1. Introduction
This Privacy Policy explains how Exerevno Limited (New Zealand Business Number 9429053641700) ("Exerevno", "we", "us" or "our") collects, uses, holds, discloses and otherwise handles personal information. Exerevno is an artificial intelligence (AI) consulting business based in Auckland, New Zealand, operating in Auckland and remotely across New Zealand, and providing services to businesses in New Zealand and Australia.
We are committed to protecting the privacy of individuals whose personal information we hold and to handling that information in accordance with the New Zealand Privacy Act 2020 and its 13 Information Privacy Principles (the "IPPs"). Where applicable to individuals in Australia, we also have regard to the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (the "APPs"). See section 10 for more on Australian visitors.
For the purposes of this Policy, Exerevno is the agency (and, where the equivalent concept applies, the controller) responsible for the personal information described below.
2. Scope of this Policy
This Policy applies to personal information we collect through our website (the "Website") and in the course of responding to enquiries and dealing with prospective and current clients. The Website is a marketing and information website only: it has no user accounts, no login, and does not process payments or facilitate e-commerce.
- This Policy covers the personal information of website visitors, individuals who submit a contact form, and individuals who otherwise communicate with us in connection with our services.
- This Policy should be read together with our Terms of Use, which govern your use of the Website.
- Where we provide consulting services under a separate written services agreement, that agreement (and any associated data processing or confidentiality terms) governs how we handle personal information supplied to us as part of that engagement. This Policy continues to apply to the extent not displaced by such an agreement.
3. Personal Information We Collect
In this Policy, "personal information" means information about an identifiable individual, consistent with the meaning given in the Privacy Act 2020 (and, for Australian individuals, "personal information" as defined in the Australian Privacy Act 1988).
3.1 Information you provide directly
When you complete a contact form on our Website (available on our contact page and home page), we collect:
- your name;
- your email address;
- your business or organisation name (optional); and
- the content of the free-text message you choose to send us.
If you contact us by email or otherwise correspond with us in relation to our services, we collect the information contained in that correspondence, which may include your contact details and details about your business, your requirements and your enquiry.
3.2 Information collected automatically through hosting
Our Website is hosted by Netlify. As part of the normal operation of any website, our hosting provider processes certain technical information automatically when you visit, including your IP address, browser type and user-agent string, and the date and time of your request (server logs). This information is used for hosting, delivery, security and the proper functioning of the Website.
3.3 Information provided during consulting enquiries and engagements
If you engage with us about potential or actual consulting services (AI strategy and planning, AI implementation and build, data and infrastructure, or training and enablement), you may provide us with additional information about yourself, your role, your organisation and your project. You should only provide the information reasonably necessary for the relevant enquiry, and you should not submit sensitive or confidential information through the Website contact form (see section 8 of our Terms of Use).
3.4 Anti-spam
Our contact form uses a "honeypot" anti-spam field. This field is designed to deter automated spam submissions and does not collect personal information from genuine visitors.
4. Cookies and Similar Technologies
- The Website uses only strictly necessary technical processing required to deliver and secure the Website. We do not currently use analytics cookies, advertising or tracking cookies, third-party marketing pixels, or behavioural tracking technologies.
- Our Website loads fonts from Google Fonts, which are served from Google's content delivery network. When these fonts load, your IP address is transmitted to Google as a necessary part of delivering the requested font files. This is described further in sections 7 and 8.
- We may introduce additional technologies (for example, privacy-respecting analytics) in the future. If we do, we will update this Policy to describe them and, where required by law, obtain any necessary consent before they are used.
5. How and Why We Use Personal Information
We collect, hold and use personal information for the following purposes:
- To respond to your enquiries — to receive, review and reply to messages submitted through our contact forms or sent to us directly;
- To provide and discuss our services — to assess, scope, prepare proposals for, and deliver AI consulting services, and to communicate with you about an engagement;
- To communicate with you — to send you information you have requested and to manage our relationship with you;
- To operate and secure the Website — to host, maintain, monitor and protect the Website and detect, prevent and respond to spam, misuse, security incidents and technical issues;
- To comply with the law — to meet our legal, regulatory and record-keeping obligations and to respond to lawful requests; and
- To protect our legitimate business interests — including establishing, exercising or defending legal claims, and improving our services.
We will not use personal information for a purpose that is not connected with the reason it was collected unless an exception under the Privacy Act 2020 (or, for Australian individuals, the APPs) applies, or you have authorised that use.
6. Our Privacy Act Compliance Framework
We handle personal information in accordance with the Information Privacy Principles under the Privacy Act 2020. In particular:
- We only collect personal information that is necessary for a lawful purpose connected with our functions and activities (IPP 1);
- We generally collect personal information directly from the individual concerned (IPP 2);
- We take reasonable steps to make individuals aware of the collection, its purpose, and their rights, including by way of this Policy (IPP 3);
- We collect personal information by lawful and fair means that are not unreasonably intrusive (IPP 4);
- We take reasonable steps to keep personal information secure (IPP 5 — see section 9);
- We provide individuals with rights of access to and correction of their personal information (IPPs 6 and 7 — see section 10);
- We take reasonable steps to ensure information is accurate, complete and up to date before use or disclosure (IPP 8);
- We do not keep personal information for longer than is required for the purposes for which it may lawfully be used (IPP 9 — see section 9);
- We use and disclose personal information only for permitted purposes (IPPs 10 and 11 — see sections 5 and 7);
- We comply with the rules on disclosing personal information outside New Zealand (IPP 12 — see section 8); and
- We do not assign unique identifiers to individuals except where permitted (IPP 13).
