GDPR Statement

This GDPR Statement should be read in conjunction with the Streamline Privacy Policy, which is published separately on our website. This GDPR Statement applies only where the Streamline Business Group Limited and its operating subsidiaries ("Streamline") processes personal data of individuals located in the European Union (EU) or the United Kingdom (UK) (“EU/UK Data Subjects”), as required under applicable data protection laws.


For all other individuals, including those located in New Zealand, the Streamline Privacy Policy and the New Zealand Privacy Act 2020 are the primary frameworks governing the collection, use, and disclosure of personal information.

Definitions

  • Controller – Streamline where it directly collects personal information from EU/UK Data Subjects.

  • Customer – the counterparty to a Managed Service Agreement or Master Subscription Agreement with Streamline who has obtained consent from EU/UK Data Subjects to collect and process their personal information.

  • EU Data Subject – a living individual residing in a European Union Member State.

  • UK Data Subject – a living individual residing in the United Kingdom, covered by UK GDPR and the UK Data Protection Act 2018.

  • GDPR – the General Data Protection Regulation (EU 2016/679).

  • UK GDPR – the UK General Data Protection Regulation, as incorporated into UK law.

  • Legitimate Interest – a lawful basis under GDPR/UK GDPR for the collection of personal information.

  • Personal Information – as defined in the Streamline Privacy Policy, being any data relating to an identified or identifiable individual.

  • Processor – Streamline where it processes personal information on behalf of a Customer.

  • Managed Service Agreement / Master Subscription Agreement – any written contract, statement of work, or binding agreement between Streamline and a Customer.


Legal Basis for Collection of Personal Information

Streamline collects, uses, stores, and transfers personal information to manage its relationships with Customers, employees, business partners, and other third parties (“covered individuals”). Processing is undertaken in compliance with applicable laws, relevant agreements, and with appropriate notice and consent where required.


EU/UK Data Subject Rights

Subject to identity verification and applicable law, EU/UK Data Subjects have the right to:

  • Request a copy of personal information we hold and details of its source, purpose, and recipients.

  • Request correction of inaccurate personal information.

  • Request deletion of personal information when no longer needed, or where consent is withdrawn (subject to legal retention requirements).

  • Request restriction of processing where data is inaccurate, unlawfully processed, or no longer needed.

  • Request portability of personal information to themselves or another party.

  • Object to processing based on our legitimate interests, including marketing.


We may not always be able to fully comply, for example where doing so would impact confidentiality obligations, legal requirements, or our ability to exercise legal rights.


Requests can be made by contacting the Streamline Privacy Officer (see details in our Privacy Policy).


Processing on Behalf of Customers

Where Streamline processes personal information on behalf of a Customer, the details of the processing (including duration, purpose, and categories of data) are documented in the applicable Managed Service Agreement or Master Subscription Agreement. Streamline maintains records of such processing and may use approved sub-processors where authorised by the Customer.


International Transfers

Personal information of EU Data Subjects may be transferred outside the European Economic Area (EEA) using lawful mechanisms, including the EU Standard Contractual Clauses (SCCs).


For UK Data Subjects, transfers will rely on UK-approved International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU SCCs.


Streamline has an intragroup agreement incorporating these safeguards to ensure that personal information transferred within the Streamline global group, including to entities outside the EEA and UK, is adequately protected.


Children’s Privacy

Streamline does not knowingly collect information from children (as defined under local law) and does not target its websites or services to children. Parents and guardians are encouraged to take an active role in their children’s online activities.


Privacy Governance

Streamline is primarily regulated by the Privacy Act 2020 (New Zealand). For EU/UK Data Subjects, Streamline also complies with GDPR and UK GDPR where applicable.


Streamline has appointed a Privacy Officer under New Zealand law, who also serves as the point of contact for GDPR and UK GDPR matters. Streamline is not required to appoint a formal Data Protection Officer (DPO) given its limited exposure to EU/UK personal data.


Notification of Changes

We may update this GDPR Statement from time to time. The latest version, with its effective date, will always be published on our website.


Questions or Complaints

Any questions or complaints regarding this GDPR Statement or personal information handled by Streamline can be directed to our Privacy Officer, whose contact details are available in the Streamline Privacy Policy.

‹ Modern Day Slavery

Black Sand

Own the Decision Moment

Right information. Right people. Right time. Repeatable advantage.

Black Sand

Own the Decision Moment

Right information. Right people. Right time. Repeatable advantage.

Black Sand

OWN THE DECISION MOMENT

Right information. Right people. Right time. Repeatable advantage.