Privacy
policy.

Evolution Wireless Privacy Policy

Last updated May 2026

Evolution Wireless Limited ("EW", "we", "us", "our") takes your privacy seriously. This policy explains what personal information we collect, why we collect it, how we use it, and the rights you have over it. It applies to anyone who visits our website, contacts us, or uses our services.

This policy is governed by the Privacy Act 2020 (New Zealand) and the Information Privacy Principles (IPPs) set out in that Act. As a telecommunications service provider, we're also bound by the Telecommunications Information Privacy Code 2020 (TIPC), which sets out additional rules for how telecommunications agencies must handle personal information. Where the TIPC applies, it modifies how the IPPs apply to your information.

1. Who we are

   Evolution Wireless Limited is a New Zealand internet service provider, registered in New Zealand. Our registered address is Level 2, 40 Reads Quay, Gisborne 4010.

   If you have questions about this policy or about how we handle your information, contact us at privacy@ew.net.nz or 0800 4 WIRELESS.

2. What information we collect

   We collect personal information that's reasonably necessary for us to provide our services and run our business. This includes:

   1. Contact details — your name, phone number, email address, postal address, and physical address (for installation).
   2. Service information — the products and plans you've signed up for, your account number, equipment we've installed at your premises, and connection history.
   3. Billing information — invoices, payment history, and payment method details (we don't store full credit card numbers — those are handled by our payment processors).
   4. Network usage data — data volumes (uploads and downloads) per billing period, IP addresses assigned to you, and connection quality metrics. We do not log the websites you visit or the content of your communications. Like all internet service providers, our network equipment sees this traffic in transit, but we don't store records of destination addresses or DNS queries beyond what's needed in real time to route your traffic.
   5. Communications with us — emails, support tickets, contact form submissions, and call records (calls to our support line may be recorded for training and quality purposes; we'll let you know at the start of the call).
   6. Website analytics — basic usage information from our website (pages visited, browser type, referrer) to understand how the site is used and improve it.

3. How we collect your information

   Most of the information we hold comes directly from you — when you sign up, contact us, or use our services. We may also receive information from:

   1. Chorus and other network operators, when you order a fibre connection (e.g. address-eligibility checks, service activation, and fault information).
   2. 2talk, our wholesale VoIP provider, in relation to phone services we resell to you.
   3. Our network monitoring tools, which automatically record technical information about your connection.
   4. Credit reference agencies and identity-verification services, where appropriate, when you sign up for service.

   When we collect information about you indirectly (i.e. from sources other than yourself, such as the ones listed above), we'll let you know about that collection in line with Information Privacy Principle 3A, which came into force on 1 May 2026 — typically through this policy, your initial onboarding, or direct notification at the time of collection. There are limited cases where we may not separately notify you (for example, where you've already been told, or where notification isn't reasonably practicable in the circumstances).

4. Why we collect it (purpose)

   We collect and use your personal information to:

   1. Set up and provide your internet, phone, and related services.
   2. Bill you, take payment, and follow up on overdue accounts.
   3. Provide support — answer questions, fix faults, and improve the service.
   4. Communicate with you about your account, service changes, planned outages, and important notices.
   5. Protect the security of our network and prevent fraud or abuse.
   6. Comply with our legal obligations (e.g. responding to lawful requests from authorities under New Zealand law).
   7. Improve our website, products, and services.

5. Marketing communications

   We may occasionally send you news about service improvements or new products. You can opt out of marketing communications at any time by clicking unsubscribe in any email, or contacting us. We'll always continue to send essential service-related messages (billing, outages, account changes) regardless of your marketing preferences.

