Skip to content

Privacy Policy

Effective Date: 20 July 2025

1. Our Commitment to Your Privacy

Cybrgen Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website (www.cybrgen.nz), engage with our services, or otherwise interact with us.

We comply with the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). This policy is designed to be transparent and to help you understand your rights.

2. Information We Collect

The personal information we collect is for the lawful purpose of conducting our business and providing our specialized cybersecurity services. The types of information we may collect include:

  • Contact Information: Your name, email address, phone number, job title, and business address when you inquire about or engage our services.
  • Client Engagement Data: Information required to deliver our services, which may include details about your employees, customers, systems, and security posture. This is collected to perform services like Penetration Testing, GRC assessments, Incident Response, and vCISO advisory.
  • Third-Party and Vendor Information: In the course of providing Vendor Risk Management (V-ROC) and Third-Party Risk Management (TPRM) services, we may collect information about your vendors and partners.
  • Website and Technical Information: We may collect information about your visit to our website, such as your IP address, browser type, and pages visited. We use cookies to monitor website usage and improve user experience. You can disable cookies in your browser settings.
  • Recruitment Information: If you apply for a role at Cybrgen, we will collect information from your resume and during the application process.

3. How We Use Your Personal Information

We use your personal information for specific, lawful purposes connected with our functions and activities. These include:

  • To Provide Our Services: To deliver the full suite of our cybersecurity and GRC services, from initial assessment to ongoing managed services and incident response.
  • For Communication: To respond to your inquiries, manage our client relationships, and provide you with reports, findings, and strategic advice.
  • For Billing and Account Management: To process payments and manage your account with us.
  • For Marketing and Outreach: To send you relevant information about our services, industry insights, or events. You can opt out of marketing communications at any time.
  • To Comply with Legal Obligations: To meet our legal, regulatory, and professional obligations, including compliance with standards like SOC 2, GDPR, HIPAA, and PCI DSS where applicable to our services.
  • To Improve Our Services: For internal analysis to enhance the quality and effectiveness of our service offerings.

4. Disclosure of Personal Information

We do not sell or rent your personal information. We will only disclose your personal information in the following circumstances:

  • With Your Authorisation: We will share your information with third parties when you have given us your express consent.
  • To Service Partners: We may share information with trusted partners who assist us in delivering our services. This includes our CPA partner for SOC 2 report issuance and our strategic partner, Grant Thornton Fiji, for service delivery in the Pacific region. These partners are contractually obligated to protect your information.
  • For Legal and Regulatory Purposes: We may be required to disclose your information to comply with the law, a court order, or a request from a regulatory authority (e.g., in relation to RBI audits in India).
  • To Prevent a Serious Threat: We may disclose information if we believe it is necessary to prevent or lessen a serious threat to the health or safety of an individual or the public.
  • Business Transfers: If Cybrgen undergoes a merger, acquisition, or sale, your information may be transferred as part of that transaction.

We will not disclose your personal information to an overseas agency unless we have taken reasonable steps to ensure the information will be subject to privacy safeguards comparable to those in New Zealand, or with your express authorisation.

5. Storage and Security of Your Information

We are committed to protecting your personal information from loss, unauthorised access, use, modification, or disclosure. We implement robust security safeguards that are reasonable in the circumstances, including:

  • Secure network architecture and endpoint security solutions.
  • Identity and access management controls to limit access to authorised personnel.
  • Data encryption and other data security solutions.
  • Secure cloud infrastructure for data storage.

6. Data Retention

We will not keep your personal information for longer than is required for the purposes for which it was lawfully collected. When we no longer need your information, we will securely dispose of it.

7. Your Rights: Access and Correction

You have the right to:

  • Request confirmation of whether we hold personal information about you.
  • Access your personal information that we hold.
  • Request the correction of any personal information that is inaccurate, incomplete, or out of date.

To exercise these rights, please contact our Privacy Officer using the details below. We may require evidence to confirm your identity before processing your request.

8. Cookies and Website Use

Our website uses cookies to monitor usage and improve your experience. Cookies are small files stored on your device. You can disable cookies through your browser settings, though this may affect the functionality of our website.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The most current version will always be posted on our website with the effective date.

10. How to Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Write to the below email with subject: "Privacy Policy"

Email: contact@cybrgen.nz

Website: www.cybrgen.nz

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the New Zealand Office of the Privacy Commissioner.