1. Introduction & Scope
This Privacy Statement applies to Gallagher Group companies worldwide. This Privacy Statement applies to our websites that link to it (but not to websites that have their own, separate Privacy Statements).
2. How to Reach Us
The world headquarters of Gallagher Group is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. If you have an enquiry about this Privacy Statement or a complaint about the way we handle your personal information, or you seek to exercise your privacy rights over the personal information we hold about you, please contact us via email (mailto:email@example.com) or by calling +64 7 838 9800. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.
3. Personal Information, Collection and Uses
3.1 What is personal information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier. When we later refer to “contact details”, we mean information such as your name, email address, phone number, and physical address. When we later refer to “product details”, we mean information such as serial number, model type, purchase date, price and service history.
3.2 How we collect personal information.
Gallagher may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us. This might happen via various “channels”, such as over the telephone or by text message (SMS), through our website, by email or by filling out a paper form, by post, or even meeting with us face-to-face and exchanging business cards. We will give you a Collection Notice at the time, or as soon afterwards as is practicable, to explain how we use the personal information we are asking for. This Notice may be written or verbal, and it may point you towards this Privacy Statement. You might also provide personal information to us, without us directly asking for it, for example, if you engage with us on social media.
We do not knowingly attempt to collect personal information from children (under the age of 16) without written consent from a parent or caregiver.
3.4 Marketing agencies
We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred or given to any other company without your consent.
3.5 Third-party service providers
When we temporarily provide your personal information to companies that perform services for us, such as send you email, we require those companies to protect the information in the same manner as Gallagher. Our third-party service providers are bound by contract only to use your personal information on our behalf and under our instructions. So, these service companies cannot use your personal information for any other purpose than the reason you provided it to Gallagher.
3.6 Situations where we process your personal information
3.6.1 Safety announcements & Privacy Statement changes
Personal Information: Contact details. Channels: Email.
Purpose for processing: Sending you safety announcements and important information about your Gallagher products, apps or account, or material changes to this Privacy Statement. The legal basis is our legitimate interest in providing you important information.
3.6.2 Visiting our websites
Personal Information: IP address, type of browser and device, cookies and other identifiers associated with your devices, and geolocation information. Channels: Web or smartphone app.
Purpose for processing: When you choose to access our websites and smartphone apps, we collect limited information about the devices you use. If you have cookies turned on in your browser, then we may place cookies on your computer (see Section 5, Cookies, Web Beacons and Other Technologies). We use these cookies to provide an improved user experience on our websites and to track interest in our products and services. We also collect information for diagnostic and analytic purposes. The legal basis is our legitimate interest in providing visitors to our websites and apps with enhanced user experience, and for statistical market research purposes.
3.6.3 Your opt-in consents for electronic direct marketing
Personal Information: Contact details and preferences. Channels: Any, such as a web form.
Purpose for processing: With your consent, we will process your contact details to send you marketing information about our products and apps, according to the preferences you indicate. The legal basis is your consent.
3.6.4 Email click-tracking & web cookies (our email responses)
Personal Information: Beacons, cookies, tracking links. Channels: Web, email.
Purpose for processing: When we send you an email, we may use technologies (see Section 5, Cookies, Web Beacons and Other Technologies) to see whether you have opened it or clicked on a link in it, as we tailor our interactions with you to personalise your experience. The legal basis is our legitimate interest in collecting statistics about the usage and effectiveness of our emails and websites.
3.6.5 Your compliments, complaints and general enquiries
Personal Information: Contact details, enquiry information. Channels: All.
Purpose for processing: We use your contact details to provide you with a response to your compliment, complaint or enquiry and to monitor the quality and types of customer interaction. The legal basis is Gallagher’s legitimate interests in providing quality product support and information.
3.6.6 Purchasing products on the Gallagher USA website
Personal Information: Contact details, product information. Channels: Web.
Purpose for processing: Animal Management customers in the USA may choose to purchase goods from the Gallagher USA website using a payment card. We collect your contact details so we can process your order and fulfil your purchase. The legal basis for processing is contract.
Note: Payment card information is provided directly by customers, via this website, into a PCI-DSS compliant payment processing service (Paymetric, www.paymetric.com) and we do not process or store your card information ourselves.
3.6.7 Licence and warranty registration; support and repairs
Personal Information: Contact details, product information. Channels: All.
