Legal Document

Privacy Policy

Last updated: January 1, 2026 Effective: January 1, 2026
01

Introduction

Summary

We respect your privacy. This policy explains what data we collect, why we collect it, and how you can control it. We will never sell your personal information to third parties.

Nexa Tech ("we", "us", or "our") operates the website located at nexatech.co.nz and any associated services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or engage with our services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services immediately.

This policy applies to information we collect through our website, email correspondence, client engagements, and any other interaction you may have with Nexa Tech.

02

Information We Collect

We collect information you provide directly to us, information gathered automatically when you use our Services, and information from third-party sources. The categories of information we may collect include:

Information You Provide Directly

  • Full name, email address, phone number, and company name submitted through contact or inquiry forms.
  • Project briefs, requirements, and communications shared during client engagement.
  • Billing and payment information processed through our secure payment providers.
  • Account credentials if you register for a client portal or dashboard.
  • Feedback, testimonials, and survey responses you voluntarily submit.

Information Collected Automatically

  • IP address, browser type, operating system, and device identifiers.
  • Pages visited, time spent on each page, referring URLs, and navigation paths.
  • Cookies and similar tracking technologies (see Section 5).
  • Log files and crash reports generated by our servers and applications.
03

How We Use Your Data

We use the information we collect for legitimate business purposes, including to provide, improve, and personalise our Services. Specific purposes include:

  1. Responding to enquiries, proposals, and support requests submitted through our website or email.
  2. Delivering and managing software development, design, and consulting services you have engaged us for.
  3. Processing invoices, payments, and maintaining financial records as required by law.
  4. Sending service-related communications, project updates, and administrative notices.
  5. Sending marketing and promotional materials, subject to your consent and applicable law.
  6. Analysing usage patterns to improve website performance, content, and user experience.
  7. Detecting, preventing, and responding to fraud, abuse, and security incidents.
  8. Complying with applicable legal obligations and regulatory requirements.

We process your data on the basis of contractual necessity (to perform services you have engaged), legitimate interests (website analytics, security), legal obligation (tax and accounting records), and consent (marketing communications).

04

Sharing of Information

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

  • Service Providers. We work with trusted third-party vendors who assist us in operating our business (e.g., hosting providers, payment processors, analytics services). These parties are contractually bound to process data only on our behalf and in accordance with this policy.
  • Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your data being transferred.
  • Legal Compliance. We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, the safety of others, or to investigate fraud.
  • With Your Consent. We may share your information with third parties when you have given us explicit permission to do so.
05

Cookies & Tracking

We use cookies and similar technologies to enhance your experience, understand website usage, and deliver relevant content. The types of cookies we use include:

  • Strictly Necessary Cookies. Essential for the website to function. These cannot be disabled without affecting core functionality.
  • Analytical / Performance Cookies. Help us understand how visitors interact with our site by collecting anonymised usage statistics (e.g., Google Analytics).
  • Functional Cookies. Remember your preferences and settings to provide a more personalised experience.
  • Marketing Cookies. Used to track visits across websites to deliver relevant advertisements. These are only set with your consent.

You can control or disable cookies at any time through your browser settings. Note that disabling certain cookies may affect the functionality of our website. You may also opt out of analytics tracking by visiting the Google Analytics opt-out page.

06

Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

  • Client project data and correspondence is retained for a minimum of seven (7) years following project completion for legal and accounting purposes.
  • Contact form submissions are retained for up to two (2) years unless a client relationship is established.
  • Website analytics data is retained in aggregated form for up to twenty-six (26) months.
  • Marketing preferences and consent records are retained until you withdraw consent or for five (5) years, whichever comes first.

When your data is no longer required, we will securely delete or anonymise it in accordance with industry-standard practices.

07

Security

We implement technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • TLS/SSL encryption for all data transmitted between your browser and our servers.
  • Encryption of sensitive data at rest using industry-standard algorithms.
  • Role-based access controls limiting data access to authorised personnel only.
  • Regular security audits, penetration testing, and vulnerability assessments.
  • Incident response procedures to detect, contain, and report data breaches.

Important Notice

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your data has been compromised, please contact us immediately.

08

Your Rights

Depending on your location and applicable data protection law (including the GDPR for EEA residents and applicable state laws for US residents), you may have the following rights regarding your personal information:

  • Right of Access. You may request a copy of the personal data we hold about you.
  • Right to Rectification. You may request that we correct any inaccurate or incomplete information.
  • Right to Erasure. You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Restriction. You may request that we restrict the processing of your data in certain circumstances.
  • Right to Data Portability. You may request a copy of your data in a structured, machine-readable format.
  • Right to Object. You may object to processing based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent. Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 11. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request.

09

Children's Privacy

Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at the address listed in Section 11.

10

Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending an email notification to the address associated with your account.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.

If we make changes that materially affect your rights, we will provide at least thirty (30) days' advance notice before the changes take effect.

11

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through any of the following channels:

We will acknowledge all privacy-related requests within five (5) business days and aim to resolve them within thirty (30) days of receipt.