This Policy applies if you:
are one of our account holders;
are a cardholder under an account holder;
use any of our products and/or services (our Services); or
visit our website at Xpensme.io (our Website), use our corporate portal (the Corporate Portal) or mobile application (the App), or call or speak with our customer support teams or any of our social media channels (our Channels), (referred to as you and your).
Your privacy rights
Card Works is committed to complying with its obligations under the Privacy Act 2020 when dealing with your personal information. Any personal information you provide to us will be stored, used and disclosed by us in accordance with this Policy.
This Policy is in addition to any other applicable terms and conditions that may apply to your relationship and/or engagement with us, including relating to the use of and access to our website and our Services.
By using our Services and/or otherwise providing us with your personal information, you acknowledge that you have read and understood this Policy and that you consent to that personal information being collected, held, used and disclosed in accordance with this Policy.
We may amend and update this Policy from time to time by posting a revised version on our Website. Any changes will apply from the date we post the updated Policy on our Website. If we make any significant changes, we will provide you with reasonable notice of such changes through the Website, or via other means such as email. By using our Services after such notice period, you will be deemed to have accepted the updates to this Policy. If you do not agree to any change, you must immediately notify us and stop using and/or accessing our Services.
How and what type of information we collect about you
Your personal information will be collected and held by Card Works Limited, Level 2, 162 Grafton Road, Grafton, Auckland 1010.
We collect personal information in order to manage and conduct our businesses, to provide and market our Services and to meet our legal obligations. Depending upon the nature of your relationship with us, the type of personal information we collect and hold may include:
(a) your name, address and contact details (including your email address, phone number and postal address);
(b) your transaction history or other information in relation to loading funds into your account or conducting transactions on an expense card;
(с) payment details including bank account details and credit card information;
(d) information collected in relation to your use of our online services including our Website, the Corporate Portal and the App;
(e) records of our communications with you, including any complaints, requests or queries;
(f) information we require for the purposes of fulfilling our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009;
(g) any other personal information that may be required in order to facilitate your dealings with us and/or to assist us in conducting our business, providing and marketing our services and meeting our legal obligations; and
(h) information we create in the course of our relationship with you, such as details or evaluations of your interactions with us.
Who do we collect personal information from
We use different methods to collect your personal information. We will generally collect personal information directly from you (e.g. through the information you submit through any of our websites, the Corporate Portal, the App, by telephone or through written information or forms that you submit to us). However, we may also collect personal information:
(a) from the account holder in relation to which you are a cardholder;
(b) from you indirectly (including through the use of services and facilities available through our Website);
(d) from your friends, family members or other members of your household where we reasonably consider that they have the authority and consent to provide that information to us; and
(e) from publicly available websites or sources.
If you have provided us with information about another person, you warrant that you have that person’s permission to do so. Your obligations under privacy laws may also mean that you need to tell that person about the disclosure and let them know that they have a right to access their personal information and that we will handle their personal information in accordance with this Policy.
When you use our Website, the Corporate Portal or the App, we may collect information that is sent to us by your computer, mobile device or another access device, including – your device ID, device type, IP address, geolocation, computer and connection information, referral URL, statistics on page views, and traffic to and from our Website, the Corporate Portal or the App. This information might not be personally identifiable data, but to the extent that it is considered personal information for the purposes of any applicable law or regulation, we will comply with our obligations under any such law or regulation when processing that information.
You are not required to provide us with your personal information. However, if you choose not to provide personal information to us on request you may be ineligible to receive and/or we may be unable to provide certain Services to you, or it may affect the quality of those Services.
How we use personal information
We collect, hold, use and disclose your personal information for the following purposes:
(a) to provide you with our Services;
(b) to market our Services to you;
(с) to process, administer, collect payment from or make payments to you;
(d) to process transactions authorized by you;
(e) to communicate with you (for example to provide customer support or to ask you for feedback about our Services);
(f) to facilitate your use of our Services and help provide a more personalized experience;
(g) to research and help improve and enhance our Services;
(h) to undertake administrative functions associated with the Services and our businesses;
(i) to conduct market analysis and perform data analytics on customer behavior and insights in relation to our Services;
(j) to comply with any legal obligations or as otherwise permitted by the Privacy Act 2020; and
(k) subject to you providing your consent (in accordance with the Unsolicited Electronic Messages Act 2007), sending you electronic messages to promote and market our Services including any promotions.
Where you consent to us using your personal information for marketing and promotional communications, you can opt-out at any time by notifying us at firstname.lastname@example.org or by clicking the unsubscribe function included in our marketing communications.
Who we may disclose your personal information to
We may disclose your personal information:
(a) for the purpose for which it was collected (or a purpose that is directly related to the purpose in connection with which the information was obtained); and/or
(b) to the account holder in relation to which you are a cardholder;
(с) to any third party service providers that we have engaged to provide a service to us in relation to our Services, including those who provide us with IT, marketing, analytics, debt collection and/or customer support services; and/or
(d) our professional advisors, including accountants, insurers and lawyers; and/or
(e) to our related companies and entities in connection with the purposes set out in this Policy; and/or
(f) any other person or organization that you have authorized us to disclose your information to; and/or
(g) any other third party where such disclosure is permitted under the Privacy Act 2020 and/or any other applicable law.
Access, correction and retention of your personal information
You agree that any information you give to us will be accurate, correct and up to date and that you will inform us if any of your personal information changes to ensure that the details we hold about you are up to date and correct. You can update your personal details at any time through the Corporate Portal or App or by contacting our customer support team.
You are entitled to access the personal information we hold about you, and to request that we amend it if it is incorrect. If we are not willing to correct errors that you have identified in your personal information, you may request that we take reasonable steps to attach a statement to the personal information noting the correction sought.
We will only retain your personal information for as long as it is required to achieve the purposes set out in this Policy or as otherwise required by law. Where we no longer require your personal information, we will use reasonable endeavors to comply with our legal obligations in respect of that information, such as securely destroying such personal information.
Security of information
We take reasonable steps to protect personal information held by us from misuse, loss and unauthorized access, modification or disclosure, including through the use of technical and physical security measures.
Although we take reasonable steps to ensure personal information held by us (or on our behalf) is protected and held securely, we do not make any warranties in relation to the security of any information you disclose or transmit to us and we are not responsible for the theft, destruction, or inadvertent disclosure of your personal information where our security measures have been breached. Any transmission of personal information is conducted at your own risk.
Where we hold your personal information
We generally hold your information in New Zealand. However, certain personal information may be transferred and/or stored outside of New Zealand by our third-party service providers. Where personal information is transferred outside of New Zealand we will ensure that such third party is subject to comparable privacy laws to New Zealand or is required to protect the personal information in a way that is comparable to New Zealand’s privacy laws.
(a) providing more customized content and material to you on our Website, and
(b) conducting business and marketing analysis.
All information collected via cookies will be held by us. This information will not be made available to any third party in a manner that enables you to be identified. If you do not wish to allow cookies you may change your browser settings to disable cookies. However, if you disable cookies some parts of our Website may not function properly.
Links to other websites
Our Website may have links or references to third party websites or material. Our Policy does not apply to those websites, and any information collected by such third parties is governed by that third party’s privacy practices or policies. We accept no responsibility or liability for the content or privacy practices of any third party websites.
How to contact us
If you have any queries or concerns about our Policy or our handling of your personal information please contact our Privacy Officer by emailing us at email@example.com.