This is the privacy notice of Vibe.fyi Limited. In this policy, “we”, “our”, or “us” refer to Vibe.fyi, New Zealand company number 1114761 with a postal address - Vibe.fyi Limited, PO Box 360, Orewa 0946, Auckland, New Zealand.

This policy aims to inform you about how we collect and handle any information that we collect from you, or that you provide to us. It covers both information that could identify you (personal identifiable information, or PII) and information that could not.

The privacy and protection of your PII data are important to us. We understand that all users of our website are quite rightly concerned to know that their data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party. Our policy is both specific and strict. It complies with New Zealand law and with the laws of all jurisdictions of which we are aware.

If you think our policy falls short of your expectations or that we are failing to abide by our policy, do please tell us.

What personal information do we collect and process?

1. Personally identifiable information (PII)
   1. When you (a website visitor/user) complete and submit a form or book a calendar meeting with our team from our website, you will need to enter your name, email address, phone number, company name and/or other details to enable us to make contact with you regarding your enquiry.
   2. We never ask for credit card numbers, via forms, in person or via LiveChat.
   3. We request and only store your personally identifiable information (PII), which is necessary for enable us to make contact with you regarding your sales enquiry or support enquiry.
2. Cookies
   1. We also record tracking behavior when you click through our website by using cookies.
   2. This method helps us identify which content is helpful to our website target audience. The aim of our website is to attract new business and support current clients. 

When do we collect PII information?

• We collect information when you (a website visitor/user) complete and submit a form or book a calendar meeting with our team from our website.

• We also collect information in other ways, such as; response to a survey or marketing communication, or using certain other site features to follow up with them after correspondence (LiveChat, email or phone enquiries.)

Retention period

We understand the importance of managing personal data responsibly. The retention of your personal information is guided by the following principles:

• Purpose: We collect your personal information to provide you with up-to-date information, effectively promote, and deliver the Vibe.fyi product and service.
  
• Retention Period: We retain your personal data for as long as it is necessary to fulfill its intended purpose. The specific retention period may vary depending on the type of data and the purpose for which it was collected. We regularly review our data retention practices to ensure compliance with legal requirements and alignment with the purposes for which the data was collected.
  
• Review and Deletion: Upon expiration of the retention period or the fulfillment of the intended purpose, we take appropriate measures to securely delete or anonymise your personal data. In some cases, legal or regulatory obligations may dictate a specific retention period.
  

How we protect PII information

Vibe.fyi is dedicated to safeguarding the privacy and security of Personally Identifiable Information (PII) provided by our users. This section outlines the measures we take to protect the confidentiality and integrity of your sensitive information.

• ISO/IEC 27001 Information Management Security Certified - Vibe.fyi Limited is certified as compliant with ISO/IEC 27001:2013, the premier global information security management system (ISMS) standard. Our cloud hosting provider Microsoft Azure is ISO 27001, ISO 27018, SOC1, SOC2 and SOC3 compliant. As such, we undertake regular practice of Malware Scanning and Virus Protection.
• Encryption of PII - All PII collected through our website is transmitted securely using SSL (Secure Socket Layer), an industry-standard encryption protocol to ensure that your information remains confidential during data transmission.
• Secure Storage - We employ robust security measures to protect the storage of PII within our systems. Access to PII is restricted by Multifactor Authentication (MFA) to authorised personnel only, and our storage systems are equipped with encryption at rest and in transit, and access controls to prevent unauthorised access.
• Access Controls - Access to business systems with PII is limited to individuals who require it for legitimate business purposes. Our employees undergo thorough training on data protection and privacy, and access permissions are granted based on job responsibilities. Multifactor Authentication (MFA) is enforced on all systems that contain Personally Identifiable Information and where available, Azure AD Single Sign-on is used instead of using the application account credentials.
• Regular Security Audits - As part of our existing ISO/IEC 270001 Information Management Security policies, we conduct regular security audits and assessments to identify and address potential vulnerabilities in our systems. This proactive approach helps us maintain a secure environment for the storage and processing of PII.
• Incident Response Plan - In the event of a data breach or security incident involving PII, we have established an incident response plan, within our existing ISO/IEC 270001 Information Management Security policies to promptly identify and mitigate the issue. If the incident affects customer data, the primary contact for that customer will be informed immediately and relevant authorities in accordance with applicable laws.
• Data Minimisation - We only collect and retain PII that is necessary for the purposes outlined in this Privacy Policy.
  

User responsibilities

• To enhance the security of your PII, we advise you to take precautions such as using strong and unique passwords, keeping login credentials confidential, and promptly reporting any suspicious activities.

