Terms and Conditions

Introduction

By accessing or otherwise using the Website and/or the Service you are deemed to have accepted these terms of service and our Privacy Policy (together the Terms), which shall form a binding agreement between you and us.

In these Terms:

Tourwriter, we, us and our means Tourwriter Limited, a company incorporated in Wellington, New Zealand (the provider of the Service), and 

Customer, you or your means the person or entity who uses the Service and is the holder of an Account.  

All other capitalised terms not otherwise defined have the meaning given to them in clause 17.

Service

1.1 Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable licence to access and use the Service in accordance with these Terms.

1.2 If you wish to access and use the Service, you must become a registered user and activate an Account.

1.3 Only your Authorised Users who have completed the relevant log-on procedure and have provided the consents required by Tourwriter from time to time, may access the Service on your behalf.

1.4 You must notify each Authorised User of the terms of the Terms and ensure that each of them strictly comply with such terms.  You shall be responsible (and liable) for any failure of any Authorised User to comply with the Terms (as if it were a breach by you of the Terms).

1.5 We may contact your Authorised Users directly in connection with their access to and use of the Service, including requesting information from any Authorised User regarding their use of an itinerary. 

Restrictions on access and use

2.1 You agree: 

2.1.1 not to (and to ensure that your Authorised Users do not) modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell or re-sell the Service or its Content;

2.1.2 not to use the Service in a way that attempts to circumvent, or is otherwise inconsistent with, your payment obligations in (and anticipated by) these Terms and the Website;

2.1.3 to use (and to ensure that your Authorised Users  use) the Service or Website in accordance with all applicable laws, and not for any illegal purpose;

2.1.4 not to (and to ensure that your Authorised Users do not) distribute through the Service or Website any attachments, documents, data or files that: (i) infringe on any copyright, patent, trade secret, trademark or other third party proprietary rights; (ii) violate any law (including any Data Privacy Laws), statute, ordinance or regulation; or (iii) are defamatory, libellous or obscene;

2.1.5 to ensure that any information you (and your Authorised Users) provide in connection with your Account and use of the Service is accurate and current, and that you will promptly notify us of any change in such information. You acknowledge that the operation of the Service and Website depends on the entry by you and your Authorised Users of accurate and up to date Customer Data; 

2.1.6 to keep (and ensure your Authorised Users keep) your Account details and passwords strictly confidential and not share your Account password with any other person; 

2.1.7 to use (and ensure your Authorised Users use) the Service in a way that does not damage, disable, overburden, or impair the Service; 

2.1.8 not to attempt to modify, translate, adapt, edit, decompile, disassemble, reverse engineer or undermine the security or integrity of any software programs used by us in connection with the Service.

2.2 You may not access the Service if you are a direct competitor of ours, except with our prior written consent. In addition, you may not access the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes.

Client Itineraries

3.1 You acknowledge and agree that:

 

3.1.1 Other than as set out in clause 3.1.2, if you do not confirm a Client Itinerary with a total sale price attached to it via the Confirmation Procedure, you will lose access to the relevant Client Itinerary 14 days before the due date for travel in the Client Itinerary.

3.1.2 If you are building a last minute Client Itinerary with a due date for travel that is 14 days or less away, you will lose access to the relevant Client Itinerary if you do not confirm the Client Itinerary with a monetary value attached via the Confirmation Procedure prior to the due date for travel. 

We will try to provide you with an alert (in the itineraries tab within the Service) alerting you to the fact that you will soon lose access to a Client Itinerary unless it is confirmed and has a total sale price attached to it. 

3.2 You may reactivate a Client Itinerary that you have lost access to at any time by undertaking the Confirmation Procedure in respect of that Client Itinerary and ensuring that it has a total sale price attached to it.

3.3 The total sale price of a Confirmed Itinerary must equal the total price of all booked items within the itinerary.  Your Account will be immediately terminated if you attempt to confirm a Client Itinerary for any lesser amount.

3.4 Without limiting our other rights and remedies, if you are an expert plan customer and you fail to confirm Client Itineraries with a total sale price attached via the Confirmation Procedure, or if the total sale price attached to the Confirmed Itinerary is not commensurate with the total price of all booked items within the itinerary, then: 

3.4.1 we may give you 30 days’ notice and switch your account from the expert transaction fee plan to the per user premium monthly plan, which will be subject to the corresponding fees and terms outlined on the Website pricing page; and

3.4.2 the number of Authorised Users that we will switch to the per user premium monthly plan will be based on the number of Authorised Users using the Service via your Account that have logged into the software within the last 30 days.

Fees

4.1 If you use the Service, you must pay the associated Fees (in full, without any set off or deduction).  All Fees are as detailed against the particular plan you have subscribed for on the Website (as updated from time to time), unless otherwise expressly agreed in writing between you and us.  We will give you notice of any changes to the Fees on the Website or that otherwise will apply to your Account. 

4.2 Fees (and any other amounts payable under these Terms) are payable by you to us either annually or monthly, as specified in the particular plan you have subscribed for on the Website or as otherwise agreed by us. You will be prompted, within the Website, to make payment of your Fees via credit card or by way of bank transfer. You must keep your credit card or bank account (as applicable) details up to date in your Account. 

4.3 Payment transactions are securely processed by third party payment processors, Stripe and Windcave, and are subject to those third party payment processors’  Terms of Service (which will be available on the relevant processor’s website)].  These third party payment processors are solely responsible for such transactions and we exclude all liability for such transactions to the extent not restricted by law.  The relevant third party payment processor maintains administrative, technical, and physical procedures to protect information stored on its servers, as outlined within its privacy policy [(which will be available on the relevant payment processor’s website].

