You appear to be in the United States

New Zealand

FeaturesPricingIntegrations
LoginGet Started

GDPR Information

GDPR Information

: [Date - To be updated manually]

This page provides specific information for individuals whose personal data is processed under the scope of the European General Data Protection Regulation (GDPR), supplementing our main Privacy Policy.

Data Controller

The data controller responsible for your personal data is: Controlla Limited
191 Thorndon Quay, Pipitea, Wellington 6011, New Zealand
Email: legal@controlla.io

Personal Data We Collect

We collect information necessary to provide and improve our Services. This includes:

    • Information You Provide: Basic Account Information (email, name, business info), Transaction and Billing Information (name, payment details, contact info), Communications Data (survey responses, support queries, feedback).
    • Information We Collect Automatically: Log Information (IP address, browser type, OS, access times), Usage Information (actions within your account), Device Information (screen size, network), Location Information (approximate location from IP, precise if permitted via mobile), Information from Cookies & Other Technologies (usage preferences, analytics, ad targeting - see our Cookie Policy).
    • Information From Other Sources: Data provided by users about others (requires authorization), data from Integrated Services you authorize, marketing data from third-party services.

Legal Basis for Processing

Our legal grounds for processing your information under GDPR are:

    • Performance of Contract: Necessary to fulfill our commitments under our Terms of Service (e.g., setting up your account, providing Services, processing payments).
    • Legitimate Interests: Necessary for our legitimate interests where they don't override your rights (e.g., improving Services, security, analytics, marketing analysis, communication, preventing fraud).
    • Legal Obligation: Necessary to comply with the law.
    • Consent: Where you have given specific consent (e.g., for certain cookies, direct marketing). You can withdraw consent at any time.

How We Use Your Personal Data

We use your information to:

    • Provide, maintain, and improve our Services.
    • Process transactions and manage billing.
    • Communicate with you (support, offers, updates).
    • Monitor and analyze trends and usage.
    • Ensure security, prevent fraud, and protect rights.
    • Personalize your experience and marketing.

Data Sharing

We share information in limited circumstances:

    • With subsidiaries, employees, and contractors who need the information to provide services and are bound by privacy obligations.
    • With third-party services and vendors (e.g., hosting, payment processing, analytics, marketing tools) who need the information to provide their services to us or you, under privacy commitments.
    • With Integrated Services you authorize.
    • To comply with legal requests (subpoena, court order).
    • To protect the rights, property, or safety of Controlla, our users, or the public.
    • In connection with business transfers (merger, acquisition, bankruptcy), where the recipient must continue to use the information consistent with this policy.
    • With your explicit consent or direction.
    • As aggregated or de-identified data that cannot reasonably identify you.

We do not sell your personal information.

International Transfers

Your information may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including New Zealand and the United States, by us or our third-party processors. We ensure protection through appropriate safeguards as required by law:

    • New Zealand: An Adequacy Decision under Article 45 of the GDPR recognizes New Zealand's data protection laws as providing adequate protection.
    • United States & Other Countries: Use of Standard Contractual Clauses approved by the European Commission or reliance on other valid transfer mechanisms (like the EU-US Data Privacy Framework, if applicable to the recipient).

You can request more information about these safeguards.

Data Retention

We retain personal data only as long as necessary for the purposes we collected it (providing Services, legal compliance, accounting, reporting) and as described in our main Privacy Policy.

Data Security

We implement reasonable technical and organizational measures to protect your data against unauthorized access, use, alteration, or destruction. However, no online service is 100% secure.

Your Rights Under GDPR

You have the following rights regarding your personal data, subject to legal limitations:

    • Right of Access: Request a copy of the personal data we hold about you.
    • Right to Rectification: Request correction of inaccurate personal data.
    • Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data.
    • Right to Restrict Processing: Request limitation of how we process your personal data.
    • Right to Data Portability: Request your data in a structured, machine-readable format, or transfer it to another controller.
    • Right to Object: Object to processing based on legitimate interests or for direct marketing.
    • Right to Withdraw Consent: Withdraw consent where processing is based on consent.
    • Right to Lodge a Complaint: Complain to your local supervisory authority.

Exercising Your Rights

To exercise these rights, please contact us using the details provided below. You can often access, correct, or delete information via your account settings. We may need to verify your identity before processing your request.

Contact Us

For questions about this GDPR information or to exercise your rights, please contact us:

Via Support link on the website or email: legal@controlla.io
By Post: Controlla Limited, 191 Thorndon Quay, Pipitea, Wellington 6011, New Zealand