Privacy Policy

movieXchange Privacy Policy

movieXchange Limited (“MX” "we" "us" or “our”) based at Shed 12, City Works Depot, 90 Wellesley Street West, Auckland Central, Auckland 1010, New Zealand takes our data protection and privacy responsibilities seriously.

This privacy policy explains how we collect, use, and share personal information in relation to our websites ( and, and in the course of our business activities set out below, including:

Please note that we may collect, use and share personal information with other companies in the Vista Group. These companies may have their own privacy policies, which are generally available from the relevant websites for those products and services. Click here for a list of our Group companies

This privacy policy also does not apply to information collection activities by our customers or on their behalf (“Customer Data”).  For example, MX provides software to our customers, and may process information on their behalf to provide those services.  This privacy policy does not describe the processing of Customer Data, and we invite you to visit the applicable customer’s privacy policy for information about their privacy practices.  Any questions you have relating to such information and your rights under data protection law should be directed to the customer, as the controller of that information, and not to MX.


We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage.

This privacy policy was last updated on 23 June 2020. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy policy, we will seek to inform you by notice on our website or email.

Third-Party Websites

You might find external links to other companies' websites on our website. This privacy policy does not apply to your use of any other entity's site.

What personal information we collect

When we collect information

We collect information about you if you register with or use our website or services, work with us as a business partner, register or attend an event organised or hosted by us, apply for a job with us, subscribe to our newsletter or other forms of marketing communications, respond to a survey or fill out a form created or sent by us, or if you otherwise contact us (together, “Services”).

We may also collect personal information from third parties, such as your employer, public databases, or social media networks.

Personal information we collect from you and use if you use our website or Services
  • Contact information – such as your title, name, email address, phone number, address. We use this information to operate, maintain and provide the Services to you. We also use this information to communicate with you, including sending service-related communications, employment-related communications and marketing communications in accordance with your preferences.
  • Location information – other than information you choose to provide us, we do not collect information about your precise location. Your device’s IP address may help us determine an approximate location to ensure content made available to you through our Services or marketing channels is relevant to the city or country you are using your device in.
  • Troubleshooting information – should you require assistance from our Services Team in relation to issues with our Services, website, your account etc., we may require your personal details in order to address the issue, such as your user name and user ID.
  • Preferences – such as preferences set for notifications, marketing communications and how our website is displayed. We use this information to provide notifications, send news, alerts and marketing communications and provide our Services in accordance with your choices and also to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented.
  • Information provided by third parties – from time to time, we may receive information about you from third parties and other users. We may obtain information from third parties to enhance or supplement our existing user information. We may also collect information about you that is publicly available.
  • Service Use Data – such as information about features you use, pages you visit, emails you view, products and services you view and purchase, the time of day you browse, and your referring and exiting pages.
  • Device Data – such as information about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the Legal Rights section below.

We will use the personal information we collect to operate, maintain and provide to you the features and functionality of the Services, to prevent and address security threats, fraud, or breach of our teams, to communicate with you (including to send you technical notices, security alerts, or changes to our products or policies, as well as to send you advertising), to monitor and improve the Services and business, to fulfil any other business or commercial purpose at your direction or with your notice and/or consent, and to help us develop new products and services.

Legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this (namely, that the processing is necessary for our legitimate interests and/or for compliance with a legal obligation to which we are subject). This is because:

  • we need to use your personal information to perform a contract or take steps to enter into a contract with you;
  • we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may use your email address to send you invites or inform you of events that we host or trade show meetings. In all such cases, we will look after your information always in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Legal Rights section below;
  • we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
  • we have your consent in using your personal information for a particular activity.

If you would like to find out more about the legal basis for which we process personal information, please contact us.

How we share personal information

We share your personal information in the manner and for the purposes described below:

  • with other companies within our group, where such disclosure is necessary to provide you with our products and services or necessary to manage our business. Click here for a list of the other companies within our group companies;
  • with service providers who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
  • with our customers in connection with us processing information on their behalf;
  • with vendors and other parties for business and commercial purposes, including analytics companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information;
  • for facilitating requests made at your direction;
  • with your consent or for any other lawful purpose;
  • with government organisations and agencies, law enforcement and regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  • we may share in aggregate, statistical form, information that does not identify you regarding the visitors to our website, traffic patterns, and website usage with our affiliates or advertisers.

If, in the future, we sell or transfer some of or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.

Direct marketing

How we use personal information to keep you up to date with our products and services

We may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

How you can manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • you can ask us to stop direct marketing at any time - you can ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at [email protected]; and
  • you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in our Cookie Policy.

Please note that you cannot opt-out of non-promotional emails, such as those about your transactions, servicing, or our ongoing business relations. Your opt-out is limited to the email address, device, and phone number used and will not affect subsequent subscriptions.

We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

When and how we undertake profiling and analytics

We use performance cookies like Google Analytics to recognise and count the number of visitors/users of our website and to see how such visitors/users move around our website when they are using it.

For more information about how we use profiling and analytics, please visit our Cookie Policy.

Transferring personal information globally

We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside of the country you are located in, including the EU, New Zealand, and the United States of America, that are subject to different standards of data protection.

