At The Gap, we take privacy very seriously. This Privacy Policy is governed by New Zealand law, and the EU General Data Protection Regulation (Regulation 2016/679) and the UK General Data Protection Regulation (referenced together as ‘’the GDPR’’), and describes how The Gap collects and uses the personal information you provide when using our website and services. This Privacy Policy applies across all websites that we own and operate, and all services we provide, including The Gap Portal, The Gap App, educational webinars, masterclasses, implementation programmes, and general support (“our Services”).
We’ve created this Privacy Policy to ensure our users understand how we treat Personal Data that we gather or process when you are using our Services. This Privacy Policy sets out the rights you have in relation to your Personal Data. By using our Services, you agree to your data being processed in accordance with this Privacy Policy. Our Services are not intended for children under 16 years of age, and we do not knowingly collect data relating to children.
This Policy’s defined terms have the same meaning as in our Terms of Service, which should be read together with this Privacy Policy and our Data Processing Agreement (“DPA”) (if applicable). Our DPA can be viewed at www.thegaphq.com/dpa
‘We’, ‘our’ or ‘us’ refers to The Gap 2014 Limited. Our headquarters are in Mount Maunganui, New Zealand. We provide a web application for accountants and bookkeepers to deliver a wide range of Business Advisory services to their clients.
We act as a ‘Controller’ as defined in the GDPR of your Personal Data which means we are responsible for ensuring the Personal Data we collect about you is being processed in a lawful manner.
We act as a ‘Processor’ as defined in the GDPR of your Team Users and your Clients’ Personal Data. In this context, you act as a Controller.
If you are a Member using our Services, you are responsible for ensuring that any Personal Data you collect from your Team Users, clients and/or client contacts (‘’Clients’’) is done in accordance with applicable data protection laws. This includes obtaining the necessary consent from your Team Users and/or Clients before disclosing their Personal Data to us.
You must ensure that your Clients are aware that their Personal Data will be processed by The Gap as a Processor on your behalf and in accordance with this Privacy Policy and our DPA (if applicable). This includes where any documents or files that are uploaded to the Platform by you or a Client User contains Personal Data. In respect of that content, we will act as a Processor of the Personal Data and process it only in accordance with your instructions. You will remain the Controller of that information. Where the GDPR applies to that information, then the terms of our DPA will apply (as between you and us) and sets out our responsibilities when it comes to our processing activities.
Client organisations using our Services (“Client Organisations”), in connection with a Member account, have control over certain aspects of their own data, particularly within the client hub. Client Users with an ‘Admin’ role can manage their own client hub account and add other Client Users. In this context, the client organisation acts as a Data Controller for the Personal Data they manage directly. The Gap remains the Processor, providing the platform that facilitates these actions. Where the GDPR applies to that information, then the terms of our DPA will apply (as between the Client Organisation and us) and sets out our responsibilities when it comes to our processing activities.
Your Personal Data: We receive and store any information you knowingly provide us. We collect Personal Data such as your name, email address and job title as well as any other information you choose to provide us or input into the Platform.
User Personal Data: We receive and store any information you knowingly provide us when adding or managing your Team Users in the Platform. We collect Personal Data such as the name, email address and job title of all Team Users.
Your client Personal Data: In order to provide you with the Services, we also receive and store any Personal Data you choose to provide us with in respect to your clients. This Personal Data includes your Clients’ names and email addresses as well as any other information you choose to input into the Platform.
User Personal Data: We receive and store any information Client Organisations knowingly provide us when adding or managing Client Users in the Platform. We collect Personal Data such as the name and email address of all Client Users.
Whenever you interact with our website or use our Services, we automatically receive and record information from your browser. We use cookies and similar tracking technology to record information such as your device, your IP address, browser type, website you were visiting before you landed on our website, the pages you visit on our website and the time you spend on each page. We use this information to monitor and analyse use of our website and our Services so that we understand how our website and our Services are being used and to improve functionality so as to provide the best client experience possible.
Most of the information we collect is collected directly from you. Sometimes we might collect Personal Data about you from other sources, such as publicly available materials or from trusted third parties (e.g. our marketing partners). We use this information to supplement the Personal Data we already hold about you, in order to better inform, personalise and improve our Services, and to validate the Personal Data you provide.
Where we collect Personal Data, we’ll only process it:
To provide you with our Services.
We need your name and email address in order to provide you with our Services and allow you to log in to our Platform.
To support you.
We need your Personal Data to assist with the resolution of technical support issues or other issues relating to our Services, whether by email, phone or support ticket.
To communicate with you.
We may use your Personal Data to send you various communications. This may include:
To enhance our Services.
We track and monitor the use of our Services to determine which are most popular and which may need improvement (analytics). We also track and monitor the use of our website so we can optimise your user experience.
To market to you.
We use your Personal Data to send you marketing communications. We may obtain your Personal Data, such as name, email address, and place of employment from publicly available information and send you marketing communications where we have a legitimate interest to do so. You can unsubscribe from these at any time.
To monitor usage.
