Privacy Policy

1. Data Controller
2. What personal data we collect
3. How we use your data
4. Legal basis for processing
5. Data retention
6. Sharing and third parties
7. International transfers
8. Your rights
9. Cookies
10. Security
11. Children
12. Changes to this policy
13. Contact

1. Data Controller

The data controller for DocuServices NZ is:

GOV PAPERS SL — Data Controller

Company nameGOV PAPERS SL

CIF / Tax IDB25989039

Registered addressGran Via de les Corts Catalanes 672, 08010 Barcelona, Spain

DocuServices NZ is a web-based data validation and error correction service for New Zealand marriage certificates, operated by GOV PAPERS SL. We are not affiliated with the New Zealand Government or any government authority.

2. What personal data we collect

We collect only the data necessary to provide our service. Depending on how you interact with this website, we may collect the following categories of personal data:

2.1 Identity and contact data

Name and surname — when you contact us, submit an enquiry or purchase a service
Email address — when you contact us, create an account or make a purchase
Postal address — billing address provided at the time of payment

2.2 Payment data

When you purchase a paid service through DocuServices NZ, we collect payment information necessary to process the transaction. This includes:

Billing name and address
Payment card details or payment method reference — processed securely through our payment processor; we do not store full card numbers on our own systems
Transaction reference and amount

Payment processing is handled by a third-party payment provider. Card data is transmitted directly to the payment provider over an encrypted connection and is not stored on DocuServices NZ servers. Our payment provider operates under PCI DSS standards.

We retain transaction records for legal and accounting purposes

Under Spanish and EU accounting law, we are required to retain records of financial transactions (including billing name, address and transaction details) for a minimum of 5 years. Card numbers and full payment credentials are never stored by us.

2.3 Service request data

Certificate information — details about the marriage certificate data you need validated or corrected. This does not require you to upload original documents to us.
Organisation name and role — if you contact us as a representative of a business or legal entity

2.4 Technical data collected automatically

Technical session data — IP address, browser type, device type, pages visited and session duration, collected through strictly necessary cookies for website functionality
We do not use Google Analytics or third-party advertising/tracking cookies

We do not collect or store copies of official documents

DocuServices NZ does not ask you to upload, share or transmit original New Zealand certificates, identity documents or official records. Our data validation service does not require you to submit original documents to us.

3. How we use your data

We use the personal data we collect for the following purposes:

To respond to your enquiries — processing enquiries about marriage certificate data validation and error correction
To provide data validation and error correction services — validating marriage certificate data for accuracy, identifying errors and documenting the required corrections in a detailed email report
To communicate with you — sending responses, follow-up information or updates related to your request
To improve our service — analysing how users interact with our website to improve the information we provide (using aggregated, non-identifiable data only)
To process payments — processing payment transactions, issuing receipts and managing billing records for paid services
To comply with legal obligations — meeting applicable legal requirements under Spanish law, EU law, New Zealand privacy law and other applicable legislation

We do not use your personal data for automated decision-making or profiling. We do not use your data for marketing purposes without your explicit consent.

4. Legal basis for processing (GDPR)

GOV PAPERS SL is established in Spain and processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection (LOPDGDD). Where users are based in New Zealand, we also respect the principles of the New Zealand Privacy Act 2020. The legal bases for our processing activities under GDPR are:

Article 6(1)(b) GDPR — Performance of a contract or pre-contractual steps: processing your name, email and request details to respond to your enquiry and provide the data validation service you have requested
Article 6(1)(b) GDPR — Contract: processing payment data and billing information necessary to fulfil a paid service you have purchased
Article 6(1)(a) GDPR — Consent: where you have given explicit consent for a specific processing activity
Article 6(1)(c) GDPR — Legal obligation: where processing is necessary to comply with applicable law
Article 6(1)(f) GDPR — Legitimate interests: for basic website security, fraud prevention and service improvement purposes

5. Data retention

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law:

Enquiry and contact data — retained for up to 2 years from the date of last contact, unless you request earlier deletion
Technical session data — retained for up to 13 months in accordance with standard web server log practices
Payment and billing records — retained for a minimum of 5 years as required under Spanish and EU tax and accounting law. Transaction references and billing details are retained for this period; full card numbers are never stored.

After the applicable retention period, personal data is securely deleted or anonymised.

We do not sell, rent or trade your personal data to third parties. We may share your data in the following limited circumstances:

Service providers — we may use trusted third-party providers for hosting, email and technical infrastructure, who process data strictly on our behalf under data processing agreements
Legal requirements — we may disclose data where required by law, court order or regulatory authority
Business transfers — in the event of a merger, acquisition or sale of assets, personal data may be transferred as part of that transaction, subject to equivalent privacy protections

7. International transfers

GOV PAPERS SL is based in Spain (EU). Where we use third-party service providers that process data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR — for example, Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your rights

Under the GDPR, you have the following rights in relation to your personal data:

Right of access — to request a copy of the personal data we hold about you
Right to rectification — to request correction of inaccurate or incomplete data
Right to erasure — to request deletion of your data where there is no longer a legal basis for processing
Right to restriction — to request that we restrict processing of your data in certain circumstances
Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract
Right to object — to object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, to withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request, as required by GDPR Article 12.

You also have the right to lodge a complaint with a supervisory authority. In Spain, the competent authority is the Agencia Española de Protección de Datos (AEPD) at aepd.es. Users in New Zealand have equivalent rights under the Privacy Act 2020 and may contact the NZ Office of the Privacy Commissioner.

9. Cookies

Our website uses only technical / strictly necessary cookies required for the website to function correctly. We do not use advertising, tracking or analytics cookies at this time.

For full details, see our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration or disclosure. These include access controls, secure communication protocols (HTTPS) and limited internal access to personal data.

No method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at [email protected].

11. Children

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us so we can delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact

Privacy enquiries

Privacy contact[email protected]

General contact[email protected]

Postal addressGOV PAPERS SL, Gran Via de les Corts Catalanes 672, 08010 Barcelona, Spain

DPA (Spain)Agencia Española de Protección de Datos — aepd.es

Contents