ZYNC Limited — Privacy Policy

ZYNC Limited ("ZYNC", "we", "us", "our") is committed to protecting the privacy of individuals whose personal information we collect, hold, use, and disclose. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 2020 (New Zealand) and, where applicable, the Health Information Privacy Code 2020.

By using our services, visiting our website, or entering into a contract with us, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

1.1 ZYNC Limited is a New Zealand company registered under the Companies Act 1993, providing business automation services to small and medium-sized businesses.

1.2 Our registered office is in Auckland, New Zealand.

1.3 For all privacy-related enquiries, please contact us at privacy@zync.co.nz.

2. What Personal Information We Collect

2.1 We collect personal information in two ways: directly from you, and on behalf of our clients as part of delivering our automation services.

2a. Information we collect directly from you

When you engage with ZYNC as a business client, we may collect:

• Your name, job title, and contact details (email address, phone number)
• Business information including business name, industry, size, and the software tools you use
• Payment information including billing address and payment card details (processed securely through our payment provider — we do not store full card numbers)
• Communications you send us, including emails, messages, and enquiry forms
• Website usage data including IP address, browser type, pages visited, and time spent on our website (collected via analytics tools such as Google Analytics)

2b. Information we handle on behalf of our clients

As part of providing automation services, ZYNC may process personal information belonging to our clients' customers, including:

• Names, phone numbers, and email addresses of end customers
• Appointment and booking records
• Invoice and payment records
• Service history and job records

For clients in the healthcare sector, this may include health information as defined by the Health Information Privacy Code 2020. ZYNC processes this information solely on behalf of and under the direction of the relevant healthcare client, who remains the primary agency responsible for that information.

3. How We Collect Personal Information

We collect personal information:

• Directly from you when you complete an enquiry form, sign a contract, or contact us
• Through our website using cookies and analytics tools (see section 9)
• Through the automation systems we build and operate on behalf of clients
• From third-party tools and integrations authorised by you or your business (such as Xero, practice management software, or CRM platforms)

4. Why We Collect and Use Personal Information

4a. For our direct clients

We use your personal information to:

• Provide, manage, and improve our automation services
• Communicate with you about your account, services, and support requests
• Process payments and issue invoices
• Meet our legal and regulatory obligations
• Send service-related notifications and updates
• Improve our website and services through analytics

4b. For end customers of our clients

When we process personal information on behalf of our clients, we do so only for the purposes agreed with that client, which typically include:

• Sending automated appointment reminders, confirmations, and follow-up messages
• Delivering invoice reminders and payment notifications
• Sending review requests and referral prompts following service completion
• Re-engaging lapsed customers with service reminders

We do not use end customer data for our own marketing purposes or share it with third parties except as required to operate the agreed automation services.

5. Sharing Personal Information

5.1 ZYNC does not sell personal information to third parties.

5.2 We may share personal information with:

• Technology service providers who help us operate our systems (such as cloud hosting providers, SMS and email delivery platforms, and automation tools) — these providers are bound by confidentiality obligations and may only use personal information for the purpose of providing services to ZYNC
• Payment processors for the purpose of processing transactions
• Professional advisors including lawyers and accountants, where necessary
• Regulatory or government authorities where we are required by law to do so

5.3 If we share personal information with service providers located outside New Zealand, we take steps to ensure that information receives a comparable level of protection to that required under the Privacy Act 2020.

5.4 We will not disclose personal information to any other party without your consent, unless we are permitted or required to do so by law.

6. Health Information

6.1 Where ZYNC processes health information on behalf of healthcare clients (including dental practices, GP clinics, and allied health providers), we do so in accordance with the Health Information Privacy Code 2020.

6.2 Health information is processed solely for the purposes agreed with the relevant healthcare client and is not used for any other purpose.

6.3 Healthcare clients who engage ZYNC to process health information on their behalf are responsible for ensuring they have appropriate authorisations and consents from their patients for that processing.

6.4 ZYNC implements appropriate technical and organisational security measures to protect health information, including access controls, encryption in transit, and restricted staff access.

7. How We Protect Personal Information

7.1 We take reasonable steps to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. Our security measures include:

• Encryption of data in transit using industry-standard protocols
• Access controls limiting who within ZYNC can access personal information
• Use of reputable, security-certified cloud infrastructure providers
• Regular review of our security practices

7.2 Despite these measures, no method of data transmission or storage is completely secure. We cannot guarantee the absolute security of personal information.

7.3 If we become aware of a privacy breach that is likely to cause serious harm, we will notify the affected individuals and the Privacy Commissioner as required by the Privacy Act 2020.

8. How Long We Retain Personal Information

8.1 We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

8.2 For active client accounts, we retain business and contact information for the duration of the relationship and for seven (7) years following the end of the relationship, in accordance with standard business record-keeping obligations.

8.3 End customer data processed on behalf of clients is retained for the period agreed with the relevant client. On termination of a client relationship, we will return or securely destroy end customer data in accordance with the customer agreement.

8.4 Website analytics data is retained in accordance with the policies of our analytics provider (typically 26 months for Google Analytics).

9. Cookies and Website Analytics

9.1 Our website (zync.co.nz) uses cookies and similar tracking technologies to understand how visitors use our site and to improve the user experience.

9.2 We use analytics tools including Google Analytics, which collects information such as your IP address, browser type, pages visited, and time spent on the site. This information is aggregated and does not identify you personally.

9.3 You can control cookies through your browser settings. Disabling cookies may affect the functionality of our website.

9.4 We do not use cookies for targeted advertising or share website analytics data with third parties for marketing purposes.

10. Your Rights

Under the Privacy Act 2020, you have the right to:

• Request access to personal information we hold about you
• Request correction of personal information that is inaccurate or out of date
• Ask us to stop using your personal information for direct marketing purposes
• Make a complaint about how we have handled your personal information

To exercise any of these rights, please contact us at privacy@zync.co.nz. We will respond to your request within 20 working days, as required by the Privacy Act 2020.

If you are not satisfied with our response, you have the right to make a complaint to the Privacy Commissioner at privacy.org.nz.

11. Third Party Links

11.1 Our website may contain links to third-party websites. This Privacy Policy applies only to ZYNC's website and services. We are not responsible for the privacy practices of any third-party websites and recommend you review their privacy policies before providing any personal information.

12. Changes to This Policy

12.1 We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on our website with a revised effective date.

12.2 Where changes are material, we will take reasonable steps to notify affected individuals — for example, by email or by displaying a notice on our website.

12.3 Continued use of our services following notification of changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints, please contact ZYNC's Privacy Officer:

• Email: privacy@zync.co.nz
• General enquiries: hello@zync.co.nz