Carp

Privacy Policy

If you are a merchant using Carp, we collect and use your personal information to provide you with the use of our platform and its services, and generally to help you better manage your business and your relationship with your customers.

Your privacy rights

  • Carp is committed to complying with its obligations under the Privacy Act 2020 (“Privacy Act”) when dealing with your Personal Information. Any Personal Information you provide to us will be stored, used and disclosed by Carp in accordance with this Policy.
  • If you have any questions regarding this Policy or wish to access or amend the Personal Information that we hold about you, please contact us at [email protected].

Acceptance of this privacy policy

  • By accessing or using our Services, and/or otherwise providing us with your Personal Information, you acknowledge that you have read and understood this Policy and that you authorise us to collect, hold, use and disclose your Personal Information in accordance with this Policy.
  • This Policy is in addition to any other applicable terms and conditions that may apply to your relationship and/or engagement with us, including our Terms and Conditions.

Amendments to this privacy policy

We may amend and update this Policy from time to time by posting a revised version on our website or otherwise notifying you through our Services. Any changes will apply from the date we post the updated Policy on our website or through our Services. If we make any significant changes, we will endeavour to provide you with reasonable notice of such changes through our website, or via other means such as email. By accessing or using our Services after such notice period, you will be deemed to have accepted the updates to this Policy. If you do not agree to any change, you must immediately notify us and cease accessing our Services.

How and what type of information we collect about you

Your Personal Information will be collected and held by Three Scoops Limited, or by third party service providers on our behalf, most notably Stripe, which has a privacy policy available here

We collect Personal Information in order to manage, market and conduct our business, to provide our Services, and to meet our legal obligations. Depending upon the nature of your relationship with us, the type of Personal Information we collect and hold may include:

  • your name and contact details (including your email address, phone number and postal address);
  • passport or drivers licence details, including date of birth, to verify your identity for compliance purposes;
  • bank account and/or payment card details for the purpose of loading or topping up your wallet (in accordance with your instructions); records of our communications with you, including any complaints, requests or queries;
  • any other Personal Information that may be required in order to facilitate your dealings with us and/or to assist us in conducting our business, providing and marketing our Services and meeting our legal obligations; and
  • information we create in the course of our relationship with you, such as personal preferences and other details or evaluations of your interactions with us and our Services.
  • business type, business address, GST details, and directors and shareholder details (which will include the Personal Information listed above).
  • Device and location information when using our services.

Who we collect Personal Information from

We use different methods to collect your Personal Information. We will generally collect Personal Information directly from you (e.g. through information you submit through the Service or through correspondence that you submit to us). However, we may also collect Personal Information:

  • from third parties and government databases in some instances, for example to verify your identity for AML compliance purposes;
  • from other third parties that we partner with for marketing and promotional purposes,
  • from publicly available websites or sources.

If you have provided us with information about another person, you warrant that you have that person’s permission to do so. Your obligations under privacy laws may also mean that you need to tell that person about the disclosure and let them know that they have a right to access their Personal Information and that we will handle their Personal Information in accordance with this Policy.

When you access our Services, we may collect information that is sent to us by your device. Generally, this information is not personally identifiable data, but to the extent that it is considered Personal Information for the purposes of the Privacy Act, we will comply with our legal obligations under any such law or regulation when processing that information.

You are not required to provide us with your Personal Information. However, if you choose not to provide Personal Information to us on request we may be unable to provide certain Services to you or it may affect the functionality of our Services.

How we use Personal Information

We collect, hold, use and disclose your Personal Information for the following purposes:

  • to provide you with our Services;
  • to communicate with you
  • to help provide a more tailored and personalised experience;
  • to research and help improve and enhance our Services and to conduct market analysis and perform data analytics on customer behaviour and insights in relation to our Services;
  • to undertake administrative functions associated with the Services and our business;
  • to comply with any legal obligations
  • To prevent fraudulent use of our services

Who we may disclose your Personal Information to

We may disclose your Personal Information to:

  • any third party service providers that we have engaged to provide a service to us in relation to our Services and/or to carry out functions on our behalf, including those who provide us with IT and marketing services;
  • financial services dispute resolution providers (where required by law or with your consent);
  • third party providers of identity verification services to enable us to meet our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009;
  • potential investors and/or purchasers of our business;
  • our professional advisors, including accountants, insurers and lawyers;
  • any other person or organisation that you have authorised us to disclose your information to; and/or
  • any other third party where such disclosure is permitted or required under the Privacy Act and/or any other applicable law;

If we disclose Personal Information to a third party outside of New Zealand who uses that information for their own purposes, we will ensure that such third party is subject to comparable privacy laws to New Zealand or is required to protect the Personal Information in a way that is comparable to New Zealand’s privacy laws.

Access, correction and retention of your Personal Information

You agree that any information you give to us will be accurate, correct and up to date and you will inform us if any of Personal Information changes to ensure that the details we hold about you are up to date and correct. You can update your personal details at any time through your customer account or by contacting us at [email protected].

You are entitled to access the Personal Information we hold about you, and to request that we amend it if it is incorrect. If we are not willing to correct errors that you have identified in your Personal Information, you may request that we take reasonable steps to attach a statement to the Personal Information noting the correction sought.

We will only retain your Personal Information for as long as it is required to achieve the purposes set out in this Policy or as otherwise required by law.

Security of information

We take reasonable steps to protect Personal Information from misuse, loss and unauthorised access, modification or disclosure.

Although we take reasonable steps to ensure Personal Information held by us (or on our behalf) is protected and held securely, we do not make any warranties in relation to the security of any information you disclose or transmit to us and we are not responsible for the theft, destruction, or inadvertent disclosure of your Personal Information where our security measures have been breached. Any transmission of Personal Information is conducted at your own risk.

Where we hold your Personal Information

We use third party cloud service providers, such as Amazon Web Services, Cloudflare and Vercel, to store data on our behalf. Those providers are generally based in The United States of America or Australia.

How to contact us

If you have any queries or concerns about this Policy or our handling of your Personal Information please contact us at [email protected]