At Weta we care about your privacy and want to be open with you about what we do with your personal information. This Privacy Policy describes how we collect, use and share personal information and explains your rights in relation to those activities.


“We”, “us” and “our” means Weta Workshop Limited, Weta Digital Limited and any entity associated with either company unless that entity has its own privacy policy. 


We must comply with the Privacy Act 1993 and, if you are in the European Union, the General Data Protection Regulation (GDPR).

If you would like to get in contact with us about our Privacy Policy, you can email us at privacy@wetaworkshop.co.nz.


Why do we collect your information?

We collect your personal information to carry out our operations and activities as a business and as an employer. These are our “purposes” and include:

  • providing products, services and experiences to our customers (including through third parties);
  • our administrative, employment, and management activities;
  • communicating with you or with your emergency/alternative contacts;
  • our legal, regulatory and contractual obligations;
  • monitoring, evaluating and improving our performance and effectiveness;
  • the recruitment and marketing activities that we undertake; and
  • providing a safe, secure and healthy environment.


How do we collect information?

We collect information about you in three ways:


Information that you provide to us

This includes information provided:

  • as part of our marketing, recruitment and employment processes;
  • when you register for, enrol with or use our services and facilities;
  • when you register for or attend events and functions;
  • when you participate in surveys and competitions;
  • through your discussions and interactions with us; and
  • if you purchase something from us.


Information we automatically collect

This includes information collected:

  • through your use of our websites (including via cookies), emails, and other services and systems that we provide to you (including Wi-Fi); and
  • through CCTV footage.

We use cookies, pixels, beacons and other similar technologies to collect and store information about you when you use our website or services and this collection may occur across devices.  Cookies may be “session” cookies (which temporarily store information and expire when you close your browser) or “persistent” cookies (eg. when you select “remember me” when logging in).   We may also allow our business partners to use these technologies on our services (eg. for advertising) or engage others to track your behavior on our behalf. You can disable the usage of cookies through your browser settings.  


Information we collect from third parties

This includes information collected or provided:

  • from publicly available sources (including the internet);
  • by relevant government agencies and providers;
  • by our recruitment agents;
  • by third parties that provide services or experiences to us or you;
  • through reference or other pre-employment checking prior to employment or provision of work;
  • by our photographers and videographers; and
  • by third parties with whom we also share information (see below).


What information do we collect?

Customer

If you are a customer (or prospective customer), the information we collect includes your:

  • biographical details (including name, former name and date of birth);
  • contact details (including physical and shipping address, telephone numbers and email address);
  • interactions and communications with us and our systems;
  • other information that you have decided to share with us; and
  • financial and transaction information (including transaction details, how you will pay for your product or service, credit/debit card or bank account details, where you have provided these to us).

If you set up a customer profile with us, you can choose to store your personal information on our website in a secure server where you can view and update it as necessary.  Your personal information is only able to be accessed here by entering your username and password. 


Staff member or Contractor

If you are a staff member or contractor, the information we collect includes your:

  • biographical details (including name, former name, alias, gender and date of birth);
  • contact details (including address, telephone numbers, email address and emergency and alternative contact details);
  • education record and academic/work history;
  • professional affiliations;
  • previous employment history (e.g. your CV);
  • bank account and tax information;
  • citizenship and passport details, and (where relevant) information on your entitlement to work for us in New Zealand;
  • credit history and other pre-employment vetting and verification information (see “Sensitive Information” below);
  • country of origin and ethnicity (see “Sensitive Information” below);
  • health and disability information (see “Sensitive Information” below);
  • interactions and communications with us and our systems;
  • photograph (for staff ID cards and the staff directory);
  • information provided through reference checking processes; and
  • other information that you have decided to share with us.


If you are a prospective staff member applying for a position with us, or a contractor engaged (or seeking to be engaged) to provide services to us, the information we collect about you will include the categories of information described above that are necessary for us to consider and decide upon your application for employment, or to decide and manage your terms of engagement with us.


Other Association with us

If you have had an association with us (you may have worked with us before, attended an event, been involved in one of our kickstarter campaigns or have some other association with us), the information we collect could include your:

  • biographical details (including name, former name and date of birth);
  • contact details (including physical and shipping address, telephone numbers and email address);
  • interactions and communications with us and our systems;
  • other information that you have decided to share with us; and
  • financial information (including how you will pay for your product or service, credit/debit card or bank account details, where you have provided these to us).


Who will have access to your information?

Our staff will have access to your personal information only where they have a genuine need to do so.

There are circumstances where we share some specific categories of personal information with external people and organisations. However, we only do this where it is strictly necessary for our purposes or it is permitted or required by law (including the Privacy Act 1993). We do not pass on all information that we collect – only the absolute minimum required in the particular context.

