or any other applicable law, such provision will be deemed to be deleted from this privacy policy and the remaining provisions of will continue in full force and effect.
12.1 Your concerns can be resolved quickly by contacting Us through the Website. Should you wish to report a complaint or if you feel that We have not addressed your concern in a satisfactory manner, you may contact the Office of the Privacy Commissioner by lodging a complaint form online or posting it to:
Office of the Privacy Commissioner
PO Box 10094
Wellington 6143
Last updated: 10 September 2025
If you are based in the European Union (EU) and use this Website, our Products, Content or Services, then:
Please note this GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data.
Introduction
The General Data Protection Regulation (GDPR) regulates the collection, processing, and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in our privacy policy is personal data under the GDPR. We are committed to complying with the GDPR when dealing with the personal data of our Subscribers who are based in the EU.
For the purposes of the GDPR, we are the data controller (as defined in the GDPR) when processing the personal data of our Subscribers who are based in the EU.
Processing personal data
We collect and store only the minimal personal data necessary to provide and secure our Services, and process such personal data for the purposes outlined in our privacy policy. We collect personal data directly from you when you:
The personal data we may process broadly consists of the personal information described in our privacy policy and specifically includes:
We do not collect sensitive categories of personal data such as payment card details, government identification numbers or health-related data.
Legal basis for processing
The legal basis for our processing of your personal data is your consent and, for certain of that personal data, processing is necessary for the performance of a contract to which you are a party or for our legitimate interests (except where such interests would be overridden by your fundamental rights and freedoms which require the protection of personal data).
Notwithstanding the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
Security practices applied
We apply the following security practices when processing your personal data:
Your rights
Your rights in relation to your personal data under the GDPR include:
If you would like to exercise any of your above rights, please contact us at info@scannable.io.
International transfer of data
As a company based in New Zealand, the personal data we collect may be transferred to and processed in countries outside of the EU, the European Economic Area (EEA) and the UK. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision when transferring personal data from the EEA to New Zealand.
To ensure your personal data remains protected when transferred, we rely on appropriate legal safeguards as required by GDPR. We use Standard Contractual Clauses (SCCs), which are model contract clauses approved by the European Commission, as the primary legal mechanism for international data transfers.
These clauses impose specific data protection obligations on both us and any third party receiving your data to ensure it is protected to the same high standard as in the EU. We also ensure that any third parties we transfer data to have appropriate technical and organisational measures in place to protect your data.
These representatives have been authorised by us to be contacted by supervisory authorities and data subjects on all issues related to processing, to ensure our compliance with the GDPR.
Data retention policy
Personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, including to satisfy any legal, accounting, or reporting requirements, or for the duration required for compliance with applicable law, whichever is longer. The criteria we use to determine the period of time for which we keep personal data includes:
In some cases, we may anonymise your personal data so it can no longer be associated with you, and we may use this information indefinitely without further notice.
Contacting us
As a company located outside of the European Union (EU) and United Kingdom (UK), we are required to designate a representative to act as a direct point of contact for data subjects and supervisory authorities. The name and contact details of our representative is:
EU Representative:
Adam Brogden
contact@gdprlocal.com
+353 15 549 700
Ireland
UK Representative:
Adam Brogden
contact@gdprlocal.com
+441 772 217 800
UK
Disputes and complaints
If you have a concern about our privacy practices or you are not satisfied by the way your query is dealt with by our representative, you have the right to refer your query to and/or file a complaint with your local data protection supervisory authority in the country where you reside, where you work, or where the alleged infringement took place. For example, in the United Kingdom this is the Information Commissioner’s Office.
Version 1.0 24 June 2021 Initial release
Version 2.0 10 September 2025 Minor revisions and GDPR Addendum update