Privacy policy

We collect personal information when you interact with us. This might be when you use our website or Display Management System (DMS) portal, request a quote, purchase a product or solution, apply for a credit account, work with us as a vendor or service provider or otherwise engage with our business.

This may include your name, company name, job title, contact details, delivery or onsite details, user account information, billing and payment information, credit application information, communications with us, order and service information, supplier or contractor details and technical information, such as IP addresses, device information, website activity, cookies and similar identifiers.

Please note: DMS portal users within the same company account may be able to view limited information about other authorised users, such as names, usernames, order details or account activity, where this is necessary to manage the account or provide our services. Users must not share passwords or use another person’s login. Each user is responsible for keeping their login details secure.

Sometimes we collect personal information about you from someone else. This may include information provided by your employer, a colleague, customer, supplier, contractor, freight provider, venue, event organiser, credit reporting agency, professional adviser or another third party.

This may happen where you are nominated as a contact person, delivery or collection contact, onsite contact, account contact, billing contact, approver, authorised DMS portal user, supplier representative, contractor, event contact or other person involved in our business relationship or service delivery.

We may also collect information from third parties where this is needed to verify company details, assess a credit account application, manage credit risk, operate our systems, investigate issues, resolve disputes, fulfil contractual obligations or comply with legal requirements.

Where we collect personal information indirectly, we will take reasonable steps to ensure you are aware of the collection and the matters required by the Privacy Act, unless an exception applies.

We collect and use personal information for lawful business purposes connected with our products, services, systems and operations.

These purposes include:

• responding to an enquiry and providing quotes, products, solutions, services, customer support and account management
• creating and managing customer accounts, DMS portal access, orders, bookings, logistics, delivery, installation, collection and returns
• communicating with the correct customer, supplier, contractor, delivery, venue, onsite, or account contact
• assessing credit account applications, managing credit risk, processing payments, issuing invoices and recovering unpaid amounts
• managing day-to-day business operations and maintaining supplier and contractor relationships
• sending service updates and marketing communications where permitted, including allowing you to unsubscribe from marketing communications
• improving our solutions, products, systems, website, customer experience and business processes
• measure the effectiveness of our website and marketing including through analytics, cookies, remarketing or similar tools
• managing security, fraud prevention, complaints, disputes, health and safety, incidents and legal obligations
• meeting tax, accounting, audit, record-keeping, regulatory and compliance requirements.

We will only collect personal information that is necessary for a lawful purpose connected with our business.

We may share personal information with our staff and with trusted third parties where this is necessary for the purposes described in this policy.

This may include:

• freight, courier, transport, installation, event and logistics partners
• venues, event organisers, contractors, subcontractors, suppliers and service providers
• credit reporting agencies, banks, payment providers, outsourced finance and accounts providers, accountants, auditors, insurers, debt collection agencies, legal advisers and other professional advisers
• software, cloud, IT, CRM, ERP, web hosting, email, analytics, marketing, cybersecurity and system providers
• regulatory authorities, government agencies, courts, tribunals or law enforcement agencies, if required or permitted by law
• other third parties where you have authorised us to share the information, where it is necessary for the purposes described in this policy or where sharing is otherwise permitted by the Privacy Act.

Where appropriate, we use contractual, confidentiality, security and privacy safeguards with third-party providers.

Providing some information is optional. However, if you choose not to provide key contact details we may be unable to:

• respond to your enquiry about our products and solutions
• provide a quote, product, service or customer support
• provide access to and use of our Display Management System (DMS)
• deliver, install, collect or manage products and solutions correctly
• communicate with the correct person about an order, booking, delivery, event or account
• process your credit account application, as we require specific information to verify your company and perform necessary credit checks
• maintain a supplier, contractor, customer or business relationship with you
• meet our legal, accounting, tax, health and safety or record-keeping obligations.

If you apply for or hold a credit account with us, we may collect, use and disclose personal information about the applicant/customer, and relevant individuals associated with the applicant/customer, such as directors, shareholders, guarantors, authorised representatives, accounts contacts and trade referees to assess your application, verify details, manage credit risk, set or review credit limits, recover unpaid amounts, and manage our business relationship with you.