4.4 If you choose to cancel your Account, we will charge you all Fees for any previous period Confirmed Itineraries and any outstanding future Confirmed Itineraries not yet invoiced.  If you reduce the number of Authorised Users on your per user plan during any annual payment period, you will not receive a refund of any amounts paid in advance for such period.

4.5 If you do not make payment of your Fees by the due date for payment (including where a payment from your credit card has been declined) we may, without limiting our other rights, on notice to you: 

4.5.1 charge interest on the unpaid amount from the due date until the date of actual payment, at 2% per annum over the base overdraft facility rate charged by our bankers from time to time;

4.5.2 cancel or suspend your Account immediately; or

4.5.3 change the Service plan that you have subscribed for.

You may also incur additional fees charged by our third party payment processors.

4.6 The Fees are exclusive of all taxes (including goods and services tax, if any), levies, or duties imposed by taxing authorities, and you shall be responsible for payment of all such taxes, levies, or duties, excluding only taxes based solely on our income. 

Disruption of Service

5.1 We will take all reasonable steps to ensure that the Service functions as intended. However, you acknowledge that your access to the Service and the Website may be disrupted as a result of a malfunction, updating, maintenance or repair of the Website or Service or for any other reason within or outside our control.

5.2 We will use reasonable endeavours to promptly address (during normal business hours) technical issues that arise in relation to the Website or the Service. However, to the extent permissible at law, we shall not be liable for any loss or damage caused or suffered (by you, your Authorised Users) as a result of any partial or total breakdown of, or inability to use, the Service or Website, unless this has resulted from our gross negligence.

5.3 As the Content consists primarily of Third Party Content, we do not warrant that the Service or Content will meet your specific requirements or that the Content will be accurate, complete or up to date.

5.4 Our obligation in clause 5.1 is in lieu of all other warranties in respect of the Service and Content.  To the maximum extent permitted under applicable law, all other warranties, condition and representations, whether express, implied or verbal, statutory or otherwise, and whether arising under these Terms or otherwise, are excluded (including, without limitation, the implied warranties of merchantability, non-infringement and fitness for a particular purpose).

5.5 You agree the Service is acquired for the purposes of a business, and as such, the guarantees provided under the New Zealand Consumer Guarantees Act 1993 (and/or any other applicable consumer legislation in the jurisdiction in which the Service is being accessed) do not apply.

Data

6.1 Customer Data will be (and will remain) owned by you and your Authorised Users. However, you grant us a licence to access, use and disclose all Customer Data for the purposes of providing the Service and otherwise exercising our rights under these Terms, enhancing and developing the Service and Website and communicating with you about the Service and any other matters that may be of interest.  We may also disclose Customer Data (including Personal Information) in connection with a proposed purchase or acquisition of our business or assets, where required by an applicable law or any court, or in response to a request by a legitimate law enforcement agency.

6.2 You also grant to us a non-exclusive irrevocable license to copy, anonymize, aggregate, process and display Data to derive anonymous statistical and usage data, and data about the functionality of the Service and Website, provided such data cannot be used to identify you or your Authorised Users (Anonymous Data) and to combine such Anonymous Data with or into other similar data and information obtained from other clients or users (referred to as Aggregate Data).  We will own all right, title and interest in Anonymous Data and Aggregate Data.

6.3 You warrant and represent that:

6.3.1 you have the right to grant the licences in clauses 6.1 and 6.2 in respect of all of your Customer Data, and inputting, using and disclosing your Customer Data in the manner anticipated by these Terms and the Service; and

6.3.2 use of your Customer Data by us, you or any other Authorised User in connection with the Service (and as otherwise anticipated by the Terms) will not breach any laws or the rights (including intellectual property rights) of any person.

6.4 You are solely responsible for maintaining a copy of all of your Customer Data.  We have in place for our own purposes policies and procedures to prevent data loss (and recovery) but do not make any guarantee around loss or corruption of Customer Data.

6.5 We will make every reasonable effort to keep your Customer Data secure. Nevertheless, because internet transmissions cannot be guaranteed to be 100% secure in all aspects (including in relation to unauthorised use and disclosure of Personal Information), you acknowledge and agree that you use the Service and Website at your own risk, and you should only proceed to use the Website and/or the Service if you accept this condition.

6.6 You will be liable for all action taken by any person that has obtained access to your Account (whether they have authorised such access or otherwise) and agree to notify us immediately of any unauthorised use of your Account, or other breach of privacy or security.

Ownership

7.1 Title in the Website, the Service, the Content any software used by us to develop and provide the Service (and all or intellectual property in them) will remain with us and our third party licensors.

7.2 If you provide us with ideas, comments or suggestions relating to the Website or the Service (together feedback), we may use or disclose the feedback for any purpose and will own all rights in that feedback and anything created as a result of that feedback.

Privacy

8.1 We collect and process your Personal Information and Personal Information of your Authorised Users when you (or your Authorised Users, as applicable) access or use the Website or the Service. By agreeing to these Terms, you also agree to the way we handle your (and your Authorised Users’) Personal Information under our Privacy Policy.  Our Privacy Policy forms part of these Terms.

8.2 You must:

8.2.1 comply (and ensure compliance by your Authorised Users) with all Data Privacy Laws in connection with the collection, use and disclosure of any Personal Information of any person;

8.2.2 not (and will ensure your Authorised Users do not) use the Service in a way that violates (or may be considered inconsistent with) the privacy, rights or civil liberties of any person (including in a way that prevents the exercise of them);

8.2.3 not (and will ensure your Authorised Users do not) share another person’s Personal Information without that person’s explicit permission;

8.2.4 obtain all consents from all individuals necessary under applicable laws (including Data Privacy Laws), for us to process and/or disclose Personal Information as necessary to perform the Service and otherwise comply with our obligations under the Terms, and ensure that such consent is obtained from the correct person;

8.2.5 notify us without undue delay if any Authorised User withdraws his or her consent, or any part of their consent, or objects to any processing of his or her Personal Information;

8.2.6 upon becoming aware of any unauthorised access, use or disclosure of Personal Information, or any other breach, or suspected breach, of your (or our) security safeguards, notify us without undue delay and provide timely information relating to the incident as it becomes known or as is reasonably requested by us.

