Facebook Linkedin
Contact Us

Privacy Policy

1. INTRODUCTION

This document sets out the privacy policy of IT Works Limited NZBN 9429032964554 (referred to in this privacy policy as ‘we’, ‘us’, or ‘our’).

We take our privacy obligations seriously and we’ve created this privacy policy to explain how we store, maintain, use and disclose personal information.

We comply with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

By providing personal information to us, you consent to our storage, maintenance, use and disclosing of personal information in accordance with this privacy policy.

We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy.

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

 

2. TYPES OF PERSONAL INFORMATION WE COLLECT

The personal information we collect may include the following:

(a) name;
(b) mailing or street address;
(c) email address;
(d) social media information;
(e) telephone number and other contact details;
(f) age;
(g) date of birth;
(h) credit card or other payment information;
(i) information about your business or personal circumstances;
(j) information in connection with client surveys, questionnaires and promotions;
(k) your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
(l) information about third parties; and
(m) any other information provided by you to us via our website or our online presence, or otherwise required by us or provided by you.

 

3. HOW WE COLLECT PERSONAL INFORMATION

We may collect personal information either directly from you, or from third parties, including where you:

(a) contact us through our website;
(b) receive goods or services from us;
(c) submit any of our online sign up forms;
(d) communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or ‘X’) or otherwise;
(e) interact with our website, social applications, services, content and advertising; and
(f) invest in our business or enquire as to a potential purchase in our business.

We may also collect personal information from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your website usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites. If you do not wish information to be stored as a cookie, you can disable cookies in your web browser.

We may use Google Analytics to collect and process data, including when you use third party websites or apps. To find out more see How Google uses data when you use our partners’ sites or apps.

 

4. USE OF YOUR PERSONAL INFORMATION

We collect and use personal information for the following purposes:

(a) to provide goods, services or information to you;
(b) for record keeping and administrative purposes;
(c) to provide information about you to other companies in our group, our contractors, employees, consultants, agents or other third parties for the purpose of providing goods or services to you;
(d) to improve and optimise our service offering and customer experience;
(e) to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
(f) to send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing (in accordance with the Spam Act). In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);
(g) to send you administrative messages, reminders, notices, updates, security alerts, and other information requested by you;
(h) to consider an application of employment from you;
(i) to protect our business interests and ensure compliance with our internal policies and procedures.

 

5. EMAIL COMMUNICATIONS

We may communicate with you via email to provide information relevant to your interactions with us. This includes marketing, service updates, and transactional notices. You may opt out at any time using the unsubscribe option provided in such communications.

If you receive an email from us in error or without being the intended recipient, you must delete the email immediately and notify us. You must not copy, disclose, or distribute the contents of the email to any other party. We take no responsibility for any consequences arising from the unintended receipt of email communications.

 

6. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION

In accordance with the Privacy Act 2020 and consistent with Principle 6 of the NZISM and clause 7.4.8 of ISO/IEC 27701, you may request access to personal information we hold about you, and request corrections where that information is inaccurate or incomplete.

To make such a request, please contact our Privacy Manager at privacy@itworks.co.nz. We may ask you to verify your identity before granting access. We aim to respond to all requests within a reasonable timeframe and in line with our legal obligations.

 

7. DATA RETENTION AND DELETION

We retain personal information only for as long as it is necessary for the purpose for which it was collected, or as otherwise required by law or our internal record retention policies.

In line with ISO/IEC 27701 clause 7.4.7 and NZISM sections on “Storage and Disposal,” when personal information is no longer required, we take reasonable steps to securely dispose of or de-identify that information. Disposal methods may include secure deletion, digital media sanitisation, or destruction of physical records via cross-cut shredding or incineration.

 

8. DATA QUALITY

We take reasonable steps to ensure that personal information we collect, use and disclose is accurate, complete and up to date.

This aligns with clause 7.4.5 of ISO/IEC 27701 and NZISM’s principle of maintaining reliable and accurate information holdings. If you believe that any information we hold about you is incorrect, please contact us and we will take steps to address the issue promptly.

 

9. SECURITY OF YOUR PERSONAL INFORMATION

We implement appropriate technical and organisational controls to safeguard personal information, in accordance with the NZISM’s security control framework and ISO/IEC 27701 Annex A controls.

These safeguards may include encryption, access controls, multifactor authentication, data minimisation, staff training, secure development practices, and regular audits or risk assessments.

In the event of a privacy breach, we will act in accordance with our incident response procedures and notify affected individuals and the Office of the Privacy Commissioner if required.

 

10. ACCOUNTABILITY AND MONITORING

We are committed to the ongoing management and monitoring of our privacy practices, as required under ISO/IEC 27701 clause 5.2 and NZISM’s information assurance governance principles.

Our appointed Privacy Manager is responsible for overseeing our compliance with privacy legislation and standards. We regularly review our privacy programme and controls to ensure they remain effective, and we incorporate privacy considerations into our broader risk management framework.

If you have any concerns or complaints about how we handle your personal information, please contact us at [insert contact details]. We will investigate your concern and respond as soon as reasonably practicable.

 

11. THIRD PARTY SERVICE PROVIDERS

Where personal information is shared with third-party service providers, we ensure they are subject to contractual obligations that meet the requirements of ISO/IEC 27701 clause 7.2.6 and NZISM’s “External Party Agreements” controls.

We perform appropriate due diligence to ensure these providers implement adequate safeguards for the protection of personal information. This includes requiring evidence of privacy and security controls, audit reports (e.g., SOC 2, ISO/IEC 27001), and agreeing to data handling practices consistent with our standards.

 

12. LINKS

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites, and we suggest you review the privacy policies of those websites before using them.

 

13. REQUESTING ACCESS OR CORRECTING YOUR PERSONAL INFORMATION

Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. If you wish to request access to the personal information we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.

If you think that any personal information we hold about you is inaccurate, please contact us using the contact details set out below and we will take reasonable steps to ensure that it is corrected.

 

14. COMPLAINTS

If you wish to complain about how we handle your personal information held by us, please contact us using the details set out below including your name and contact details. We will investigate your complaint promptly and respond to you within a reasonable timeframe.

 

14. CONTACT US

For further information about our privacy policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

 

Name: Privacy Manager

Email: privacy@itworks.co.nz
Our privacy policy was last updated on 28 February 2025.

Subscribe to our Newsletter

Join our list of valued clients receiving monthly updates and offers including:

  • Important Announcements and Interesting News
  • New social and blog posts from our friendly team
  • Information about new and existing products and services

By signing up you agree to receive emails from our business. We value your privacy and will never share your information!

WE ARE HIRING!

We want YOU to join our team.

Helpdesk Engineer