Our Security and Privacy Policies
Our Security Policy
- We have implemented strict safeguards to protect your privacy and keep confidential the information you provide about you and your staff, and we strive to make sure those practices meet and exceed industry standards.
- Information sharing with any third-party is prohibited.
- We protect you and your staff from junk-mail and spyware.
- Data encrypted while transferring between server and clients.
- Secure fire-protection rated building keeps our hardware safe.
- Secure mechanism for company payroll information.
- Onsite and offsite backup implemented every day, 365 days a year.
- We use 128-bit encryption to provide secure connections to your payroll data.
- All access to confidential data via the Internet is through secured connections to our Web Server.
- All access to confidential information is password controlled.
- Accesses are logged to an audit log file. The Log File is analysed and monitored for security violations.
- Our Internet connections are via a firewall.
- Network Security is remotely monitored 24 hours a day, 7 days a week.
- All users are assigned a security role which controls their access permissions.
- We have multiple, redundant, connections to the Internet.
- We send eMail confirmations for security-critical processes.
- Our servers are in a physically secured location.
- We have multiple, redundant, servers.
- Confidential data is held in a separate database that is not directly accessible from the Internet.
- RAID arrays (mirrored disks) are used to store all payroll data.
- Data is regularly backed-up and stored in a secure location.
- Our staff are bound by confidentiality agreements not to divulge sensitive information.
- Direct Debits are guaranteed by a Payroll Letter of Credit with your bank.
- Any funds held on your behalf are held in a separate Commercial Trust Bank Account.
- We accept responsibility for all tax payments, including any late payment penalties. (If we manage your tax).
- As Crystal Payroll is a Web service, authorised users can access Crystal Payroll from any Internet connected PC anywhere, at any time.
- Our server is collocated in a primary ISP in New Zealand, which enables our web server to be one of the most reliable server, 24 hrs a day, 7 days a week.
- Our hardware load-balancing also enhances accessibility.
The Information that we collect
Crystal Payroll operates the website www.crystalpayroll.co.nz/. As part of our operations we may gather certain types of information about the users of this site:
1. Personally Identifiable Information. This is provided by you when you register for services that we may offer. Examples of these services could include email newsletters. Providing this information will always be optional for you. However, some services may not be available to you if you chose not to provide it.
2. Aggregated Data. This information is generated by our systems as they track traffic through our site. This information does not identify you personally and is not linked to the personally identifiable information that you may have provided.
Who we share this information with
We will not share the information that we collect with any third parties apart from in the following circumstances:
1. The information may be hosted with a service provider. Our agreements with them protect the information that we collect from any use by them that we have not authorised.
2. Your personally identifiable information may be shared with third parties when we believe in good faith that we are required to do so by law.
What else we do with the personally identifiable information?
We have collected this information in order to provide the best possible service to you while you are visiting our site. To this end we may use the information that you provide for the following purposes:
1. To verify your identity if you need help with a forgotten password or you are having login problems with one of our site services.
2. To process any transactions that you might make on our site.
3. To help provide any other services that you have requested.
4. To offer the most relevant information suitable to you and your interests.
5. For any marketing, promotional, publicity, direct marketing or market research that we might undertake.
6. For any other purposes for which you have given permission.
What about cookies?
A cookie is a small file that resides on your computer and is recognised by our server when you visit our sites. A cookie does not provide us with any personally identifiable information. It does provide details of your IP address, the computer platform that you use (eg Mac or Windows), the browser that you use (eg Microsoft Explorer or Netscape) and what domain you are accessing our sites from. With this information we can do the following:
1. Track traffic patterns to our site.
2. Ensure that the most relevant content is being shown.
3. Allow you to enter certain site member services without having to log in each time you visit.
What about our business partners?
Opting in and opting out
You will always have the option to opt in to certain services and to opt out of those services at any stage. This means you may change your mind at any stage about participating in any of our member services.
Can we change this policy?
Your right to access your information
The New Zealand Privacy Act of 1993 gives you the right to access and correct this information. To find out more about how to do this, please contact us at firstname.lastname@example.org
Payroll involves the collection and management of confidential personal and financial information about you and your staff. CrystalPayroll will never disclose this information except as needed in order to complete the services that we have agreed to provide you with.
Employer Payroll Processing
We manage and store a range of organisational, financial and personal information on behalf of your organisation, for the purpose of processing your payroll. This information is used solely for the completion of this activity. This information is never made available to any other parties, except for the information transfer directly required to complete your payroll. (For example, transmitting direct credit files to our bank, sending your tax details to Inland Revenue, sending payroll deduction schedules to deduction agencies).
Employees may access their own payroll information but authorisation to do this is given by the employer. It is the employer’s full responsibility to monitor and control access by their staff.