Purpose for processing: When you register your Gallagher products for licence, warranty and maintenance purposes, we will collect your contact details and information about the products you own, such as their licence keys, serial numbers and date of purchase. To improve customer service, when you interact with our customer support representatives for support and repair, we may record and review conversations. We will capture information relating to the support or service issue, and we may create event logs that are useful in diagnosing product or performance-related issues. With your consent, we may remotely sign in to your Gallagher system, if appropriate, to help troubleshoot and resolve your issue. We monitor the quality and types of customer and product support we provide, and we analyse any feedback provided to us through voluntary customer surveys. The legal basis for processing is contract.
3.6.8 Staff recruitment
Personal Information: Personal information relating to your job application, including sensitive personal information. Channels: All.
Purpose for processing: If you apply for a job or contract with Gallagher, we will collect your application information to let us evaluate your suitability for that position. With your consent, we may collect additional personal information about you from your referees and government agencies. We do not share your personal information with marketing agencies. Your information will not be sold, exchanged or given to any other company. If your application is unsuccessful, we will retain the information for up to 1 month from your submission of the information. The legal basis for processing is consent.
We use Xref as the dataprocessor to provide this service for New Zealand applicants. Personal Data is stored on AWS servers in Australia. We rely on a data processing agreement with Xref to confirm the appropriate safeguards.
Note: If successful then you become an employee under an employment contract, and different privacy policies apply.
3.6.9 Our Business Partners, Channel Partners and Distributors
Personal Information: Contact details. Channels: All.
Purpose for processing: We capture information you provide to administer and develop our business relationship with you. For instance, this may involve using your information to send you details of Gallagher business partner programs. The legal basis is contract.
3.6.10 Our network of Business Partners, Channel Partners and Distributors
Personal Information: Contact details, information about customers or prospects you represent. Channels: All.
Purpose for processing: To develop and maintain our network of quality partners and distributors, we may share certain information with other business partners (subject to any confidentiality obligations), or Gallagher customers or prospects. We may also contact you as part of customer satisfaction surveys or for market research purposes, in connection with a particular transaction or program. The legal basis is our legitimate interests in building our network of quality partners and distributors.
3.6.11 Product training & certification for Business Partners and customers
Personal Information: Contact details, photo, training and certification information. Channels: All.
Purpose for processing: If you attend a Gallagher training course, certification or periodic re-certification, then we will record your contact details, course logistics, as well as which products you are trained and certified for. This is to ensure adequate knowledge of our products when dealing with customers and end users, to deliver a consistently high experience of our brand. If certified, we will use your photo to provide you with a photo ID. The legal basis is contract.
3.6.12 Our Suppliers
Personal Information: Contact details. Channels: All.
Purpose for processing: We capture information you provide to administer and develop our business relationship with you. We may also check some details about you from publicly available sources, such as business registers. This may include sharing information with other parts of Gallagher, our business partners, customers, shipping companies, financial institutions and postal or government authorities involved in fulfilment. The legal basis is contract.
3.6.13 Use of our support websites
Personal Information: Email address, website credentials. Channels: Web.
Purpose for processing: If you have a particular kind of business relationship with Gallagher (for example, supplier, business partner, channel partner, distributor, or certified installer) then we may grant you access to our support websites. If we do this, we will use your contact details to generate separate credentials for these websites. The legal basis is contract.
3.6.14 Other disclosures
Personal Information: All. Channels: All.
Purpose for processing: We may disclose personal data about you to others:
if we have your valid consent to do so;
to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation;
to enforce any of our terms and conditions or policies; or
as necessary to pursue available legal remedies or defend legal claims.
If we are involved in a re-organisation, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. In that event, we will notify you by email and outline your privacy choices.
The legal bases here are consent, contract, legal obligations, and Gallagher’s legitimate interests.
4. Your Privacy Choices
You can tailor your marketing preferences, or you may tell us that you do not want any further marketing contact (unsubscribe). You may opt out of any further contact from us. If you ask us not to contact you by email at a certain email address, we will retain a copy of that address on our master "do not send" list in order to comply with your no-contact request.
If you wish to confirm whether Gallagher is processing your personal information, or to have access to the personal information we may have about you, please contact our Privacy Officers. Reasonable access to your personal information will be provided, usually at no cost, within a reasonable timeframe. If for some reason access is denied, we will explain why.
You may also request information about:
the purpose of the processing
the categories of personal information concerned
who else outside Gallagher might have received your personal information from us
what the source of the information was, if you didn’t provide it directly to us, and
how long it will be stored.
You have a right to correct the record of your personal information maintained by Gallagher if it is inaccurate, and we do not charge for correction of personal information. You may request that we erase your personal information or cease processing it, subject to certain exceptions. When technically feasible, we will, at your request, provide your personal information to you or transmit it directly to another controller. To protect your privacy and the privacy of others, we may have to verify you are who you say you are, before we give you access to, or change, information about you.
