Privacy Policy

1) The information we collect

We collect and process personal information only where it is reasonably necessary for our functions and services, including:

• Identity & contact details — name, business name, role, email, phone, addresses.
• Account & support data — tickets, chat transcripts, logs, device identifiers, IP address.
• Billing — purchase history, invoices, payment status (payment card details are handled by our payment providers; we do not store full card numbers).
• Website & analytics — cookies, pages viewed, referral source, approximate location, browser/device details.
• CCTV / security (if we install or monitor systems) — recordings and metadata captured by customer-owned systems in accordance with your instructions.
• Recruitment — CVs, references and right-to-work information.

We generally collect personal information directly from you (contact forms, email, phone, meetings, proposals, account portals). We may also collect information from authorised third parties you nominate (e.g. your staff or vendors) or from publicly available sources where appropriate for business contact verification.

2) Purposes for collection and use

We use personal information to:

• Provide quotes, supply, install and support POS, EFTPOS and IT services.
• Provision accounts and authenticate access to our portals and systems.
• Invoice, receive payments, and manage our business operations.
• Deliver support, maintenance, proactive monitoring and incident response.
• Communicate about service updates, security notices, and changes to terms or pricing.
• Improve our website and services (analytics, usage trends, capacity planning).
• Meet our legal obligations (e.g. tax records, responding to lawful requests).
• With consent, send optional marketing communications (you can opt out anytime).

We will not use personal information for materially different purposes without your knowledge or consent unless permitted by law.

3) Lawful basis (GDPR/UK GDPR, where applicable)

For individuals in the EEA/UK, our lawful bases may include: contract (to provide services), legitimate interests (to operate and secure our services), consent (for marketing/cookies where required), and legal obligation (tax and compliance).

4) Cookies, analytics and tracking

• We use functional and analytics cookies to operate the site and understand aggregate usage.
• Where required, we will present a consent banner to manage optional cookies.
• You can control cookies via your browser settings. Blocking some cookies may affect site functionality.

5) Sharing and disclosures

We share personal information only with:

• Service providers / subprocessors assisting our operations (e.g. hosting, email, ticketing, remote management and monitoring (RMM), payment processing, logistics). We contractually require appropriate confidentiality and security.
• Your nominated vendors (e.g. POS software publishers, payment/acquiring partners, telco/ISP) where needed to deliver a solution you request.
• Professional advisers (accountants, insurers, legal counsel) on a need-to-know basis.
• Authorities when required by law or to protect rights, safety, and security.

We do not sell personal information.

6) International transfers

Our primary operations are in New Zealand. Some service providers may process data in Australia or other countries. Where information is transferred offshore, we take reasonable steps to ensure comparable safeguards (e.g. contractual clauses and security controls). If you require data residency in NZ/Australia only, please tell us and we will discuss available options.

7) Security

We use reasonable technical and organisational measures appropriate to the risk, including access controls, encryption in transit, least-privilege administration, patching and vendor due diligence. No method is 100% secure; we continually improve our controls.

8) Data retention

We keep personal information only for as long as needed for the purposes above and to meet legal/financial record requirements (often 7 years for tax/invoice data). When no longer required, we take reasonable steps to delete or de-identify it.

9) Your rights

Under the Privacy Act, you have the right to access and request correction of your personal information. For EEA/UK visitors, additional rights may include deletion, restriction, portability and objection in certain circumstances. To exercise your rights, contact us at [email protected].

10) Direct marketing & the Unsolicited Electronic Messages Act 2007

We send commercial electronic messages only in compliance with NZ law. You can unsubscribe at any time using the link in our emails or by contacting us.

11) CCTV and security solutions (customer deployments)

Where we supply/install CCTV or security systems, you (the customer) are the controller of any recordings captured at your premises. We act as your service provider, processing footage under your instructions. You are responsible for signage and local compliance; we can provide guidance on request.

12) Children

Our services are for businesses. We do not knowingly collect personal information from children.

13) Data breaches

If a privacy breach is likely to cause serious harm, we will assess and, where required, notify the Office of the Privacy Commissioner (OPC) and affected individuals.

14) Third-party links

Our website may link to third-party sites. Their privacy practices are their own; review their policies before providing information.

15) Changes to this policy

We may update this policy to reflect changes in law or our services. The updated version will be posted on our website with a new effective date.

16) How to contact us

Questions or requests: [email protected]
Complaints: contact us first. If unresolved, you may contact the Office of the Privacy Commissioner (OPC) at https://privacy.org.nz.