CyberMark Agency ("CyberMark", "we", "us", "our") is committed to protecting your privacy and handling personal information in a transparent, secure way. New Zealand's Privacy Act 2020 requires organisations to be clear about how, when, and why they collect personal information.
This Privacy Policy explains:
- what personal information we collect
- why we collect it and how we use it
- who we share it with
- how we store and protect it
- your rights (including access and correction)
- how to contact us or make a complaint
1) Who we are and how to contact us
If you have questions about this policy or want to make a privacy request, contact us using the email above.
2) What personal information we collect
Depending on how you interact with us, we may collect the following types of personal information:
A) Enquiries and sales
- name
- business name
- email address
- phone number (optional)
- message content and any details you choose to provide
B) Customers and service delivery (managed cybersecurity services)
- account/contact details for authorised customer users
- support communications and ticket history
- service configuration details you provide (for example: device counts, environment details, service preferences)
- operational/security data needed to deliver services (for example: alerts, device identifiers, audit logs, and security event information), to the extent you provide or enable access as part of the service
C) Billing (if applicable)
- invoicing details (name, business details, billing contact)
- payment status and transaction references (we typically do not store full card numbers—payment processors handle that)
D) Website usage data (cookies/analytics)
When you visit our website, we may automatically collect technical data such as:
- IP address
- browser/device type
- pages viewed and time spent
- referral source
- cookie identifiers and analytics events (if enabled)
3) How we collect personal information
We collect personal information in the following ways:
- Directly from you (e.g., contact forms, onboarding, emails, calls, support)
- Automatically through cookies and similar technologies when you use our website (if enabled)
- From trusted third parties where relevant (e.g., payment processors, or tools used to deliver/support our services)
4) Why we collect and use personal information
We only collect and use personal information for purposes connected with our business and services, and where it is necessary to do so.
Common purposes include:
- responding to enquiries and providing quotes
- onboarding customers and delivering cybersecurity services
- providing support and communicating about service changes
- billing and account administration
- improving our services, documentation, and customer experience
- protecting our systems, preventing fraud, and maintaining security
- meeting legal and regulatory obligations
5) Who we share personal information with
We may share personal information with:
- Service providers who help us operate our business (for example: cloud hosting, email, helpdesk/ticketing, analytics, invoicing/payment, backup/storage)
- Security and monitoring vendors we use to deliver your chosen services (only as needed for service delivery and support)
- Professional advisers (e.g., accountants, lawyers) where necessary
- Law enforcement or regulators where we are legally required to do so, or where disclosure is reasonably necessary to protect rights, safety, or prevent serious harm
We do not sell personal information.
6) International data transfers
Some of our tools and service providers may store or process information outside New Zealand (for example, depending on where their servers are located). When we use overseas providers, we take reasonable steps to ensure information is handled securely and consistently with this policy.
7) How long we keep personal information (retention)
We keep personal information only for as long as necessary for the purposes described in this policy, unless we are required or permitted by law to keep it longer.
Typical retention examples:
- Enquiries (not converted to customers): up to 24 months
- Customer account and support records: for the duration of the customer relationship, and up to 90 days after termination (unless longer retention is required for legal, dispute, or audit reasons)
- Billing records: retained as required for tax/accounting purposes
- Website analytics: retained according to our analytics settings (if enabled)
8) How we protect personal information
We take reasonable steps to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. Security measures may include:
- access controls and least-privilege permissions
- encryption in transit where supported
- logging and monitoring
- secure configuration and patching practices
- staff/contractor access management
No method of transmission or storage is 100% secure, but we work to maintain strong, appropriate safeguards.
9) Your rights: access and correction
Under New Zealand privacy principles, individuals generally have the right to:
- request access to personal information we hold about them
- request correction of personal information if they believe it is wrong
To make a request, email [email protected] with:
- your full name
- what information you're requesting or what you want corrected
- enough details for us to verify your identity
We may need to confirm your identity before releasing or changing information.
10) Complaints
If you're not satisfied with how we've handled personal information, please contact us first at [email protected] and we'll try to resolve it.
You can also raise a concern with the Office of the Privacy Commissioner (New Zealand).
11) Privacy breaches
If a privacy breach occurs and it is notifiable (i.e., it has caused or is likely to cause serious harm), New Zealand law requires notifying the Privacy Commissioner and affected individuals as soon as practically able.
As guidance, the Privacy Commissioner's expectation is notification no later than 72 hours after becoming aware of a notifiable breach (this timeframe is a guide).
12) Cookies and analytics
We may use cookies and similar technologies to:
- keep the website functioning
- understand how visitors use our website (analytics)
- improve performance and user experience
You can control cookies through your browser settings and, where available, cookie preference tools on our site. Disabling some cookies may affect site functionality.
13) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on our website and update the "Last updated" date above. If changes are material, we may also notify customers through account communications or email.