We monitor the usage of our Platform to ensure users are utilising our Member Support services, to ensure the protection of our Intellectual Property, to ensure compliance with our Acceptable Use Policy, and to identify product priority from a user perspective.
Personal Data in the Platform: Personal Data provided via our EU Platform environment is processed in Amazon Web Service (AWS) data centres based in London, United Kingdom. Personal Data provided via our AU Platform environment is processed in AWS data centres based in Sydney, Australia. Users will automatically be directed to sign up to the nearest Platform environment based on the geographical location of their IP address at the time of account creation.
Personal Data uploaded via our AI Notetaker tool is processed on AWS servers based in Oregon, United States. AWS do not use or have access to your personal information for any purpose other than cloud storage and retrieval.
We use various online systems and tools, including certain customer relationship management, marketing automation and email delivery services (‘Tools’) to allow us to communicate with our users. As part of our use of these Tools, certain Personal Data is sent to the providers of the Tools. We ensure that providers of these Tools comply with the requirements of the GDPR.
There are times when we need to share your Personal Data with third parties. We’ll only share your Personal Data to:
If you're in the United Kingdom (UK) or the European Economic Area (EEA), your data might be moved outside the UK/EEA. We only transfer personal data to countries recognised by the European Commission for having adequate data protection, such as New Zealand, or to third parties where secure transfer mechanisms are in place, such as use of the European Commission’s Standard Contractual Clauses. For more info, please reach out to us through the contact details provided below.
The length of time we keep your Personal Data depends on whether we have an ongoing business need to retain it, e.g. to provide you with a service you’ve requested or to comply with applicable legal requirements.
We’ll retain your Personal Data for as long as we have a relationship with you, and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. We’ll make sure it’s deleted after this period.
You have a number of rights in relation to the processing of your Personal Data. Requests can be made verbally or in writing to the contact details available at the bottom of this document. We will respond to all requests within 30 days of receipt of the request. We won’t charge you for this unless the request is manifestly unfounded or excessive. We may require you to verify your identity before we can disclose any Personal Data to you.
Right of access.
You have the right to request a copy of the Personal Data we hold about you. We will provide you with the following information:
Right to rectification.
You have the right to have inaccurate Personal Data rectified, and to have any incomplete data completed.
Members of The Gap can edit or delete some of their Personal Data within the Platform, including their name and email address. Some of this data may be restricted to your firm’s Platform Administrator.
Right to erasure.
You have the right to have the Personal Data we hold about you deleted from our systems.
Right to restrict processing.
You have the right to request that we restrict or block the processing of your Personal Data in certain circumstances. We will continue to store your Personal Data, but we won’t use it in any other way.
Right to data portability.
You have the right to obtain the Personal Data we hold about you and reuse it for your own purposes, across different services. We will provide your Personal Data in a format that is structured, commonly used, and machine readable.
Right to object.
You have the right to object to us processing your Personal Data, where the processing is based on legitimate interests or direct marketing. If you request that we stop using your Personal Data for direct marketing purposes, we will suppress your details from our marketing lists to ensure your preference not to receive direct marketing is respected in the future. All of our direct marketing emails will contain a link for you to unsubscribe if you no longer wish to receive them.
We’re committed to protecting your Personal Data and have appropriate technical and organisational measures in place to make sure your Personal Data is kept secure. We will take all reasonable steps to protect our Services from unauthorised access, modification or disclosure. Your Personal Data is stored on secure servers that have SSL Certificates.
We may amend or update this Privacy Policy from time to time. The date of the last update is shown at the top of this document. Use of Personal Data we collect is subject to the Privacy Policy in effect at the time such Personal Data is collected.
We will notify you of changes to this Privacy Policy and changes to the way we use Personal Data by sending you an email and/or posting an announcement in The Gap Platform and/or on our website prior to the changes becoming effective. You are bound by any changes when you use our website or our Services after such changes have been announced.
Should you need to discuss any aspect of your data privacy or wish to exercise your data rights under UK regulations, please do not hesitate to reach out to our designated UK Data Representative. This representative is specifically appointed to handle queries and concerns regarding the processing of your personal data within the UK. You can contact our UK Data Representative through the following channels:
We have appointed an internal data protection officer for you to contact if you have any questions or concerns about The Gap’s personal data policies or practices. If you’re located outside of the UK and would like to exercise your privacy rights, please direct your query to The Gap’s data protection officer. Our data protection officer’s name and contact information are as follows:
You also have the right to complain to your local Data Protection Authority. If you’re based in New Zealand, you have the right to complain to the Office of the Privacy Commissioner. If you’re based in the United Kingdom, you have the right to complain to the Information Commissioner’s Office. If you’re based in the European Union, you have the right to complain to the European Commission. If you’re based outside of New Zealand, the United Kingdom and the European Union, you have the right to make a complaint at any time to the supervisory authority for data protection issues of the country in which you are based, or to the New Zealand Office of the Privacy Commissioner.
For general enquiries you can contact us in the following ways:
Members of The Gap can also contact us by submitting a Support Ticket.
