Privacy Policy
Last Updated: March 16, 2026
TIBERIUS DIGITAL
Website Development & Digital Services
PRIVACY POLICY
Effective Date: 16 March 2026
Governed by the Privacy Act 2020 (New Zealand)
Tanama Limited trading as Tiberius Digital.
73 The Strand,
Parnell,
Auckland,
New Zealand
1. INTRODUCTION
1. Introduction
Tanama Limited trading as Tiberius Digital (Company, we, us, our) is committed to protecting the privacy and personal information of everyone who interacts with us, whether as a website visitor, prospective client, or existing client. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in accordance with the Privacy Act 2020 (New Zealand) and the 13 Information Privacy Principles (IPPs) contained within it.
This Policy applies to personal information collected through our website at tiberius.co.nz, through our contact and enquiry channels, and in the course of providing our services. Please read it carefully. By using our website or engaging our services, you acknowledge that you have read and understood this Policy.
We keep this Policy under regular review and will publish updates on our website. The version date at the top of this document is the date it was last revised.
2. WHO WE ARE
2. Who We Are & How to Contact Us
The data controller responsible for your personal information is:
Tanama Limited trading as Tiberius Digital.
If you have any questions about this Policy or how we handle your personal information, please contact us using the details above.
3. INFORMATION WE COLLECT
3. Information We Collect
3.1 Information You Provide Directly
We collect personal information that you voluntarily provide when you:
-
Fill out enquiry or contact forms on our website;
-
Request a consultation, quote, or proposal;
-
Subscribe to our newsletter or marketing communications;
-
Sign a Statement of Work or enter into a client engagement;
-
Contact us by email, phone, or any other channel; or
-
Participate in surveys, feedback requests, or promotions.
The personal information collected may include your name, email address, phone number, business name, website URL, job title, and any other information you choose to provide. For client engagements, this may also include payment details (processed securely through our payment processors), platform credentials, and business data necessary to deliver our services.
3.2 Information Collected Automatically
When you visit our website, we and our third-party service providers automatically collect certain technical information about your device and browsing activity, including:
-
IP address and approximate location derived from it;
-
Browser type, version, and language settings;
-
Operating system and device type;
-
Pages visited, time spent on pages, and clickstream data;
-
Referring website or search engine and any search terms used; and
-
Date and time of each request.
This data is used to maintain the security and functionality of our website, to analyse usage patterns, and to improve the quality and relevance of our content and services. We cannot use this data alone to identify individual visitors.
3.3 Cookies and Tracking Technologies
We use cookies, pixel tags, web beacons, and similar technologies to collect information about how visitors interact with our website. Cookies are small text files stored on your device. Some cookies are strictly necessary for the website to function. Others are used for analytics, performance measurement, or marketing purposes.
We currently use or may use the following categories of cookies and third-party tools:
| Strictly necessary | Required for core website functionality. Cannot be disabled. |
|---|---|
| Analytics | Google Analytics - measures site traffic and usage patterns in aggregated, anonymised form. |
| Marketing / pixels | Google Ads, Meta (Facebook/Instagram) - conversion tracking and remarketing pixels may be active if we run paid campaigns. These tools may link your visit to your social media or Google profile if you are logged in. |
| Functional | HubSpot or similar CRM tools - used to manage contact form submissions and track communication history. |
You can control cookies through your browser settings and opt out of analytics tracking via Google Analytics Opt-out Browser Add-on. You can manage ad personalisation through Google Ad Settings and Facebook Ad Preferences. Note that disabling certain cookies may affect the functionality of our website.
We do not use cookies or tracking technologies for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
3.4 Client Business Data
In the course of providing our services, we may access, receive, or process business data belonging to our clients, including data held in client-owned platforms (such as Google Ads accounts, Shopify stores, analytics platforms, and CRM systems). This data is processed solely for the purpose of delivering the agreed services and is governed by the confidentiality provisions of our Terms of Service. We do not use client business data for our own commercial purposes.
4. LEGAL BASIS FOR PROCESSING
4. Legal Basis for Processing
We rely on the following lawful grounds under the Privacy Act 2020 (NZ) and where applicable, equivalent international standards, to collect and use personal information:
| Contract performance | Processing necessary to enter into or perform a contract with you, including responding to enquiries, preparing proposals, and delivering our services. |
|---|---|
| Legitimate interests | Processing necessary for our legitimate business interests, including website security, fraud prevention, improving our services and direct marketing to existing clients - where these interests are not overridden by your rights. |
| Consent | Where you have given us specific consent, such as subscribing to our newsletter. You may withdraw consent at any time without detriment. |
| Legal obligation | Processing required to comply with our legal obligations, including tax and accounting requirements and responding to lawful requests from authorities. |
5. HOW WE USE YOUR INFORMATION
5. How We Use Your Information
We use the personal information we collect for the following purposes:
-
Responding to enquiries, quotes and consultation requests;
-
Delivering and managing our services under client agreements;
-
Processing payments and sending invoices and receipts;
-
Sending service-related notices, updates and administrative messages;
-
Sending marketing communications, such as newsletters or service announcements, where you have opted in or where we have a legitimate interest based on an existing client relationship;
-
Analysing website usage to improve our content and user experience;
-
Detecting, investigating, and preventing fraudulent or unlawful activity;
-
Managing our business operations, including accounting and legal compliance; and
-
Complying with applicable laws and regulatory obligations.
