Privacy Policy – South City Towing Limited

Effective Date: 20-03-2023
Last Updated: 30-06-2025
Company Name: South City Towing Limited
Contact Information: office@southcitytowing.co.nz | 09 276 3223

1. Introduction

At South City Towing Limited ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information, and the measures we have implemented to safeguard your privacy. By using our services, you agree to the practices described in this policy.

2. Information We Collect

We collect the following types of personal information:

Personal Identification Information: This may include your name, email address, phone number, postal address, or other details used to identify or contact you.

Financial Information: Payment details such as credit card numbers, billing address, and bank account details, if applicable.

Usage Data: Information regarding how you use our website or services, including IP addresses, browser types, session times, and website activity.

Sensitive Data: Depending on our services, we may collect health-related information, demographic data, or other sensitive details necessary for service provision.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our services
• To personalize and improve user experience
• To process transactions or manage your account
• To communicate with you about updates, offers, and customer support
• To comply with legal obligations and prevent fraud or illegal activities
• To send marketing communications (with your consent)

4. Measures We Take to Protect Personal Information

We are committed to ensuring the security of your personal information. We have implemented the following measures to protect your data:

Encryption:
All sensitive information, including payment details, is encrypted using secure encryption technologies (such as SSL/TLS) during transmission to protect it from unauthorized access.

Access Control:
We restrict access to personal information to only authorized personnel who need it to perform their job duties. Role-based access control (RBAC) is used to ensure that employees access only the data necessary for their functions.

Data Anonymization and Pseudonymization:
Where possible, we anonymize or pseudonymize sensitive data to reduce risks in case of unauthorized access.

Secure Storage:
Personal information is stored in secure systems with encryption and regular backup. Data is kept in servers that are protected by firewalls and other security mechanisms to prevent unauthorized access.

Two-Factor Authentication (2FA):
We require two-factor authentication for users accessing accounts with sensitive information, providing an added layer of security.

Regular Security Audits:
We conduct regular audits and vulnerability assessments to identify potential weaknesses in our security systems and make necessary improvements.

Employee Training:
Our employees undergo continuous privacy and security training to ensure they are aware of the importance of data protection and know how to follow best practices in handling personal information.

5. How We Identify and Prevent Privacy Breaches

We take the following proactive measures to identify, prevent, and respond to privacy breaches:

Monitoring and Detection Systems:
We continuously monitor our systems for any unusual activity or unauthorized access. Automated intrusion detection systems help us detect potential security threats or breaches in real-time.

Regular Security Audits:
We conduct thorough security audits and vulnerability assessments to identify any weaknesses in our infrastructure and improve our security measures accordingly.

Incident Response Plan:
In the event of a privacy breach, we have a detailed incident response plan that includes:

• Immediate investigation to determine the scope of the breach.
• Notifying affected individuals if their personal information has been compromised.
• Cooperating with authorities and complying with legal obligations regarding breach notifications (such as GDPR, CCPA).
• Remediation steps to prevent future incidents, including enhancing security systems and updating policies.

Data Minimization:
We minimize the amount of personal information we collect and retain. We regularly review the data we hold to ensure it is accurate, necessary, and only retained for as long as required by law or business need.

Third-Party Vendor Security:
If we share your personal data with third-party service providers, we ensure that they comply with strict privacy standards. We require vendors to implement appropriate data protection measures and provide assurances regarding the safeguarding of your information.

6. Privacy Breach Reporting

In the event of a suspected or actual breach of personal information:

Notify Us Immediately:
If you suspect a breach of your personal data, please report it to us as soon as possible via office@southcitytowing.co.nz or 09 276 3223.

Internal Investigation:
Once a breach is reported, we will immediately begin investigating to assess the severity and impact of the breach.

Breach Notification:
If a breach involves personal data, we will notify affected individuals within the time frame required by applicable privacy laws (e.g., GDPR requires notification within 72 hours). We will provide information about what data was affected, the potential impact, and the steps we are taking to remedy the situation.

Review and Improve:
After the breach is resolved, we will conduct a review to identify any weaknesses and make necessary changes to our privacy and security practices to prevent similar breaches in the future.

7. Your Privacy Rights

Depending on your location, you may have certain rights under data protection laws, including:

• The right to access your personal data.
• The right to correct any inaccurate or incomplete personal information.
• The right to request the deletion of your personal data (subject to legal or contractual limitations).
• The right to object to the processing of your personal information, or to restrict its use.
• The right to data portability, allowing you to request a copy of your personal data in a portable format.

To exercise any of these rights, please contact us at office@southcitytowing.co.nz | 09 276 3223

8. Information Retention and Secure Deletion

South City Towing Limited retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or contractual obligations. When information is no longer required, it is securely deleted or destroyed. Specific retention periods include:

• Customer records: retained for 7 years
• Employee records: retained for 6 years after employment ends
• Vehicle-related data: retained for 12 months unless needed for ongoing matters
• CCTV footage: retained for up to 30 days unless related to an incident

Digital data is permanently deleted using secure wiping tools; physical records are destroyed via shredding or certified disposal services.

9. Secure Deletion by Software Systems

Software used by South City Towing Limited is configured to ensure that personal data is securely deleted once it is no longer needed. This includes:

• Permanent deletion from operational systems
• Removal from backups after defined cycles
• Deletion via encryption key revocation where applicable

Third-party software vendors are contractually bound to follow secure data disposal practices and provide verification upon request.

10. Staff Training and Communication

All staff are trained on secure data handling, including the requirement to dispose of information when it is no longer lawfully needed. This is reinforced through onboarding sessions, annual refreshers, and visible reminders in work areas. Breaches of these requirements are treated seriously and may result in disciplinary action.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Effective Date." We encourage you to review this policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us:

South City Towing Limited
office@southcitytowing.co.nz | 09 276 3223

Back to Home