Privacy and Data Policy

DataMasque Limited Privacy policy

Last updated: 14 November 2020

DataMasque is committed to respecting the privacy and security of information received from User(s) of our website or services. This Privacy and Data Policy sets out our compliance with both New Zealand privacy laws (including the Privacy Act 1993), and the European Union General Data Protection Regulations (“GDPR”).

We’ve updated our Privacy and Data Policy to ensure that we communicate to Users, in the clearest way possible, how we comply with these legal requirements, how we collect, use, disclose or transfer personal information supplied by Users or collected by us and the ways in which users can protect their privacy.

Our Privacy and Data Policy also specifies other requirements, such as how Users may access, correct and delete information held about them.

By using our services, or accessing our website, Users agree to comply with the terms and conditions of this Privacy and Data Policy and agree that DataMasque may process (i.e. collect, use, store, transfer, disclose or otherwise process) User’s personal information in accordance with this Privacy and Data Policy (as well as for any other use authorised by the User).

Our Privacy and Data Policy explains:

  1. Consent;
  2. What information we collect and how;
  3. How we use personal information;
  4. Who we share personal information with and why;
  5. The steps taken to protect personal information under our control;
  6. Users’ data protection rights;
  7. Communications;
  8. Links and connections to third party services;
  9. International data transfers
  10. How DataMasque retains and deletes personal information;
  11. How to access and update personal information; and
  12. How to contact us.


DataMasque provides public and private cloud services, network and security solutions, data management services and various other technology products and services, including products and services supplied by third party providers (together, “our services”). We collect personal information in order to be able to provide and improve our services, and for the other uses described below.

By using our services or providing personal information to us, Users consent to our collection, storage, use and disclosure of personal information (including any sensitive information provided) in accordance with this Privacy and Data Policy.


There are three ways we collect information:

  1. Information Users give us.
  2. Information we collect when Users use our services.
  3. Information we collect from third parties.

(a) Information Users Give Us

In order to purchase or use our services, a User must provide us with certain contact, billing and personal information including name, address, phone number, email address, industry specific information and company information. Users may also at times provide financial information.

Users may also provide us with information when they:

Users can always choose not to provide us with personal information, however this may mean that we are unable to supply our services effectively, or at all.

(b) Information We Collect from Use of Our Services

We may automatically collect information (which may include personal information) when Users interact with our website or use our services. This information may include:

For example, when Users visit our website, we collect information about the pages visited, the User’s browser and the User’s device. A cookie is a small element of data that a website can send to the User’s browser, which may then be stored on the hard drive (session ID cookies will terminate once Users simply close the browser, persistent cookies may however be stored on the User’s hard drive for an extended period of time). A cookie does not identify a User personally, but it does identify the User’s computer and activity such as pages visited may be linked to information like your name and email address if you complete a form or if the visit to our website was from a link supplied in an email sent from us. Cookies allow us, among other things, to monitor traffic patterns, store User preferences and settings, analyse how our services are performing and enable Users to login. Users should be aware that most web browsers are set to accept cookies by default, but allow settings to be adjusted to remove or block cookies. Please note however that rejecting or removing cookies could affect the availability and functionality of our website features, or our services.

We use Hubspot for marketing and as our CRM. We use the tool to contact and follow up with people who are in contact with us, including existing customers and those who contact us through the forms on our website. Hubspot uses cookies that begin with _hubspot, and __hssc, __hssrc and __hstc. Click here to remove HubSpot's cookies from your browser. You can read more in the Hubspot privacy policy here and Cookie Policy here.

For the purpose of customising and continually optimising our website, we use Google Analytics, a web analytics service provided by Google Inc ("Google"). In this service, pseudonymised usage profiles are created and cookies are used to generate information about your use of this website such as browser type / version, operating system, referrer URL (the previously visited page), IP address for your computer or device, date and time. This information is transmitted to a Google server in the US and stored there. The information is used to evaluate the use of our website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and our website design. This information may also be transferred to third parties if required by law or if third parties process this data. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised. You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https: // ). For more information about privacy related to Google Analytics, see the Google Analytics information at ).

To statistically record the use of our website and to evaluate it for the purpose of optimising our website, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the User visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google can detect that the User had previously clicked on the ad and was redirected to this page. Every Adwords customer receives a different cookie. Cookies cannot be tracked via the websites of Adwords customers. The information obtained through the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed about the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "". Google's privacy policy on conversion tracking can be found here ( ).

