Privacy Policy

Last updated: 5 October 2024

This privacy policy complies with the Privacy Act 2020 and the 13 Information Privacy Principles (IPPs)

1. Introduction

LogBooka (operated by [COMPANY LEGAL NAME], NZBN: [YOUR NZBN]) ("we", "us", or "our") is committed to protecting your privacy and personal information in accordance with the Privacy Act 2020.

This Privacy Policy explains:

  • What personal information we collect and why
  • How we use, store, and protect your information
  • Your rights regarding your personal information
  • How to contact us about privacy matters

By using LogBooka, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

For All Users:

  • Identity Information: Name, email address, phone number
  • Account Information: Username, password (encrypted), profile photo
  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: App usage statistics, feature interactions, session duration

For Drivers:

  • Licence Information: Driver licence number, licence class, expiry date, licence photo (front and back)
  • Work Time Data: Duty status changes, work hours, break periods, rest periods
  • Location Data: GPS coordinates and timestamps for duty status changes
  • Vehicle Information: Vehicle registration numbers assigned to you
  • Compliance Data: AFMS selections, compliance status, alert history

For Transport Operators/Companies:

  • Business Information: Company name, NZBN, TSL number, IRD number, GST registration status
  • Contact Information: Business address, phone, email
  • Fleet Information: Vehicle details, registration numbers
  • Employee Information: Driver details, employment relationships
  • Payment Information: Credit card details (tokenised), billing address

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Location Data: Precise GPS location when recording duty changes (with your permission)
  • Log Data: IP address, browser type, access times, pages viewed
  • Technical Data: App crashes, performance metrics, error logs
  • Analytics Data: App usage patterns, feature adoption, user flows

2.3 Information from Third Parties

We may receive information from:

  • Your employer (if you're invited to join an organisation)
  • Payment processors (for transaction verification)
  • Authentication services (if you use social login)

3. How We Use Your Information

3.1 Primary Purposes (IPP 3)

We use your personal information for the following purposes:

Service Delivery:

  • Providing digital logbook and work time tracking functionality
  • Verifying duty status changes with GPS location data
  • Calculating compliance with NZTA work time regulations
  • Generating logbook reports and timesheets
  • Sending real-time compliance alerts and notifications
  • Facilitating communication between drivers and transport operators

Account Management:

  • Creating and managing your account
  • Authenticating your identity
  • Processing payments and billing
  • Providing customer support

Legal Compliance:

  • Complying with NZTA recordkeeping requirements
  • Responding to legal requests and court orders
  • Preventing fraud and abuse
  • Enforcing our Terms of Service

Service Improvement:

  • Analysing usage patterns to improve features
  • Conducting research and development
  • Testing new features
  • Monitoring and maintaining system performance

Communication:

  • Sending service-related notifications
  • Providing product updates and announcements
  • Requesting feedback
  • Sending marketing communications (with your consent)

3.2 Lawful Basis for Processing

We process your personal information based on:

  • Contract: To perform our contract with you
  • Legal Obligation: To comply with NZTA regulations and NZ law
  • Legitimate Interests: To improve our services and prevent fraud
  • Consent: Where you have given explicit consent (e.g., marketing)

4. GPS Location Data

4.1 Why We Collect Location Data

GPS location data is essential for verifying the authenticity of duty status changes and ensuring compliance with NZTA regulations. We collect precise location data when you:

  • Start or end a work period
  • Record a break
  • Change duty status
  • Submit logbook entries

4.2 Location Permissions

You must grant location permissions for the app to function. We will:

  • Request permission before accessing your location
  • Only collect location data when you make duty entries
  • Not track your location continuously in the background
  • Store location data with timestamps for audit purposes

4.3 Your Control

You can revoke location permissions at any time through your device settings, but this will prevent you from recording duty changes.

