Equerra

Privacy Policy

Equerra Limited

Effective Date: May 1, 2026
Version: 1.0
Last Updated: April 13, 2026

Introduction

This Privacy Policy explains how Equerra Limited (Equerra, we, us, or our) collects, uses, discloses, and protects personal information when you use our software products available through Microsoft AppSource.

Who We Are:

Equerra Limited

2nd Level

40 Lady Elizabeth Lane

Wellington Central

New Zealand 6011

Email: privacy@equerra.com

What This Policy Covers:

  • Personal information we collect
  • How we use your information
  • Who we share it with
  • Your privacy rights
  • How we protect your information

Related Documents:

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Name, email address, phone number
  • Job title, company name
  • Microsoft account details

Business Data:

  • Data you enter into the Software
  • Files and documents you upload
  • Configurations and customizations

Communication Data:

  • Support requests and correspondence
  • Feedback and survey responses

1.2 Information We Collect Automatically

Usage Information:

  • Features you use and how you use them
  • Time, frequency, and duration of use
  • Error logs and diagnostic data

Device Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers

Cookies and Similar Technologies:

See our Cookie Policy for details

1.3 Information from Third Parties

Microsoft:

  • Account authentication data
  • Tenant configuration information
  • Licensing and subscription data

2. How We Use Your Information

2.1 To Provide Services

  • Deliver and maintain the Software
  • Process transactions and send confirmations
  • Provide customer support
  • Send service-related communications

2.2 To Improve Services

  • Analyze usage to enhance features
  • Develop new products and services
  • Conduct research and analytics
  • Test and improve performance

2.3 To Communicate

  • Respond to inquiries
  • Send product updates and announcements
  • Provide technical notices
  • Send marketing communications (with consent where required)

2.4 For Legal and Security

  • Comply with legal obligations
  • Protect against fraud and abuse
  • Enforce our Terms and Conditions
  • Resolve disputes

3. Legal Basis for Processing (GDPR)

For personal data subject to GDPR, we process based on:

Contract: Processing necessary to provide services you've requested

Legitimate Interests:

  • Improving our services
  • Detecting and preventing fraud
  • Network and information security

Legal Obligation: Complying with laws and regulations

Consent: Where required by law (you can withdraw anytime)

4. Information Sharing

4.1 With Service Providers

We share information with:

Microsoft Corporation (Azure hosting, Business Central platform)

Purpose: Cloud infrastructure and service delivery

Location: Your selected tenant region

Safeguards: Standard Contractual Clauses, Azure security

Microsoft Azure OpenAI (optional, when enabled)

Purpose: AI-powered features

Location: Your selected region (Australia, Europe, or USA)

Safeguards: No training on your data, deletion after processing

Full list: Sub-Processor List

4.2 For Legal Reasons

We may disclose information:

  • To comply with legal obligations
  • To respond to lawful requests from authorities
  • To protect our rights and property
  • To prevent harm or illegal activity

4.3 Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before transfer.

4.4 With Your Consent

We may share information for other purposes with your consent.

4.5 We Don't Sell Your Information

We do not sell personal information to third parties for their marketing purposes.

5. International Data Transfers

5.1 Where We Process Data

Personal data may be processed in:

  • New Zealand (where Equerra is based)
  • Your selected Microsoft Azure region
  • Locations where our sub-processors operate

5.2 Safeguards for International Transfers

European Economic Area / UK / Switzerland:

  • Standard Contractual Clauses (EU Commission approved)
  • Adequate security measures
  • Transfer impact assessments

Australia:

  • Cross-border disclosure safeguards (APP 8)
  • Equivalent privacy protections

New Zealand:

  • Comparable privacy protections (IPP 12)

Details: See Data Processing Agreement

6. Data Retention

6.1 Active Subscription

We retain your information while your subscription is active to provide services.