We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

  • we ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
  • where we transfer your personal information outside our group of companies or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well-recognized certification schemes like the EU - US Privacy Shield for the protection of personal information transferred from within the EU to the United States; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

How we protect and store your information


We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

Measures we take include:

  • placing confidentiality requirements on our employees and service providers;
  • ensuring that only authorised devices and authorised relevant employees with a work-related need for data processing have access to personal information and that any employee who changes roles within MX does not retain access to personal information unless such personal information is required for their new role.
  • when an employee leaves MX, ensuring they do not have access to, or take with them, any personal information. MX will ensure that no previous employees or external consultants have access rights to the MX systems holding personal information;
  • destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
  • following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it;
  • keeping our networks and systems up to date with regards to new versions, updates and patches on an ongoing basis;
  • using secure/encrypted transfer of personal information on the internet;
  • ensuring appropriate physical security of personal information, including:
  • fitting appropriate locks or other physical controls to the doors and windows of rooms where computers are kept;
  • destroying or removing all personal information from media such as CDs before disposing of them; and
  • ensuring that all personal information is removed from the hard drives of any used computers before disposing of them;
  • implementing best practice access controls, including:
  • that best practise password procedures must be in place, including using strong passwords; and
  • having industry-standard hard drive encryption for internal or external hard drives; and
  • ensuring suitable firewall and infrastructure logging to ensure the ongoing logging of failed login attempts or attacks on MX's systems, including log of time, user, etc. and block access after a certain number of failed login attempts for each user;
  • protecting our networks, systems and logs against tampering;
  • having a vulnerability management program, including regular monitoring of potential vulnerabilities and performance of penetration tests of networks and MX systems;
  • having a Security Incident Response Plan in place in the event of a serious security incident;
  • using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry-standard encryption protocol, which ensures that the information is reasonably protected against unauthorized interception; and
  • monitoring and keeping up to date with all security measures, processes and risk analyses.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information. Nevertheless, transmission of information via the internet is not completely secure and we cannot guarantee the security of information.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner within 20 business days. In some circumstances, we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

In specific circumstances, we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.


A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet-enabled devices, such as a smartphone or tablet) when you visit a website.

Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your country, language and other settings. Cookies allow us to understand who has seen which webpages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier. Cookies can allow us to do various other things, as explained further in our Cookie Policy which you can access by clicking on the link below.

For more information about the types of cookies we use, how they work and information about how to manage your cookie settings, please visit our Cookie Policy.

Legal rights available for California residents

California residents have certain privacy rights under the California Consumer Privacy Act of 2018, also known as the CCPA.  The CCPA requires additional disclosures, and provides rights to know, delete, and opt-out, which are detailed below.

Notice of Collection

In the past 12 months, we have collected the following categories of personal information  listed in the CCPA:

  • Identifiers, including name, email address, phone number account name, IP address, and an ID or number assigned to your account.
  • Customer records, billing and shipping address, and credit or debit card information.
  • Commercial information, including purchases and engagement with the Services.
  • Internet activity, including your interactions with our Services.
  • Employment and education data, including information you provide when you apply for a job with us.

For more information on the information we collect, including the sources we receive information from, review the What Personal Information We Collect section. We collect and use these categories of personal information for the business purposes described in the same section, including to provide and manage our Services.

MX does not sell (as that term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt-out). We use and partner with different types of entities to assist with our daily operations and manage our Services. Please review the How We Share Personal Information section for more detail about the parties we have shared information with.


Our website and Services are intended to provide information to our customers and job applicants.  By using the website, Services or interacting with MX offline, you represent and warrant that you will only provide information within the context of (i) your role as a job applicant, business contact, supplier, prospective customer or customer or (ii) MX conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

Our processing of Customer Data is governed by the terms of our service agreements with our customers and their privacy policies, and not this Policy.  We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies.

We acknowledge that you may have rights in connection with Customer Data.  If you are a California resident and we, as a service provider, have processed your information behalf of a customer and you wish to exercise your CCPA rights, please inquire with our customer directly.

Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

Shine the Light.

California’s “Shine the Light” law permits residents of California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. We may share personal information as defined by “Shine the Light” with our affiliates for those their own direct marketing purposes.  If you are a California resident and wish to obtain information about our compliance with this law, please e-mail us at [email protected] or send us a letter to the mailing address under "Contact Us" below.  Requests must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code.  Please note that MX is not required to respond to requests made by means other than through the provided e-mail address or mail address.

Legal rights available for Nevada residents

Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at [email protected].

Legal rights in other jurisdictions

Residents in other jurisdictions may also have similar rights to the above. Please contact us at [email protected] if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.

Contact us

The primary point of contact for all issues arising from this privacy policy is our privacy team (“Vista Privacy”). Our Privacy team can be contacted by emailing [email protected].

If you have any questions, concerns or complaints regarding our compliance with this privacy policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact Vista Privacy. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws.

If you experience any difficulties accessing the information here, please contact us via the details above to obtain this Policy in an alternate format.

To contact your data protection supervisory authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place of work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.

Issue date of Privacy Policy: 23 June 2020.

Talk to us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.