Privacy Policy

This Privacy Policy explains how Legend collects, uses, stores and shares personal information in the course of running our business and operating our website. “Personal information” has the meaning given in the New Zealand Privacy Act 2020.

Zanica Ltd, trading as Legend

Last Updated: 12 September 2025
Company: Zacnica Limited (trading as Legend)
Registered address: 93 Heuheu Street, Taupō 3330, New Zealand
Privacy Officer: Zac Morgan | Email: [email protected] | Phone: +64 2770611 611

1) Scope who this policy covers

This policy applies to:

  • Clients and prospective clients who interact with us about our services.
  • Website visitors to legendhasit.co.nz and our other online touchpoints (e.g. contact forms, newsletter sign‑ups).
  • Suppliers and subcontractors we engage and whose details we hold for business purposes.

This policy covers personal information that Legend collects and uses for its own business purposes. When we provide services to our clients (for example, hosting or managing a client’s website), the handling of their customers’ or end-users’ information is covered by that client’s own privacy policy.

2) The information we collect

We collect personal information in the following categories:
a) Information you give us directly

  • Names, roles, employer/business name
  • Work email addresses, phone numbers and postal addresses
  • Project briefs, content and files you choose to share with us
  • Billing details (including company numbers, purchase order details and accounts contacts)
  • Your communications with us (e.g. emails, messages, feedback)

b) Information we collect automatically

  • Usage and device data when you visit our website (e.g. pages viewed, referring sites, IP address, browser type, approximate location). We use standard cookies and analytics technologies.

c) Information from third parties

  • Service providers we use for business operations (for example: Google Workspace and Cloud services, Xero, Accelo, Trello, Mailchimp, payment and hosting providers)
  • Public sources (e.g. your company website or professional profiles) and partners who refer you to us
  • We do not deliberately collect sensitive information unless you provide it to us for a clear business purpose.

3) Why we collect and how we use personal information

We use personal information to:

  • Provide and improve our services, manage projects and deliver work
  • Communicate with you about proposals, work‑in‑progress, support and news
  • Operate our website, diagnose issues and enhance user experience
  • Administer our business, including billing, accounting and record keeping
  • Comply with law, respond to lawful requests and manage risk (e.g. security and fraud prevention)

We will only use personal information for the purposes we collected it or for a purpose that is directly related and within your reasonable expectations.

4) Marketing communications

If you opt in (or where permitted by law), we may send occasional updates or newsletters. You can unsubscribe at any time using the link in each email or by contacting the Privacy Officer.

5) Cookies and analytics

We use cookies and similar technologies to run our site and understand how it is used. Technologies we may use include Google Analytics, Google Tag Manager and Google Ads. You can control cookies via your browser settings. Disabling some cookies may affect site functionality.

6) Sharing personal information

We may share personal information with:

  • Service providers and subcontractors who help us operate (examples above). We require them to handle information appropriately and only for our instructions.
  • Professional advisers (lawyers, accountants, auditors) under duties of confidentiality.
  • Authorities or other parties where required by law, to protect rights or for safety/security.

We do not sell personal information.

7) International transfers (IPP 12)

Some service providers store or process information in countries outside New Zealand. Where we disclose personal information overseas, we take reasonable steps to ensure that the recipient is subject to comparable privacy safeguards (for example, by using providers that commit contractually to appropriate protections). If this is not feasible, we will only disclose with your express authorisation or where another exception under the Privacy Act applies.

8) Storage and security

We store information on a mix of New Zealand‑based systems and reputable cloud services. We use reasonable safeguards such as access controls, password management, multi‑factor authentication and staff practice standards. No method is 100% secure; we work to prevent unauthorised access, use, modification or disclosure.

9) Retention

We keep personal information only as long as needed for the purposes set out in this policy or as required by law. Business and financial records are typically retained for at least 7 years to meet tax and record‑keeping obligations. We periodically review our holdings and securely delete information that is no longer required.

10) Your rights

You have the right to request access to the personal information we hold about you and to request correction if you think it is wrong. To exercise these rights, contact the Privacy Officer. We will respond as soon as reasonably practical, usually within 20 working days.

11) Notifiable privacy breaches

If a privacy breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as required by the Privacy Act 2020. We record incidents and take steps to reduce the chance of recurrence.

12) Children

Our services are directed to businesses and adults. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can take appropriate steps.

13) Third‑party links

Our website may contain links to third‑party sites. Those sites are not controlled by Legend and have their own privacy practices. We encourage you to review their policies.

14) Changes to this policy

We review this policy periodically and may update it to reflect changes to our practices, technologies or legal requirements. The latest version will be available on our website and will show the effective date at the top.

15) How to contact us or make a complaint

If you have questions, requests or concerns about privacy, contact our Privacy Officer using the details above. If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner (New Zealand) see privacy.org.nz for guidance on making a complaint.