LinkedIn: Our website uses LinkedIn's social plugins operated by the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you visit a page of our website that contains such a plugin, your browser connects directly to LinkedIn's servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated into the page. Through this integration, LinkedIn receives the information that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn profile or are currently not logged in to LinkedIn. This information (including your IP address) is sent directly from your browser to a LinkedIn server and stored there. If you are logged in to LinkedIn, LinkedIn can instantly associate your visit to our website with your LinkedIn account. If you interact with the plugins, for example by clicking on the "LinkedIn" button, this information will also be transmitted directly to a LinkedIn server in the US and stored there. If you do not want LinkedIn to directly associate the data collected through our website with your LinkedIn account, you must log out of LinkedIn before visiting our website. For more information, see LinkedIn’s Privacy Policy at

(c) Information We Collect from Third Parties

We work closely with third parties (for example, our suppliers and service providers) in order to be able to develop and supply our services.

We may receive the same kinds of information described in (a) and (b) above from third parties.

Personal Information Received from Users about Others

When using our products or services, Users may disclose, and we may collect, personal information about someone else. For example, data supplied by Users may contain personal information relating to the customers or employees of Users.

Before disclosing personal information to us about someone else, Users must ensure that they have obtained sufficient consent to disclose that information to us, and that, without taking any further steps required by applicable data protection or privacy laws, we may collect, use, transfer and disclose such information for the purposes described in this Policy.

Users shall remain responsible for all personal information collected and processed by the User, and for compliance with applicable privacy and data protection laws.


We collect and use personal information in order to be able to provide and improve our services.

We also use personal information to:

For these purposes we may receive, use, store, share, send, combine, reformat, transform, encrypt, mask, organise, geomap, update and delete personal information (and undertake any further processing activities expressed or implied in this Policy). The personal information that we collect will not be further processed in ways that are incompatible with the initial purposes for which the data was collected.


We share information, including personal information, as necessary to provide Users the service requested or authorised. For example, we may share information with:

We require that our service providers, suppliers and business partners (data processors) agree to keep all User information we share with them confidential. While we provide these third parties with no more information than is necessary to perform the function for which we engaged them, Users should be aware that any information provided by the User to these third parties independently/directly is subject to the third parties' respective privacy policies and practices.

We may also share or use non-personal information (i.e. information that is related to a person but does not personally identify that individual, such as aggregated, anonymised or de-identified data) publically or with third parties, such as our partners or third party suppliers. For example, we may share or use information publically to show trends about the general use of our services. This data or information will in no way identify Users or any other individual.


Protecting the security of User personal information is of the utmost importance to DataMasque. We maintain a variety of safeguards and procedures in order to protect personal information from unauthorised access, use, interference, modification or disclosure.

For example, we store personal information on computer systems that have password-controlled access.

Users’ personal information will only be accessed by people at DataMasque who need to use the information for the purposes discussed above.

Some of our services do however require use of the internet, and the internet is not itself a secure environment. We therefore cannot give an absolute assurance or guarantee that User information will be secure at all times. Transmission of information over the internet or third-party networks is at the User’s own risk. We will notify Users at the first reasonable opportunity if we discover or are advised of a material security breach which has resulted in unauthorised access, disclosure or loss of User personal information.

To help maintain the security of information, Users agree to keep their passwords and account details private and confidential.


Under data protection and privacy laws, Users have rights regarding the personal information that we hold/collect. The rights available to Users depend on our reason for processing Users’ information. These rights include:

All requests should be sent to us at, and include the words 'Attention: The Privacy Officer'. User choices in relation to personal information may affect our ability to provide our services, or the performance of the services. We will respond to Users as soon as reasonably practicable regarding the impact of the User’s requests on the services, any other issues arising and to confirm the User’s intention to proceed. If we are unable to comply with the request, we will give the User reasons for this decision when we respond (for example, the information may not be readily retrievable and it may not be reasonable or practicable for us to process the request in the manner sought. In some instances, it may also be necessary for us to arrange access to User personal information through a third party e.g. a third party supplier).


We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.

By subscribing to email communications, or otherwise providing an email address, Users consent to receiving emails which promote and market our products and services, or the products and services of others, from time to time.

Users can unsubscribe from our email communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email, or by emailing, and include the words 'Attention: The Privacy Officer’.

Once a User has unsubscribed from the email communications, the User will be removed from the corresponding email/distribution list as soon as is reasonably practicable.


