1. Overview
This Data Collection and Protection Policy outlines how ez-ai.nz collects, processes, stores, and protects data in accordance with New Zealand's Privacy Act 2020 and international best practices for data protection.
Our Commitment: We are committed to protecting your data through industry-standard security measures and transparent data handling practices.
2. Data Collection Methods
2.1 Direct Collection
We collect data directly from you when you:
- Fill out contact forms on our website
- Subscribe to our newsletters
- Request a consultation or quote
- Engage our services
- Communicate with us via email or phone
- Participate in surveys or feedback forms
2.2 Automated Collection
We automatically collect certain data through:
- Website Analytics: Google Analytics for usage patterns
- Server Logs: IP addresses, browser types, access times
- Cookies: Session management and preferences
- Local Storage: User preferences and settings
2.3 Third-Party Sources
We may receive data from:
- Business partners (with your consent)
- Public business directories
- Social media platforms (public information only)
- Industry databases and publications
3. Types of Data We Collect
3.1 Personal Identifiable Information (PII)
- Full name and job title
- Email address and phone number
- Company name and business address
- LinkedIn profile (if provided)
- Payment information (processed securely through third-party providers)
3.2 Business Information
- Company size and industry
- Business challenges and requirements
- Current technology stack
- Project specifications and timelines
3.3 Technical Data
- IP address and location (country/city level)
- Browser type and version
- Device type and operating system
- Referral source and pages visited
- Session duration and interaction data
4. Data Protection Measures
4.1 Technical Safeguards
- Encryption: SSL/TLS for data in transit, AES-256 for data at rest
- Access Controls: Multi-factor authentication and role-based access
- Firewalls: Network and application-level protection
- Regular Updates: Security patches and software updates
- Backup Systems: Regular encrypted backups with secure storage
- Monitoring: 24/7 security monitoring and intrusion detection
4.2 Organisational Safeguards
- Staff Training: Regular data protection and security awareness training
- Confidentiality Agreements: All staff and contractors sign NDAs
- Access Limitation: Data access on a need-to-know basis
- Incident Response Plan: Documented procedures for data breaches
- Regular Audits: Annual security and compliance assessments
4.3 Physical Safeguards
- Secure data centre facilities with 24/7 monitoring
- Restricted access to server rooms
- Secure disposal of physical documents
- Clean desk policy for sensitive information
5. Data Processing Principles
We adhere to the following principles:
- Lawfulness: Processing only with legal basis
- Purpose Limitation: Collecting data for specified, legitimate purposes
- Data Minimisation: Collecting only necessary data
- Accuracy: Keeping data accurate and up to date
- Storage Limitation: Retaining data only as long as necessary
- Integrity: Ensuring data security and confidentiality
- Accountability: Demonstrating compliance with these principles
6. Data Sharing and International Transfers
6.1 Third-Party Service Providers
We share data with trusted service providers for:
- Cloud Hosting: Amazon Web Services (AWS) - Sydney region
- Email Services: Mailchimp for newsletter distribution
- Analytics: Google Analytics for website insights
- Customer Support: Zendesk for ticket management
- Payment Processing: Stripe for secure transactions
6.2 International Transfers
When data is transferred internationally, we ensure:
- Adequate protection through contractual clauses
- Compliance with New Zealand privacy laws
- Transfers only to countries with adequate data protection
- Your explicit consent where required
7. Your Data Rights
You have the following rights regarding your data:
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Limit processing of your data
- Right to Portability: Receive data in a portable format
- Right to Object: Object to certain processing
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at skene@ez-ai.nz
8. Data Breach Response
In the event of a data breach, we will:
- Immediately investigate and contain the breach
- Assess the risk to affected individuals
- Notify affected individuals within 72 hours (if high risk)
- Report to the Privacy Commissioner (if required)
- Document the breach and response actions
- Implement measures to prevent recurrence
9. Cookie Policy
9.1 Types of Cookies We Use
- Essential Cookies: Required for website functionality
- Performance Cookies: Help us understand how visitors use our site
- Functionality Cookies: Remember your preferences
- Analytics Cookies: Google Analytics for usage statistics
9.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
10. Data Retention Schedule
| Data Type |
Retention Period |
| Customer contracts |
7 years after contract ends |
| Financial records |
7 years (tax requirements) |
| Marketing contacts |
3 years or until opt-out |
| Website analytics |
26 months |
| Support tickets |
2 years after resolution |
| Email communications |
3 years |
11. Compliance and Certification
We comply with:
- Privacy Act 2020 (New Zealand)
- Unsolicited Electronic Messages Act 2007
- ISO 27001 best practices (working towards certification)
- OWASP security guidelines
12. Data Protection Contact
For any questions about data protection or to exercise your rights:
13. Policy Updates
We review and update this policy annually or when:
- Legal requirements change
- New technologies are implemented
- Business practices change significantly
- Industry standards evolve
Significant changes will be communicated via email to registered users.