Privacy Policy
How Excelin Web Limited collects, uses, stores, shares, and protects personal information across Excelin XYZ and Excelin Systems.
This page is intended as a clear public statement for website visitors and clients. It should be read together with any signed agreement, proposal, statement of work, or policy schedule that applies to a specific engagement.
1. Scope And Controller
This Privacy Policy explains how Excelin Web Limited, trading through the Excelin XYZ and Excelin Systems brand surfaces, handles personal information when people visit our website, contact us, request a proposal, use a client portal, receive support, or otherwise interact with our services. In this policy, "we", "us", and "our" mean Excelin Web Limited, and "you" means a visitor, client, prospective client, supplier, contractor, or authorised user.
We are based in New Zealand and design this policy with the Privacy Act 2020 and its information privacy principles in mind. We also aim to operate in a way that is practical for clients who have their own privacy, security, and confidentiality obligations. Where a client agreement, statement of work, or data processing addendum applies, that document may provide more specific terms for a particular service.
2. Personal Information We Collect
We may collect contact details, organisation details, project requirements, correspondence, billing information, meeting notes, support requests, website usage information, technical logs, account details, authentication events, and information submitted through forms, portals, email, or other communication channels. We try to collect only information that is reasonably necessary for a legitimate business purpose.
If we collect personal information about someone from another source, such as a client representative, supplier, public business register, referral partner, or integrated service, we will take reasonable steps to provide any required privacy notice when it is practical and lawful to do so. This includes paying attention to indirect collection notice requirements that apply under New Zealand privacy law from 1 May 2026.
3. Why We Use Personal Information
We use personal information to respond to enquiries, scope and deliver projects, provide support, administer accounts, operate websites and portals, send service communications, manage billing, improve services, protect systems, comply with legal obligations, and maintain business records. We may also use contact information to send relevant updates or marketing where we have consent or another lawful basis to do so.
We do not sell personal information. We do not use client operational data to train public artificial intelligence models unless this is expressly agreed in writing. Where we use AI-assisted tools in our work, we assess the purpose, data sensitivity, client instructions, and provider terms before sharing information with those tools.
4. Sharing And Disclosure
We may share personal information with trusted service providers that help us run hosting, analytics, communications, payments, project management, authentication, security, backups, and support. We require providers to handle information in a way that is consistent with the purpose of the service and appropriate confidentiality and security expectations.
We may also disclose information where required by law, to enforce agreements, to protect the rights or safety of our users or business, during a business restructure or sale, or with your consent. When a client asks us to integrate with a third-party service, information may be shared with that service according to the client's configuration and the third party's own terms.
5. Storage, Security, And Overseas Providers
We may store or process information in New Zealand or through reputable overseas cloud providers. Before using overseas providers for personal information, we consider whether the provider offers safeguards that are appropriate for the type of information and the service being delivered.
We use reasonable technical and organisational safeguards, such as access controls, authentication, encryption in transit where supported, backups, logging, vulnerability management, and least-privilege access practices. No method of transmission or storage is completely secure, so we also rely on users and clients to protect credentials and notify us quickly about suspected misuse.
6. Retention And Deletion
We keep personal information only for as long as it is reasonably needed for the purpose collected, to provide services, to meet legal and accounting obligations, to resolve disputes, to maintain backups, or to protect our legitimate business interests. Retention periods may differ depending on the type of information and the service context.
When information is no longer required, we take reasonable steps to delete, anonymise, archive, or securely restrict it. Backup copies may remain for a limited period until they are overwritten through normal backup cycles.
7. Access, Correction, And Choices
You may ask us to access or correct personal information we hold about you. We may need to verify your identity before responding. If information is held on behalf of a client, we may refer the request to that client or coordinate with them because they may be the organisation responsible for deciding how the information is handled.
You can unsubscribe from marketing messages using the unsubscribe method provided or by contacting us. Service, security, billing, and transactional communications may still be sent when necessary for the relationship or service.
8. Privacy Breaches
If we become aware of unauthorised access, loss, disclosure, alteration, or misuse of personal information, we will assess the incident and take reasonable steps to contain it. Where a privacy breach is notifiable under applicable law, we will notify affected people and the relevant authority as required.
Clients should notify us promptly if they suspect credentials, integrations, or data supplied to our systems have been compromised. Fast reporting helps reduce harm and supports accurate incident assessment.
9. Contact
Questions, access requests, correction requests, and privacy concerns can be sent to support@excelinweb.com. We will aim to respond within a reasonable time and may ask for additional information where needed to understand or verify the request.
This policy may be updated as our services, providers, laws, or business practices change. The latest version will be posted on this website with the updated date shown above.
Reference Points
These public resources informed the structure of this page. They are not incorporated as contract terms unless a written agreement says so.