Privacy & Cookies Policies

Privacy Policy

Tracksuit Limited (“Tracksuit”, "we", "us", “our”) collect, use, store and disclose information which may identify individuals ("personal information"), including visitors to our website:, business partners (including customers and suppliers), and job applicants ("you", “your”).

This privacy policy (“Policy”) sets out our commitment to protecting the privacy of your personal information and provides details about how we collect, use, store and disclose your personal information collected through our website or in the course of our business activities conducted offline in accordance with applicable data protection laws, which include the New Zealand Privacy Act 2000, and which may include (where you are a resident in the European Union (EU) or the United Kingdom (UK)) the EU General Data Protection Regulation (GDPR) or the GDPR as transposed into UK national law (UK GDPR).

Please note that this Policy does not apply to our brand tracking products and services as these do not involve the processing of personal information.


This Policy relates to “personal information” which includes any information relating to an identified or identifiable person. Please read this Policy carefully as it provides important information about how we use personal information and explains your legal rights.

This Policy has been designed to be as user friendly as possible. You can use the summary of contents below to help you find the information you are looking for by clicking on the relevant heading. We have labelled sections of this Policy to make it easy for you to navigate to the information that may be most relevant to you.

Where relevant under applicable data protection laws, we are the controller of any personal information collected from you through our website or otherwise for the purpose of conducting or developing our business with you. We are a company that provides brand tracking software located in New Zealand, and we have a data protection / privacy officer, who can be contacted

Summary of this policy

Your personal information: collection, purposes and lawful basis

Disclosing your personal information with others

International transfers

Storing and protecting your personal information

Your rights and how to exercise them


External links

Changes to this Policy

Contact us

Your personal information: collection, purposes and legal basis
Personal information you provide to us

In order to access or use certain parts of our website or enjoy the full functionality of our website, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal information to us in the following ways:

  • by filling in forms (for example, a 'Request a Demo' form) on our website or anywhere else we conduct business;
  • by downloading documentation from our website;
  • by subscribing to monthly brand insights, stories, newsletters or other communications; or
  • by corresponding with us e-mail or otherwise using our contact details, including via our Help Centre.

Generally the type of personal information we collect include your name, job title, business type, address and contact information. Further details of which are set out below. Where possible, our preference is to collect your personal information from you directly. We may need to collect some personal information from other third parties, which we set out below.

To help us better perform our services to you, and to ensure the quality of services, we may wish to record certain telephone conversations. Where we intend to record a telephone conversation (or any part of a telephone conversation) we will advise you at the appropriate time.

Where you apply for a job with us, we may receive personal information indirectly from recruitment agencies/service providers and your references (including previous employers).

Personal information we collect automatically

When you visit our website, our server automatically collects certain browser or device generated information, which may in some cases constitute personal information, including but not limited to: your domain; your IP address; your date, time and duration of your visit, etc. Further details of which are set out below. Our website uses cookies to remember information such as your login details and personal site preferences.

Information From Other Sources

We may also obtain job application information about you from third parties, namely Swag (

Purposes and legal basis for processing your personal information

All processing and use of your personal information is justified. The following is an overview of the types of personal information we process, the purposes of processing, i.e. how we will use your personal information, and the justified legal basis for processing your personal information:

Types of Personal Information


Legal Basis

Business Partners (customers and suppliers)

Types of Personal Information

First name, surname, email address, business address, business phone number / mobile phone number, information about your professional expertise and experience.


For the provision of our products and services, which includes processing/fulfilling orders, sending invoices and payment reminders, collecting payments and any other general contract administration.

To maintain a relationship with you as a customer, improve the products and services that we provide to you, and deal with any enquiries or queries.

To send marketing materials, updates, newsletters and other related information, including, sending solicited information (e.g. quotes in response to an enquiry).

To conduct data analytics and market research for statistical and survey purposes and for internal business administration.

Legal Basis

The processing is necessary for performance of a contract.

Our legitimate interest to improve and develop our products and services, to respond to any correspondence or queries you send us, and to send service information about our products and/or services. Where required by privacy laws, your consent or where information is solicited. 

Otherwise, our legitimate interest to send you communications related to similar products or services to which you have previously purchased or entered into negotiations to purchase, where permitted by privacy laws.

Our legitimate interest to measure the use of our products and/or services and interaction to inform and improve service/product direction and development and to enable provision of accurate and reliable reporting.

Job applicants

Types of Personal Information

First name, surname, contact details (including residential address, email address and phone number / mobile phone number), identification information and details of your qualifications and education history, CV, application letters, references, candidate assessment (including interview notes); information relating to right to work and information about your skills, experience and education.


To respond to request for vacancies and for recruiting and hiring purposes.

To carry out right to work checks and comply with our legal requirements.

To improve our recruitment process and activities.

Legal Basis

The processing is necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you.

Necessary to comply with relevant employment law obligations (for example, carrying out right to work checks). 

Necessary for our legitimate interests to maintain our reputation as a leading employer.

