Privacy Policy

1. Introduction

Tahi Studio Limited ("Tahi Studio", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.tahi.studio or use our services. We process personal data in compliance with New Zealand's Privacy Act 2020 and the General Data Protection Regulation (GDPR) for our clients in the European Union.

2. Information We Collect

We may collect the following types of personal data:

  • Identity Data: Your first name, last name, and company name.
  • Contact Data: Your email address and billing address.
  • Financial Data: While we do not store your full payment card details, our payment processor, Stripe, does. We may have access to billing address information.
  • Technical Data: Your Internet Protocol (IP) address, browser type and version, time zone setting and location, and other technology on the devices you use to access our Website.
  • Usage Data: Information about how you use our Website and Services, collected via analytics tools.

3. How We Collect Your Data

We collect data through:

  • Direct Interactions: When you fill in forms on our Website, purchase a service, or communicate with us via email.
  • Automated Technologies: As you interact with our Website, we may automatically collect Technical and Usage Data through analytics services like Google Analytics and Matomo. We will implement a cookie consent banner to manage your preferences for these technologies.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide and manage your access to our Services, including your client dashboard.
  • To process payments and manage your account.
  • To communicate with you about your projects and our services.
  • To improve our Website, services, and marketing.
  • For marketing communications, which you can opt-out of at any time.

5. Disclosure of Your Personal Data

We do not sell your personal data. We may share your data with the following categories of third parties:

  • Service Providers: We share data with third-party companies that provide essential services for our business, including:
    • Stripe: For payment processing.
    • Google Analytics & Matomo: For website analytics.
    • MailerLite: For email marketing.
    • Google Drive: For file storage.
    • Zapier: For process automation.
    • The provider of our client dashboard.
  • Subcontractors: We may share necessary project information with vetted subcontractors who are bound by confidentiality obligations.
  • Legal Authorities: If required by law or to protect our legal rights.

6. International Data Transfers

Many of our third-party service providers are based outside of New Zealand and the European Economic Area (EEA), which means your data will be transferred internationally. We ensure that such transfers are protected by appropriate safeguards, such as Standard Contractual Clauses, to ensure your data is treated securely and in accordance with this Privacy Policy.

7. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include two-factor authentication and limiting access to your personal data to those employees and third parties who have a business need to know.

8. Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for. To comply with our legal, accounting, and reporting requirements, we will retain essential client and project data for a period of seven (7) years after the completion of services or termination of your account. You may request the deletion of your data at any time, subject to our legal obligations.

9. Your Legal Rights

Under data protection law, you have rights including:

  • The right to access: You can ask for a copy of your personal data.
  • The right to rectification: You can ask us to correct any inaccurate information.
  • The right to erasure: You can ask us to delete your personal data.
  • The right to restrict processing: You can ask us to limit the use of your data.
  • The right to object to processing: You can object to us using your data for certain purposes (like marketing).
  • The right to data portability: You can ask for your data to be transferred to another organisation.

You can access and update some of your information directly through your client dashboard. To exercise any of your other rights, please contact us.

10. Children's Privacy

Our services are not intended for and we do not knowingly collect data from individuals under the age of 18.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your legal rights, please contact us at: business@tahi.studio