We also ensure that any information we share is used by the external person or organisation only for the purpose for which we shared it and, if possible, we anonymise information so that you are not identifiable.

We will not sell your information to anyone.


Who do we share information with?

People and organisations we share specific categories of information with include:

  • New Zealand Government departments or agencies– including the Ministry of Social Development (including Work and Income), the Inland Revenue Department, Immigration New Zealand and the Accident Compensation Corporation;
  • Service providers contracted to or providing services to us (including logistics and freight companies, our website hosting company, payment gateway providers and booking agents);
  • Organisations that provide services related to your status as a customer or staff member (including organisations that provide discounts or benefits);
  • Law enforcement agencies and emergency services;
  • Professional registration agencies;
  • Organisations and individuals responsible for accreditation or quality assurance;
  • Social media and advertisers providing customized advertisements – including Facebook and Google (in order to provide targeted information on our products, services and events);
  • Organisations and individuals involved in hosting live or virtual events that you attend; and
  • Our insurers, professional advisers and auditors.


The third party’s own privacy policy will apply to personal information we send them.  Depending on their privacy policy they may combine the personal information we give them with personal information they hold about you, to assist with their advertising to you. 


How long do we keep personal information?

We retain your personal information for as long as is necessary for our purposes and for us to comply with our legal obligations and perform our contracts with you.

We use an encrypted token to access your credit card details via a secure third-party payment gateway. We do not hold or process your credit and debit card data – third party providers handle these functions for us and are fully compliant with the Payment Card Industry Data Security Standards.


Additional Information

Profiling and Automated Decision Making

We may carry out profiling, analytics or tracking activities (including by automated means) to:

  • improve the quality of our activities, operations, products and services; and
  • personalise our communications with you.


We do not engage in any form of profiling that would give rise to a claim of discrimination (including as defined in the Human Rights Act 1993).


We do not use solely automated processes to make any decisions that would affect you in any way or which identify you individually.


We do monitor the number of successful logins on each subscriber user name.  This allows us to identify potential abuse or unauthorized use of our sites.


Communications and Marketing

We may send you promotional messages, marketing, advertising, and other information. You authorise us to use your details for such purposes, including through display advertising, electronic direct mail or on social media.


We may send or show you promotional messages, marketing, advertising and other information that may be of interest to you based on your communication preferences. We may make advertising space available through certain advertising platforms or exchanges, such as DoubleClick Ad Exchange, and you can manage what you see due to DoubleClick cookies through Google’s Ad Settings.


We may use your information to administer rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by us or our business partners.


We may use your information to measure the effectiveness of our advertising and product and make improvements.


Sensitive Information

Under the GDPR, information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sex life, sexual orientation and criminal convictions is considered sensitive information.


We are required under New Zealand law to collect information relating to:

  • your racial or ethnic origin, as part of our employment processes;
  • your criminal convictions, if you are being employed in a role covered by the Vulnerable Children Act 2014.

We also collect information relating to your racial or ethnic origin, for statistical purposes and promotion of equity and diversity as part of our pre-employment vetting processes.


We do not collect any other form of sensitive information. However, if you or others have provided it to us, we may hold it in our systems.


If you are in the European Union, please note that some New Zealand law requirements regarding our collection of sensitive information may conflict with your rights under the GDPR.


If you have any concerns about our collection of sensitive information, please email privacy@wetaworkshop.co.nz.


How do we keep your information secure?

We take all reasonable steps to keep your information safe and secure. In some instances, your personal information may be transferred, and held, by service providers in New Zealand and overseas (for example, where it is stored using a cloud-based service). Where this occurs, we do everything reasonably within our power to ensure that the service provider also has reasonable security measures in place to protect your information.

We will not transfer your information to an overseas-based service provider unless we are satisfied that the service provider has obligations to protect your information in a way that is comparable to the protections afforded by New Zealand privacy law.


What are my rights?

You have the right to ask for a copy of any personal information we hold about you, to ask for it to be corrected if you think it is wrong and for it to be deleted entirely.  If you have set up a profile you can do this via our website by logging in with your username and password. Alternatively, you may contact us at privacy@wetaworkshop.co.nz.


We'll respond to your request as soon as reasonably practicable and no later than 20 working days after we receive it.


You also have the right to make a complaint to the Office of the Privacy Commissioner if you think we have breached, or may have breached, your privacy. You can contact the Office of the Privacy Commissioner at www.privacy.org.nz.


In addition, the GDPR gives you the right to:

  • withdraw consent, where consent is the legal basis for our processing of your information;
  • be forgotten, that is your information to be removed from systems that we use to process your personal information;
  • request copies of your personal information in a structured, commonly used and machine-readable format and/or request us to transmit this information to another person (where this is technically feasible);
  • restrict our processing in certain ways;
  • object to certain processing activities by us; and
  • make a complaint to a supervisory authority.