Privacy Policy

Novellus Limited (trading as Novellus) is a business consultancy registered in New Zealand. Our director is David Stephenson and we operate under NZBN 9429046632265 and GST 125-352-057. Our registered office is 18c Gill Avenue, Te Atatu Peninsula, Auckland 0610. You can contact us at any time on 09 888 9238 (NZ), +64 9 888 9238 (overseas / fax), 027 207 6414 (current clients), or by email at info@novellus.co.nz.

We only collect information that is necessary to provide our services. This typically includes:

• Identity information such as your name, role and the business you represent.
• Contact details including email address, phone number and physical or postal address where relevant.
• Engagement information such as the messages you send us, meeting notes, project briefs and any documents you choose to share for the purpose of our advisory work.
• Financial information you voluntarily provide for the purpose of our consulting (e.g. management accounts, cash flow data, merchant statements). This information is treated as strictly confidential.
• Technical information such as IP address, browser type and pages visited, collected automatically when you use our website.

We take card data very seriously. Where you make a payment to Novellus by card, the following applies:

• All card information (full primary account number, CVV/CVC and expiry date) is captured and processed directly by our payment processor, Stripe, on Stripe’s own infrastructure. Card details are sent over a TLS-encrypted connection straight to Stripe and never travel through, or rest on, Novellus systems.
• Novellus does not see, handle or store full card numbers, CVV codes or full bank account credentials on its own servers, devices or backups under any circumstances.
• We may receive a limited, non-sensitive token from Stripe — typically the card brand, the last four digits of the card number, an expiry month/year and a transaction reference — which we retain solely for accounting, refund and customer support purposes.
• All transactions are processed in accordance with the Payment Card Industry Data Security Standard (PCI DSS). Stripe is certified as a PCI DSS Level 1 service provider, the highest level of certification available in the payments industry.
• All transactions are billed in New Zealand Dollars (NZD).

We use the information we collect to:

• Deliver, administer and improve the consulting services you have engaged us for.
• Communicate with you about projects, proposals, invoices and meetings.
• Comply with our legal, tax and regulatory obligations in New Zealand.
• Protect our business and clients from fraud, misuse or unauthorised access.
• Send occasional updates about our services where you have opted in. You can unsubscribe at any time using the link in the email or by emailing us.

Your information is stored on reputable cloud platforms with data centres in New Zealand, Australia or other jurisdictions that provide comparable privacy protections. We apply administrative, technical and physical safeguards designed to protect personal information from loss, misuse, unauthorised access, disclosure, alteration and destruction.

Access to client information inside Novellus is restricted on a need-to-know basis. Staff and contractors are bound by confidentiality obligations. We retain personal information only for as long as is reasonably necessary to deliver our services and to comply with our legal obligations (typically a minimum of seven years for financial records, in line with Inland Revenue requirements).

Payments made to Novellus are processed by Stripe and are PCI DSS compliant. Stripe is certified to the highest industry standard for handling cardholder data (PCI DSS Level 1). All payment data is transmitted over encrypted TLS connections. Novellus does not store full card details on its own infrastructure.

Our website uses HTTPS encryption, modern hosting infrastructure and regular software updates. While no system is ever completely immune to risk, we take all reasonable steps to protect the information you entrust to us. If we ever become aware of a privacy breach that is likely to cause serious harm, we will notify you and the Office of the Privacy Commissioner without undue delay, in line with section 114 of the Privacy Act 2020.

We do not sell your personal information. We only share information with third parties where it is necessary to deliver our services, to comply with the law, or where you have given us permission. Examples include:

• Stripe, for processing payments.
• Cloud productivity and accounting providers (such as Google Workspace and Xero) used to manage our engagements and invoicing.
• Professional advisers (such as accountants and lawyers) bound by their own confidentiality duties.
• Government agencies where required by New Zealand law.

Under the New Zealand Privacy Act 2020 you have the right to:

• Ask whether we hold personal information about you and request a copy of that information.
• Ask us to correct information that is inaccurate, incomplete or out of date.
• Withdraw consent for any processing that is based on your consent.
• Make a complaint to the Office of the Privacy Commissioner if you believe your privacy has been breached.

To exercise any of these rights, please contact us at info@novellus.co.nz or call 09 888 9238. We will respond within 20 working days as required by the Act.

Our website uses a small number of cookies and privacy-respecting analytics to understand how visitors interact with our site so we can improve it. You can disable cookies in your browser settings. Doing so will not affect your ability to use the core parts of the site.

We may update this policy from time to time to reflect changes in our practices or in the law. The current version will always be available on this page with the “last updated” date shown above.