This notice describes the Inveya Visitor product — the visitor sign-in system some organisations license from Inveya Limited — and the two apps that form part of it: the Visitor Kiosk and Visitor Management apps. It is the privacy policy for those apps on the App Store and Google Play. How we handle personal information in our advisory business and on this website is covered by our separate Privacy Policy; for information handled through the Inveya Visitor product, this notice applies.
Our role
When an organisation (“the host organisation”) uses Inveya Visitor at its premises, that organisation decides what information is collected and why. Under the New Zealand Privacy Act 2020 it is the agency responsible for that information, and we process it on its behalf and on its instructions, only to provide the product. (In the terms used by overseas privacy laws and the app stores, the host organisation is the controller and Inveya is the processor.)
Information the apps collect
| App | Information | Source |
|---|---|---|
| Visitor Kiosk | Visitor name and email; and, where the host organisation enables them, a photo, a signature, or acknowledgement of a document such as a non-disclosure agreement — recorded as a sign-in entry. The camera is used only to read a booking QR code. | The visitor, at the kiosk |
| Visitor Management | The host user’s account identity (name and email, via sign-in at account.inveya.cloud); the visitor details a host enters to pre-register a visit (name, email, company); and a device push token used to deliver arrival notifications. | The host user |
Why we process it
Solely to operate the product: to record and manage visitor sign-ins, to pre-register expected visitors, to notify a host that their visitor has arrived, and to support the host organisation’s site-safety and evacuation obligations. We do not use this information for advertising, we do not sell or trade it, and we do not use it to train AI models.
Service providers and overseas processing
Visitor information is transmitted over TLS to the product’s backend at visitor.inveya.cloud and processed within managed, access-controlled cloud infrastructure. We rely on a small set of service providers (in app-store terms, sub-processors) to deliver the service — cloud hosting (Amazon Web Services) and push-notification delivery (Apple Push Notification service for iOS devices; Google Firebase Cloud Messaging for Android devices) — which may process information outside New Zealand.
Under Information Privacy Principle 12, we disclose personal information to an overseas recipient only where the recipient is subject to comparable privacy safeguards. Each of these providers is engaged under contract terms binding it to confidentiality, security and data-handling commitments that protect your information to the same or an equal standard as this notice, and we review those arrangements before engaging a new provider.
Retention and deletion
Sign-in records and pre-registered visit details are retained for, and deleted by, the host organisation through the Inveya platform. We retain them only as needed to provide the product to that organisation or as the law requires. To request deletion of your information, contact the host organisation whose premises you visited; if you write to us instead, we will refer your request to that organisation and assist it as our agreement requires.
Push notifications
The Visitor Management app registers a device token so it can notify a host of a visitor’s arrival. You can turn these notifications off at any time in your device’s settings. Tokens that stop working — for example, after the app is removed from a device — are disabled on our side once the push service reports them invalid.
Your rights, contact and changes
If you signed in as a visitor and wish to access or correct your information, contact the host organisation whose premises you visited — as the agency responsible for that information, it holds your sign-in record. You can also write to us at privacy@inveya.com and we will refer your request to the host organisation and assist it. Complaints may be raised with us as described in our Privacy Policy or with the Office of the Privacy Commissioner (privacy.org.nz).
We review this notice whenever the apps’ data practices or the app stores’ requirements change materially; the version and effective date above record the current edition.
Privacy Manager
Inveya Limited
7 Airborne Road
Rosedale, Auckland 0632
New Zealand
privacy@inveya.com