Privacy Policy (AktivateHub)
Last updated: [16/08/2025]
Who we are: AktivateHub Limited (“AktivateHub”, “we”, “us”). Registered in New Zealand. Contact: [ashima@aktivatehub.com], [49 Murphys Park Drive, Flatbush, Auckland 2019].
1. Scope
This policy explains how personal information is collected, used, shared, and protected when AktivateHub is used. It applies to visitors, consumers submitting event requests, and vendors creating listings or receiving leads.
2. What is collected
Account and profile data: name, email, phone, role, business details, service categories, locations, pricing ranges.
Event request data (consumers): event type, date, location, budget, preferences, notes.
Usage and device data: IP address, device/browser, pages visited, referral source, and approximate location derived from IP.
Communications: messages, reviews, support tickets, call notes where applicable.
Payments (if any): billing contact, plans, invoices and transaction metadata (processed by our payment provider; we do not store full card numbers).
Cookies and similar tech: used for login, preferences, analytics, and performance.
3. Why it is collected (legal bases)
Data is collected and used to:
provide and secure the service (contract necessity);
create and manage vendor listings and consumer requests (contract necessity);
connect consumers with vendors and send quotes or messages (contract necessity and legitimate interests);
improve the website through analytics and troubleshooting (legitimate interests);
send required notices and service updates (legal obligations or contract);
send optional marketing with consent.
Where EU/UK visitors are concerned, consent or legitimate interests are relied on under GDPR where applicable. Where California residents visit, CCPA/CPRA rights are respected.
4. How information is used
Event requests are shared with matching vendors so they can respond with quotes.
Vendor profiles and reviews may be shown publicly.
Aggregated, de-identified insights may be created to improve services and inform product decisions.
Communications may be monitored for safety, fraud prevention, and dispute handling.
5. When information is shared
Information may be shared with:
Vendors who match a consumer’s request;
Service providers (hosting, email/SMS, analytics, payments, customer support) under contracts that protect data;
Authorities when required by law or to protect rights, safety, and compliance;
Buyers or successors in a reorganisation, subject to safeguards.
6. International transfers
Data may be processed outside New Zealand by trusted providers. Protections are put in place by contract, technical controls, and due diligence to keep information secure and comparable to NZ standards. For EU/UK visitors, appropriate safeguards are applied consistent with GDPR.
7. Cookies and analytics
Cookies are used for essential functions (login, security), preferences, and analytics. Browser settings can be used to manage cookies. Some features may not work without essential cookies. Marketing emails and messages include an unsubscribe facility as required by NZ law
8. Marketing communications
Marketing is sent only with consent or as otherwise permitted. Each message includes clear sender details and a working unsubscribe. Address-harvesting software and harvested lists are not used.
9. Data retention
Information is kept only as long as needed for the purposes described, to meet legal requirements, or to resolve disputes. Data is anonymised or securely deleted when no longer required.
10. Security
Reasonable technical and organisational measures are used to protect information (encryption in transit, access controls, monitoring). No method is perfectly secure. Incidents are assessed and, where required, notified to affected users and the NZ Privacy Commissioner.
11. Your rights
Under NZ law, access to and correction of personal information may be requested. Reasonable verification is required before requests are fulfilled.
EU/UK visitors may exercise GDPR rights where applicable (access, rectification, erasure, restriction, portability, objection).
California residents may exercise CCPA/CPRA rights where applicable (know, delete, correct, opt-out of sale/share of personal information). Requests can be sent to [ashima@aktivatehub.com].
12. Children
The service is not directed to children under 13. Accounts for vendors require the user to be at least 18.
13. Links and third parties
Links to third-party sites and tools may exist. Their practices are not controlled by us. Their policies should be reviewed.
14. Complaints
Concerns can be raised with us at [ashima@aktivatehub.com]. Complaints may also be made to the Office of the Privacy Commissioner.
15. Changes
This policy may be updated. Material changes will be notified by email or banner. The “last updated” date will be changed.