6. Who we share your information with

   We share personal information only when it's necessary to provide our services or where required by law. The categories of organisations we share with are:

   1. Network operators (e.g. Chorus, Tuatahi First Fibre, Northpower Fibre) — to provision, fault, and maintain your connection.
   2. 2talk — for phone and VoIP service delivery.
   3. Payment processors — to handle billing and payment.
   4. Cloud and IT service providers — for our customer database, email systems, and website hosting (e.g. Microsoft 365, Cloudflare). Some of these providers store data outside New Zealand; see the “Storage and security” section below for how we handle overseas storage and disclosure under IPP 12.
   5. Professional advisers — lawyers, accountants, and auditors, where required.
   6. Government and regulatory bodies — when required by law (e.g. Police production orders, Inland Revenue, Commerce Commission).
   7. Successors in business — if EW is sold or merges with another business, your information may be transferred to the new owner. They'd be bound by the same privacy obligations.

   We do not sell or rent your personal information to anyone for marketing purposes.

7. Storage and security

   We use reasonable security safeguards to protect personal information from loss, misuse, unauthorised access, modification, or disclosure. These include access controls, encryption in transit (HTTPS/TLS), and staff training.

   We hold personal information in a mix of New Zealand and overseas locations through our software and cloud providers — for example, Microsoft 365 (servers in Australia) and Cloudflare (a global content delivery and security network). When personal information is held overseas, we either:

   1. Use the provider only to store or process the information on our behalf — meaning we remain responsible for it under the Privacy Act 2020; or
   2. Where information is disclosed to a foreign person or entity, satisfy Information Privacy Principle 12 (IPP 12) by ensuring the recipient is required to protect it in ways comparable to those required under the New Zealand Privacy Act 2020 and the Telecommunications Information Privacy Code 2020.

   No system is perfectly secure. If we become aware of a privacy breach that could cause serious harm, we'll notify the affected individuals and the Privacy Commissioner as required under the Privacy Act 2020.

8. How long we keep it

   We keep personal information only for as long as we need it for the purposes described above, or for as long as we're required to by law. In particular:

   1. Active customers — for the duration of your service.
   2. Former customers — typically 7 years after your service ends, to comply with tax and accounting obligations.
   3. Contact form submissions and enquiries — retained for as long as needed to respond, and for a reasonable period afterwards (typically up to 2 years).
   4. Network usage logs — usage volumes are retained for billing purposes; technical logs are retained for the shortest period needed for fault diagnosis and network security.

9. Your rights under the Privacy Act 2020

   You have the right to:

   1. Ask what information we hold about you. We'll let you know within 20 working days. There may be a small charge if your request is large or repeated.
   2. Ask us to correct any information you believe is wrong or out of date.
   3. Withdraw consent for any processing that's based on your consent (e.g. marketing).
   4. Make a complaint if you're not happy with how we've handled your information — first to us, then to the Office of the Privacy Commissioner.

   To exercise any of these rights, contact us at privacy@ew.net.nz. We may need to verify your identity before responding to ensure we don't release information to the wrong person.

10. Cookies and analytics

    Our website uses minimal cookies. The contact form uses Cloudflare Turnstile (a privacy-respecting bot-protection tool) to prevent spam — this collects only what's needed to verify you're human and doesn't track you across the web. We don't currently use third-party advertising trackers.

    Your browser lets you control cookies — refer to your browser's help if you'd like to disable them. Some parts of the site (the contact form in particular) may not work without cookies enabled.

11. Children's information

    Our services are aimed at adults (account holders are generally 18+). We don't knowingly collect personal information from children under 16. If you become aware that a child has provided us with information, please contact us and we'll delete it.

12. Changes to this policy

    We may update this policy from time to time. The date at the top shows when it was last updated. If we make a significant change, we'll notify customers by email or via a notice on our website before it takes effect.

13. Contact us

    For privacy questions, requests, or complaints:

    1. Email: privacy@ew.net.nz
    2. Phone: 0800 4 WIRELESS (0800 494 735)
    3. Post: Privacy Officer, Evolution Wireless Limited, Level 2, 40 Reads Quay, Gisborne 4010

    If you're not satisfied with our response, you can contact the Office of the Privacy Commissioner: www.privacy.org.nz or 0800 803 909.