Privacy Policy

Theta Privacy Policy

Theta Systems Limited (“Theta” “we or “us” or “our”) offers technology consultancy and software products designed and developed specifically for businesses. Glasstrail is one of our products.

This privacy policy explains how we collect, use and share personal information collected through your use of our website or as a result of you using our software (“Software”).

We may amend this privacy policy to keep it up to date with legal requirements and the way we operate our business. This privacy policy was last updated in November 2021.

We collect information from you when you register on our site, register for a free trial or demonstration of our Software through a third-party platform or from our website, subscribe to our newsletter or other forms of marketing communications, apply for a job with us, or respond to a survey or fill out a form.

When ordering or registering to use our Software, you may be asked to enter your name, email address, mailing address or phone number.

You own your data

Theta will store information that is entered by you, or automatically imported on your instruction. The data entered or imported by you remains your property and Theta will not use this information without your permission. However, if you download, install or use our Software you will be bound by Theta’s standard terms and conditions for the Software. You grant Theta a licence to access, collect, compile and use your data for Theta’s own purposes provided that such data excludes any personally identifiable data, or information that identifies you, or your business.

You control who has access

Data entered or imported by you in order to use our Software and stored on Theta’s system will be stored securely and only accessible to persons you have authorised to use the Software. It is your responsibility to keep your login details safe. Theta and its staff do not have access to your password.

Theta support staff may have access to your Theta account and database for the purpose of providing you with customer service related to your account.​

How we use your information

Any of the information we collect from you may be used in one of the following ways:

  • To personalise your experience –your information helps us to better respond to your individual needs.
  • To charge for the Software–we may assess your use of the Software either on a consumption or a per user basis in order to charge for your use of the Software.
  • To improve our website, Software and services -we continue to improve our products and services based on the feedback we receive from you. Should you require assistance from our support staff in relation to issues with our website, services, or your account, we may require your personal details in order to address the issue, such as your username and user ID.
  • To process transactions - your information, whether public or private, will not be sold, exchanged, transferred, or given to any other entity for any reason, without your consent, other than for the express purpose of delivering a purchased product or to fulfil a legal obligation as described below.
  • To contact you – we may collect your title, name, email address, phone number and address. We use this information to operate, maintain and provide the Software and services to you, and to communicate with you. We may send periodic emails to the email address provided for your subscription to share information and updates relating to your subscription. Subject to your consent, we may collect your preferences set for notifications, marketing communications and how our website is displayed. We use this information to provide notifications, send news, alerts and marketing communications and provide our Software and services in accordance with your choices and to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented. If at any time you would like to unsubscribe from receiving emails, you can do so.

Legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do so (namely, that the processing is necessary for our legitimate interests and/or for compliance with a legal obligation to which we are subject). This is because:

  • we need to use your personal information to perform a contract or take steps to enter into a contract with you;
  • we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may use your email address to send you invites or inform you of events that we host. In all such cases, we will look after your information in a way that respects your privacy rights and you have a right to object to processing as explained in the legal rights section.
  • we need to use your personal information to comply with a relevant legal or regulatory obligation; or
  • we have your consent to use your personal information for a particular activity. If you would like to find out more about the legal basis for which we process personal information, please contact us.

How we protect and store your information

We implement and maintain appropriate technical and organisational security measures, policies and procedures to maintain the safety of your personal information when you subscribe or enter, submit, or access your personal or business information.

Theta's servers have SSL Certificates issued by a leading certificate authority which enables encryption of data in transit. However, the internet is not in itself a secure environment. This means that your browser must support the encryption security with any web based web-based communications with Theta.

Access and storage controls via the Software are administered by Theta in New Zealand as the custodian of that data. Where you access or input data from somewhere other than the country where the data is stored or to be stored, you consent to that data being transferred from one country to the other (including via any intermediate country) as a function of transmission across the internet.

Where your information is no longer needed, we will ensure that it is disposed of in a secure manner within 20 business days. In some circumstances we may store your personal information for longer periods of time, for instance: where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; so that we have an accurate record of your dealings with us in the event of any complaints or challenges; or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Theta does not store your credit card details

When you choose to pay for the Software or Theta services by credit card, your credit card details are not stored and cannot be accessed by Theta staff. Your credit card details are encrypted and securely stored by a PCI certified payment authority, to enable Theta to automatically bill your credit card on a recurring basis. Theta currently uses either Stripe Payments or Chargify as its PCI certified payment authority.

Disclosure of information to third parties

We share your personal information in the manner and for the purposes described below:

  • with trusted third parties who assist us in operating our Software, conducting our business, or servicing you, so long as those parties agree to keep this information confidential and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
  • we may release your personal information to government organisations and agencies, law enforcement, or regulators, when we believe release is appropriate to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other government agencies.
  • non-personal information may be provided to other parties in aggregate statistical form for website usage with our marketing and advertising partners, or other uses; and
  • if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a third party purchaser of our business or assets.

Opting out of receiving targeted advertising

We use 3rd-party services to help advertise and promote our product. You can opt out of receiving targeted ads by following these links DAA, NAI, or EDAA (Europe only).

How you can manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you; and
  • you can ask us to stop sending marketing emails by following the "unsubscribe" link you will find on any marketing messages we send you. Alternatively, you can contact us at [email protected].

We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

Transferring personal information globally

We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the European Union, including New Zealand, Australia and the United States of America, that are subject to different standards of data protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To this end:

  • where we transfer your personal information to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; or
  • where we receive requests for information from law enforcement or regulators, we validate these requests before any personal information is disclosed.

You have a right to contact us for more information about the safeguards we have in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Legal rights available to help manage your privacy

We are committed to protecting the security of your Personal Information and we take all reasonable precautions to protect it from Privacy Breaches, namely:

  1. unauthorised or accidental access, disclosure, alteration, loss, destruction of your Personal Information; and
  1. actions which prevent us from accessing your Personal Information on a temporary or permanent basis.

If your Personal Information is subject to a Privacy Breach which causes or is likely to cause serious harm, we will notify you and the New Zealand Privacy Commissioner in accordance with our obligations under New Zealand's Privacy Act 2020.

Your personal information may be transferred to our third-party service providers in overseas countries. By providing your personal information to us, you acknowledge that some  third-party service providers may be located in countries which do not have the same level of privacy laws as New Zealand and you consent to the transfer of your personal information in these circumstances.  

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking and where your Personal Information originates from, you have certain rights in relation to your personal information. If you are resident in the European Union, under European law you have the following rights in respect of your personal information:

  • access to personal information
  • rectify or erase personal information
  • restrict the processing of your personal information
  • transfer your personal information
  • object to the processing of personal information
  • object to how we use your personal information for direct marketing purposes
  • obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  • lodge a complaint with your local supervisory authority

If you wish to access any of the above rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. You can exercise your rights by contacting us at [email protected]. Subject to legal and other permissible considerations, we will make every reasonable effort to respond to your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Residents in other jurisdictions may also have similar rights to the above. Please contact us at [email protected] if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Terms and Conditions

Please also visit our Terms and Conditions  section establishing our data protection obligations to you as your data processor and the use, disclaimers, and limitations of liability governing the use of our website and Software.

Contacting Us

If you have any questions regarding this privacy policy you may contact our privacy team (“Theta Privacy”) by email at [email protected]  or by post, to:

Theta Privacy - Glasstrail

c/o Theta Systems Limited

Level 2, Theta House

8-10 Beresford Square


1010 New Zealand

If you have any questions, concerns or complaints regarding our compliance with this policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact [email protected]. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and within the timescales provided by data protection laws.

Privacy Policy: November 2021