Our website contains links to (and may be used by Users in conjunction with) third-party services, tools, and websites that are not controlled or managed by us. This Privacy and Data Policy does not cover how these organisations process personal information. These websites may use cookies. It is the responsibility of those third parties to collect appropriate consents from Users in order to permit their own cookies (to the extent this is required by law) and to inform Users about the cookies they use. Users should check the privacy policy on all third-party websites to ensure they are comfortable with third party cookies.

We have no responsibility for linked websites, and provide them solely for Users’ information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness.

Disclosure of personal information by Users to third party service providers is at the User’s own risk, and we encourage Users to read the privacy policies applicable to these third-party services. We are not responsible for the security or privacy of any information collected by these third-parties.


When we disclose, use or store data, it may be transferred to, and processed in, countries other than New Zealand. In those countries, there may be differences with New Zealand's privacy laws. For example, we use Google Drive within our business, a cloud service provided by Google Inc. which processes and stores New Zealand user data in Google data centres (see more here). For more information on Google Drive’s data protection and privacy, see Google’s privacy policy at

For individuals in the European Economic Area (EEA), this means that Users’ personal information may be transferred to locations outside of the EEA. However, where we disclose personal information to a third party in another country, we place or obtain safeguards to ensure Users’ personal information is protected. Where Users’ personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have transfer mechanisms in place to protect Users’ personal information (e.g. by ensuring that the recipients of the personal information have agreed to data protection and privacy commitments as specified in the GDPR). For further information, please contact us using the details set out in the contact section below.


The period of time for which we hold personal information that we have collected varies according to what the personal information is used or required for, and whether we have an ongoing need to retain it (for example, to provide Users with a service they have requested or to comply with applicable legal requirements such as financial record-keeping legislation).

Unless there is a legal requirement or justification for us to keep the personal information, we will retain it for no longer than is necessary:

Once personal information is no longer required, the personal information will be deleted, securely destroyed or anonymised.


Users are responsible for ensuring that personal information provided to us is accurate, complete and up-to-date. This includes personal or sensitive information contained in their User content. We will also take reasonable steps to ensure that any personal information that we collect (i.e. information obtained from other sources) is accurate, up-to-date, complete and not misleading.

Requests for access to, or the correction of, personal information should be emailed to, and include the words 'Attention: The Privacy Officer’.

We will process requests as soon as reasonably practicable, provided we are not otherwise prevented from doing so by law. If we are unable to meet a User’s request, we will explain the reasons why when we respond to the User’s request.


Please contact us if you have any questions or complaints about this Privacy and Data Policy, if you wish to access, update, erase and/or correct personal information, or if you otherwise have a question or complaint about the manner in which we, our service providers or our partners treat personal information.

Users may write to DataMasque Privacy Officer by email, including any supporting documentation, at, and include the words 'Attention: The Privacy Officer’.

Alternatively, you can write to us at:

DataMasque Limited
Attention: Privacy Officer
Level 15 Waterloo Towers
20 Waterloo Quadrant
Auckland 1010
New Zealand

We will endeavour to respond within 30 days.

Application of this Privacy and Data Policy

Our Privacy and Data Policy applies to all of the services offered by us. Our Privacy and Data Policy does not cover the information practices of other companies and organisations (such as our partners or third party service providers) that supply, contract and advertise using our website.

Changes to this Privacy and Data Policy

We keep this Policy under regular review to make sure it is up to date and accurate. We also reserve the right to change this Policy from time to time, as our practices evolve to meet new requirements, standards, technologies and customer feedback. We will post any privacy policy changes on our website ( and will update the “last updated” date at the top of this Policy. Continued use of our services by Users will be deemed acceptance of any amended Policy.

We recommend that Users regularly review this Policy to learn how we protect personal information.


In this Policy, unless the context requires otherwise:

means and includes any natural person, company, corporation, firm, partnership, joint venture, society, organisation or other group or association of persons (whether incorporated or not), trust, state or agency of state, statutory or regulatory body, local authority, government or governmental or semi-governmental body or agency (in each case whether or not having separate legal personality);
personal information
means information about an identifiable individual and includes, without limitation, names, addresses, phone numbers, email addresses and IP addresses;
means all persons accessing our website and/or using our services (including any part of the services) and/or providing personal information to us;
User account
means any User’s account with us;
we, us, our, DataMasque
means DataMasque Limited.

Free quote

Get the plan that suits
your business needs

30 day free trial

Experience the power of
best-of-breed data masking

Request a demo

Request a demo to learn more