We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected without your consent or another lawful basis.
6. DIRECT MARKETING
6. Direct Marketing & Opt-Out
We may use your name and contact details to send you information about our services, industry insights, or relevant offers where you have opted in to receive such communications, or where we have an existing client relationship and a legitimate interest in keeping you informed of relevant updates.
Every marketing communication we send will include a clear and easy mechanism for you to opt out (unsubscribe) from future communications. You may also opt out at any time by contacting us directly at support@tiberius.co.nz. We will action all opt-out requests promptly and within a reasonable period.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
7. SHARING YOUR INFORMATION
7. Sharing Your Information
We do not sell your personal information. We may share it in the following limited circumstances:
7.1 Service Providers
We engage third-party service providers to assist in operating our business and delivering our services. These providers may process personal information on our behalf and are required to handle it in accordance with this Policy and applicable privacy law. Our key service providers currently include:
-
Google (Analytics, Ads, Workspace) - analytics, advertising, and productivity tools;
-
Meta / Facebook - advertising and conversion tracking;
-
HubSpot or equivalent CRM - contact management and marketing automation;
-
Xero or equivalent - accounting and invoicing;
-
Stripe or equivalent - payment processing; and
-
Cloudflare or equivalent - website hosting, security, and content delivery.
This list is not exhaustive and may be updated as our tools change. Where a provider processes personal information outside New Zealand, we take steps to ensure appropriate safeguards are in place (see clause 9).
7.2 Legal Requirements
We may disclose personal information if required to do so by law, court order or regulatory authority, or where we reasonably believe disclosure is necessary to protect the safety, rights or property of any person.
7.3 Business Transfers
If Tiberius Digital or Tanama Limited is involved in a merger, acquisition, sale of assets or restructuring, personal information we hold may be transferred to the relevant successor entity, subject to equivalent privacy protections.
7.4 With Your Consent
We may share your information with third parties in other circumstances where you have given your prior written consent.
8. INTERNATIONAL DATA TRANSFERS
8. International Data Transfers
As a New Zealand business using globally-operated platforms (including Google, Meta, HubSpot and cloud hosting providers), your personal information may be transferred to, stored in, or processed in countries outside New Zealand, including the United States, Australia, and European Union member states.
We take steps to ensure that any cross-border transfer of personal information is subject to appropriate protections, including:
-
Transferring only to countries or organisations that provide comparable privacy protections to those under the Privacy Act 2020;
-
Relying on contractual safeguards (such as standard contractual clauses) where required; and
-
Using service providers who maintain robust privacy and security programmes.
Further details about the specific safeguards applied to any international transfer are available on request.
9. DATA RETENTION
9. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. In determining the appropriate retention period, we consider the nature and sensitivity of the information, the potential risk of harm from unauthorised disclosure, the purposes for which we hold the information, and applicable legal requirements.
As a general guide:
-
Client contact and project records are retained for 7 years after the end of the client relationship, in line with standard NZ accounting and limitation period requirements;
-
Marketing and newsletter subscriber data is retained until you unsubscribe or request deletion; and
-
Website analytics data is retained in aggregated or anonymised form for up to 26 months.
When personal information is no longer required, we will delete or anonymise it securely. Please note that we may be required to retain certain data for longer periods where required by law, and that we may be unable to delete data that is necessary to perform an existing contract with you.
10. DATA SECURITY
10. Data Security
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, disclosure, alteration, or destruction. These measures include access controls and authentication requirements, encrypted transmission (HTTPS) for all website interactions, regular review of our security practices and those of our key service providers, and limiting access to personal information to staff and contractors who have a legitimate need to access it.
No method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect your personal information, we cannot guarantee absolute security. You should also take steps to protect any personal information you transmit to us, such as ensuring your own devices and accounts are secured.
11. DATA BREACH NOTIFICATION
11. Data Breach Notification
Under section 113 of the Privacy Act 2020, we are required to notify the Office of the Privacy Commissioner (OPC) and affected individuals as soon as practicable if we become aware of a privacy breach that it is reasonable to believe has caused or is likely to cause, serious harm to any affected individual.
