Privacy

1. Purpose

This policy sets out how Deptive collects, uses, stores, and protects personal information in accordance with the New Zealand Privacy Act 2020 (as amended by the Privacy Amendment Act 2025) and its Information Privacy Principles (IPPs 1–13 and IPP3A). For further information on the Act, see www.privacy.org.nz

This policy applies whenever we interact with you or collect your personal information in the course of our business activities, including when you visit our website, sign up for a newsletter, read blogs, use our cloud services (including software-as-a-service platforms), or engage with us through events, sales processes, or third-party integrations.

We may update this policy from time to time. Any changes will apply from the date that we upload the revised version to our website.  This policy will display a version number and last updated date. Contact us at any time on info@deptive.co.nz or 0800 000 141 if you have any queries.

2. Collection of Personal Information

2.1 Information you provide to us

We may collect personal information that you choose to provide, such as:

  • your name, company, role, and contact details
  • application, billing, or financial information (if applicable)
  • information provided through service requests, emails, or feedback
2.2 Information we collect automatically

When you use our cloud services, we may automatically collect information for the following purposes:

  • IP addresses, hostnames, system logs, login/logoff times, performance metrics collected to operate, maintain, and secure our platforms
  • webpages and applications accessed, duration of use, and tasks performed — collected to support service delivery, troubleshooting, and service improvement
  • billing information related to your use of services — collected to administer your account and meet financial obligations

When you use our website, we may collect statistical and technical data such as your IP address, browser type, device information, date/time of access, and cookies (see section 2.4) — collected to analyse usage patterns and improve the website experience.

2.3 Information from third parties

We may also collect personal information about you from third parties (indirect collection). This may include, for example, information from publicly available sources, referrals, or business partners.

In accordance with Information Privacy Principle 3A of the Privacy Act 2020 (as amended by the Privacy Amendment Act 2025), where we collect your personal information indirectly, we will take reasonable steps to notify you of:

  • the fact of collection and, where reasonably practicable, its source;
  • the purposes for which the information was collected;
  • the intended recipients; and
  • your rights to access and correct that information.

We will provide this notification as soon as reasonably practicable after collection. Notification may not be required where an exception applies — for example, where you have already been made aware of the collection, where the information is not used in a form that identifies you or where we reasonably believe that the absence of notification would not prejudice your interests. Where a third party collects personal information on our behalf as a service provider (for example, a marketing or analytics provider acting on our instructions), this is treated as direct collection and IPP3 applies.

2.4 Cookies

Our website uses cookies to improve functionality and analytics. We categorise cookies as essential, analytical, or advertising. Non-essential cookies are only used with your consent, which is obtained through our cookie consent banner when you first visit our website. You may withdraw that consent at any time by adjusting your cookie preferences through the banner or your browser settings. Where consent is withdrawn, we will stop using non-essential cookies as soon as reasonably practicable.  You may manage or disable cookies through your browser. Learn more at:

3. Use of Personal Information

We use your personal information to:

  • provide, administer, and improve our services (website and cloud platforms)
  • generate reports where relevant to your use of our services
  • communicate with you, including service updates and marketing (you may opt out at any time)
  • meet legal and regulatory obligations
  • evaluate feedback to improve our services

We will not sell your personal information. Sharing with third parties occurs only where required to deliver our services, with your consent, or where required by law.

Categories of third parties with whom we may share your personal information include:

  • cloud infrastructure and hosting providers;
  • customer relationship management (CRM) and marketing platforms;
  • analytics and website performance tools;
  • billing and payment processors; and
  • professional advisers (legal, financial, or audit) where required.

This list is indicative and not exhaustive. We do not authorise third parties to use your personal information for their own purposes.

4. Access to and Disclosure of Information

Your information may be accessed only by authorised Deptive staff, contractors, or third-party service providers who support our services. Access is role-based and limited to those who need it to perform their job.

Where information is disclosed to third parties outside New Zealand, we will ensure that comparable privacy protections apply. This may include:

  • disclosure to recipients located in countries with adequacy status recognised under the Privacy Act 2020 (such as Australia and European Economic Area member states);
  • contractual clauses requiring the overseas recipient to maintain privacy standards comparable to New Zealand law; or
  • other safeguards consistent with IPP12.

Our cloud services involve processing and storage of data in New Zealand, Australia and the United States. We take reasonable steps to ensure that applicable data protection requirements are met in those jurisdictions.

If Deptive provides services to a government agency, we may be required to retain or disclose information under the Public Records Act 2005, the Official Information Act 1982, or Parliamentary processes.

5. Security of Information

We use a combination of industry-standard safeguards to protect your personal information, including:

  • encrypted storage and secure servers
  • multi-factor authentication (MFA)
  • access logging and monitoring
  • segregated customer zones in our multi-tenant cloud platforms

While we take reasonable steps to protect your data, no system is 100% secure and some risk of unauthorised access remains.

In the event of a security incident that affects your personal information — even where it does not meet the threshold of a notifiable privacy breach — we will assess the incident promptly and communicate with affected individuals where we consider it appropriate to do so.

6. Retention of Information

We retain personal information only as long as necessary for the purposes for which it was collected. Retention periods vary depending on the type of information and the context in which it was collected. As a general guide:

  • customer and billing records are typically retained for up to 7 years to meet legal and financial obligations;
  • service usage logs and system data are retained for shorter periods consistent with operational and security requirements;
  • website analytics data is retained in accordance with the settings of our analytics tools.

When a customer relationship ends, we will handle personal information in accordance with our contractual obligations and this policy. We will securely delete or de-identify personal information that is no longer required, subject to any legal or regulatory obligation to retain it.

Longer retention may apply where required by law, regulation, or legitimate operational reason.

7. Your Rights

Under the Privacy Act, you have the right to request access to and correction of your personal information, and to raise concerns about how we handle your personal information. We encourage you to contact us in the first instance if you have any concerns — we will do our best to resolve them directly. Requests can be made to info@deptive.co.nz or 0800 000 141 or you can contact us at the address below. Proof of identity may be required. We will respond within 20 working days of receiving sufficient information to identify and process your request, as required by law. You may also request that we delete or cease using your personal information where it is no longer needed for the original purpose of collection, subject to any legal or regulatory obligation that requires us to retain it. If you are not satisfied with our response, you may contact the New Zealand Privacy Commissioner at www.privacy.org.nz.

8. Notifiable Privacy Breaches

A notifiable privacy breach is one that has caused, or is likely to cause, serious harm to one or more affected individuals. If such a breach occurs, Deptive will notify the Privacy Commissioner and affected individuals as soon as practicable, and no later than required by law.  All breaches (whether notifiable or not) are recorded internally and reviewed.

9. Version Control

This policy is reviewed at least annually. Updates will be published with a version number and last updated date.

Last Updated: 8 June 2026

Row edge-slant Shape Decorative svg added to top

Accelerate success with Deptive’s automation and AI

DEP-logo-rev-transparent.min

Email - info@deptive.co.nz

Phone - 0800 000 141

Office - Unit 6A, 7 Shortland Street, Auckland CBD

Book a Discovery Call

Case Studies

Navigation