From businesses we collect: - An email and password combination. - A name (company name) and place (address) for each logbook you create. - The current time whenever a logbook is created. From visitors we collect: - A name. - A phone number. - An email address. - The current time whenever a record is entered into a logbook. Whenever a logbook entry is made, we link the information collected from the user to the logbook.
An email and password combination is collected to secure access to your account. A name and address is collected for each logbook. Whenever a user logs a visit, we include the name and address information in the visit receipt. This is done to remind the user of where they have been. We collect the logbook creation time to organise your logs chronologically in the app. From visitors we collect a name, phone number, email address and the current time. Each record collected is then linked with a logbook operated by a business. This contact information can then be used to inform the visitor of a possible exposure to covid19. All information collected will be used for the sole purpose of contact tracing in relation to covid19.
We will store collected visitor data for up to 2 months on our servers. After the visitor data has been in the system for 2 months, it will be erased. Businesses have the option to export the visitor data as a CSV file. By using our services business owners agree to erase any exported visitor data after 1 month. This implies a maximum possible data retention time of 3 months. We will not be held liable in the event that a business breaches the agreement in the above clause. In addition to storing data within our service, receipts are also generated. These are stored locally on the users device. These receipts will be stored indefinately unless the user chooses to clear their cache. The New Zealand Government will be given access to logbooks upon request. This may be done either by the business providing them with the data or we may provide access ourselves.
We collect and use an email and password combination to secure access to your data. We recommend using a unique and complex password to improve the security of your account. We will send you a confirmation email to verify you are the owner of the email address. In the event that you forget your password we may also use this email to reset access to your account. Our service is hosted by Heroku who use AWS datacentres. We use HTTPS and SSL to encrypt all data in transit between between the users device and our service. We use industry standard technology to create an encrypted channel when sending your email and password combination to our servers. Once recieved, we store a copy of your email and an industry standard hash and salt of your password. This enables us to verify your password without storing it.
You may request that we delete your personal information from our servers at any time. When we receive your request, we will remove your data from our service within 10 business days. For any records that are removed, we will notify the owner of the associated logbook that you have requested to remove the data from our service. The logbook owner is expected to make a manual copy of your data to comply with Government regulations.