Privacy Policy

Theta Privacy Policy

Theta Systems Limited (“Theta”, “we”, “us” or “our”) is a New Zealand registered company offering technology consultancy services and software products specifically for businesses.

EVA Check-in is one of our software products.

This privacy policy explains how we collect, use and, in certain circumstances, share personal information that is collected:

  • through your use of our website (Website User)
  • as an EVA Check-in customer using the software (Customer)
  • as a result of you checking in using EVA Check-in at one of our Customer’s sites (Visitor)

When we refer to ‘you’ in this policy we will generally make it clear which ‘you’ we are referring to – so either a Customer, a Visitor or as a Website User.

We may change this policy to keep it up to date with legal requirements by uploading a revised policy onto our website ( see date at bottom of this page).

The EVA Check-in software meets the standards specified in the New Zealand Ministry of Health requirements for digital data and technology services as well as wider New Zealand Government requirements on privacy, security and the use of cloud services.

Handling of Visitors’ Personal Information

As an EVA Check-in Customer, you will use the EVA Check-in software to collect personal information about Visitors to your site. In doing so you must comply with all relevant privacy laws within the jurisdiction in which you operate relating to the collection and use of personal information.

The personal information of each Visitor checking in using EVA Check-in is destroyed after a set period (configurable) after the Visitor has checked in. As an EVA Check-in Customer you must set your data retention period to comply with your local data retention laws, regulations and workplace directions. If you, as our Customer, have not set this, a default of two months will apply.

EVA Check-in requires Customers to make available to their Visitors their own privacy policy, covering how a Visitor's personal information will be collected, used, disclosed, and protected. We strongly encourage all Customers to review and obtain legal advice on privacy laws and regulations applicable to you to ensure compliance.

Customers control who has access to EVA Check-in

Data entered or imported by you as an EVA Check-in Customer will be securely stored in the cloud (Theta uses Microsoft Azure in Australia). Your administrator portal for EVA Check-in will only be accessible to persons you have authorised in respect of your use of the EVA Check-in software. It is your responsibility to keep your login details to access your administrator portal safe. Theta and its staff do not have access to your password.

Theta support staff will be able to access your EVA account for the purpose of providing you with customer service.

How we collect and use personal information

Customers of EVA Check-in

Information we collect from you as a Customer may be used in the following ways:

  • To personalise your experience – your information helps us to better respond to your individual needs.
  • To charge for EVA Check-in.
  • To improve our services - we continue to improve the EVA Check-in service based on feedback received. Should you require assistance from our support staff, we may access or request your personal details to address the issue, such as your username and user ID.
  • To contact you – as a customer of EVA Check-in we collect your title, name, email address, phone number and address. We use this information to operate, maintain and provide the services to you. We may send periodic emails to share information and updates relating to your subscription. Subject to your consent, we may collect your preferences set for notifications, marketing communications and how our website is displayed. We use this information to provide notifications, send news, alerts and marketing communications and provide our services in accordance with your choices, including to ensure we comply with our legal obligation to send only those marketing communications to which you have consented. If at any time you would like to unsubscribe from receiving emails, you can do so.

Visitors using EVA Check-in

In respect of Visitors using the software to check-in at a Customer’s site or location, our Customers configure what data they need to collect from you to meet their requirements. Our Customer’s collection of your data will be subject to the applicable privacy laws within their jurisdiction.

In addition to the data you enter, opt-in features can be activated to register your check-in location, to set reminder prompts, or to automatically check-in or out of our Customers’ sites. 

A Visitor can opt-in to these features through the EVA mobile app and by enabling location settings on their device. 

How location features work and what data is stored:

  • Location features only work if the Customer hosting EVA Check-in has enabled the geofences feature and has made a geofence for their site. 
  • Once a geofence is enabled, a Visitor must first check-in manually using the app and is then prompted to enable location features if they wish.
  • EVA Check-in evaluates a Visitor’s location against a list of known EVA locations (i.e. geofence-enabled EVA Check-in sites). If a Visitor is detected as being at an EVA Check-in location, the EVA Check-in mobile app will either prompt the Visitor to check-in or will automatically check them in with the Visitor’s last recorded details (the Visitor decides which).
  • Location features only use the Visitor’s location to decide if a check-in or out event should be triggered.  EVA Check-in does not store additional information about a Visitor’s location. Businesses using EVA Check-in only see information provided at check-in. No location tracking information is available.
  • Activity recognition (also known has Health permissions) are used to help detect when the user is in motion and assist with making the check-in and checkout events happen so these can be recorded in the app in the history tab where you can see a record of your movements. The activity data remains local to your phone and is not sent off the device or shared with others.