This may include collecting information from, and disclosing information to, credit/risk information providers, business information providers, trade referees, debt collection agencies, professional advisers, service providers and ongoing monitoring or alert service providers.

We use Centrix Group Limited for credit/risk information and/or ongoing monitoring and alert services. Centrix Group Limited handles personal information in accordance with their own privacy statement, available here: https://www.centrix.co.nz/privacy-statement.

Where information is provided about another person, such as a director, shareholder, guarantor, authorised representative, accounts contact, delivery contact or trade referee, the person providing that information must be authorised to do so and should take reasonable steps to ensure the individual is aware their information may be used for the purposes described in this policy.

We use cookies and similar technologies to help our website and DMS portal work properly, improve your experience, understand website usage, support security, measure marketing effectiveness and deliver more relevant advertising.

Some technical information may not identify you directly. However, in some cases information such as cookies, IP addresses, advertising identifiers, device information or website activity may be personal information if they identify you or can reasonably be linked to you.

You can choose to refuse or delete cookies via your browser settings. Some website or portal features may not work properly if cookies are disabled. You can also manage personalised advertising settings through the relevant third-party platform, such as Google’s advertising settings or opt-out tools.

We may store personal information using cloud, software and technology service providers located in New Zealand or overseas.

Where a provider stores or processes personal information on our behalf, we remain responsible for that information and take reasonable steps to ensure it is protected. These steps may include using reputable providers, assessing privacy and security safeguards, applying access controls, and using contractual protections where appropriate.

Where we disclose personal information to an overseas person or organisation for their own use, we will only do so where permitted by the Privacy Act.

We may use artificial intelligence (AI), automation or similar technology tools to support our business operations, improve efficiency, analyse information, prepare communications, support customer service, improve our systems and assist with internal administration.

Where these tools involve personal information, we take reasonable steps to ensure the information is handled in accordance with the Privacy Act. This may include limiting the personal information entered into AI tools, using approved systems, reviewing provider privacy and security settings and checking AI-assisted outputs before relying on them.

We do not knowingly use personal information in public AI tools in a way that would allow confidential or personal information to be used to train publicly available AI models, unless this has been authorised or appropriate safeguards are in place.

We do not use AI to make significant decisions about individuals without appropriate human review.

We take reasonable steps to safeguard personal information from loss, unauthorised access, misuse, disclosure, alteration or destruction. These steps may include:

• limiting access to authorised staff and providers who need the information for legitimate business purposes
• using secure systems, access controls and password protections
• applying confidentiality and privacy obligations to staff and relevant third parties
• using reputable technology, cloud and system providers
• monitoring and improving our systems, processes and security practices
• independent security reviews of our online platforms where appropriate.

No system is completely secure, but we take privacy and security seriously and work to protect the information we hold.

If we become aware of a privacy breach, we will assess it promptly and take steps to contain, manage and respond to it.

If a privacy breach is notifiable under the Privacy Act, we will notify the Office of the Privacy Commissioner and affected individuals as required.

We retain personal information only for as long as reasonably required to fulfil the purposes it was collected for, including to provide our products and services, manage customer and supplier relationships, administer accounts, meet legal, tax, accounting and audit obligations, resolve disputes, enforce agreements, and maintain appropriate business records.

When personal information is no longer required, we will take reasonable steps to securely delete, destroy, de-identify or anonymise it.

You have the right to ask for a copy of any personal information we hold about you, and to request corrections if you believe any of it is inaccurate. If you would like to ask for a copy of your information, or to have it corrected, please contact our Privacy Officer at info@exhibit.co.nz.

To protect your privacy, we may take reasonable steps to confirm your identity before processing your request.

If we do not agree to make a correction, you may ask us to attach a statement of correction to the information.

If you have any questions, concerns or complaints about how we handle your personal information, please contact our Privacy Officer using the contact details above.

We will consider and respond to privacy complaints within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner.

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and if you have an account with us, we may notify you directly.

The updated policy will apply from the date it is posted, unless stated otherwise. We encourage you to check this page periodically to stay informed.