Privacy Policy

ASH NET LIMITED
Last Updated: March 2026

1. About Us
ASH NET LIMITED (‘ASH NET’, ‘we’, ‘our’, or ‘us’) is committed to protecting your privacy and handling your
personal information in accordance with the Privacy Act 2020 of New Zealand. This Privacy Policy explains
how we collect, use, store, disclose, and protect your personal information when you use our website,
customer portals, products, services, or otherwise interact with us.
ASH NET LIMITED is a New Zealand company providing internet, broadband, hosting, domain, VoIP,
website hosting, and managed IT services.
Address Level 1, 220 Queen Street, Auckland CBD, Auckland 1010, New Zealand
Email [email protected]
2. Scope of This Policy
This Privacy Policy applies to all services provided by ASH NET, including internet and broadband services,
hosting, VPS and email hosting, domain registration, VoIP and phone services, website hosting, managed
service provider services, customer support, billing, account management, and related technical services.
3. Information We Collect
We may collect personal information about you when you become a customer, use our services, contact us,
submit forms on our website, use our customer portals, open a support ticket, communicate with us by email
or phone, or when information is generated through the use of our services.
The personal information we collect may include your full name, email address, phone number, gender, date
of birth, physical address, service address, account details, billing details, invoices, payment records, support
requests, and communications with us.
We may also collect technical and usage information necessary for providing and supporting our services.
This may include your IP address, assigned IP address, router details, device information, network usage
records, service connection details, customer portal activity, login records, account management history,
support ticket history, website contact form submissions, and network logs. We collect this information to
operate our services, troubleshoot faults, provide technical support, maintain service quality, protect network
security, and meet our legal and contractual obligations.
We do not store bank account details or IRD numbers unless specifically required for a particular business
purpose and only where lawful and necessary. Where payments are processed by third-party payment
providers, those providers may collect and process payment information in accordance with their own privacy
and security practices.4. How We Collect Information
We collect personal information through our website forms, customer portals, email communications, phone
calls, support tickets, billing systems, automated service systems, network monitoring tools, cookies,
analytics tools, and information provided directly by you or generated through your use of our services.
We use customer management, billing, and service platforms — including WHMCS and Splynx — to help us
deliver services, manage customer accounts, process invoices, maintain service records, handle support
requests, monitor account activity, and administer customer services. These systems may store personal
information such as your name, contact details, service address, account history, invoices, support tickets,
assigned IP addresses, service usage records, and other information relevant to the services we provide.
5. How We Use Your Information
We use your personal information to provide and manage our services, set up and maintain your account,
process billing and payments, issue invoices, respond to support requests, troubleshoot service issues,
monitor and maintain network performance, detect and prevent faults, fraud, misuse, or security incidents,
communicate with you about your services, send service updates, notify you of outages or planned
maintenance, improve our services and customer experience, meet legal and regulatory obligations, and
protect our legitimate business interests.
We may send you service-related communications, including invoices, billing notices, payment reminders,
service updates, outage notifications, technical updates, account notices, and support responses. These
communications are necessary for the provision and management of your services and may not always be
optional. Where we send marketing or promotional communications, you may opt out at any time by using the
unsubscribe link in the message or by contacting us directly.
6. Cookies and Tracking Technologies
We use cookies and similar technologies on our website to improve functionality, understand website usage,
and support marketing and analytics activities. Cookies may include essential cookies required for website
operation, analytics cookies such as Google Analytics, and marketing or tracking technologies such as
Facebook Pixel. You can control or disable cookies through your browser settings. Disabling some cookies
may affect the functionality of our website or customer portals.
7. Sharing Your Information
We may share your personal information with third parties where reasonably necessary to provide our
services, operate our business, comply with legal requirements, or protect our rights and network. This may
include network providers, fibre wholesalers, infrastructure partners, domain registrars, hosting providers,
data centres, software and platform providers, billing and customer management systems (including WHMCS
and Splynx), payment providers, email and communication providers, IT support providers, professional
advisers, debt collection providers, credit reporting or identity verification providers where lawful, and
government or regulatory authorities where required by law.
We only share personal information where it is reasonably necessary for service delivery, billing, support,
operations, legal compliance, fraud prevention, security, dispute resolution, or protection of our legitimate
interests. We expect our service providers and partners to handle personal information securely and only for
the purposes for which it is provided.8. Overseas Transfers
Some personal information may be stored, processed, or accessed outside New Zealand, including in
Australia, the United States, or other jurisdictions where our service providers operate. Where this occurs, we
take reasonable steps to ensure your personal information is protected by appropriate safeguards and
handled in a manner consistent with New Zealand privacy law.
