Privacy policy

Our commitment to you to provide you with the best possible service while protecting your personal information.
  1. Overview and application

    1. This privacy and security policy (Policy) applies to all personal information (as defined in the Privacy Act 2020 (New Zealand) (Privacy Act) held by The Work Shop Limited (New Zealand Company Number: 3685036) trading as Receipt, Invoice, Payments, Automation / RIPA Global (us, we, our, or RIPA). RIPA’s business is to provide services to expedite our customers’ receipt and invoicing processes (Services).
    2. The Policy outlines our policy and practices for collection of personal information, how we use that information, and the options that you have regarding our use of, and your ability to correct, such information.
    3. The provisions in this Policy govern only the activities of RIPA in regard to personal information. If you disclose your personal information to third parties, or if you are directed to a third party website (whether from our website or by other means) that third party’s privacy notices and practices will apply.
    4. In this Policy, where the term “including” is used (or a similar expression is used to denote an example) that term or expression is deemed to be followed by the words “without limitation”.
  2. Purpose of collection

    1. We collect personal information for the following purposes:
      1. to provide and enhance the Services;
      2. to analyse the traffic of users of the RIPA website at (Website);
      3. to provide and enhance our Website; and
      4. statistical reporting, marketing purposes, and our internal business use.
  3. Information collected

    1. By accessing or using the Services, the Website, or by providing information to us, you consent to:
      1. our collection of personal information in accordance with this Policy; and
      2. the onward transfer, processing, collection, use, disclosure, retention and storage of personal information as described in this Policy.
    2. We will only collect personal information in a manner that is compatible with this Policy.
    3. We collect the following personal information:
      1. customers’ receipt, invoice and other transaction data;
      2. customers’ contact and payment/bank details (including name, address, phone number, email, bank account number, credit card information, transaction data, and invoicing details);
      3. the contact and payment/bank details of our customers’ customers (as a part of our customers’ use of the Services);
      4. third party data about customers’ transactions in connection with the Services, including information from:
        1. merchants/banks;
        2. Inland Revenue;
        3. POS (point-of-sale) providers; and
        4. accounting providers;
      5. data and analytics on customers’ use of Services; and
      6. traffic, visitor information, and analytics relating to use of the Website and other aspects of the Services.
  4. Method of collection

    1. We collect the personal information outlined at clause 3.2 by the following methods:
      1. when customers register for, and use, the Services;
      2. when customers provide their own customers’ information to us in connection with the Services;
      3. directly from third parties as set out in clause 3.2.3 (whether collected by way of API or otherwise);
      4. through cookies on the Website and in other online aspects of the Services;
      5. directly from customers including via:
        1. web forms or similar methods of input on the Website;
        2. customers’ use of the import function as part of the Services; and
        3. information provided to us by email, phone, or in person; and
      6. using analytics tools on the Website and other online components of the Services.
    2. If we are unable to collect certain personal information from you, your use of Services (and users of our Website) may suffer from reduced functionality, and certain features may be disabled.
  5. Disclosure of information

    1. We will not sell, rent, share, or otherwise disclose any personal information to anyone except to provide the Services or as otherwise described in this Policy, which may be updated from time to time in accordance with clause 8.
    2. We may disclose personal information in the following circumstances:
      1. to:
        1. provide the Services;
        2. provide the Website; and/or
        3. meet the purpose(s) for which it was collected (as set out at clause 2);
      2. in an aggregated form (such that no personal information is identifiable), for statistical reporting and marketing purposes;
      3. to provide ancillary services to the Services such as website hosting, data analysis and storage, payment processing, information technology and related infrastructure, customer service, service maintenance, e-mail delivery, credit card processing, auditing, and other similar services;
      4. for our internal business purposes (including in connection with any audits, professional advice, research, or process and product improvements);
      5. in connection with a sale of the RIPA business, or if RIPA were to merge with or be acquired by another company. If RIPA were to merge with or be acquired by another company, we may share information with them in accordance with our privacy standards. Should such an event occur, we will use our best endeavours to ensure that the new combined entity follow this Policy with respect to personal information; and
      6. to comply with a request from law enforcement authorities. We will provide requested information in compliance with local laws and regulations, and only in the instance and to the extent where we reasonably believe that we are legally required to do so. We will endeavour to notify specific the user(s) if a request of this nature has been made, unless the relevant legal request prevents this.
  6. Storage and deletion of personal information

    1. The Services and the Website may be hosted internally or by third party cloud services, and as a result, personal information may be processed and stored outside of New Zealand.
    2. We will store your personal information securely using technical and administrative security measures that reduce the risk of loss, misuse, unauthorised access, disclosure or alteration.
    3. Please note that when providing personal information via our Website, the transmission is not completely secure and will depend on your browser and internet settings. We cannot guarantee the security of data transmitted to us via our Website and any such transmission is at your own risk.
    4. If you wish to retain a copy of your personal information (or any part of it) please contact us prior to you ceasing to use the Services, otherwise, upon:
      1. you ceasing to use the Services; and
      2. us no longer being required to comply with any legal obligations that necessitate the retention of personal information, we will securely delete your personal information.
    5. Despite clause 5.3 we may retain personal information in an aggregated and non-identifying form as contemplated by clause 4.2.2.
  7. Rights of access and correction

    1. You have the right to:
      1. access any of your personal information; and
      2. request correction of any of your personal information, held by us by contacting us using the details given at clause 7. We will respond to your request in accordance with the Privacy Act.
  8. Contact information

    1. If you wish to contact us in relation to this Policy, our privacy standards, or our information-handling practices please contact us:
      1. using our enquiries form
      2. by e-mail at
      3. by postal address:
        RIPA Global
        Level 2, 40 Taranaki Street
        New Zealand
    2. Note that correspondence sent via the enquiries form or by e-mail may be distributed to RIPA personnel and tracked for reporting purposes.
  9. Notification of changes

    1. We may amend this Policy at any time by posting the amended terms on the Website. All amendments to the Policy take effect immediately upon such posting.