Last updated: 19 June 2025

Introduction
Apex Bitcoin Limited (“Apex,” “we,” “us,” “our”) is committed to safeguarding the privacy of our clients, website visitors, and email subscribers (“you,” “your”). This Policy describes how we collect, use, disclose, and protect your personal information, and the rights you have under New Zealand law.

Scope & Applicability

• Applies to all personal information we collect in New Zealand or in connection with offering services to New Zealand residents.
• Supplements any sector-specific obligations (for example under the Unsolicited Electronic Messages Act 2007).

Key Definitions

• Personal Information
  Any information about an identifiable individual (e.g. name, contact details, IP address).
• Sensitive Information
  Personal data revealing race, health, political opinions, religious beliefs, or criminal history. Apex does not collect sensitive information except with explicit consent and only to the extent necessary.

Legal Framework

• Privacy Act 2020 (NZ) – establishes the Information Privacy Principles (IPPs) that govern how personal information is handled.*
• Unsolicited Electronic Messages Act 2007 – regulates commercial email and SMS communications.*
• Privacy (Cross-border) Rules 2021 – requirements for transferring data offshore under the Privacy Act.*

*All references to “Principles” herein correspond to the IPPs as set out in the Privacy Act 2020.
Information We Collect

• Directly from you
  • Identification: name, company name, job title
  • Contact details: email, phone, mailing address
  • Service details: consultation preferences, payment information entered via secure third-party gateways
• Automatically via our website
  • Technical data: IP address, device type, browser version, time zone, cookie identifiers, pages visited, session duration
  • Analytics: aggregated usage statistics via Google Analytics (or equivalent), subject to your cookie preferences
• Communications records
  • Emails, chat transcripts, call recordings (for quality assurance and training), stored securely and accessed only by authorised staff

How We Use Your Information
We rely on one or more of the following legal bases (as per IPP 3 and IPP 4):

1. Performance of a contract (IPP 5)
   • Delivering our services (education sessions, consultations, onboarding)
2. Your consent (IPP 1)
   • Sending newsletters, marketing updates, invitations to events
   • Use of non-essential cookies and targeted advertising
3. Legitimate interests (IPP 3)
   • Improving our website, developing new services, internal business operations
4. Legal obligations (IPP 2)
   • Complying with regulatory requests, court orders, and the AML/CFT Act

Disclosure & Sharing

• Service providers
  We engage trusted third parties (e.g. Stripe for payments, SendGrid for email, AWS or a NZ-based data centre for hosting) under strict confidentiality and security obligations.
• Legal compulsion
  Disclosure may be required under law, regulation, or valid court order (IPP 11).
• Business transfers
  In the event of a merger, acquisition, or sale of assets, personal information may be transferred—subject to confidentiality and notification requirements under IPP 12.

Cross-border Data Transfers

Where we transfer personal information outside New Zealand, Apex will:

• Rely on the Privacy (Cross-border) Rules 2021 to ensure equivalent protection; and
• Execute Standard Contractual Clauses (SCCs) or obtain your explicit consent before transfer (IPP 13).

Data Security & Integrity
We implement appropriate technical and organisational measures, including:

• Encryption (TLS in transit; AES-256 at rest)
• Access controls and least-privilege principles
• Regular vulnerability assessments and penetration testing
• Incident response plan aligned with the Privacy Act’s mandatory breach notification regime

Data Retention

• We retain personal information only as long as necessary for the purposes set out in this Policy or to satisfy legal, accounting, or reporting requirements—typically not more than 7 years unless retention is mandatory under applicable laws.

Your Rights
Subject to exceptions under the Privacy Act, you may:

• Access your personal information (IPP 6)
• Correct or update inaccuracies (IPP 7)
• Withdraw consent for marketing communications at any time (IPP 3)
• Object to processing based on legitimate interests or request restriction (IPP 3)
• Request erasure if processing is no longer necessary (IPP 8)
• Receive a machine-readable copy of your data for portability (IPP 9)
• Lodge a complaint with the Office of the Privacy Commissioner if dissatisfied

To exercise any of these rights, please contact us as below.

Cookies & Tracking Technologies

• Essential cookies: enable site functionality (e.g. session cookies).
• Functional/Analytics cookies: track usage to improve services—deployed only with your consent.
• Manage preferences via our cookie banner or your browser settings.

Children’s Privacy
Our services and website are not directed at individuals under 16 years of age. We do not knowingly collect information from minors. If you believe we hold data about a child, please contact us for deletion.

Changes to This Policy
We may update this Policy to reflect changes in our practices or legal requirements. Any material changes will be posted here with a revised “Last updated” date, and, where required, notified to you by email.

Contact Us
If you have questions, wish to exercise your rights, or make a complaint, please email:

Privacy Officer

Apex Bitcoin

Email: contact@apex-bitcoin.com