Legal

Privacy policy

Overview

Kelevra Information Systems Limited (“KIS”, “we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, store, and disclose personal information in accordance with the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs) it contains.

By using our website (kis.co.nz) or engaging our services, you agree to the collection and use of information in accordance with this policy.

Information we collect

We collect personal information only when it is necessary for a legitimate business purpose. The types of information we may collect include:

  • Contact information — name, email address, phone number, company name, and job title, when provided via our contact form or during an engagement
  • Usage information — information about how you interact with our website, including pages visited, time on site, and referring URLs (collected via analytics tools)
  • Communications — records of correspondence between you and KIS, including emails and meeting notes
  • Service delivery information — technical and organisational information provided to us in the course of delivering our services

We do not collect sensitive personal information (such as health information, financial account details, or biometric data) except where explicitly required for a specific engagement and agreed in writing.

Who we share your information with

We do not sell your personal information to third parties. We may share information with:

  • Service providers — third parties who help us deliver our services (e.g. cloud storage, email platforms, project management tools). These providers are contractually required to handle your information securely and only for the purposes we specify.
  • Legal and regulatory authorities — where required by law, court order, or to protect the rights, property, or safety of KIS, our clients, or others.

Data retention

We retain personal information for as long as is necessary for the purposes for which it was collected, or as required by law. Client engagement records are retained for a minimum of seven years in accordance with our professional obligations. You may request deletion of your personal information at any time, subject to legal retention requirements.

Security

We take the security of your personal information seriously. We implement appropriate technical and organisational measures to protect against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, and regular security reviews. As a cybersecurity firm, we hold ourselves to a high standard in this regard.

Your rights

Under the Privacy Act 2020, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention obligations)
  • Withdraw consent for marketing communications at any time
  • Make a complaint to the Privacy Commissioner if you believe we have breached our privacy obligations

To exercise any of these rights, please contact us at privacy@kis.co.nz.

Cookies and analytics

Our website uses cookies and analytics tools to understand how visitors use our site. This includes information such as pages visited, session duration, and device type. This information is aggregated and does not identify individual users. You can disable cookies in your browser settings, though this may affect website functionality.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by posting an updated version on this page with a revised date. Continued use of our website or services after a change constitutes acceptance of the updated policy.