Privacy

Privacy Policy

Last updated: 10 April 2026

Fenko Limited’s Privacy Policy - Learn how we collect, use, and protect your personal information.

Fenko Limited (“Fenko”, “we”, “us”, “our”) is committed to protecting personal information in line with the New Zealand Privacy Act 2020. This policy explains what we collect, why we collect it, how we protect it, and what rights you have.

This policy applies to personal information we collect through our website, products, services, communications, and business operations. Where we process personal information on behalf of a client as a service provider, the relevant engagement agreement and, where applicable, our Data Processing Addendum govern that processing as well.

Information We Collect

We may collect personal information such as:

  • contact details and business information you provide when you enquire, engage us, or communicate with us;
  • account, billing, or transaction information needed to provide products or services;
  • technical, device, and usage information generated when you use our website or services;
  • information contained in messages, support requests, or service-related documents you send us; and
  • personal information we reasonably need to deliver engagements, operate products, meet legal obligations, or protect our systems.

We aim to collect information directly from you where practicable. If we collect it from another source, we do so only where that is lawful and reasonable in the circumstances.

How We Use Information

We use personal information to:

  • provide, administer, support, and improve our website, products, and services;
  • respond to enquiries, requests, and support issues;
  • manage proposals, engagements, billing, and business relationships;
  • maintain the security, integrity, and availability of our systems and services;
  • comply with legal, regulatory, and contractual obligations; and
  • investigate misuse, fraud, security incidents, or other conduct that may affect Fenko, our clients, or other users.

We do not sell personal information. We do not use client-controlled personal information to train shared AI models unless that use is separately and expressly authorised.

Disclosure and Overseas Handling

We may disclose personal information:

  • to personnel, contractors, and service providers who need it to support our operations or deliver services;
  • to professional advisers, insurers, auditors, or regulators where reasonably necessary;
  • where disclosure is required or permitted by law; or
  • where you have asked us to do so or otherwise authorised the disclosure.

Where we use third parties to help deliver services, we expect them to handle personal information under appropriate confidentiality and security obligations.

Our default preference is to keep personal information within New Zealand or jurisdictions appropriate to the service. If personal information is handled outside New Zealand, we take reasonable steps to ensure safeguards consistent with the Privacy Act 2020, including Information Privacy Principle 12 where relevant.

Security and Retention

We use reasonable administrative, technical, and organisational safeguards to protect personal information from loss, misuse, unauthorised access, alteration, or disclosure. These safeguards may include encryption, access controls, least-privilege access, authentication controls, logging, monitoring, and secure disposal practices.

No system is completely immune from risk, but we design our processes to reduce unnecessary exposure and to respond quickly if something goes wrong.

We retain personal information only for as long as it is reasonably required for the purpose for which it was collected, or as required by law, contract, or legitimate business needs such as dispute resolution, record-keeping, or security investigation. When information is no longer needed, we delete it or destroy it securely.

Your Rights

If we hold personal information about you, you may ask for:

  • access to that information; and
  • correction of that information if you believe it is inaccurate, incomplete, or misleading.

We will respond within the timeframe required by the Privacy Act 2020. In most cases, that means within 20 working days, although the Act allows extensions or refusal in some circumstances.

If you are not satisfied with our response, you may make a complaint to the New Zealand Office of the Privacy Commissioner.

Cookies and Website Data

Our website may use cookies or similar technologies to support core site functionality, remember preferences, understand site usage, and maintain security. You can control cookies through your browser settings, although some parts of the site may not function properly if you disable them.

Our website may also contain links to third-party sites or services. Those sites operate under their own terms and privacy practices, and we are not responsible for them.

Contact

For privacy questions, access or correction requests, or privacy complaints, contact Fenko’s Privacy Officer at [email protected].