Liability

9.1 You agree to indemnify us against any and all loss or cost we suffer or incur as a result of any: 

9.1.1 unauthorised access to or use of the Service or any Client Itinerary or Content by you or any of your Authorised Users;

9.1.2 violation of any privacy, intellectual property rights or other rights of a third party by you, your Authorised Users or any person using your Account.

9.2 In no event or circumstances shall you or Tourwriter be liable to the other (and in the case of Tourwriter, to any of your Authorised Users), whether in contract, tort, strict liability, negligence or otherwise at law for any special, indirect, incidental, punitive, or consequential damages of any kind whatsoever, or for any loss of profit, data or anticipated revenue.

9.3 To the extent permissible at law our total liability for any loss arising from or in connection with these Terms, the Website, the Service and the Content, will not in any circumstances exceed (in aggregate) the Fees paid by you in the first 12 months of the term of your agreement with us.

Cancellation

10.1 You may cancel your Account at any time by following the prompts within the Website or the Service.

10.2 We may cancel your Account (and access to the Service) at any time if we reasonably suspect you have breached these Terms or we consider it necessary or desirable to do so to protect our interests or reputation or the interests of any other person.

10.3 Upon termination of your Account (for any reason):

10.3.1 you acknowledge and agree that no Fees (paid in advance and which relate to the period following termination) will be refunded to you;

10.3.2 you must immediately cease (and ensure all your Authorised Users immediately cease) to access or use the Service, and destroy all access codes or passwords related to the Service and our Confidential Information in your possession or under your control; and

10.3.3 your Customer Data, other than Anonymous Data or Aggregate Data, will be deleted from the Website. 

10.4 Any termination will be without prejudice to any prior breaches by you of these Terms, and, any provision of these Terms intended to survive termination shall survive. 

Suspension

11.1 We may suspend access to the Service at any time:

11.1.1 for such time as is necessary to carry out maintenance we consider to be necessary or desirable;

11.1.2 to reduce or prevent interference with the Website or the Service, or a breach of any applicable law; or

11.1.3 if required to do so as a result of a direction by any Government, law enforcement or other authority.

Use of third parties

12.1 You acknowledge that the preparation of Client Itineraries and servicing your Clients is dependent on cooperation from third parties and the provision of Content from third party suppliers (Third Party Content).  The Service is simply facilitating your ability to transact with the suppliers of Third Party Content, and we are not responsible (or liable in any way whatsoever) for:

12.1.1 the acts or omissions of any such third parties; or

12.1.2 the accuracy or inaccuracy of any Third Party Content (including where such information has been made available by us via the Service). 

12.2 You agree that we may also use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Website and/or the Service, and store and manage Content. 

13.1 The Website and Service may provide links to other sites or resources.  Because we have no control over such sites and resources, you acknowledges and agree that we: 

13.1.1 are not responsible for the availability of such external sites or resources, and do not endorse and are not liable for any content, advertising, products or other materials on or available from such sites or resources; and

13.1.2 will not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such site or resource. 

Artificial Intelligence

14.1 Tourwriter reserves the right to incorporate artificial intelligence (AI) technologies into its operations, products, and services, both internally and externally. This includes, but is not limited to, the development and implementation of AI algorithms, machine learning models, and other AI-driven functionalities. By accepting these terms, you acknowledge and agree that Tourwriter may use AI to enhance its products, improve user experiences, and optimise internal processes.

14.2 In the course of utilising Tourwriter’s services, your data may be processed using AI technologies to enhance service quality, provide personalised recommendations, and improve overall performance. Tourwriter will handle such data in accordance with its Privacy Policy and applicable data protection laws.

14.3 You agree that Tourwriter may use anonymised and aggregated data derived from the use of its services to develop and enhance AI models and algorithms. This data will be utilised for statistical analysis, pattern recognition, and the improvement of Tourwriter’s AI capabilities.

Amendments

15.1 These Terms may be amended or replaced from time to time, by posting updated Terms on the Website. Any updated Terms become effective as soon as they are posted.

15.2 If updated Terms constitute a material change to these Terms, we will endeavour to post an announcement on the Website. Your continued use of the Service and/or Website following any amendment constitutes your acceptance of the updated Terms.

15.3 If you do not agree to the updated Terms you must cease to use the Service and terminate your Account.

General

16.1 These Terms shall be governed by and construed in accordance with the laws of New Zealand, and the parties submit to the exclusive jurisdiction of the New Zealand courts for any matter arising under or relating to these Terms.

16.2 Neither you nor we will not commence any court or arbitration proceedings relating to a question, difference or dispute relating to these Terms or the Service (Dispute) without first attempting to resolve the dispute by way of good faith negotiations for a reasonable period (using representatives of appropriate seniority).

16.3 You must not transfer, assign or sub-license your rights or obligations under these Terms without our consent.

16.4 If any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited or removed to the minimum extent necessary so that these Terms shall otherwise remain in full effect.

Definitions

17.1 In these Terms, the following terms have the following meanings:

Account means an account within the Service registered by a Customer and enabling the Customer (and its Authorised Users) to use the Service.

Authorised Users means any of your (i) personnel, contractors, end users or representatives that you have authorised to access the Service on your behalf; and (ii) Clients.

