Privacy Policy

Last Updated: January 1, 2025

Introduction

This Privacy Policy explains how Cover4You & Directors Insurance (“we,” “us,” or “our”) collects, uses, protects, and shares your personal information when you use our data migration services, visit our website (directorsinsurance.co.nz), or interact with our migration platform and migration partner network.

We are proudly NZ Owned & Operated with offices in New Zealand, Hong Kong & United Kingdom. We pride ourselves in saving you time & money for all your insurance needs and work closely with personally reviewed providers that cover you specifically without excessive cost.

Important Information

Our Commitment to Privacy: Directors Insurance recognizes the critical importance of protecting personal and confidential information, especially given the nature of our data migration services. We are committed to transparency, data protection compliance, and maintaining the highest security standards.

Scope: This Privacy Policy covers personal data we process as a data controller when you use our services, visit our website, or interact with us directly. For data we process on your behalf during migrations, separate data processing agreements apply.

Children’s Privacy: Our services are not intended for children under 16, and we do not knowingly collect personal data from children.

Updates: We review this policy regularly and will notify you of material changes via email or website notice. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

What Information We Collect

We collect personal information through various means to provide and improve our migration services:

Information You Provide Directly

Account and Registration Data:

  • Name, job title, and company information
  • Business email address and phone number
  • Billing address and payment information
  • Account credentials and authentication details

Service-Related Information:

  • company structure and insurance requirements
  • Technical requirements and company preferences
  • Support requests and communication history
  • Feedback, survey responses, and testimonials

Business Communications:

  • Correspondence via email, phone, or chat
  • Meeting and consultation notes
  • Contract negotiations and legal communications (either from ourselves or an underwriter)

Information We Collect Automatically

Technical Data:

  • IP address, browser type, and device information
  • Website usage patterns and page interactions
  • Login times, session duration, and feature usage
  • Performance metrics and error logs

Migration Metadata:

  • Data volumes, transfer rates, and migration statistics
  • Error reports and troubleshooting logs
  • System performance and optimization data
  • Audit trails and compliance records

Information from Third Parties

Business Partners and Integrations:

  • Information from authorized representatives at your organization
  • Technical details from connected platforms and services
  • Referral information from partners and resellers

How We Use Your Information

We process your personal data for the following purposes, based on legitimate business interests, contractual necessity, or legal compliance:

Service Provision and Account Management

  • Creating and managing your account (Contract performance)
  • Providing migration services and technical support (Contract performance)
  • Processing payments and billing (Contract performance)
  • Communicating about service status and updates (Legitimate interest)

Service Improvement and Development

  • Analyzing usage patterns to improve our platform (Legitimate interest)
  • Developing new features and migration capabilities (Legitimate interest)
  • Conducting research and analytics on migration trends (Legitimate interest)
  • Optimizing performance and troubleshooting issues (Legitimate interest)

Business Operations and Compliance

  • Maintaining security and preventing fraud (Legitimate interest)
  • Complying with legal and regulatory requirements (Legal obligation)
  • Managing business relationships and communications (Legitimate interest)
  • Protecting our rights and property (Legitimate interest)

Marketing and Communications (with consent where required)

  • Sending relevant product updates and newsletters (Consent/Legitimate interest)
  • Providing educational content about data migration (Legitimate interest)
  • Inviting you to events, webinars, or surveys (Consent)
  • Sharing case studies and success stories (Consent)

Data Processing During Migrations

Processor Relationship: When performing your insurance evaluation and recommendations, we typically act as a broker on your behalf. In these cases:

  • We and/or insurance partners process data strictly according to your documented instructions
  • We and/or insurance partners implement appropriate security measures and anonymised data where applicable
  • We and/or insurance partners maintain confidentiality and limit information to authorized personnel only
  • We and/or insurance partners assist with data subject rights requests and regulatory compliance
  • We and/or insurance partners delete or return data upon insurance confirmation or expiration as instructed

Security During Brokerage: All information in transit is encrypted using enterprise-grade encryption protocols. Temporary data processing occurs in secure, isolated environments with restricted access and comprehensive logging.

Information Sharing and Disclosure

We may share your personal information in the following circumstances:

Service Providers and Partners

  • Insurance providers for hosting and data processing
  • Payment processors for billing and transaction management
  • Underwriting vendors for specialized assistance related to your insurance requirements.
  • Professional services firms for legal, accounting, and audit purposes (if applicable)

Business Transfers

  • In connection with mergers, acquisitions, or sale of business assets
  • Due diligence processes with appropriate confidentiality protections

Legal Requirements

  • To comply with applicable laws, regulations, or court orders
  • To respond to lawful requests from public authorities
  • To protect our rights, property, or safety, or that of others
  • To investigate suspected fraud or security incidents

With Your Consent

  • For purposes you have specifically authorized in relation to insurance quotation & brokerage
  • When sharing testimonials or case studies (with explicit permission)
  • As part of your form submission you accept we may use your data to discuss migration requirements with our dedicated team of insurance partners which may include contracted underwriters, direct insurers or network aggregated policies where applicable.