User rights

As a user of our services, you have certain rights regarding the handling of your personal data. Here's an overview of your rights:

1. Right to be Informed
   • You have the right to know how we collect, process, and use your personal data. Our privacy policy provides clear information about the purposes, types of data collected, and the entities involved in processing.
2. Right of Access
   • You can request access to your personal data that we process. Upon request (details below), our Data Protection Officer (DPO) will provide you with a copy of your data and additional details about the processing within 30-days of receiving the initial request.
3. Right to Erasure (Right to be Forgotten):
   
   • You have the right to request the deletion or removal of your personal data if there is no compelling reason for its continued processing. We will comply with erasure requests, except in cases where legal obligations require data retention.
4. Right to Restriction of Processing:
   
   • Under certain circumstances, you can limit the processing of your personal data. While processing is restricted, we will store the data without further processing, unless you provide consent.
5. Right to Data Portability:
   
   • If your personal data is processed based on consent or for the performance of a contract, you have the right to receive it in a structured, machine-readable format. You may also request its transmission to another data controller, if technically feasible.
6. Right to Object:
   
   • You can object to the processing of your personal data, particularly for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
7. Rights in Relation to Automated Decision-Making, Including Profiling:
   
   • You have the right not to be subject to decisions based solely on automated processing, including profiling, if such decisions significantly affect you. We ensure that you have the right to human intervention, express your views, and contest automated decisions.

Lawfulness of Processing Personal Data

Legal Bases for Processing

We are committed to ensuring that the processing of personal data is conducted in accordance with applicable data protection laws, including The NZ Privacy Act 2020 and General Data Protection Regulation (GDPR). To lawfully process personal data, we rely on the following legal bases:

1. Consent (Article 6(1)(a) GDPR): Where applicable, we obtain explicit consent from individuals before processing their personal data for specified purposes. Individuals have the right to withdraw their consent at any time.
   
2. Contractual Necessity (Article 6(1)(b) GDPR): In certain instances, we process personal data as necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the data subject's request.
   
3. Legal Obligations (Article 6(1)(c) GDPR): We may process personal data to comply with legal obligations to which we are subject.
   
4. Legitimate Interests (Article 6(1)(f) GDPR): Processing may occur based on our legitimate interests, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
   
5. Vital Interests (Article 6(1)(d) GDPR): Processing may be necessary to protect the vital interests of the data subject or another natural person.
   
6. Public Task (Article 6(1)(e) GDPR): In certain circumstances, personal data may be processed in the performance of a task carried out in the public interest or in the exercise of official authority.
   

Automated Decision-Making and Profiling

We commit to providing transparent information about any automated decision-making processes, including profiling, and ensuring that individuals have the right to meaningful information about the logic involved.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

CAN SPAM Act

• The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
• We collect your email address in order to Send information, respond to inquiries, and/or other requests or questions.
• To be in accordance with CAN-SPAM we agree to the following:
  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Monitor third party email marketing services for compliance, if one is used.
  • Honour opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

Third party disclosure and links

• We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
• We do not include or offer third party products or services on our website.

Cookies

• We record tracking behavior when you click through our website by using cookies.
• This method helps us identify which content is helpful to our website target audience. The aim of our website is to attract new business and support current clients. 
• You can choose to disable all non-necessary cookies via our cookie banner, which will appear when you access our website. If you select <Reject Non-Necessary Cookies>, all Functional, Analytical, Advertisement and Other cookies will be disabled.
   have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies.
• You can also choose to turn off cookies via your browser settings. Each browser is a little different, so look at your browser's help menu to learn the correct way to modify your cookies.
  • For example: chrome://settings/cookies
• If you disable cookies, some features will be disabled that make your site experience more efficient and some of our services will not function properly.
  • For example: With sales enquiries, accurate pricing will not display, as it will not be able to identify your country.

Types of Cookies

• Necessary - Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

• Functional - Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

• Analytical - Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

• Advertisement - Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

• Other - Other uncategorised cookies have not yet been categorised.

Cookies used on Vibe.fyi Website

Necessary

Cookie	Domain	Description	Duration	Type
LS_CSRF_TOKEN	salesiq.zohopublic.com.au	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.	Session	Necessary
zc_consent	www.vibe.fyi	Zoho sets this cookie to determine whether the user has accepted the cookie consent box.	1 year	Necessary
JSESSIONID	maillist-manage.com.au	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.	Session	Necessary

Functional

Cookie	Domain	Description	Duration	Type
Uesign	salesiq.zohopublic.com.au	Zoho sets this cookie for the Visitor Live Chat.	1 month	Functional
_dc_gtm_UA-*	.vibe.fyi	Google Analytics sets this cookie to load the Google Analytics script tag.	1 minute	Functional
zc_loc	.maillist-manage.com.au	Zoho marketing Automation sets this cookie to store language preferences, potentially to serve up content in the stored language.	Session	Functional
lidc	.linkedin.com	LinkedIn sets the lidc cookie to facilitate data center selection.	1 day	Functional
li_gc	.linkedin.com	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.	6 months	Functional
_zcsr_tmp	salesiq.zohopublic.com.au	Zoho sets this cookie for the login function on the website.	Session	Functional

