Protecting your personal information is important to us. So is following New Zealand’s privacy laws.
This Privacy Statement tells you how we will protect your privacy and collect, use, store and share your personal information (any reference to “we”, “us”, or,“our” is to The Wednesday Challenge)
This Privacy Statement applies to anyone who uses www.wednesdaychallenge.co.nz.
WHAT INFORMATION DO WE COLLECT?
As a 'General' user, we collect the following personal information:
• first and last name
• email address
• the suburb where you reside
• password to login
• IP address
• reasons for joining the challenge
• usual mode of transport on a Wednesday
• Journey log on a given Wednesday (date, purpose of journey and mode of transport)
As a ‘School’ user (someone connected to a Primary or Intermediate school), there are two login types:
1. A school administrator (can add names of Classes, Houses, and “aliases names” of Students* associated with Classes and Houses),
2. A school teacher.
We collect the following information from school users - whether administrator or teacher:
• first and last name
• email address
• the suburb where the school is located.
School users cannot sign up themselves, but need to register their interest to be added via The Wednesday Challenge team manually, if deemed eligible for the Challenge. The exception to this is the known-list of high schools in the Tauranga area. High school students are treated as adults by The Wednesday Challenge. Providing personal information is optional. However, if you choose not to enter your location, email and participation results, unfortunately you won’t be able to participate in The Wednesday Challenge.
WHY AND HOW DO WE COLLECT AND USE YOUR INFORMATION?
We collect your personal information in order to:
• allow you to partake in The Wednesday Challenge
• update you on The Wednesday Challenge
We collect your information from:
• you directly (when you provide your details to us).
• you indirectly (when you interact with us on social media).
• other people (contractors and agents that work for us).
• places where the information is publicly available.
We use your information to:
• help you use our Website and our Web App
• respond to your questions
• tell you more about us and The Wednesday Challenge.
• operate and maintain our website.
• maintain our internal records.
• comply with our legal obligations.
• for any other purposes that you authorise.
HOW DO WE PROTECT YOUR INFORMATION?
We protect your information by:
• complying with the NZ Privacy Act.
• using a secure email/password login system, including CSRF protection, and passwords are hashed using the bcrypt algorithm in a secure database
• storing the data in a secure database using a single tenant model – which means all data is stored in its own database for The Wednesday Challenge and there is no external access provided to it.
• using a framework with a React and Laravel backend, on Amazon Web Services infrastructure -deemed to be the best in the world for security and protection.
• ensuring no one is able to delete records, except internally by the directors of Webapp developers.
HOW LONG DO WE STORE INFORMATION?
Your information is stored throughout the duration of The Wednesday Challenge, set to last throughout 2022.
The information will be held for 60 days following the completion of The Wednesday Challenge, to allow for any disputes, enquiries or investigations. After this time, the data in the database will be deleted. The database record itself will be cleared and the license key revoked.
WHAT THIRD PARTY APPLICATIONS ARE INTEGRATED?
The Wednesday Challenge App offers integrations with two external applications, namely Liftango and Strava.
1) ‘General Users’ interested in using Liftango (ride sharing platform) can do so by contacting the Wednesday Challenge team. The actual carpooling requests and trips are handled inside Liftango, who have provided access to this information to the Webapp developers and The Wednesday Challenge team.
2) ‘GeneralUsers’ who connect their profile to their Strava account, ensure future journeys are synchronised with The Wednesday Challenge App. Their details are automatically logged and stored in the Wednesday Challenge database. For each journey, we collect the:
• date of the journey
• mode of activity
• start time of the journey
• Strava ID
• expiry date of the access to their Strava account.
The Wednesday Challenge App will connect to Google Analytics, which will collect anonymised and aggregated location, device and browser information. None of this can be tied to an individual user, or used to identify an individual user.
The SendGrid mail service is used to reset passwords and receive email confirmations. Data is synchronised two-ways between the SendGrid and The Wednesday Challenge database using a secure API with a bearer token.
Your first and last name and email address are sent to Mailchimp in order to keep you informed about TheWednesday Challenge via our newsletters. Our newsletters are created by the Tuskany Agency who will receive the email address. Data is sent to the Mailchimp database using a secure API with a bearer token.
WHO CAN SEE WHAT INFORMATION?
Only the Web App developers can oversee the full database, which contains all the information mentioned for General Users above.
The password field is not able to be seen by anyone - all passwords are hashed using the bcrypt algorithm in a secure database and cannot be reverse engineered or decoded.
The Wednesday Challenge will have access to lists of users containing information such as email address, first name, last name and trips taken, and aggregated statistics. No one is provided access to the database(s) except for the Webapp developers.
HOW DO WE SHARE YOUR INFORMATION?
• Besides The Wednesday Challenge staff, we share your information with the Web App developer in order to analyse results from participating in The Wednesday Challenge for statistical and reporting purposes.
• We share aggregated and anonymous data with our funders to report on the project.
• Google Analytics, Sendgrid and Mailchimp will receive information from The Wednesday Challenge using a secure API with a bearer token. Your email address will be shared this way with the Tuskany Agency who create our newsletters.
• Information from Strava is sent to The Wednesday Challenge App using a secure API with a bearer token.
• Users interested in using Liftango (ride sharing platform) will be exported as a CSV file, and manually uploaded into the Administrator Portal for Liftango.
• Information about particular users for rewards and prizes is being downloaded as a Comma Separated Value (CSV) file, and shared by email to approved team members of The Wednesday Challenge for the sole purpose of issuing the reward.
• You will be able to see points you collect for the teams you have joined, as well as for those for your neighbourhood. • For teams you have joined, you can see the names and number of points other team members have accumulated, but are not able to view any other details about a person.You cannot see their suburb, the mode of transport or any identifying details.
WHAT ARE YOUR RIGHTS?
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected or deleted. If you’d like to ask for a copy of your information, or to have it corrected, please contact us at firstname.lastname@example.org.
You have a right to complain if you think we haven’t properly protected your privacy, by contacting our Privacy Officer at: email@example.com or complaining to the New Zealand Privacy Commissioner.
If we change this Privacy Statement:
• we will tell you about it on our website
• the changes will apply 14 days after we post them.
• If you keep using our Website, then this will indicate that you have accepted to our changes.