5. Information Sharing and Disclosure (IPP 11)

5.1 When We Share Information

We may share your personal information with:

Your Employer:

  • If you're a driver employed by a transport operator, your work time records, compliance status, and logbook data will be visible to your employer
  • This is necessary for your employer to meet their NZTA obligations

Service Providers:

  • Cloud Hosting: [SPECIFY: AWS, Azure, etc. - and data center location]
  • Payment Processing: [SPECIFY: Stripe, PayPal, etc.]
  • Email Services: For transactional emails and notifications
  • Analytics Services: [SPECIFY if using Google Analytics, etc.]
  • Customer Support: Help desk and ticketing systems

Legal Requirements:

  • NZTA or other regulatory authorities (when required by law)
  • Law enforcement agencies (in response to lawful requests)
  • Courts (in response to subpoenas or court orders)

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity

5.2 Third-Party Service Providers

We require all third-party service providers to:

  • Process personal information only as instructed by us
  • Implement appropriate security measures
  • Comply with privacy laws
  • Not use your information for their own purposes

5.3 International Data Transfers

Data Storage Location: [SPECIFY: NZ-only, or if using overseas providers]

If we transfer data outside New Zealand, we ensure:

  • The receiving country has comparable privacy protections, or
  • We have contractual safeguards in place, or
  • We have your explicit consent

5.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security (IPP 5)

6.1 Security Measures

We implement industry-standard security measures to protect your personal information:

Technical Security:

  • Encryption: All data in transit uses TLS/SSL encryption
  • Password Security: Passwords are hashed and salted using bcrypt
  • Access Controls: Role-based access with principle of least privilege
  • Secure Infrastructure: Data stored on secure cloud servers with redundancy
  • Regular Backups: Automated daily backups with encryption

Organisational Security:

  • Employee background checks and confidentiality agreements
  • Regular security training for staff
  • Incident response plan for data breaches
  • Regular security audits and penetration testing

6.2 Data Breach Notification

In the event of a data breach that causes serious harm, we will:

  • Notify affected individuals as soon as reasonably practicable
  • Notify the Privacy Commissioner if required
  • Provide information about the breach and steps you can take
  • Take remedial action to prevent further breaches

7. Data Retention (IPP 9)

7.1 Retention Periods

We retain your personal information for different periods depending on the type:

Work Time Records:

  • Active drivers: For the duration of your account plus 6 years (NZTA requirement for employment records)
  • Deleted accounts: Work time records retained for 6 years from last entry

Account Information:

  • Active accounts: Retained while your account is active
  • Inactive accounts: Deleted after 2 years of inactivity (with 30 days notice)
  • Deleted accounts: Permanently deleted 30 days after deletion request

Financial Records:

  • Tax purposes: Retained for 7 years (IRD requirement)

Support Communications:

  • Support tickets: Retained for 2 years

7.2 Legal Holds

We may retain information longer if:

  • Required by law or court order
  • Necessary for legal proceedings
  • Needed to establish, exercise, or defend legal claims

8. Your Privacy Rights (IPPs 6, 7, 10)

8.1 Right to Access (IPP 6)

You have the right to request:

  • Confirmation of whether we hold personal information about you
  • Access to your personal information
  • Information about how we use your data
  • Information about who we share your data with

We will respond to access requests within 20 working days and may charge a reasonable fee for providing information.

8.2 Right to Correction (IPP 7)

You have the right to:

  • Request correction of inaccurate or incomplete information
  • Update your account information directly in the app
  • Request we attach a statement of correction if we disagree

8.3 Right to Deletion

You can request deletion of your personal information, subject to:

  • Our legal obligations to retain work time records (6 years)
  • Our need to retain financial records (7 years)
  • Ongoing legal proceedings or investigations

8.4 Right to Data Portability

You can request:

  • Export of your logbook data in CSV format
  • Export of your work time records in PDF format
  • Export of your account information in JSON format

8.5 Right to Object

You can object to:

  • Marketing communications (opt-out anytime)
  • Analytics and non-essential cookies
  • Processing based on legitimate interests (where applicable)

8.6 Right to Complain

If you're not satisfied with our response, you can complain to:

  • Office of the Privacy Commissioner
  • Website: www.privacy.org.nz
  • Phone: 0800 803 909
  • Email: enquiries@privacy.org.nz

8.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies:

  • Authentication: Keep you logged in
  • Security: Prevent fraud and abuse
  • Preferences: Remember your settings

Analytics Cookies (Optional):

  • Usage Analytics: Understand how you use our service
  • Performance: Monitor app performance
  • A/B Testing: Test new features

9.2 Cookie Control

You can control cookies through:

  • Your browser settings (block or delete cookies)
  • Our cookie preference center (opt out of non-essential cookies)

Note: Blocking essential cookies may prevent the Service from functioning properly.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to your registered email address
  • Displaying a notification in the app

Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact:

Privacy Officer

We aim to respond to all privacy enquiries within 5 working days.

Your Consent

By using LogBooka, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.