Advertisement

Cookie	Domain	Description	Duration	Type
zc_show	www.vibe.fyi	Zoho sets this cookie to collect data on visitors' preferences and behaviour on the website and the information is used to make content and advertisements more relevant to the specific visitor.	1 year	Advertisement
ZCAMPAIGN_ CSRF_TOKEN	maillist-manage.com.au	Zoho Maillist Manage sets this cookie to distinguish humans from robots and to generate reliable usage reports for the website.	Session	Advertisement
li_sugr	.linkedin.com	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.	3 months	Advertisement
bcookie	.linkedin.com	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.	1 year	Advertisement

Analytical

Cookie	Domain	Description	Duration	Type
_gcl_au	.vibe.fyi	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.	3 months	Analytics
_ga_*	.vibe.fyi	Google Analytics sets this cookie to store and count page views.	1y 1m 4d	Analytics
_ga	.vibe.fyi	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.	1y 1m 4d	Analytics
_gid	.vibe.fyi	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.	1 day	Analytics
_hjSessionUser_*	.vibe.fyi	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.	1 year	Analytics
_hjSession_*	.vibe.fyi	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.	1 hour	Analytics
zc_cu	.maillist-manage.com.au	Zoho marketing Automation cookie is used to collect information on user preferences and/or interaction with web-campaign content. This is used on CRM-campaign-platform for promoting events or products.	1 year	Analytics
zc_cu	www.vibe.fyi	Zoho marketing Automation cookie is used to collect information on user preferences and/or interaction with web-campaign content. This is used on CRM-campaign-platform for promoting events or products.	1 year	Analytics
zc_cu_exp	www.vibe.fyi	Zoho marketing Automation cookie is used to collect information on user preferences and/or interaction with web-campaign content. This is used on CRM-campaign-platform for promoting events or products.	1 year	Analytics
siqlsdb	vibe.fyi	Zoho sets this cookie to generate a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	Never	Analytics
utsdb	vibe.fyi	Zoho SalesIQ sets this cookie to register data on visitor's website behaviour.	Never	Analytics

Other

Cookie	Domain	Description	Duration	Type
lastUrl	vibe.fyi	No description available.	Never	Other
Ret	.vibe.fyi	No description	1y 1m 4d	Other
S8SID	.vibe.fyi	No description available.	Session	Other
SNID	snid.snitcher.com	This cookie is set by the Google. This cookie is used by the map which helps visitors to identify and reach the facility.	1y 1m 4d	Other
_hjIncludedIn SessionSample_2680070	.vibe.fyi	No description	1 hour	Other
zc_tp	.maillist-manage.com.au	No description available.	1 year	Other
zc_tp	www.vibe.fyi	No description available.	1 year	Other
24a7e33ab6	salesiq.zoho.com.au	No description	session	Other
faa4fd1bf3	ma.zoho.com.au	No description	session	Other
6dda730f14	maillist-manage.com.au	No description	session	Other

MANAGING AND DISABLING COOKIES

Your cookie preferences

When you visit our Website for the first time, you will be prompted via our cookie banner to indicate whether you agree to enable all non-necessary cookies. If you select <Reject Non-Necessary Cookies>, all Functional, Analytical, Advertisement and Other cookies will be disabled.

Keep in mind that limiting or blocking the use of cookies may negatively impact your experience with respect to our Website.

Via browser settings

You can also modify your browser settings to decline certain cookies and/or to delete cookies that are already installed on your computer or mobile device. There are several possibilities to avoid the storage of cookies. Please visit the websites of the different browsers to learn how you can block the storage of cookies.

How does our site handle 'Do Not Track' signals?

• We honor 'Do Not Track' signals and do not engage in third party behavioral tracking, however our website itself may still collect data as outlined in the Cookies section.

Unsubscribe from emails

• If at any time clients or potential sales leads need to unsubscribe or opt-out from receiving Vibe.fyi emails, click the UNSUBSCRIBE link at the bottom of an email that you received; or
• Email  
• Processing will be done at the time of receiving your request.

Company details

• Contact Vibe.fyi Limited to request your PII, or if you have questions regarding the security of PII that we hold for you, email 
• Office Address: 9 Huron Street, Takapuna, Auckland, New Zealand, 0622, New Zealand
• Postal address: PO Box 360, Orewa 0946, Auckland, New Zealand.
• Last edited: 16/01/2024