International Data Transfers

Transfer Mechanisms: We may transfer your personal data outside the APAC region to provide our services. When we do, we ensure appropriate safeguards through:

  • Adequacy decisions by relevant data protection authorities
  • Standard Contractual Clauses approved by the European Commission
  • International Data Transfer Agreements with appropriate safeguards
  • Certification schemes and codes of conduct where applicable

Third Country Processing: Our primary providers are located in Asia Pacific and where applicable underwriten in England, Scotland, Wales & Ireland. We maintain records of all international transfers and the safeguards in place.

Data Security and Retention

Security Measures

We implement comprehensive security controls including:

  • Encryption of data at rest and in transit using AES-256 and TLS 1.3
  • Access controls with multi-factor authentication and role-based permissions
  • Network security with firewalls, intrusion detection, and monitoring
  • Physical security at data centers with 24/7 surveillance and access controls
  • Regular security audits and penetration testing
  • Incident response procedures with notification protocols

Data Retention

We retain personal data only as long as necessary for:

  • Account data: Duration of business relationship plus 7 years for accounting/tax purposes
  • Quotation metadata: 2 years after migration completion for support purposes
  • Marketing data: Until consent is withdrawn or legitimate interest expires
  • Legal compliance: As required by applicable laws and regulations

Secure Deletion: When retention periods expire, we securely delete data using industry-standard methods to prevent recovery.

Your Privacy Rights

Under respective local market privacy and applicable data protection laws, you have the following rights:

Access and Portability

  • Right of access: Request copies of your personal data and information about our processing
  • Right to data portability: Receive your data in a structured, machine-readable format

Correction and Deletion

  • Right of rectification: Correct inaccurate or incomplete personal data
  • Right to erasure: Request deletion of your personal data in certain circumstances

Processing Controls

  • Right to restrict processing: Limit how we use your data in specific situations
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for processing where applicable

Automated Decision-Making

  • Right not to be subject to automated decision-making, including profiling with legal effects

Exercising Your Rights

To exercise these rights, contact us at [privacy@cover4you.co.nz] with:

  • Clear identification of yourself and your request
  • Verification of your identity (for security purposes)
  • Specific details about the data or processing in question

We will respond within one month, or notify you if additional time is needed for complex requests.

Cookies and Online Tracking

We use cookies and similar technologies to:

  • Essential cookies: Enable core website functionality and security
  • Analytics cookies: Understand website usage and improve user experience
  • Marketing cookies: Provide relevant content and measure campaign effectiveness

Cookie Management: You can control cookie preferences through your browser settings or our cookie preference center. Some cookies are essential for website functionality and cannot be disabled.

Detailed information about our cookie usage is available in our separate Cookie Policy.

Data Breach Notification

In the event of a personal data breach that poses risks to your rights and freedoms:

  • We will notify relevant supervisory authorities within 72 hours where required
  • We will inform affected individuals without undue delay when high risks are involved
  • We will provide clear information about the nature of the breach and our response
  • We maintain detailed incident response procedures and breach registers

Third-Party Services and Links

Our website and services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Integration Partners: When you connect our services with third-party platforms, separate privacy policies and terms of service may apply to your use of those platforms. Your dedicated and assigned migration partner may issue separate terms of service as part of the project plan which you will need to review/accept as part of the approved migration.

Business Changes

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will:

  • Provide advance notice of such transfers
  • Ensure the new entity honors existing privacy commitments
  • Offer choices regarding the transfer where legally possible

Contact Information

Privacy Inquiries

For questions about this Privacy Policy or our data practices:

  • Email: privacy@cover4you.co.nz
  • Post: Privacy Officer, GDS, World Trust Tower, Stanley Street, Central, Hong Kong

Data Protection Officer

Our Data Protection Officer can be reached at:

  • Email: privacy@cover4you.co.nz

Complaints and Concerns

We encourage you to contact us first with any privacy concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner’s Office (ICO)

  • Website: privacy.org.nz
  • Phone: 0800 803 909 Monday to Friday │10am to 3pm
  • Post: PO Box 10 094, Wellington 6140

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: To perform our obligations under service agreements
  • Legitimate Interest: For business operations, security, and service improvement
  • Legal Obligation: To comply with laws and regulations
  • Consent: For marketing communications and optional features (where required)

Definitions

Personal Data: Information relating to an identified or identifiable natural person.

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: The entity that processes personal data on behalf of a data controller.

Data Subject: The individual to whom personal data relates.

This Privacy Policy is designed to be transparent and comprehensive. If you have questions about any section or need clarification about our data practices, please contact us at privacy@cover4you.co.nz