Clients means your clients who you have authorised to access and use the Service in connection with your Account.

Client Itinerary means any travel itinerary prepared by you and/or any of your personnel for Clients using the Service (whether in the form of a proposal or in a final form accepted by the Client) that has not yet been confirmed by you via the Confirmation Procedure.

Confirmation Procedure means the tick box procedure made available to you on the itineraries tab within the Service, which is to be used to turn a Client Itinerary into a Confirmed Itinerary.

Confirmed Itinerary means any travel itinerary prepared by you and/or any of your Personnel for Clients using the Service that you have confirmed via the Confirmation Procedure.

Content means content, materials, data or other information made available to you (or your Authorised Users) via the Service, including any Third Party Content, but excludes any Customer Data.

Customer Data means any data or information that you (or any of your Authorised Users) upload into (or otherwise make available via) the Service, the Website or any other interactions that you or any such person has with us or you. 

Data Privacy Laws means the data protection and privacy laws applicable to the processing of Personal Information that you or we (as applicable) are legally obliged to comply with, including the Privacy Act 2020 (New Zealand).

Fees means the fees (including base fees and transaction fee percentages) payable by you to access and use the Service, as detailed on the Website or as otherwise agreed by you and an Tourwriter.

Personal Information means information about an identifiable individual, or an individual whose identity can be reasonably ascertained, from that information.

Privacy Policy means our privacy policy as updated from time to time and published on the Website www.tourwriter.com/privacy-policy.

Service means the online tour operator service made available to you via the Website, and includes any associated support services provided by us to you as part of the Service, as detailed on the Website and otherwise agreed in writing by Tourwriter with you.

Terms means these terms of service and the Privacy Policy.

Website means the website at www.tourwriter.com through which the Service may be accessed by you, including parts or features of that website that can be used or accessed without requiring registration or logging into.


Privacy Policy

This privacy policy applies to Tourwriter Limited (a company registered in Wellington, New Zealand) and any entities that it owns or controls (we, us, our and Tourwriter).  It describes how we collect, process, dispose of and protect information that relates to an identified or identifiable individual across our Website and Service (Personal Information).  

This privacy policy is governed by New Zealand law. For more information about privacy issues in New Zealand and protecting your privacy, visit the New Zealand Privacy Commissioner’s website at www.privacy.org.nz.

When handling Personal Information, we will comply with Applicable Privacy Laws, including (as applicable), the New Zealand Privacy Act 2020 (NZPA), the General Data Protection Regulation (EU) 2016/679 (EU GDPR) and/or the United Kingdom General Data Protection Regulation (UK GDPR).

Unless a term has been defined in this privacy policy, it uses the same definitions as those used in our terms of service, available at www.tourwriter.com/terms-and-conditions.  

Who we are

We are the developer of Tourwriter, an online tour operator service. We’re based in New Zealand, but our services are available to be used from anywhere in the world.

If you want to find out more about us, visit the Tourwriter website, at www.tourwriter.com

Personal information and how we collect it

We collect your Personal Information in a number of ways when you use the Website or Service, as summarised below:

Information that comes directly from you. This is the Personal Information about you that you enter or upload into the Website or Service yourself, such as your date of birth, email address, other contact details and payment information, including any Personal Information you provide through the registration or subscription process, through any contact with us (e.g. telephone call, Website enquiry form or email) or when you use the Service or request support. If you don’t want to provide your Personal Information, you don’t have to, but it may restrict the function of some parts of the Website or Service.  

Information we receive from others. Customers (and their Authorised Users) may use the Service in such a way that the Personal Information of other individuals is collected through the Service. In such situations we are strictly a data processor, and for that reason the relevant Customer is responsible for making sure it has the appropriate permissions for us to collect and process such Personal Information.

Information we receive from your use of the Website and Service. Some Personal Information is automatically collected when you perform any action on, or interact with, any part of the Website or Service, including:

  • clickstream data, which is a record of how you navigate or click through our Website or Service; and
  • information obtained through the use of cookies, web beacons and similar storage technologies. Please refer to the section of this privacy policy entitled “Cookies and Tracking” for further information, including information on how you can disable these technologies.

Whenever you lodge a support query via the Website, we collect your name and email address in order to be able to reply to you and provide the support or advice requested.

How we use personal information

We will not process Personal Information, other than as outlined in this privacy policy, without having a lawful basis to do so.  We may process your Personal Information: 

  • to process your registration and create accounts within the Website and the Service;
  • to provide our Website and Service (including support services) and otherwise carry out our obligations under the Terms of Service;
  • to bill you (or the Customer on whose behalf you are acting) and to collect money that is owed,

and such processing is necessary for the performance of the contract between you (or the Customer on whose behalf you are acting) and us.

We also process your Personal Information: 

  • to verify your identity;
  • to communicate with you (including responding to feedback and information requests relating to the Website and the Service, to let you know when we are experiencing technical difficulties, and to alert you of new features or developments);
  • to communicate with, and comply with our obligations to, our third-party service providers, suppliers and other users of our Website and Service;
  • to send administrative messages, reminders, notices, updates, security alerts, and other information relevant to your (or an associated Customer’s) use of the Website and/or the Service;
  • to track access to the Website and Service in order to help detect and prevent any fraudulent or malicious activity;
  • to analyse and report on usage of the Website and Service, so we can improve the Website and Service; 
  • to send you (or the Customer on whose behalf you are accessing the Service) marketing and promotional messages and other information that may be of interest to you where you (or the Customer on whose behalf you are accessing the Service) have consented to receiving such material. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g., an unsubscribe link) or by emailing us at privacy.officer@tourwriter.com;
  • to protect and/or enforce our legal rights and interests, including defending any claim; and
  • to comply with our legal obligations, including any notification and reporting obligations and any access directions imposed on us by an applicable Government agency, law enforcement agency or regulatory authority,

and such processing is necessary for the purposes of a legitimate interest pursued by us, and we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms.