6.2 After Termination

30-day retrieval period: Data available for export

Production deletion: After 30 days

Backup deletion: Within 90 days

Legal holds: May retain if required by law

6.3 Retention Criteria

We determine retention periods based on:

  • Legal and regulatory requirements
  • Business purposes
  • Legitimate interests
  • Your instructions

7. Your Privacy Rights

7.1 Rights for Everyone

Access: Request copies of your personal information

Correction: Request correction of inaccurate information

Deletion: Request deletion of your information

Objection: Object to certain processing

Restriction: Request restriction of processing

Portability: Receive your data in machine-readable format

To Exercise Rights: Email privacy@equerra.com

Response Time: Within 30 days (may extend to 60 days for complex requests)

7.2 Additional Rights (GDPR)

If you're in the EEA, UK, or Switzerland:

  • Right to withdraw consent
  • Right to lodge a complaint with your supervisory authority

Supervisory Authorities:

  • EEA: Your local Data Protection Authority
  • UK: Information Commissioner's Office (ICO)
  • Switzerland: Federal Data Protection and Information Commissioner

7.3 Additional Rights (New Zealand)

Privacy Commissioner: You may complain to the NZ Privacy Commissioner

Website: www.privacy.org.nz

Email: enquiries@privacy.org.nz

7.4 Additional Rights (Australia)

OAIC: You may complain to the Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Email: enquiries@oaic.gov.au

8. Data Security

We implement appropriate security measures to protect your information.

Highlights:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication (MFA)
  • Network security and monitoring
  • Regular security assessments
  • Employee training and background checks

Full Details: Security Measures

9. Children's Privacy

Our Software is not directed to children under 16. We don't knowingly collect information from children. If you believe we've collected a child's information, contact privacy@equerra.com and we'll delete it.

10. Marketing Communications

10.1 What We Send

  • Product updates and new features
  • Tips and best practices
  • Industry insights and resources
  • Event invitations

10.2 Your Choices

Opt-Out: Click "unsubscribe" in any marketing email

Note: You'll still receive essential service communications (billing, security, etc.)

11. Cookies and Tracking

11.1 What We Use

  • Essential cookies (required for service operation)
  • Analytics cookies (understand usage)
  • Functional cookies (remember preferences)

11.2 Your Choices

Most browsers allow cookie management. Note that disabling cookies may affect functionality.

Full Details: Cookie Policy

12. Privacy Policy Updates

We may update this policy to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

Notice: We'll post updates here and notify you of material changes via email.

Your Acceptance: Continued use after updates constitutes acceptance.

13. Privacy Officer

Contact Information:

Privacy Officer

Equerra Limited

2nd Level

40 Lady Elizabeth Lane

Wellington Central

New Zealand 6011

Email: privacy@equerra.com

Phone: +64 4 4626852

Responsibilities:

  • Overseeing data protection compliance
  • Handling privacy inquiries and complaints
  • Coordinating data subject requests
  • Managing data breach responses

14. Compliance with Privacy Laws

14.1 New Zealand Privacy Act 2020

We comply with the 13 Information Privacy Principles (IPPs), including:

  • Lawful collection and use
  • Direct collection where practicable
  • Transparency about processing
  • Secure storage and protection
  • Individual access and correction rights
  • Retention limitations
  • International transfer protections

Key Date: IPP 3A (indirect collection notification) effective May 1, 2026

14.2 Australian Privacy Act 1988

We comply with the 13 Australian Privacy Principles (APPs), including:

  • Open and transparent management
  • Collection with consent and notice
  • Use and disclosure limitations
  • Cross-border disclosure safeguards
  • Security of personal information
  • Access and correction rights

14.3 GDPR (EU / UK / Switzerland)

We comply with GDPR requirements for:

  • Lawful basis for processing
  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Detailed Terms: Data Processing Agreement

14.4 California Consumer Privacy Act (CCPA)

For California residents:

  • We don't sell personal information
  • We use personal information only to provide services
  • You have rights to know, delete, and opt-out

15. Questions and Complaints

15.1 Contact Us

General Privacy Questions: privacy@equerra.com

Data Protection Officer (GDPR): privacy@equerra.com

Privacy Officer (NZ/AU): privacy@equerra.com

15.2 Complaints

If you're not satisfied with our response:

New Zealand: Privacy Commissioner (www.privacy.org.nz)

Australia: Office of the Australian Information Commissioner (www.oaic.gov.au)

EEA/UK/Switzerland: Your local supervisory authority

Version History

Version Date Changes
1.0 May 1, 2026 Initial release - comprehensive NZ/AU/GDPR compliance

Related Documents

Equerra Limited
Strategic Solutions for Modern Business

© 2026 Equerra Limited. All rights reserved.