Vista Group (NZ) Limited (“MX” "we" "us" or “our”) is the controller of your personal data. We are based at Shed 12, City Works Depot, 90 Wellesley Street West, Auckland Central, Auckland 1010, New Zealand and we take our data protection and privacy responsibilities seriously.
This Privacy Policy explains how we collect, use, and share personal information in relation to our websites (www.movieXchange.com and film.movieXchange.com), and in the course of our business activities set out below, including:
Please note that we may collect, use and share personal information with other companies in the Vista Group. These companies may have their own privacy policies, which are generally available from the relevant websites for those products and services. Click here for a list of our Group companies
This Privacy Policy also does not apply to information collection activities by our customers or on their behalf (“Client Data”). For example, MX provides software to our clients, and may process information on their behalf to provide those services. This Privacy Policy does not describe the processing of Client Data, and we invite you to visit the applicable client’s privacy policy for information about their privacy practices.
Any questions you have relating to such information and your rights under data protection law should be directed to the client, as the controller of that information, and not to MX.
This Privacy Policy will also not apply to any information we collect about you when you apply for a job with us. For our job candidate privacy notice, please click the link here: https://vistagroup.co.nz/applicant-privacy-notice
We may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage.
This Privacy Policy was last updated on the date as set out at the bottom of this Privacy Policy. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this Privacy Policy, we will seek to inform you by notice on our website or email.
You might find external links to other companies' websites on our website. This Privacy Policy does not apply to your use of any other entity's site.
We collect information about you if you register with or use our website or services, work with us as a business partner, register or attend an event organised or hosted by us, subscribe to our newsletter or other forms of marketing communications, respond to a survey or fill out a form created or sent by us, or if you otherwise contact us (together, “Services”).
We may also collect personal information from third parties, such as your employer, public databases, or social media networks.
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this because the legal bases we may rely on include:
Consent – sometimes we ask for your consent to use your data.
Contract – if we have a contract in place with you, the terms of that contract may requires us to process personal data necessary for that contract, or because you’ve asked us to take specific steps before entering into a contract.
Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
Legal obligation – we have obligations to comply with legal and regulatory requirements under the laws applicable to us in each of the territories that we operate in. In certain cases, we have to use your data to meet these obligations.
If you would like to find out more about the legal basis for which we process personal information, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].
Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the Legal Rights section below.
We will use the personal information we collect to operate, maintain and provide to you the features and functionality of the Services, to prevent and address security threats, fraud, or breach of our teams, to communicate with you (including to send you technical notices, security alerts, or changes to our products or policies, as well as to send you advertising), to monitor and improve the Services and business, to fulfil any other business or commercial purpose at your direction or with your notice and/or consent, and to help us develop new products and services.
We may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful.
In all cases, we will first obtain your consent and respect your preferences for how you would like us to manage marketing activity with you.
To protect privacy rights and to ensure you have control over how we manage marketing with you:
• we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you and only if you have consented to receiving those communications;
• you can ask us to stop direct marketing at any time. You can also ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at [email protected]; and
• you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in our Cookie Policy.
Please note that you cannot opt-out of non-promotional emails, such as those about your transactions, servicing, or our ongoing business relations. Your opt-out is limited to the email address, device, and phone number used and will not affect subsequent subscriptions.
We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
We may use performance cookies like Google Analytics to recognise and count the number of visitors/users of our website and to see how such visitors/users move around our website when they are using it.
For more information about how we use profiling and analytics, please visit our Cookie Policy.
We do not undertake any profiling activities which will lead to automated decision-making which produces legal effects concerning you, or similarly significantly affects you.
We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside of the country you are located in, including the EU, UK, New Zealand, and the United States of America, that are subject to different standards of data protection.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
• we ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
• where we transfer your personal information outside our group of companies or to third parties who help provide our products and services, we may rely on EU Commission adequacy decisions or UK adequacy decisions (where applicable), or we obtain contractual commitments from them to protect your personal information (such as EU Standard Contractual Clauses (EU SCCs), and for transfers to third countries outside of the UK, the UK International Data Transfer Agreement (IDTA), which is the UK equivalent of the EU SCCs). Some of these assurances are well-recognized certification schemes like the EU - US Data Privacy Framework, its UK Extension or the Swiss-U.S. Data Privacy Framework for the protection of personal information transferred from within the EU to the United States; or
• where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
We have implemented and continue to maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information. Nevertheless, transmission of information via the internet is not completely secure and we cannot guarantee the security of information.
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner within 20 business days. In some circumstances, we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances, we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking and where your personal information originates from, you have certain rights in relation to your personal information. If you are resident in the European Economic Area or the UK, under European law and UK law (respectively) you have the following rights in respect of your personal information:
If you wish to exercise any of the above rights, if necessary, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at [email protected]. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; (d) the entities or categories of entities to whom your personal information may be transferred; (e) the categories of personal data concerned; (f) the retention period(s) of your personal data and (g) where your personal data are transferred to a third country, the appropriate safeguards pursuant to Article 46 relating to the transfer.
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
You can ask us to restrict your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
You can request to withdraw your consent to any processing activity that you previously consented to. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
California residents have certain privacy rights under the California Consumer Privacy Act of 2018, also known as the CCPA. The CCPA requires additional disclosures, and provides rights to know, delete, and opt-out, which are detailed below.
In the past 12 months, we have collected the following categories of personal information listed in the CCPA:
For more information on the information we collect, including the sources we receive information from, review the What Personal Information We Collect section. We collect and use these categories of personal information for the business purposes described in the same section, including to provide and manage our Services.
MX does not sell (as that term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt-out). We use and partner with different types of entities to assist with our daily operations and manage our Services. Please review the How We Share Personal Information section for more detail about the parties we have shared information with.
Our website and Services are intended to provide information to our clients. By using the website, Services or interacting with MX offline, you represent and warrant that you will only provide information within the context of (i) your role as a business contact, supplier, prospective client or client or (ii) MX conducting due diligence regarding, or providing or receiving a product or service to or from your employer.
Our processing of Client Data is governed by the terms of our service agreements with our clients and their privacy policies, and not this Policy. We are not responsible for how our clients treat the information we collect on their behalf, and we recommend you review their own privacy policies.
We acknowledge that you may have rights in connection with Client Data. If you are a California resident and we, as a service provider, have processed your information behalf of a client and you wish to exercise your CCPA rights, please inquire with our client directly.
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
California’s “Shine the Light” law permits residents of California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. We may share personal information as defined by “Shine the Light” with our affiliates for those their own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] or send us a letter to the mailing address under "Contact Us" below. Requests must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that MX is not required to respond to requests made by means other than through the provided e-mail address.
Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].
Residents in other jurisdictions may also have similar rights to the above. Please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
The primary point of contact for all issues arising from this privacy policy is our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].
We have appointed a representative in the EU: Vista Entertainment Solutions (NL) B.V., who can be contacted by email at [email protected] or in person / by post at TSH Collab Amsterdam City, Wibautstraat 131D, 1091 GL Amsterdam, Netherlands.
We have appointed a representative in the UK: Vista Group International (UK) Limited, who can be contacted by email at [email protected] or in person / by post at FORA, Thomas House, 84 Eccleston Square, London SW1V 1PX.
If you have any questions, concerns or complaints regarding our compliance with this privacy policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact Vista Privacy. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws.
If you experience any difficulties accessing the information here, please contact us via the details above to obtain this Privacy Policy in an alternate format.
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place of work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
You may also contact our Data Protection Officer with queries regarding your privacy and/or personal data here: [email protected]
Issue date of Privacy Policy: 25 August 2024.