We may also process your Personal Information for such other purposes that are compatible with the original purposes described above, or that you otherwise consent to.

We may anonymise and aggregate information (in the manner specified in the Terms of Service) such that no person could be re-identified from the information. This aggregated and anonymised data is not Personal Information and this privacy policy does not apply to it.

Disclosing personal information

Your Personal Information may be disclosed to other Authorised Users when you use the Service, for the reasons summarised below:

  • To collaborate with other Authorised Users, where you (or the Customer who you are accessing the Service on behalf of) have granted the relevant permissions to allow others to see, share, edit, copy and download your content. For example, when you comment on a Client Itinerary, your profile picture and name will be displayed next to your comment so that other users with access to the Client Itinerary understand who made the comment. Similarly, when you join a team, your name, profile picture and contact information and will be displayed in a list for other team members so they can find and interact with you.
  • For Customer Account administration purposes.

We may also disclose your Personal Information to:

  • service providers and suppliers who provide necessary goods and/or services to us, and any other partners who help us market and sell the Website and/or the Service – for instance to manage customer relations, send out newsletters and/or to process payments;
  • any business that supports us, including hosting or maintaining any underlying IT system or data centre that we use to provide our Website and/or Service;
  • other third parties to anonymise and aggregate statistical information;
  • a person who can require us to supply Personal Information (e.g. a Government agency, regulatory authority or law enforcement agency); 
  • respond to due diligence requests and/or transfer Personal Information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business; and
  • any other person or entity authorised by you.

The rights of disclosure in this section may, if applicable, be subject to further restrictions contained in data processing agreements with our Customers and/or third party service providers (as applicable).

Processing payments:

  • In order to process payments for the Service we use third party payment processors, Stripe and Windcave. 
  • Stripe and Windcave collect, use and process information, including payment information, in accordance with their own privacy policies, which are available on their websites.
  • As a result of the provision of these payment processing services, Personal Information will be transferred outside New Zealand to jurisdictions in which Stripe and/or Windvcave (as applicable) operate, which may include the United States of America. 
  • For further information about the safeguards used when an individual’s information is transferred outside of New Zealand, see the section of this privacy policy below entitled Overseas Transfers.

You should also be aware that, when you access publicly accessible blogs, forums, bug trackers, and wikis made available on our Website, any information you provide in these websites (including profile information associated with the Account you use to post the information) may be read, collected, and used by any member of the public who accesses websites.

Minors

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact our Privacy Officer using the contact details set out below. 

Overseas transfers

Although you can access the Website and Service from anywhere in the world, Tourwriter is located in New Zealand, so your Personal Information may be transferred and/or stored there. For the purposes of the EU GDPR and the UK GDPR, New Zealand has been recognized as providing adequate protection.

We utilise the services of third party processors (or sub-processors, as applicable) in various countries who may access your Personal Information. An up to date list can be requested at any time from us. Consequently, we may transfer Personal Information to persons or entities located in these countries.  Although we will endeavour to ensure that Personal Information is treated securely and in accordance with this privacy policy as well as Applicable Privacy Laws, we advise that some of these countries may not have an equivalent level of data protection laws as those in New Zealand. 

If we transfer Personal Information to a third party located in a country outside:

  • the European Economic Union that the European Commission has not recognised as providing adequate protection, if required by the EU GDPR we will enter into an agreement with that third party that containing the standard contractual clauses approved by the European Commission; or
  • the United Kingdom that the United Kingdom Government has not recognised as providing adequate protection, if required by the UK GDPR we will enter into an International Data Transfer Agreement or Addendum (as appropriate) issued under section 119A of the UK Data Protection Act 2018.

Controller and processor status

Where we process or hold Personal Information solely on behalf of another organisation (for example, a Customer), we do so as an “agent” under the NZPA and, to the extent applicable, a “data processor” under the EU GDPR and/or UK GDPR. The data controller in this situation (for example, the Customer) will have its own privacy policy that will apply to its use of your Personal Information and we suggest you review any such privacy policy before you provide them with access to your Personal Information.

Where we process, use or disclose Personal Information for our own purposes, for purposes related to our business, we will be an “agency” governed by the NZPA and, to the extent applicable, a “data controller” under the EU GDPR and/or the UK GDPR. 

Internet use

While we take reasonable steps to maintain secure internet connections, the supply of Personal Information over the internet is at your own risk.

If you follow a link on our Website to another website, the owner of that website will have its own privacy policy that will apply to its use of your Personal Information processed on that website. We suggest you review that website’s privacy policy before you provide access to your personal information.

How long we keep personal information

We will keep your Personal Information:

  • until we no longer have a valid reason for keeping it;
  • until you request us to stop using it; or
  • for as long as required by law e.g., we keep invoice information for 7 years to fulfil our tax obligations.

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymise such information, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Cookies and tracking

Web analytics

We use web analytic tools, such as Google Analytics, to collect information about use of our Website and Service, with the goal of improving our Website and Service. These web analytic tools collect information such as how often users visit the Website and Service, what pages they visit when they do so, and what other sites they used prior to coming to the site.  

We may use various technologies to collect and store information about you when you use the Website and/or the Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons, as described below. 

Cookies

A cookie is a piece of information that our web server may send to your machine when you visit our Website. The cookie is stored on your device, but does not identify you or give us any information about your device. 