We maintain an internal data breach response procedure. In the event of a notifiable breach, we will:
-
Contain the breach and assess the nature and extent of it;
-
Notify the Office of the Privacy Commissioner using the approved notification form;
-
Notify affected individuals directly, where required, in a clear and timely manner; and
-
Take remedial steps to reduce the risk of recurrence.
If you believe your personal information held by us may have been compromised, please contact us immediately at support@tiberius.co.nz.
12. YOUR PRIVACY RIGHTS
12. Your Privacy Rights
Under the Privacy Act 2020 (NZ), you have the following rights in relation to personal information we hold about you:
| Right of access | You may request confirmation of whether we hold personal information about you and, if so, access to that information. We will respond within 20 working days of receiving a valid request. |
|---|---|
| Right to correction | You may request that we correct any personal information we hold that is inaccurate, out of date, incomplete, irrelevant, or misleading. |
| Right to deletion | You may request that we delete your personal information where we no longer have a lawful basis to retain it. Note that we may be required to retain certain information for legal or contractual reasons. |
| Right to restriction | You may request that we restrict the processing of your personal information in certain circumstances, such as while a correction request is being assessed. |
| Right to object | You may object to our processing of your personal information where that processing is based on legitimate interests, including for direct marketing purposes. |
| Right to data portability | Where technically feasible and where processing is based on consent or contract, you may request a copy of your personal information in a structured, commonly used, machine-readable format. |
| Right to withdraw consent | Where processing is based on your consent, you may withdraw that consent at any time without detriment. Withdrawal does not affect the lawfulness of processing prior to withdrawal. |
To exercise any of these rights, please contact us at support@tiberius.co.nz. We may need to verify your identity before responding to your request. We will not charge a fee for access requests unless the request is unreasonable or repetitive in nature.
If you are not satisfied with our response, you have the right to complain to the Office of the Privacy Commissioner (OPC) at www.privacy.org.nz or by calling 0800 803 909. We encourage you to contact us first so we can try to resolve your concern directly.
13. AUTOMATED DECISION-MAKING
13. Automated Decision-Making & Profiling
We do not use automated decision-making processes that produce legal or similarly significant effects on individuals. We do not profile individuals in a way that creates decisions without meaningful human review.
We use analytics tools (including Google Analytics) to analyse aggregated website usage data for the purpose of improving our website and services. This analysis does not result in automated individual decisions.
14. DO NOT TRACK
14. Do Not Track
Do Not Track (DNT) is a privacy preference that can be set in most web browsers. We respect DNT signals. Where our website detects a DNT signal from your browser, we will not deploy non-essential tracking technologies during that session, to the extent technically possible given our third-party integrations. We encourage you to enable DNT in your browser if you wish to limit non-essential tracking.
15. CHILDREN'S PRIVACY
15. Children's Privacy
Our website and services are directed at businesses and professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that a child under 16 has provided us with personal information, please contact us at support@tiberius.co.nz and we will delete that information promptly.
16. THIRD-PARTY WEBSITES
16. Third-Party Websites & Links
Our website may contain links to third-party websites, tools, or platforms. We have no control over and accept no responsibility for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party website you visit. The inclusion of a link does not constitute our endorsement of that site or its operator.
17. SOCIAL MEDIA
17. Social Media & Online Presences
We maintain business profiles on LinkedIn, Instagram, and Facebook. If you interact with us on those platforms (including by commenting on posts, sending messages, or engaging with our content), those platforms will process your data in accordance with their own privacy policies, over which we have no control. We may use the communication and analytics tools provided by those platforms (such as LinkedIn Insights Tag or Meta Pixel) to measure the reach and effectiveness of our content. These tools may collect data about your interaction with our content and link it to your social media profile.
We encourage you to review the privacy policies of any social media platform you use.
18. ACCURACY
18. Accuracy of Your Information
It is important that the personal information we hold about you is accurate and current. Please keep us informed of any changes to your personal information during your relationship with us by contacting support@tiberius.co.nz. You may also request correction of any inaccurate information we hold at any time.
19. CHANGES TO THIS POLICY
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or operational requirements. When we make material changes, we will update the effective date at the top of this Policy and, where appropriate, notify you by email or via a notice on our website. We encourage you to review this Policy periodically. Your continued use of our website or services after any update constitutes acceptance of the revised Policy.
20. CONTACT & COMPLAINTS
20. Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal information, please contact us:
Tanama Limited trading as Tiberius Digital
73 The Strand, Parnell, Auckland, New Zealand
If you are not satisfied with our response to a privacy complaint, you may refer the matter to the Office of the Privacy Commissioner (OPC), New Zealand's independent privacy regulator:
Office of the Privacy Commissioner
www.privacy.org.nz | 0800 803 909 | PO Box 10094, Wellington 6143