October 2026 Compliance Deadline – For NZISM-subject organisations, Panotect provides a direct pass/fail evaluation against SGE mandatory controls (Section 15.2.36) with a live countdown –

LEGAL

Privacy Policy

Version 1.2 · Last updated: 26 May 2026

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our website. It has been prepared to comply with the General Data Protection Regulation (GDPR) and applicable data protection laws in the United States.

1. Who We Are

We are the data controller for your personal data collected through this website.

If you have any questions about this Privacy Policy or our practices, please contact us here.

2. Information We Collect

We may collect the following categories of information:

  • Personal identifiers: Name, email address, phone number, billing/shipping address.
  • Account data: Login details, preferences, support requests.
  • Payment information: Processed securely by third-party payment providers; we do not store full card details.
  • Technical data: IP address, browser type, operating system, device information, and usage data.
  • Report access logs: for customer-specific reports served via authenticated URLs, we log each successful view — the report identifier, the authenticated email, the timestamp, the IP address, and the browser user-agent string. This audit log is used solely for security, fraud prevention, and to respond to access enquiries from the customer named in the report.
  • Communications: When you contact us by email, chat, or forms.

3. How We Use Your Information

We use your data to:

  • Provide, operate, and maintain our services.
  • Process transactions and deliver orders.
  • Respond to inquiries and provide customer support.
  • Send updates, marketing, and promotional content (with consent where required).
  • Improve website performance and security.
  • Comply with legal obligations.

4. Legal Bases for Processing (GDPR)

Under the GDPR, we rely on the following legal bases:

  • Contractual necessity – to provide services you request.
  • Consent – for marketing communications and optional data.
  • Legal obligations – to comply with applicable law.
  • Legitimate interests – to improve our services, prevent fraud, and ensure security.

5. Your Rights

GDPR Rights

You have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time (where consent is the legal basis).
  • Lodge a complaint with your local supervisory authority.

USA (CCPA/CPRA and other state laws)

Residents of California and certain other states may have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Opt out of “sale” or “sharing” of personal information.
  • Non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us here.

6. Data Sharing and Transfers

We may share your data with authorities when required by law.

CCPA/CPRA Notice for California Residents

We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Therefore, we do not provide a “Do Not Sell or Share My Personal Information” link, since it is not applicable.

International Transfers

For users subject to GDPR, we use Standard Contractual Clauses (SCCs) or rely on adequacy decisions for transfers outside the European Economic Area.

For US residents, data may be stored within or outside the United States.

7. Data Retention

We keep your data only as long as necessary:

  • To provide our services.
  • To meet legal, tax, or accounting requirements.
  • To resolve disputes and enforce agreements.

8. Cookies and Tracking

This website does not set any first-party cookies. We do not use cookies for analytics, advertising, personalisation, or session tracking, and we do not embed third-party analytics or tracking tools (such as Google Analytics, Facebook Pixel, Hotjar, or similar).

The only third-party component that runs on this site is Cloudflare Turnstile, which appears on our sign-up form to distinguish humans from automated submissions. Turnstile is a privacy-focused alternative to traditional captchas and does not use cookies to identify or track you.

Cloudflare, which serves this site at the network edge, may set a short-lived technical cookie (__cf_bm) for bot management. This cookie is strictly necessary for the security of the site and does not track you across other websites. See Cloudflare's cookie policy for details.

Because we do not set non-essential cookies, we do not display a cookie consent banner. If this changes — for example, if we add analytics in future — we will update this policy and, where required, request your consent before any non-essential cookies are set.

9. Children's Privacy

Our services are not directed to children under 13 (USA) or under 16 (GDPR). We do not knowingly collect personal data from children.

10. Security

We use appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. However, no system is completely secure.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the date at the top of this page. Continued use of our website after changes constitutes acceptance of the updated policy.