Where the APPs apply to an Australian individual, we also handle that information in a manner consistent with our obligations under the Australian Privacy Act 1988.
7. Disclosure of Personal Information
We do not sell personal information, and we do not trade or rent personal information to third parties. We may disclose personal information in the following limited circumstances:
- Service providers and processors — to trusted third parties who provide services that support our business and Website, who are authorised to use the information only to provide those services to us. These currently include:
- Netlify, our website hosting provider, which hosts the Website, processes server logs, and receives and processes contact form submissions; and
- Google (Google Fonts), whose font content delivery network receives your IP address when fonts load.
- Professional advisers — to our legal, accounting, insurance and other professional advisers where reasonably necessary;
- Legal and regulatory disclosure — where we are required or authorised by law to disclose information, or where disclosure is necessary to comply with a lawful request, to enforce our legal rights, or to protect the rights, safety or property of any person; and
- Business transitions — to a successor or acquirer in connection with a sale, merger or reorganisation of our business, subject to appropriate confidentiality protections.
8. Overseas Disclosure of Personal Information
- Some of the service providers we use are located outside New Zealand. In particular, Netlify and Google are United States–based providers, and personal information (including contact form submissions handled by Netlify, and IP addresses transmitted to Google when fonts load) may be processed or stored outside New Zealand and Australia.
- Consistent with IPP 12 of the Privacy Act 2020, before relying on an overseas provider we take reasonable steps to satisfy ourselves that the information will be subject to comparable safeguards — for example, because the provider is bound by contractual terms (including model contractual clauses or equivalent data protection commitments) requiring it to protect the information to a standard comparable to the Privacy Act 2020.
- You acknowledge that where personal information is disclosed to an overseas recipient that is not subject to laws or arrangements providing comparable protection, that information may not be protected to the same standard as under New Zealand law. By submitting information through the Website, you are informed of, and consent to, the overseas disclosures described in this section to the extent your authorisation is required.
- For Australian individuals, and consistent with APP 8, we take such steps as are reasonable in the circumstances to ensure that overseas recipients handle personal information in a manner consistent with the APPs before disclosing personal information to them.
9. Storage, Security and Retention
- Security. We take reasonable technical and organisational steps to protect personal information from loss, unauthorised access, use, modification, disclosure or other misuse. These steps include limiting access to personal information to those who need it and relying on reputable service providers that maintain appropriate security measures. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
- Storage. Personal information you submit through the Website is received and stored via our hosting and forms provider (Netlify), and information you send by email is stored within our email and business systems.
- Retention. We retain personal information only for as long as is necessary for the purposes for which it was collected, including to respond to your enquiry, to provide and administer our services, and to meet our legal, accounting, regulatory and record-keeping obligations. When personal information is no longer required, we take reasonable steps to securely delete or de-identify it.
10. Your Rights — Access, Correction and Australian Visitors
10.1 Access and correction (New Zealand)
Under IPPs 6 and 7 of the Privacy Act 2020, you have the right to:
- request access to and a copy of the personal information we hold about you; and
- request correction of that information if you believe it is inaccurate, incomplete, out of date or misleading.
To make a request, contact us using the details in section 14. We may need to verify your identity before responding. We will respond within the timeframes and in the manner required by the Privacy Act 2020. In limited circumstances we may decline a request as permitted by law, in which case we will tell you why. If we decline to correct information, you may ask us to attach a statement of the correction sought, and we will take reasonable steps to do so. We do not charge individuals to make access or correction requests, except as permitted by law.
10.2 Australian visitors and clients
Where you are an individual in Australia and the Australian Privacy Principles apply, you have rights that broadly correspond to those above, including the right to request access to and correction of your personal information under APP 12 and APP 13. You may exercise these rights by contacting us using the details in section 14. If you are dissatisfied with how we handle your personal information or your request, you may complain to us first and, if not resolved, to the Office of the Australian Information Commissioner (OAIC) — see section 14.
11. Children's Privacy
Our Website and services are directed at businesses and professionals, not at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so that we can take appropriate steps to delete it.
12. Third-Party Links
The Website may contain links to third-party websites or resources that we do not operate or control. This Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of any third-party site, and we encourage you to review the privacy policies of any website you visit.
13. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technologies or legal obligations. The current version will always be available on our Website, and the "Last updated" date above indicates when it was most recently revised. Where changes are material, we will take reasonable steps to bring them to your attention. Your continued use of the Website after a change takes effect indicates your acceptance of the updated Policy.
14. How to Contact Us and How to Complain
- If you have any questions about this Policy, wish to exercise your rights, or wish to make a privacy complaint, please contact us in the first instance at info@exerevno.co.nz. We will acknowledge your complaint, investigate it, and respond within a reasonable time.
- New Zealand. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner (New Zealand), the authority responsible for overseeing compliance with the Privacy Act 2020, including via its website at privacy.org.nz.
- Australia. If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC), including via its website at oaic.gov.au.
15. Effective Date
This Privacy Policy is effective as at, and was last updated on, 4 May 2026.