5. Cookies, Web Beacons and Other Technologies
We collect information from your visits to our websites to help us gather statistics about usage and effectiveness, personalise your experience, and tailor our interactions with you. We do so through the use of various technologies, including scripts, tags, Local Shared Objects (Flash cookies), Local Storage (HTML5) beacons, and cookies. A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as a tag that identifies your computer. You can choose to accept or decline cookies. Cookies are typically categorised as “session” cookies or “persistent” cookies.
"Session" cookies help you navigate through our websites efficiently, keeping track of your progress from page to page, so that you are not asked for information you have already provided during the current visit. Session cookies are stored in temporary memory and erased when the web browser is closed.
"Persistent" cookies, on the other hand, store user preferences for current and successive visits. They are written on your device's hard disk and are still valid when you restart your browser. We use persistent cookies, for example, to record your choice of language and country location.
Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Although Gallagher does not deliver third-party online advertisements on our websites, we may advertise our products and services on others' websites. Please familiarise yourself with the Privacy Statements of those website operators or network advertisers to understand their practices relating to advertising, including what type of information they may collect about your Internet usage. Some advertising networks we may use may be members of the Network Advertising Initiative (NAI) or the European Interactive Digital Advertising Alliance (EDAA). Individuals may opt-out of targeted advertising delivered by NAI or ADAA member ad networks by visiting http://www.networkadvertising.org/ and http://www.youronlinechoices.eu/
6. Cross-Border Transfers
Gallagher is a multinational organization with business processes, management structures and technical systems that cross borders. As such, we may share information about you within Gallagher and transfer it to countries in the world where we do business as per this Privacy Statement. Our Privacy Statement and our practices are designed to provide a globally consistent level of protection for personal information all over the world. This means that even in countries whose laws provide for less protection for your personal information, Gallagher will still handle it in the manner described here.
Our headquarters is in New Zealand and your personal information is stored on computer systems hosted in New Zealand. We also use cloud services from SAP, Microsoft and Amazon AWS, and we have instructed them to store our data in Australia, where possible.
Your information will be stored on computer systems hosted in New Zealand, Australia and the USA. New Zealand has a finding of “adequacy” by the European Commission (Article 45 GDPR). Gallagher and our cloud providers in Australia rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards. Where we use services hosted in the USA, we rely on a variety of legal mechanisms, including contracts, and consent.
The personal information of our customers, staff, suppliers and other contacts is stored by third-party service providers who have data centres in Australia and the USA:
Our key data processors are SAP Hybris (Australia), Microsoft Office365 and Azure (Australia), and Amazon AWS (Australia)
Some electronic direct marketing (EDM) may use MailChimp (USA), SmartMail Pro (USA), Nimble (USA) and MailMunch (USA)
Corporate emails are scrubbed for viruses and spam by SMX (New Zealand)
Our websites use Incapsula (USA) for their global content distribution network and web application firewall protection
Our third-party cookies are managed with Google (USA), HotJar (Malta), Facebook (USA) and AdRoll (USA)
Our PCI-DSS card payment processor for the USA is Paymetric (USA)
7. Links to Other Websites
On our websites, we may provide links to third-party websites of interest. To allow you to interact with other sites on which you may have accounts (such as Facebook or Twitter) or join communities on such sites, we may also provide links or embed third-party applications that allow you to log in, post content or join communities from our sites. However, once you have used these links and left our sites, we do not have control over such linked sites. You should exercise caution and look for the Privacy Statements applicable to the sites in question. This Privacy Statement does not govern links to other sites, and we cannot accept responsibility for the conduct of other organisations.
8. Data Retention
We keep personal information about you, to use for the purposes listed in this Privacy Statement. If you wish to request that we no longer use your personal information to provide you with services, please contact us. However, please note that we may retain your personal information to comply with our legal obligations, resolve disputes, and to enforce our agreements.
9. Information Security
Gallagher takes cybersecurity seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.
In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.
We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days. If we are unable to resolve your complaint, you may approach your national privacy authority.
Note: under UK-GDPR, our nominated representative in the UK is the Regional Manager of Gallagher Security (Europe) Ltd, whose supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).
Under EU-GDPR our nominated representative is Peter Tientij who can be contacted at firstname.lastname@example.org, whose supervisory authority is Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/nl)
11. Changes and Updates to this Privacy Statement.
This Statement is effective from 8 June 2023 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of our websites.
We recognise that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies. We may supplement this statement with additional information relating to a particular interaction we have with you.
Although we may include links to our Privacy Statement in our emails to you, you should check our websites frequently to see the current Statement that is in effect and any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our websites.