Transferring your personal data: As a global organisation, personal data we collect may be transferred internationally throughout our worldwide organisation. Where we transfer or share your personal data, we will seek your express consent and (in the case of transfer out of Mainland China (for the avoidance of doubt Mainland China does not include Hong Kong SAP, Macau SAP and Taiwan) separate consent) to do so or anonymise your personal data. Your personal data may be exchanged within Silver Fern Farms and amongst its group entities. We exchange your data for administrative purposes and so that we can have a complete overview of your contacts and contracts with the Silver Fern Farms. We may also exchange your data to offer you a complete package of services and products.
Cross border transfers of personal data:
As a general policy. we will not transfer your personal data to any recipient in a country outside of New Zealand or the European Economic Area (“EEA”) except in the following circumstances:
- to a jurisdiction that is deemed to have sufficiently comparable privacy or data protection laws and regulations in their respective country that recognise your individual privacy rights in a similar way that the following laws do, (i) in the case of transfer out of NZ, New Zealand Privacy Act 2020 and (ii) in the case of transfer out of the EEA, the GDPR;
- If your personal data is transferred to a recipient in a country that does not provide the level of protection for personal data as New Zealand or the European Union do, we will take measures to ensure that your personal data is adequately protected in line with locally applicable data protection requirements, subject to amendments we may deem necessary at our sole discretion. For example, for transfer of personal data:
- out of the EEA we will bind our recipient to the Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation; and
- out of New Zealand, we will bind our recipient to the model contractual clauses approved by the Privacy Commissioner in accordance with the New Zealand Privacy Act 2020.
For personal data collected by our Chinese entities, we will not transfer your personal data to any recipient in a country outside of Mainland China unless such data export is in compliance with the requirements of the PRC’s Personal Information Protection Law.
Access to your personal data by external parties: The following types of external parties may have access to your personal data, where necessary:
- Partners, suppliers, distributors, vendors or agents involved in delivering the products and services you have ordered from us; or
- Our customers; or
- Companies who are engaged to perform services for us or on our behalf; or
- Law enforcement bodies, regulators: or other competent authorities where requests are made in accordance with legal requirements; or
- Debt-recovery organisations, credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies; or
- Third parties for joint promotions with that third party who will be responsible for their own compliance with applicable privacy laws; or
- Third parties that we use for marketing, for example, approved media agencies, and third parties that we advertise with, such as Facebook, to serve you advertisements online; or