Our commitment to privacy

how important it is to have a solid privacy policy in place. We are committed to being fully transparent and
honest in our approach to using and storing your data. We are taking all steps to ensure that this information
remains secure.
This Privacy Policy outlines the details of how we collect, use, share and protect your personal information.
This applies to information that we collect both online and offline. This policy relates to the Toha and East
Coast Exchange websites, and all Toha subsidiaries and services as they exist today. We will update this policy
regularly and notify you by email when this occurs.
Your information will never be shared, leased or given to any third parties in ways other than disclosed in this
Privacy Policy. The Office of the Privacy Commissioner (www.privacy.org.nz) provides further details of the
Privacy Act 2020 and how it protects personal information in Aotearoa New Zealand.
If you have any questions about your privacy or this policy, please contact us.
What information is collected by the East Coast Exchange & Toha?
We collect personal information and data about your actions to be displayed on the ECX public record. We also
collect data so that we can provide, design and build products that support the Toha Network, including Toha’s
We may collect information from or about you in the following ways:
Information that you voluntarily provide us, such as
- ECX registration. We collect personally identifiable information such as your address, email address, name,
phone number and land.
- ECX Action Record. We collect details about the actions you have undertaken including date and location.
You own this data and can ask for it to be edited or removed at any time.
- Communications and phone calls. When you communicate with a member of the Toha team, we may
collect and store information about your communication and the information you provide, in our Client
Relationship Manager (CRM) tool, HubSpot, and third party reporting tools including Pledge Reporter,
Claim/Pledge Template Developer and other third party data storage. HubSpot privacy terms and
conditions can be found here.
For more on Security at HubSpot, please see https://legal.hubspot.com/security
Information we collect automatically, such as
- Web Server Logs. Our web servers may collect certain information such as IP address, pages visited, time of
visits, and referring website.
- Via our CRM tool, Hubspot, which may track or use your activity on the ECX Website. Hubspot privacy terms
and conditions can be found here. For more on Security at HubSpot, please see https://legal.hubspot.com/
- Via cookies. Cookies are small files temporarily stored on your hard drive. We use cookies to retrieve
aggregate information of the characteristics and behaviours of Website users so we can make
improvements to the Website. We use cookies to keep track of your preferences so we can present
the Website to best meet your requirements. The information collected is non-personally identifiable
information such as: Internet domain and IP address from which you are accessing the Website; the browser
and operating system you are using (e.g. Chrome, Internet Explorer and Firefox or Windows and Mac); the
date and time you access the site; and whether you arrived at the Website via a link from another site and
the address of such site. You can disable the use of cookies in your browser settings. You may continue to
use this Website even if you deactivate cookies, however deactivating cookies may mean that you might no
longer be able to enjoy offers from Toha in their entirety.
- Geolocation data We log all access to all accounts by full IP address so that we can always verify no
unauthorised access has happened. We keep this login data for as long as required.
- Web analytics data Web analytics data is also tied temporarily to IP addresses to assist with troubleshooting
cases. Web analytics data is collected either in the platform, Google Analytics, Hubspot, Google Data Studio
or other third party web analytics tools.
- Website interactions When you browse Toha web pages or tools, your browser automatically shares certain
information such as which operating system and browser version you are using. We track that information,
along with the pages you are visiting, page load timing, and which website referred you for statistical
purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help
inform some design decisions. These web analytics data are tied to your IP address and user account if
applicable and you are signed into our Services.
- Anti-bot assessments We use CAPTCHA services across our applications to mitigate brute force logins and
in Loomio as a means of spam protection. We have a legitimate interest in protecting our apps and the
broader Internet community from credential stuffing attacks and spam. When you log into your accounts
and fill specific forms in Loomio, the CAPTCHA service evaluates various information (e.g IP address, how
long the visitor has been on the app, mouse movements) to check whether the data is possibly filled out by
an automated program instead of a human.