Skip to Content

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: December 07, 2025

Our Commitment to Your Privacy

INNOLAB Limited ("we", "us", or "our") is committed to protecting your privacy and complying with the New Zealand Privacy Act 2020. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us.

1. Information We Collect

1.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, job title
  • Account Information: Username, password (encrypted), profile preferences
  • Communication Data: Messages, inquiries, feedback, newsletter subscriptions
  • Service Request Data: Project requirements, consultation requests, appointment bookings
  • Payment Information: Billing address, payment method details (processed securely by third-party payment processors)

1.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies & Tracking: Cookie IDs, session tokens, analytics data (see our Cookie Preferences)
  • Location Data: General geographic location based on IP address

1.3 Information from Third Parties

  • Social media platforms (if you connect your account)
  • Business partners and referral sources
  • Public databases and data enrichment services

2. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: Provide, maintain, and improve our consulting services, analytics solutions, and digital transformation projects
Communication: Respond to inquiries, send service updates, provide customer support, and deliver newsletters (with your consent)
Analytics & Improvement: Analyze website usage, understand user behavior, and enhance user experience
Security & Fraud Prevention: Protect against unauthorized access, detect suspicious activity, and maintain system integrity
Legal Compliance: Comply with legal obligations, enforce our terms, and protect our legal rights
Marketing: Send promotional materials, case studies, and event invitations (only with your explicit consent)

3. Legal Basis for Processing (NZ Privacy Act 2020)

We process your personal information based on the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract Performance: Processing is necessary for the performance of a contract with you
  • Legal Obligation: Processing is necessary to comply with legal or regulatory requirements
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security)

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

4.1 Service Providers

  • Cloud Hosting: AWS, Google Cloud (data stored in New Zealand or Australia regions)
  • Analytics: Google Analytics (anonymized data)
  • Email Services: Mailchimp, SendGrid (for newsletters and transactional emails)
  • Payment Processors: Stripe, PayPal (PCI-DSS compliant)
  • CRM Systems: Odoo (self-hosted), Salesforce

4.2 Business Partners

With your consent, we may share information with trusted business partners for joint projects or referral programs.

4.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

Data Type Retention Period Reason
Account Information Until account deletion + 90 days Service provision, legal obligations
Transaction Records 7 years Tax and accounting requirements (NZ law)
Marketing Consent Until consent withdrawal + 30 days Compliance with consent management
Analytics Data 26 months (anonymized after 14 months) Usage analysis, trend identification
Support Tickets 3 years after resolution Quality assurance, dispute resolution

6. Your Privacy Rights (NZ Privacy Act 2020)

Under New Zealand law, you have the following rights regarding your personal information:

Right to Access

Request a copy of the personal information we hold about you

Right to Correction

Request correction of inaccurate or incomplete information

Right to Deletion

Request deletion of your personal information (subject to legal obligations)

Right to Object

Object to processing of your personal information for certain purposes

Right to Data Portability

Receive your personal information in a structured, machine-readable format

Right to Withdraw Consent

Withdraw consent at any time (does not affect prior processing)

To exercise your rights, contact us at:

Email: [email protected]
Phone: +64 22 098 0517
Address: Auckland, New Zealand

We will respond to your request within 20 working days as required by the Privacy Act 2020.

7. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: SSL/TLS encryption for data in transit, AES-256 encryption for sensitive data at rest
  • Access Controls: Role-based access, multi-factor authentication, regular access reviews
  • Network Security: Firewalls, intrusion detection systems, DDoS protection
  • Regular Audits: Security assessments, vulnerability scanning, penetration testing
  • Employee Training: Privacy and security awareness training for all staff
  • Incident Response: Data breach response plan, 24/7 monitoring

Note: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your personal information is primarily stored and processed in New Zealand and Australia. If we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Ensuring the receiving country has adequate data protection laws
  • Obtaining your explicit consent where required

9. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Privacy Complaints

If you have a complaint about how we handle your personal information, please contact us first at [email protected]. We will investigate and respond within 20 working days.

If you are not satisfied with our response, you have the right to lodge a complaint with the New Zealand Privacy Commissioner:

Office of the Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909
Email: [email protected]

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

INNOLAB - Privacy Officer

Address: Auckland, New Zealand
Email: [email protected]
Phone: +64 22 098 0517
Website: innolab.co.nz

Related Documents

Cookie Preferences Terms of Use Security Disclosure
Back to Home