The types of cookies we use may include:

  • Strictly necessary cookies: These cookies are essential to the full functionality of our Website. They enable you to navigate around our Website and use its features. Without these cookies, you may not be able to access all the functions of our Website or the Service.
  • Performance cookies: These cookies collect information about how you use our Website and the Service. All information these cookies collect is anonymous and only used to improve our Website and Service.
  • Functionality cookies: These cookies allow our Website to remember the choices you make (for example, your user name, language or your region). Although these cookies are used to enhance the performance of our Website and Service, they are non-essential to their use.  However, without these cookies, certain functionality may become unavailable.

The length of time a cookie will stay on your browsing device depends on whether it is
a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies will stay on your browsing device until they expire or are deleted.

With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. If you want to do this, refer to your browser instructions or help screen to learn more. If you reject the use of cookies, you will still be able to access our Website but please note that some of its functions may not work as well as if cookies were enabled.  To learn more about how to enable, edit, or disable cookies on your computer, please visit the www.aboutcookies.org website.

Web beacons

Web beacons are tiny graphics with a unique identifier that may be included on the Website for several purposes. For example, we may use web beacons to deliver or communicate with cookies, to track and measure the performance of the Website and Service, to monitor how many visitors view our Website, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on an individual’s hard drive, web beacons are typically embedded invisibly on web pages (or in an email). We use these web beacons to customise content and advertising and to analyse traffic to our Website.

Protecting personal information

We take the protection of Personal Information seriously and we will take reasonable steps (using physical, electronic and procedural safeguards) to keep Personal Information in our possession safe from loss, unauthorised activity, or other misuse. Staff who handle your Personal Information are provided with training on how to do so appropriately. 

Your rights

You have the right to access your readily retrievable Personal Information that we hold about you, and to ask for it to be corrected if you think it is wrong or to be deleted. 

If you are based in the EEU or the United Kingdom you have the right, under the EU GDPR or the UK GDPR (as applicable), to:

  • in certain circumstances, have your Personal Information erased;
  • restrict the processing of your Personal Information;
  • move, copy or transfer your Personal Information easily for your own purposes across different services in a safe and secure way; 
  • object to processing where we rely on our legitimate interests as the lawful basis for processing;
  • withdraw your consent at any time, where our processing of your Personal Information is based on consent; and
  • lodge a complaint with an appropriate supervisory authority, if you consider that our processing of your Personal Information has breached the EU GDPR or the UK GDPR (as applicable). 

We will respond to any request made in respect of the above in accordance with the Applicable Privacy Laws. However, if we receive any data subject requests (e.g., requests to access or correct Personal Information) relating to Personal Information where we are acting as the data processor (and not the data controller), we will forward these requests to the relevant data controller (for example, the Customer). It is the data controller that is responsible for correcting, deleting or updating Personal Information and we recommend that you send any such requests to the relevant data controller.

Please note that in certain circumstances we may refuse to respond to a rights request where we have the right to do so under Applicable Privacy Law, for example, where a request is manifestly unfounded or excessive.

How to contact us

If you wish to exercise your rights under this privacy policy or any Applicable Privacy Laws or otherwise raise any privacy issue with us, you can do this by emailing our Privacy Officer at privacy.officer@tourwriter.com.  Your email should provide evidence of who you are and set out the details of your request (e.g., the Personal Information, or the correction, that you are requesting).

If you believe we are unlawfully processing your Personal Information and wish to lodge a complaint, you can lodge a complaint with us directly using the above contact details, or you can lodge a complaint with the New Zealand Privacy Commissioner. Information about how to lodge a complaint is available at Privacy Commissioner’s website.

If you are located outside New Zealand, you may also lodge a complaint regarding our Personal Information processing activities as they relate to your Personal Information with your relevant privacy law supervisory authority.

Changes to this privacy policy

From time to time we may make changes to this privacy policy (for example, to reflect any changes in our Service or any Applicable Privacy Laws).  Where a change is significant, we’ll make sure we let you know – usually by displaying a notice on our Website or by sending you an email.


Tourwriter: Data processing addendum (customer)

By this data processing addendum (Addendum), the Customer (the Controller) authorises Tourwriter Limited (the Processor) to process all Controller Personal Information in accordance with the Tourwriter Terms of Service and Privacy Policy (Agreement) and this Addendum. 

Definitions

1.1 Definitions:  Unless the context otherwise requires:

Applicable Privacy Laws means the laws protecting the right to privacy which apply to the Controller and Processor with respect to data connected with the Agreement, including the New Zealand Privacy Act 2020 and, if applicable, the UK GDPR and/or EU GDPR.

Business Day means a day other than a Saturday or Sunday or public holiday on which banks are open for commercial business in Wellington, New Zealand.

Controller Personal Information means any Personal Information in respect of which the Controller is a data controller, including the type of Personal Information and categories of data subjects referred to in the Privacy Policy, and which is processed by the Processor on the instructions of the Controller.

EEA means the European Economic Area. 

EU GDPR means the General Data Protection Regulation (EU) 2016/679.

Personal Information has the meaning given to the phrase “personal information” and “personal data” in Applicable Privacy Laws.  

Personal Information Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Controller Personal Information.

Privacy Policy means the Processor’s privacy policy made available at www.tourwriter.com/privacy-policy[insert link].

Regulatory Bodies means those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, Personal Information, privacy protection or other laws connected to this Agreement.

Services means the services performed by Processor for Controller, as described in the Agreement.

Standard Contractual Clauses means the standard contractual clauses approved by the European Commission in Commission Decision 2021/914 dated 4 June 2021, for Transfers of Personal Information to Third Countries not otherwise recognized as offering an adequate level of protection for Personal Information by the European Commission (as amended and updated from time to time).

Subprocessor shall mean any data processor engaged by the Processor (or by any other Subprocessor of the Processor) in order to be able to perform the Services.

