Privacy

This privacy statement explains how Outfox Limited collects, stores, uses and shares your personal information.

Openness and transparency are important to us. The Privacy Act 2020 requires us to tell you certain things about the personal information we need to carry out our functions. This is where we explain our privacy practices and why you can trust us to handle your information with care and respect.

Here are a few key privacy messages to note:

• We only collect personal information where this is necessary to carry out our business.
• We may collect personal information about you either directly from you or from other people, and we may generate personal information about you when we carry out our business.
• We store all our data (including your personal information) on a secure Microsoft Azure cloud platform, and we use Microsoft Office 365 applications. We protect our data with all reasonable technical and process controls.
• You can ask us for a copy of your personal information at any time.
• We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law.

If you cannot find the information you need, or you have concerns about the way we are managing your personal information, then please contact us at any time.

We may update this privacy statement from time to time, for example to reflect changes to the Privacy Act, so feel free to check in again occasionally to see what might have changed. This statement was last updated in October 2023.

We use third-party providers to store and process our data.

We store most of the personal information we collect and generate electronically on Microsoft Azure cloud servers located in Australia. We also use Microsoft Office 365 for our email and other office productivity applications.

This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand.

We retain personal information in compliance with the requirements of the Public Records Act 2005.

We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage and disposal of any protectively marked or security classified information.

We ensure that our third-party data processors can meet our privacy and security requirements. We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf.

We use some third party providers to manage some of our services, such as online assessments and payments.

When we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services.

Brilliant Assessments

We use Brilliant Assessments to create our assessments (e.g. Cyber Health Check).

Stripe

We use Stripe to process payments for paid reports.

The Privacy Act gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also complain to us at any time if you think we have misused your personal information.

Contact us to exercise any of these rights, including the right to complain about our privacy practices. Remember that you can make an information request to us in any form (see below).

You have the right to request a copy of the personal information we hold about you (whether we have collected from you directly or from a third party).

You also have the right to ask us to correct your information if you think it is wrong.

We will process your request as soon as possible, and no later than 20 working days after we receive it.

Engagement information

You can opt out of receiving our newsletter or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting us.

If you have any concerns regarding privacy, please email or call us.

You can contact the Privacy Commissioner if you’re not satisfied with our response to any privacy-related concerns you may have.