Website users

Types of Personal Information

Information about your visits to our website, your domain, IP address, country code, browser type, your operating system and device type, the number of times you visit our website, your interactions with our website, the pages you’ve visited on our website and the links you clicked on, search terms used and the source from where you originated, referring site (if any) from which you clicked through to our website, your screen resolution and language setting of your browser.


To help us to keep our website available and secure.

To improve your experience when you visit our website. This includes: (a) for statistical analysis to evaluate, improve, test and monitor the effectiveness of our website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); and (c) to ensure content on our website is presented in the most effective manner for you and to enhance your use of our website.

Legal Basis

Our legitimate interest to provide and maintain our website through utilising cookies that are strictly necessary. 

Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. 

Please refer to our Cookie Policy for further details about our use of cookies.

All Data Subjects

Types of Personal Information

All data above mentioned.


In connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction.

To help us improve and optimise our products and services.

Legal Basis

Necessary for our legitimate interests to ensure we can protect and grow our business.

Necessary for our legitimate interests to maintain our reputation as a leading provider of application security testing solutions to customers across the globe.

When the justification for processing is our legitimate interests, those interests are to use supplier, customer and website user data to conduct and develop our business activities with them and with others, while limiting the use of personal information to those purposes that strictly support the conduct and development of our business within the reasonable expectation of the individuals concerned.

We may process any of the personal information we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations.

Where we need to collect personal information due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products/services). We will notify you of this at the time.

Disclosing your personal information with others

We share your personal information in the manner and for the purposes described below:

  • with other companies within our group, and where such disclosure is necessary to provide you with our products and services or to manage our business. The other companies include Tracksuit Australia Pty Ltd and Tracksuit, Inc.; 
  • with third party service providers (who will operate under our instructions) to assist us in providing information, products and services to you, in conducting and managing our business, in managing and improving our products, services or website. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted product or service to us. These include document management service providers who store or destroy your personal information on our behalf, and IT service providers who help manage our IT and back-office systems; 
  • with government organisations and agencies, law enforcement, regulators to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  • banks and payment providers to authorize and complete payments;
  • we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers.

If, in the future, we sell or transfer some or all of our business or assets to a third party, we reserve the right to transfer your personal information to a potential or actual third party purchaser of our business or assets in order to facilitate any proposed or actual sale or other disposition of the business as a going concern. We will ensure that the transferee (or proposed transferee) will be bound by this Policy.

Where you are a resident in the EU or the UK and you apply for a job with us via our website, you will be automatically directed to Swag, which is a job application platform. Swag acts as a separate controller regards any personal information that it collects from you, which means that any personal information Swag collects from you will be subject to its privacy policy. We are not responsible for the data privacy practices of Swag, and encourage you to review Swag’s privacy policy.

International transfers

Where you are a resident in the EU or the UK, as we are a New Zealand based company, your personal information will be processed in New Zealand. New Zealand has an adequacy decision from both the European Commission and the UK government, which means that it is considered to have equivalent data protection laws to the EU and UK.

Please note that some of the recipients of your personal information listed above may be based outside New Zealand, or (where you are a resident in the EU or the UK) outside the EU or UK. Whenever we make transfers of your personal information, we implement any appropriate safeguards that are required by applicable data protection laws.

From an EU/UK perspective, those safeguards may include: (i) the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries; (ii) the UK Addendum; and/or (iii) reliance on an adequacy decision by the European Commission and/or the UK government.

Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed.

If you would like to find out more about any such transfers, please get in touch with us using the contact details set out at the beginning or end of this Policy.

Storing and protection your personal information

We will safely store your personal information. We apply a general rule that we will retain it only for so long as it is required to fulfil the purpose for which it was collected, or as otherwise required by law.

In some circumstances we may retain your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances we may also retain your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Where your personal information is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business. We engage the services of a specialised agency to store or destroy your personal information on our behalf. We will take all reasonable steps to ensure that such agencies comply with the Privacy Act 2020 and, where applicable, the GDPR / UK GDPR.

We are committed to protecting the personal information we receive from you. We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

It is important that the personal information we hold about you is up to date and accurate. Please keep us informed of any changes to your personal information.

Your rights and how to exercise them

You have rights in relation to your personal information, however, in certain circumstances these rights might not be absolute, as applicable data protection laws provide that we are not required to comply with requests in certain circumstances.

You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if we incur additional costs in complying with your request and the law permits us to recover those costs from you. We will endeavour to respond to you within one month (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).

Please note that, where we ask you for proof of identification, or any clarification and/or further information on the scope of the request, this may extend the time it takes for us to respond.

