Theta Systems Limited (“Theta”, “we”, “us” or “our”) is a New Zealand registered company offering technology consultancy services and software products specifically for businesses.
EVA Check-in is one of our software products.
When we refer to ‘you’ in this policy we will generally make it clear which ‘you’ we are referring to – so either a Customer, a Visitor or as a Website User.
We may change this policy to keep it up to date with legal requirements by uploading a revised policy onto our website ( see date at bottom of this page).
The EVA Check-in software meets the standards specified in the New Zealand Ministry of Health requirements for digital data and technology services as well as wider New Zealand Government requirements on privacy, security and the use of cloud services.
As an EVA Check-in Customer, you will use the EVA Check-in software to collect personal information about Visitors to your site. In doing so you must comply with all relevant privacy laws within the jurisdiction in which you operate relating to the collection and use of personal information.
The personal information of each Visitor checking in using EVA Check-in is destroyed after a set period (configurable) after the Visitor has checked in. As an EVA Check-in Customer you must set your data retention period to comply with your local data retention laws, regulations and workplace directions. If you, as our Customer, have not set this, a default of two months will apply.
Data entered or imported by you as an EVA Check-in Customer will be securely stored in the cloud (Theta uses Microsoft Azure in Australia). Your administrator portal for EVA Check-in will only be accessible to persons you have authorised in respect of your use of the EVA Check-in software. It is your responsibility to keep your login details to access your administrator portal safe. Theta and its staff do not have access to your password.
Theta support staff will be able to access your EVA account for the purpose of providing you with customer service.
Customers of EVA Check-in
Information we collect from you as a Customer may be used in the following ways:
Visitors using EVA Check-in
In respect of Visitors using the software to check-in at a Customer’s site or location, our Customers configure what data they need to collect from you to meet their requirements. Our Customer’s collection of your data will be subject to the applicable privacy laws within their jurisdiction.
In addition to the data you enter, opt-in features can be activated to register your check-in location, to set reminder prompts, or to automatically check-in or out of our Customers’ sites.
A Visitor can opt-in to these features through the EVA mobile app and by enabling location settings on their device.
How location features work and what data is stored:
You may disable cookies by changing the settings on your browser, although this may mean you cannot use all website features.
Where you are an EVA Check-in Customer, we may disclose your personal information to:
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a third-party purchaser of our business or assets.
Where you are a Visitor using EVA Check-in, we will only disclose your personal information either to our Customer or directly to a designated government department where we are required by law relating to contact tracing for COVID-19.
As a Customer, under the New Zealand Privacy Act 2020 you have the right to request access to your readily retrievable personal information that we hold and to request a correction to your personal information. Before you may exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you have provided your personal information as a Visitor having used EVA Check-in at a Customer’s site, you can contact that Customer directly so they can provide you with access to your personal information. Alternatively, we can pass on your request if you prefer.
If you want to exercise the above rights, email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request.
We may charge you for our reasonable costs of providing to you copies of your personal information or for the correction concerned.
We implement and maintain appropriate technical and organisational security measures, policies and procedures to maintain the safety of your personal information when you subscribe or enter, submit, or access your personal or business information.
All EVA Check-in services are facilitated with end-to-end encryption, safeguarding the transport of your data. However, the internet is not in itself a secure environment. This means that your browser must support the encryption security with any web based communications with Theta.
Access and storage controls via the Software are administered by Theta in New Zealand as the custodian of that data. The physical hosting servers for EVA Check-in are in Australia. Where you access or input data from outside of Australia, you consent to that data being transferred to Australia as a function of transmission across the internet.
Where you are a Customer and your personal information is no longer needed, we will ensure that it is disposed of in a secure manner within 20 business days. In some circumstances we may store your personal information for longer periods of time, for instance: where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; so that we have an accurate record of your dealings with us in the event of any complaints or challenges; or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Theta does not store your credit card details.
When you choose to pay for the EVA Check-in software by credit card, your credit card details are not stored and cannot be accessed by Theta staff. Your credit card details are encrypted and securely stored by a PCI certified payment authority, to enable Theta to automatically bill your credit card on a recurring basis. Theta currently uses either Stripe Payments or Chargify as its PCI certified payment authority.
To protect privacy rights and to ensure you have control over how we manage marketing with Customers and Website Users:
We do not use Visitor information for marketing purposes.
We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
Website Users wishing to opt out of receiving targeted advertising
We use 3rd-party services to help advertise and promote our product. As a Customer or Website User, you can opt out of receiving targeted ads by following these links: the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only).
We operate on a global basis. Accordingly, your personal information may be transferred and stored outside of New Zealand, for instance through Microsoft Azure out of Australia. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To this end:
You have a right to contact us for more information about the safeguards we have in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from privacy breaches, namely:
If your personal information is subject to a privacy breach which causes or is likely to cause serious harm, we will notify you and the New Zealand Privacy Commissioner in accordance with our obligations under New Zealand's Privacy Act 2020.
Where you are a Customer of EVA Check-in, please also visit our Terms and Conditions section establishing our data protection obligations to you as your data processor and the use, disclaimers, and limitations of liability governing the use of our website and of the EVA Check-in software.
c/o Theta Systems Limited
Level 2, Theta House
8-10 Beresford Square
If you have any questions, concerns or complaints regarding our compliance with this policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact firstname.lastname@example.org. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and within the timescales provided by data protection laws.