9. Security
We take reasonable technical and organisational measures to protect your personal information from
unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include
restricted access controls, account permissions, secure systems, monitoring, password protection, encryption
where appropriate, system backups, and internal procedures for handling customer information. Access to
customer information is restricted to authorised personnel and service providers who require access for
operational, support, billing, security, or compliance purposes.
While we take reasonable steps to protect your information, no method of transmission over the internet or
electronic storage is completely secure. We cannot guarantee absolute security, but we work to maintain
appropriate safeguards and respond to security risks where identified.
10. Retention of Information
We retain your personal information for as long as your account remains active, for as long as necessary to
provide services to you, and for a reasonable period after account closure for legal, tax, accounting,
operational, dispute resolution, fraud prevention, and compliance purposes. We may also retain certain
records where required by law or where reasonably necessary to protect our rights or resolve disputes.
11. Your Rights
Under the Privacy Act 2020, you have the right to request access to the personal information we hold about
you and to request correction of that information if it is inaccurate, incomplete, or out of date. You may also
request that we update your account details or stop sending you marketing communications. To make a
privacy request, please contact us at [email protected].
We may need to verify your identity before responding to a request for access or correction. In some cases,
we may be unable to provide certain information where permitted by law, such as where disclosure would
affect the privacy of others, reveal confidential business information, or prejudice security, legal, or
enforcement matters.
You are responsible for ensuring that the personal information you provide to us is accurate and up to date.
Please contact us if your name, email address, phone number, billing address, service address, or other
account information changes.
12. Additional Data Rights & Security
Retention Timelines. We apply the following standard retention periods to the personal information we hold:
active account records are kept for the duration of your service relationship with us; billing and invoice
records are retained for a minimum of seven years to satisfy our obligations under the Tax Administration Act
1994; support ticket history and technical logs are kept for up to three years to support fault resolution,
capacity planning, and dispute management; network and connection logs are retained for up to 12 monthsfor security monitoring and troubleshooting purposes; and marketing opt-out records are kept indefinitely to
honour your preferences. After these periods expire, information is securely deleted or de-identified unless a
longer retention period is required by law or is reasonably necessary to protect our rights.
How to Request a Correction. If you believe that personal information we hold about you is inaccurate,
incomplete, or out of date, you may submit a correction request by emailing [email protected] with the
subject line ‘Privacy Correction Request’. Please include your full name, account number (if applicable), a
description of the information you believe is incorrect, and the corrected details you would like us to record.
We will verify your identity before making any changes and will acknowledge your request within five
business days. We aim to complete corrections within 20 working days of receiving all necessary information.
If we are unable to make the correction you have requested, we will notify you in writing and explain the
reason. You may then request that we attach a statement of correction to the relevant record.
Privacy Breach Reporting. In the event of a privacy breach that poses a risk of serious harm to one or more
individuals, ASH NET will notify the Office of the Privacy Commissioner and affected individuals as required
under the Privacy Act 2020. Internally, suspected breaches are reported immediately to our privacy contact,
who will assess the severity and scope of the incident, contain and remediate the breach where possible,
determine whether notification obligations are triggered, and document the incident and the steps taken in
response. If you suspect that your personal information held by us has been accessed, disclosed, or used
without authorisation, please contact us immediately at [email protected] so we can investigate and
take appropriate action.
Managing Your Privacy Preferences. You can manage a number of privacy-related preferences directly
through your customer portal or by contacting us. Options available to you include: opting out of marketing
and promotional communications at any time via the unsubscribe link in any marketing email or by contacting
[email protected]; updating or correcting your account details including contact information, service
address, and billing preferences; requesting a copy of the personal information we hold about you; requesting
deletion of personal information where we are no longer required to retain it; and managing cookie and
tracking preferences through your browser settings or the cookie controls on our website. We will respond to
all preference requests within five business days.
13. Third-Party Links
Our website or services may contain links to third-party websites, platforms, or services. We are not
responsible for the privacy practices, security, or content of third-party websites or services. We recommend
reviewing the privacy policies of any third-party services you use.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations,
business operations, or privacy practices. Any updated version will be published on our website with a
revised ‘Last Updated’ date. Your continued use of our services after the policy is updated means you
acknowledge the updated policy.
15. Contact Us
If you have any questions about this Privacy Policy, how we handle personal information, or if you wish to
make a privacy request, please contact us:Email [email protected]
Post ASH NET LIMITED, Level 1, 220 Queen Street, Auckland CBD, Auckland 1010, New Zealand
© 2026 ASH NET LIMITED · Privacy Act 2020 (New Zealand) · [email protected]