Data Protection and Privacy Policy FAQ
About this Data Protection and Privacy Policy FAQ
Pegasus Systems (“we”, “us”, or “our”) recognises the importance of data protection and privacy and is committed to them both.
This Data Protection and Privacy Policy outlines how we collect, hold, use, disclose and otherwise handle personal information openly and transparently by Section 5 of the Federal Trade Commission Act in the USA, the General Data Protection Principals (GDPR) (EU) 2016/679, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and The New Zealand Privacy Principles contained in The Privacy Act 2020. By providing us with your personal information, you consent to us handling it through this Data Protection and Privacy Policy, as we update it occasionally.
Pegasus is the Controller of data relating to its staff, supplier, and customer contact data. For clarity, Pegasus also acts as a Processor, fulfilling Processor duties, only contracted to do so by a Controller (our client/customer) whose data is processed and stored within the Pegasus application.Why do we collect, hold, use and disclose personal information
We collect, have, use and disclose personal information about the promotion and supply of our products and services. A feature of our products and services is to store and retain information, some of which may be personal.
For example, we may collect, hold, use, and disclose your personal information for:Establishing identity within our products;
Performing necessary identity and security verifications within our products and services;
Processing transactions and conducting business;
Generally delivering products and services, such as providing customer support and services, such as training;
Providing a hosted application service;
Providing you with information such as product update notifications;
Improving our products, services, and service delivery, including for better understanding of your needs, interests, and suitability for various products and services;
Recommending specific products and services that may meet your needs;
Responding to issues, questions, and queries;
Converting personal information contained within product data from a third party or Pegasus product(s) into another Pegasus product(s).
Protecting you and us against errors or fraud; and
Complying with our legal or regulatory obligations.
What kinds of personal information do we collect and hold
The kinds of personal information about you that we may collect and hold include; contact details, payment details, bank account details, and service-related information. Our products may also contain personal data including but not limited to full name, email address, date of birth, annual leave entitlement, remuneration details, emergency contacts, and other staff details. If you do not provide us with all or some of the personal information we request, we may be unable to supply the products or services you require.
What website visitor information do we collect and hold
We use a range of third-party tools [including cookies and session tools] to collect information about visitors to our website https://www.pegasussystems.com (“Website”) or our Pegasus Freshdesk Support Portal. For example, when you visit our website or Freshdesk Support Portal, we may collect your server address, domain name, operating system, browser type, pages accessed, documents downloaded, previous visits, referring website, and visit date and time. We collect and hold this information to maintain and improve our services and enhance your browsing experience. You may set your browser to turn off cookies, but some parts of our website may not function properly if cookies are disabled.
How we collect and hold personal information
We collect and hold your personal information or information entered into our products directly from you. For example, we may collect your personal information from you in person when you visit our office or by mail, telephone, email, Freshdesk, FTP, using our website, or other communication with you.
Personal information is stored in our products through the standard operation of our products. While supporting or delivering a required service, we may also request system data or log files be sent to us. Your Pegasus system may also be hosted in an environment where we can access system data and log files.
We may request that data containing personal information be supplied to deliver a service such as data conversion.
We hold personal information that we collect in physical and electronic storage facilities, including paper-based files and computer databases.How we disclose personal information
We may disclose personal information to our affiliates, subsidiaries, employees, contractors, agents, and service providers for the supply of our products and services. For example, we may disclose your personal information to:
Third-party providers to provide you with support for our products or services that you require; and
Third-party suppliers in the course and to provide a product or service that you need.
Some third-party providers may be located in jurisdictions other than yours.
Without your consent, we will not sell or rent your personal information to any third party for marketing purposes.How we protect personal information
We protect the personal information that we hold from misuse, interference, and loss and from unauthorised access, modification, or disclosure using both physical and electronic security measures, which include secure premises, locked cabinets, secure databases, password access, anti-virus software, data transfer encryption, and firewalls.
You provide us with your personal information over the Internet at your own risk, as the security of such information cannot be 100% guaranteed.How you may access, correct, and update your personal information
You have the right to request access to and correction of any of your personal information that we hold. You should promptly notify us if you become aware that any personal information we have is inaccurate or out-of-date.
If you wish to access, correct, or update our personal information, please get in touch with our Helpdesk using the contact details below or directly amend the data stored within our products.How we update this Data Protection and Privacy Policy
We may update this Data Protection and Privacy Policy from time to time to take into account changes in our information handling practices by publishing an amended Data Protection and Privacy Policy on our website. You should regularly review our website's most recent version of this Data Protection and Privacy Policy.
Where do we store data?
Where we provide services to host our products in the cloud, we store data in data centres in your region.
Where do we transfer data?
We will not copy your data outside of your region without your prior explicit written permission. For example, data hosted in the USA remains in the USA, data hosted in Europe is not copied outside of Europe, and data stored in APAC is not copied outside of APAC.
Our data protection processes
We have an internal data protection policy which is reviewed annually. All staff who have access to data are trained. Our processes include the following:
Processing personal information only where this is strictly necessary for legitimate organisational purposes;
Collecting only the minimum personal information required for these purposes and not processing excessive personal information;
Provide clear information to individuals about how their data will be used and by whom;
Only processing relevant and adequate personal information;
Processing personal data fairly and lawfully;
Maintaining an inventory of the categories of personal data that we process;
Keeping personal information accurate and, where necessary, up to date;
Retaining personal information only for as long as is necessary for legal or regulatory reasons or legitimate organisational purposes;
Respecting individuals’ rights about their personal information, including their right to access;
Only transferring personal information outside the originating region in circumstances where it can be adequately protected;
The application of the various exemptions allowable by data protection legislation;
Developing and implementing an Information Management System to enable the policy to be implemented;
where appropriate, identify internal and external stakeholders and the degree to which these stakeholders are involved in the governance of our data management.
Identifying workers with specific responsibility and accountability for the Personal Information Management Systems.
The regular training of staff who may have access to Personally Identifiable Information on best data security and privacy practices.
Promptly notify customers if any unauthorised person has obtained or attempted to obtain personally identifiable information.
Pegasus products and data privacy requirements
Our products are highly flexible; as a result, it is possible to configure them in ways that may or may not conform to data privacy requirements in your organisation and/or your region. It is your responsibility to configure the products appropriately. Where you need assistance to enable the product to comply with your specific business or regional legislative requirements, you may contact us for product assistance (see below for contact details).
How to make an inquiry or complaint
If you have an inquiry or complaint about our handling of your personal information, don't hesitate to contact our support team, who is responsible for being the first point of contact with such inquiries and complaints.
How complaints are processed
The support representative initially handles all complaints. If you are unsatisfied with the outcome, you may request that it be escalated to the Pegasus management team. A member of the management team will contact you regarding your complaint. Ultimately the issue may be escalated to the General Manager of Pegasus.
How to contact us
You may contact our Helpdesk using the contact details below:
Email: supportnz@pegasussystems.com or supportau@pegasussystems.com