Terms of Service means the Tourwriter terms of service made available at www.tourwriter.com/terms-and-conditions

Transfer shall mean making Controller Personal Information accessible to any person other than the data subject, including, but not limited to the active transfer of the data, permitting access, also remotely, sharing and publishing.

Third Country means a country or territory that is not:

  1. in the context of the UK GDPR, part of the United Kingdom; or
  2. in the context of the EU GDPR, a member state of the EEA.

UK GDPR means the General Data Protection Regulation of the United Kingdom, as defined in section 3 of the UK Data Protection Act 2018.

UK IDTA means the International Data Transfer Agreement or the International Data Transfer Addendum issued under section 119A of the UK Data Protection Act 2018, for Transfers of Personal Information to Third Countries not otherwise recognized as offering an adequate level of protection for Personal Information by the United Kingdom Government (as amended and updated from time to time). 

1.2 Interpretation: In this Addendum where the context permits:

1.2.1 references to data subject, data controller, data processor, identifiable, Personal Information, processing and special category Personal Information shall have the same meanings ascribed to them by the Applicable Privacy Laws
1.2.2 reference to a party shall include that party’s executors, administrators, successors and assigns;
1.2.3 reference to a statute or regulation shall include all amendments and re-enactments thereof; and
1.2.4 writing includes electronic communications (including email) and written has a corresponding meaning.

1.3 Standard Contractual Clauses: It is acknowledged that the Standard Contractual Clauses shall only apply to the Processor if the Processor is based in a Third Country that has not gained adequacy status under the EU GDPR.  For clarity, New Zealand holds adequacy status under the EU GDPR
1.4 ITDA: It is acknowledged that the ITDA shall only apply to the Processor if the Processor is based in a Third Country that has not gained adequacy status under the UK GDPR.  For clarity, New Zealand holds adequacy status under the UK GDPR.
1.5 Agreement:  This Addendum is supplemental to the Agreement. Any breach of this Addendum shall constitute a material breach of the Agreement.
1.6 Priority:  In the event of any conflict between the Agreement and this Addendum, the terms in this Addendum shall prevail (to the extent of any such inconsistency).

Data controller and processor

2.1 Data Controller:  The Processor acknowledges that, in respect of the Controller Personal Information and for the purposes of the Applicable Privacy Laws, the Controller (and each group company of the Controller) is the data controller.  The Controller agrees to comply with its obligations under this Addendum and, as controller, under all Applicable Privacy Laws.
2.2 Privacy notices:  The Controller is solely responsible for all data controller obligations under Applicable Privacy Laws, including providing any required notices and obtaining any required consents, and for the processing instructions that it gives to the Processor.
2.3 Controller warranties:  The Controller warrants that:


2.3.1 no contractual obligations prohibit the processing of the Controller Personal Information as described in the Agreement and this Addendum; and
2.3.2 the production, collection, and processing of Controller Personal Information has been and will continue to be carried out in accordance with the Applicable Privacy Laws.

2.4 Appointment as Data Processor:  The Controller appoints the Processor as a data processor of the Controller Personal Information, and the Processor accepts the appointment and agrees to comply with its obligations under this Addendum.

Data processing

3.1 Principles:  Controller Personal Information will be processed by the Processor under the general principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. 

3.2 Processing restrictions:  Subject to clause 3.3, the Processor shall ensure that all Controller Personal Information is processed only:

3.2.1 according to the instructions of the Controller, which shall include the purposes described in the Agreement;

3.2.2 in accordance with this Addendum; 

3.2.3 in compliance with Applicable Privacy Laws; and

3.2.4 except as otherwise specified in clause 7:

(a) where the EU GDPR applies to the Personal Information, within the European Union or a Third Country which ensures an adequate level of protection as indicated by the decision of the European Commission taken pursuant to article 25(6) of the Directive or article 45, § 3, of the EU GDPR; and/or

(b) where the UK GDPR applies to the Personal Information, within the United Kingdom or a Third Country which ensures an adequate level of protection, as recognised by the United Kingdom Government.

3.3 Outside of instructions:  The Processor may process Controller Personal Information outside of the Controller’s instructions if laws to which the Processor is subject require or allow it. The Processor shall notify the Controller if it is of the opinion that any instruction provided by the Controller is in breach of any Applicable Privacy Law.

Cooperation obligations

4.1 Assistance:  The Processor shall take any steps reasonably requested by the Controller to assist the Controller to demonstrate compliance with its obligations under Applicable Privacy Laws, including to assist and support the Controller:

4.1.1 in the event of an investigation or other control measures or by any Regulatory Body to the extent that such investigation relates to Controller Personal Information;

4.1.2 in the event of the exercise of any claims by data subjects or third parties related to the processing under this Addendum or the Agreement;

4.1.3 in complying with the rights of data subjects, including the right to obtain transparent information, the right to access, rectify, and erase their Personal Information, restrict, or object to, the processing of their Personal Information, exercise their right to data portability;

4.1.4 in notifying, consulting with and obtaining approvals from Regulatory Bodies where required; and

4.1.5 in performing data protection impact assessments.

4.2 Data subject rights:

4.2.1 The Processor shall promptly comply with any request from the Controller requiring the Processor to access, amend, Transfer or delete any Controller Personal Information.

4.2.2 The Processor must inform the Controller promptly, taking into account the notification requirements imposed on the Controller under Applicable Privacy Laws, following the Processor’s receipt of any inquiry from a data subject with respect to Controller Personal Information.

4.2.3 Provided that the Controller acts in accordance with Applicable Privacy Laws, the Processor shall not respond to any such request referred to in clause 4.2.2 unless expressly authorised to do so by the Controller.