Website Users

  • Cookies - we use cookies (an alphanumeric identifier that we transfer to your computer/device so that we can recognise your browser) to:
  • Monitor your use of the website and gather usage metrics
  • Make our site easier to use – by remembering your preferences
  • For security reasons – to identify if you are logged in
  • And to track performance of advertising campaigns

You may disable cookies by changing the settings on your browser, although this may mean you cannot use all website features.

Disclosing your personal information

Where you are an EVA Check-in Customer, we may disclose your personal information to: 

  • a business that hosts our data such as through the cloud services offered by Microsoft Azure out of Australia
  • a credit reference agency for the purpose of credit checking you
  • a regulatory authority where we may be compelled under statutory authority to make such disclosure
  • any other person authorised by you

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a third-party purchaser of our business or assets.

Where you are a Visitor using EVA Check-in, we will only disclose your personal information either to our Customer or directly to a designated government department where we are required by law relating to contact tracing for COVID-19.

In terms of how our Customer intends to use the personal information of Visitors to their site, please refer to the privacy policy of the Customer concerned.

Accessing and correcting your personal information

As a Customer, under the New Zealand Privacy Act 2020 you have the right to request access to your readily retrievable personal information that we hold and to request a correction to your personal information. Before you may exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you have provided your personal information as a Visitor having used EVA Check-in at a Customer’s site, you can contact that Customer directly so they can provide you with access to your personal information. Alternatively, we can pass on your request if you prefer.

If you want to exercise the above rights, email us at privacy@evacheckin.com. Your email should provide evidence of who you are and set out the details of your request.

We may charge you for our reasonable costs of providing to you copies of your personal information or for the correction concerned.

How we protect and store your information

We implement and maintain appropriate technical and organisational security measures, policies and procedures to maintain the safety of your personal information when you subscribe or enter, submit, or access your personal or business information.

All EVA Check-in services are facilitated with end-to-end encryption, safeguarding the transport of your data. However, the internet is not in itself a secure environment. This means that your browser must support the encryption security with any web based communications with Theta.

Access and storage controls via the Software are administered by Theta in New Zealand as the custodian of that data. The physical hosting servers for EVA Check-in are in Australia. Where you access or input data from outside of Australia, you consent to that data being transferred to Australia as a function of transmission across the internet.

Where you are a Customer and your personal information is no longer needed, we will ensure that it is disposed of in a secure manner within 20 business days. In some circumstances we may store your personal information for longer periods of time, for instance: where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; so that we have an accurate record of your dealings with us in the event of any complaints or challenges; or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Theta does not store your credit card details.

When you choose to pay for the EVA Check-in software by credit card, your credit card details are not stored and cannot be accessed by Theta staff. Your credit card details are encrypted and securely stored by a PCI certified payment authority, to enable Theta to automatically bill your credit card on a recurring basis. Theta currently uses either Stripe Payments or Chargify as its PCI certified payment authority.


How to manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with Customers and Website Users:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you; and
  • you can ask us to stop sending marketing emails by following the "unsubscribe" link you will find on any marketing messages we send you. Alternatively, you can contact us at support@evacheckin.com.

We do not use Visitor information for marketing purposes.

We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

Website Users wishing to opt out of receiving targeted advertising

We use 3rd-party services to help advertise and promote our product. As a Customer or Website User, you can opt out of receiving targeted ads by following these links: the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only)

Transferring personal information globally

We operate on a global basis. Accordingly, your personal information may be transferred and stored outside of New Zealand, for instance through Microsoft Azure out of Australia. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To this end:

  • where we transfer your personal information to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; and
  • where we receive requests for information from law enforcement or regulators, we validate these requests before any personal information is disclosed.

You have a right to contact us for more information about the safeguards we have in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Legal rights available to help manage your privacy

We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from privacy breaches, namely:

  • unauthorised or accidental access, disclosure, alteration, loss, destruction of your personal information; and
  • actions which prevent us from accessing your personal information on a temporary or permanent basis.

If your personal information is subject to a privacy breach which causes or is likely to cause serious harm, we will notify you and the New Zealand Privacy Commissioner in accordance with our obligations under New Zealand's Privacy Act 2020.


Terms and Conditions

Where you are a Customer of EVA Check-in, please also visit our Terms and Conditions section establishing our data protection obligations to you as your data processor and the use, disclaimers, and limitations of liability governing the use of our website and of the EVA Check-in software.

Contacting Us

If you have any questions regarding this privacy policy you may contact our privacy team (“Theta Privacy”) by email at privacy@evacheckin.com or by post, to:

Theta Privacy

c/o Theta Systems Limited

Level 2, Theta House

8-10 Beresford Square

Auckland 1010

New Zealand

If you have any questions, concerns or complaints regarding our compliance with this policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact privacy@evacheckin.com. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and within the timescales provided by data protection laws.

Privacy Policy last modified: March 2021