Your rights in relation to your personal information may include the following, depending on applicable data protection laws. Please note that where you are a resident in the EU or the UK all the following rights apply (subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking):

  • Right to withdraw consent - where applicable, you have the right to withdraw your consent at any time. For example, if you wish to opt-out of receiving electronic marketing communications, you can use the 'unsubscribe' link provided in our emails or otherwise contact us directly and we will stop sending you communications.
  • Right of access, rectification and erasure - you have the right to request access to, and obtain a copy of, any of your personal information that we may hold, to request correction of any inaccurate information relating to you and to request the deletion of your personal information under certain circumstances. 
  • Data portability - where we are relying (as the justification for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal information is processed by automatic means, you have the right to receive all such personal information which you have provided us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
  • Right to restriction of processing - you have the right to restrict our processing of your personal information (that is, allow only its storage) where: 
    • you contest the accuracy of the personal information, until we have taken sufficient steps to correct or verify its accuracy; 
    • where the processing is unlawful but you do not want us to erase the personal information;
    • where we no longer need your personal information for the purposes of the processing, but you require such personal information for the establishment, exercise or defense of legal claims; or 
    • where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.
    • Where your personal information is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
  • You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal information infringes applicable law.
  • Right to object to processing (including profiling) based on legitimate interest grounds - where we are relying upon legitimate interests to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
  • Right to object to direct marketing (including profiling) - you have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.

Please contact us using the details set out at the beginning or end of this Policy, if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal information.


We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences at any time by contacting us.

In most cases our processing of your personal information for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law) it may be based on your consent. In particular, you can always opt-out of email marketing communications by clicking the "unsubscribe" link at the bottom of marketing emails, or by contacting us using the contact details provided at the beginning or end of this Policy.

When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our newsletter database, by you or on your behalf, there will be no automated process in place to prevent a newsletter being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal information for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).

External links

Our website contains links to third party sites. As we are not responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Policy applies solely to personal information collected by our website or in the course of our business activities.

Changes to this Policy

Please note, we may need to update or amend this Policy from time to time to keep it up to date, reflect changes in our business or the law. Any changes or updates we may make to this Policy will be posted on this page in advance so that you are aware of the impact to our data processing activities before you continue to engage. Please check back frequently to see any updates or changes to this Policy.

Contact us

If you have any questions that have not been covered by this Policy, please get in touch with us via email at:

If you have a query, complaint or concern about how we use your personal information, please get in touch with us in the first instance at the email address above, and we will attempt to resolve the issue as soon as possible. We will notify you of the outcome of this investigation and any subsequent internal investigation. You are also able to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, however, we ask that you please attempt to resolve any issues with us first.

Last update: 30 May 2023‍

Tracksuit Limited Cookie Policy‍

This Cookie Policy explains how Tracksuit Limited ("we," "us," or "our") uses cookies and similar technologies on our website (referred to as the "Website"). It also outlines your choices regarding the use of cookies in accordance with applicable data protection laws, which include the New Zealand Privacy Act 2000, and which may include (where you are a resident in the European Union (EU) or the United Kingdom (UK)) the EU General Data Protection Regulation (GDPR) or the GDPR as transposed into UK national law (UK GDPR).

What are Cookies?

Cookies are small text files that are stored on your device (computer, mobile device, or tablet) when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owners.

Types of Cookies We Use

  1. Necessary Cookies: These cookies are essential for the functioning of our Website. They enable you to navigate and use its features, such as accessing secure areas. Without these cookies, certain services cannot be provided.‍
  2. Performance Cookies: These cookies collect information about how visitors use our Website, such as which pages they visit most frequently and any error messages encountered. We use this information to improve the performance and functionality of our Website.‍
  3. Functionality Cookies: These cookies allow our Website to remember choices you make (such as your username, language preference, or region) and provide enhanced features. They may also be used to provide services you have requested, such as watching a video or commenting on a blog.‍
  4. Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. These cookies remember the websites you have visited, and this information may be shared with other parties, such as advertisers.‍
  5. Social Media Cookies: These cookies are set by social media platforms (e.g., Facebook, Twitter, LinkedIn) that we have integrated into our Website. They allow you to share content and interact with social media features. The social media platforms may also use these cookies to collect information about your online activities.

Cookie Duration

Some cookies are session cookies, which are temporary and are erased when you close your browser. Other cookies are persistent cookies, which remain on your device for a longer period and are activated each time you visit our Website.

Your Consent

By using our Website, you consent to the use of cookies as described in this Cookie Policy. We will obtain your consent before placing any non-essential cookies on your device, in compliance with PECR requirements. You can manage your cookie preferences by adjusting your browser settings or using the cookie consent tool available on our Website.

Managing and Disabling Cookies

Most web browsers allow you to manage your cookie preferences. You can usually modify your browser settings to accept or reject cookies, or to notify you when a cookie is being placed on your device. Please note that disabling cookies may affect the functionality of our Website and limit your ability to use certain features.‍

For more information on how to manage cookies, you can refer to the instructions provided by your browser or device manufacturer.

Third-Party Cookies

We may also allow third parties, such as analytics or advertising partners, to place cookies on our Website to collect information about your online activities. These third parties may use this information to deliver personalized advertisements or measure the effectiveness of their advertising campaigns.‍

We recommend reviewing the privacy policies of these third-party service providers to understand how they use cookies and the information collected.

Updates to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or legal obligations. We will provide notice of any significant updates by posting a prominent notice on our Website or by other means.

Contact Us

If you have any questions or concerns about our use of cookies, please contact us at ‍

Last update: 30 May 2023

Start growing your brand today.