CyberCX launches updated Ransomware and Cyber Extortion Best Practice Guide 

Privacy Policy

1. Purpose

CyberCX is committed to protecting the privacy of personal information we handle. We take our obligations under privacy laws seriously and have prepared this document to set out our policy on the protection and handling of personal information and explain more about your privacy rights.

2. Types of personal information we collect

The types of personal information we collect, and hold include name, contact details, identification, affiliations, dealings and transactions with us, including by phone, email and online.

If you apply to work with us, we also collect information about your education, experience, character and background checks including eligibility to work, vocational suitability, identity, health, reference, directorship, financial probity, and criminal record checks.

In addition, if you join us, we collect information about your employment or engagement including information about your performance, conduct, use of our IT resources and payroll matters. We will, at all times, treat your personal information with strict confidentiality and in accordance with the Privacy Act 2020. We collect some of this personal information under laws including the Companies Act 2007, Employment Relations Act 2000, KiwiSaver Act 2006, and Income Tax Act 2007.

3. Why we collect and handle personal information

We collect personal information to enable us to:

  • Establish, manage, and maintain our business relationships
  • Respond to enquiries and requests from individuals and businesses. For example, when customers ask us to respond to tenders, requests for proposals or information, or for reports to be emailed, faxed or posted
  • Recruit and consider potential employees or applications for employment with us
  • Consider a potential contractor’s engagement with us
  • Open and administer our client accounts during sales and/or the delivery cycle
  • Manage marketing and sales initiatives such as our publications, information about our service offerings, events, seminars and other business programs. For example, when customers ask to be on an email or mailing list so that we can send them information about our activities and our publications, e.g. cyber security alerts
  • Develop, provide, and improve our services and solution
  • Inform about our services and solutions
  • Obtain feedback on our services and solutions
  • Conduct administrative and business functions
  • Update our records and keep contact details up to date
  • Enable you to subscribe to newsletters and mailing lists
  • Process and respond to privacy questions, concerns and complaints
  • Fulfil legal and contractual obligations
  • Undertake any other purpose related to or ancillary to any of the above

If you do not provide us with all or part of your personal information, we may not be able to carry out the purposes which are set out above, including the provision of services to you.

4. How we collect personal information

We endeavour to collect personal information directly from the individual or their authorised representative, in ways including:

  • From the individual directly when they provide details to us. This could be when an individual contact us by telephone or electronic communications, or when an individual provides us a business card
  • When we conduct our administrative and business functions
  • When the individual purchases our solutions and services
  • When we purchase products and services
  • When the individual creates an account with us
  • When we process orders and payment transactions
  • Where we respond to inquiries and requests
  • When obtaining feedback about our solutions and services
  • When registering for our events, workshops and seminars

Sometimes we collect personal information from a third party, such as our customers or partners, or other third-party companies such as data providers, credit reporting bodies, law enforcement agencies, recruitment companies or publicly available sources.

5. Use and Disclosure

We only use and disclose personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities.  For example:

  • When customers ask to be on an email or mailing list so that we can send them information about its activities and publications, e.g. cyber security alerts
  • When customers ask us to respond to Tender, Request for Proposal, Request for Information or reports to be emailed, faxed or posted with contact information
  • If you are a contact person for one of our customers or suppliers, personal information about you may be used by us in our dealings with the customer or supplier you represent

We may exchange your personal information with third parties including your organisation, our advisers and representatives, government authorities, our related entities, and our advisors and contractors.

If you apply to work with us, we may exchange your personal information with educational institutions, recruiters, background checking services, professional and trade associations, law enforcement agencies, referees and your current and previous employers. In addition, if you join us, we may exchange your personal information with your representatives, other employers seeking a reference about you and providers of payroll, superannuation, banking, surveillance and training services.

Some of our staff and the third parties described above may be located in New Zealand, United Kingdom, United States, and other countries.

6. Overseas Recipients

We may disclose personal information to our related bodies corporate, third party suppliers and service providers located overseas. Some of our employees are located overseas. Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities located overseas, including the following:

  • Our related bodies corporate located in Australia, United States of America and the United Kingdom
  • Our data hosting and other IT service providers, located globally
  • Our clients and their related entities located in foreign countries, to the extent that we are acting on their behalf or at their direction in using, storing, or collecting your personal information.

7. Data Quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when individuals advise us that their personal information has changed, and at other times as necessary. Any changes, relevant omissions or inaccuracies in their personal information will be updated as soon as practicable.

8. Data Security

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal information, including – depending on the circumstances – electronic access controls, premises security and network firewalls. Even though we have taken significant steps to ensure that your personal information is not intercepted, accessed, used, or disclosed by unauthorised persons, you should know that we cannot fully eliminate security risks associated with personal information.

9. Privacy, cookies and our Website

This section applies in addition to the other parts of this Privacy Policy where you access our Website, which is the website under the domain name “cybercx.co.nz.

As you navigate our Website, certain information may be collected passively, including your Internet protocol address, browser type, domain names, times, and operating system. We may also use session and persistent cookies and navigational data (such as URLs) to gather information regarding the date and time of your visit and the information and services for which you searched and which you viewed. We do not intentionally gather personal information about visitors who are minors.

Our Website may use ‘cookies’ from time to time, as do many other websites. A cookie is a piece of information that helps our system to identify and interact more effectively with your browser. The cookie allows us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser application to reject cookies however some parts of our Website may not function fully as a result. Our Website may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, and your privacy choices with Google, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/

10. Access and Correction

If you wish to get access to the personal information we hold about you, or request that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.

11. Complaints

Please contact us if you wish to make a complaint about how we have handled your personal information. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution.

For any questions and notices, please contact us at:

Privacy Officer
CyberCX Pty Ltd
Phone: 1300 031 274
Email: [email protected]