4.3 Regulatory action:  The Processor will promptly notify the Controller about: 

4.3.1 any binding request addressed to the Processor or any of its Subprocessors for the disclosure of Controller Personal Information by a Regulatory Body, unless otherwise prohibited by applicable law; and

4.3.2 any monitoring activities and measures undertaken by the Regulatory Body, including where a Regulatory Body investigates the Processor for a possible breach of Applicable Privacy Laws.

4.4 Audit rights:  The Controller has the right to, on reasonable notice and in a reasonable manner, audit and inspect the implemented technical and organisational measures of the Processor and the Processor’s compliance with this Addendum to the extent such measures are able to be audited.  If the Processor notifies the Controller of a Personal Information Breach, then the Controller shall have the right to perform an on-site audit of the Processor on notice without undue delay.  Any audit or inspection undertaken by the Controller shall be at the Controller’s cost.

Personal information breach

5.1 Data breach:  To the extent the Processor becomes aware of any Personal Information Breach or if it has reason to believe that a Personal Information Breach may have occurred, then the Processor must without undue delay (and where feasible, within 72 hours of becoming aware of the breach):

5.1.1 notify the Controller, taking into account the notification duty requirements imposed on the Controller under the Applicable Privacy Laws; and

5.1.2 investigate the Personal Information Breach and provide the Controller with the information set out in clause 5.2; and

5.1.3 with the prior consent of the Controller (not to be unreasonably withheld or delayed), take measures to prevent further Personal Information Breaches, and mitigate or remedy the Personal Information Breach. 

5.2 Information obligations:  The Processor shall summarise in reasonable detail the impact of the Personal Information Breach, including describing to the extent this is known to the Processor:

5.2.1 the nature of the Personal Information Breach;

5.2.2 the categories and numbers of data subjects concerned;

5.2.3 the categories and numbers of Personal Information records concerned;

5.2.4 the details of any unlawful recipient (including names, addresses and business sectors);

5.2.5 the estimated risk and the likely consequences of the Personal Information Breach; and

5.2.6 the measures taken or proposed to be taken to address the Personal Information Breach.

5.3 Records:  The Processor shall maintain records of any actual or suspected Personal Information Breach in accordance with commercially accepted industry practices.  The Processor shall make such records reasonably available to the Controller.

Technical and organisational measures

6.1 Confidentiality:  The Processor will:

6.1.1 ensure that the personnel it authorises to process Controller Personal Information are under appropriate confidentiality obligations; and

6.1.2 inform its authorised personnel that the Controller Personal Information is only to be processed in accordance with the Agreement and as otherwise instructed by the Controller.

6.2 Data Security:  During the processing of Controller Personal Information, the Processor shall take appropriate technical and organisational measures to ensure a level of security appropriate to the risk of a Personal Information Breach.  

6.3 Security Measures:  The Processor shall also: 

6.3.1 take reasonable steps to ensure the reliability of any staff who have access to Controller Personal Information;

6.3.2 ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services processing Controller Personal Information;

6.3.3 implement a process for testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of Controller Personal Information; and

6.3.4 take any other steps required by Applicable Privacy Laws.

Cross border transfers

7.1 Cross-Border Transfers:  It is noted that the Processor is based in New Zealand and the Processor’s Subprocessors are, as at the date of this Addendum, in New Zealand[, insert other countries where you transfer Personal Information of customers (i.e. to your service providers)]. The Controller gives the Processor general written consent to Transfer Controller Personal Information to a Third Country where the relevant Subprocessor:

7.1.1 is in a Third Country that:

(a) where the EU GDPR applies to the Personal Information, the European Commission has recognised as providing adequate protection; or

(b) where the UK GDPR applies to the Personal Information, the United Kingdom Government has recognised as providing adequate protection; or

7.1.2 is a Subprocessor at the date of this Agreement; or

7.1.3 has entered into a contract with the Processor containing:

(a) where the EU GDPR applies to the Personal Information, the Standard Contractual Clauses; or

(b) where the UK GDPR applies to the Personal Information, the ITDA. 

In each case, the Controller explicitly grants the Processor a mandate to execute and enforce the Standard Contractual Clauses and/or ITDA (as applicable) on its behalf against the Processor’s relevant Subprocessors. 

Subprocessors

8.1 Subprocessors:  Without limiting clause 7, the Controller gives the Processor general written consent for the Processor to authorise any third party to process Controller Personal Information as a Subprocessor, subject to the following conditions: 

8.1.1 the Processor must maintain an up-to-date list of the names of all Subprocessors, and shall make this list reasonably available to the Controller; and

8.1.2 except in respect of any Subprocessors existing at the date of this Addendum, the contract entered into between the Processor and a Subprocessor will include terms similar those set out in this Addendum.

The Processor will assume liabilities for the acts and omissions of its Subprocessors in relation to the Services provided to the Controller, subject to the limitations of liability under this Addendum and the Agreement.

Liability

9.1 Agreement: Unless expressly prohibited by law, with regard to the Processor’s liability to the Controller under or in connection with the Agreement and this Addendum, the provisions of the Agreement shall apply. To the extent permitted by law, any liability cap and liability exclusions applicable to the Processor under the Agreement (including without limitation exclusions of any special, indirect or consequential loss, or loss of profits, loss or corruption of data, revenue, business or goodwill) shall apply in respect of the Processor’s total liability under this Addendum and the Agreement.

Term and termination

10.1 Termination:  The parties may terminate this Addendum earlier than the Agreement is terminated where the parties sign a new data processing agreement to replace this Addendum.

10.2 Return/Destruction of Controller Personal Information:  Except as otherwise directed by the Controller, when requested to do so by the Controller the Processor shall hand over to the Controller all Controller Personal Information, and shall erase or destroy related data as described in the Privacy Policy.