stroke faq

Privacy policy

Privacy policy

Privacy policy

In this Privacy Policy (Policy) any reference to “we”, “us” or “our” shall be reference to Legacy Web & Apps Limited trading as Lazarus . We comply with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

Your privacy is important to us, we respect your personal privacy and are committed to maintaining your trust and confidence in the way we collect, store, use and share your personal information. This policy sets out how we will collect, use, store, disclose and protect your personal information.

This policy sets out our obligations and does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see

Terms not otherwise defined in this Policy shall have the meaning given to them in the Terms of Service.

Changes to this policy:

We reserve the right to change this Policy from time to time as we see appropriate. In the event we do amend this Policy we may change this policy by uploading a revised policy onto our website and  will use reasonable endeavours to draw your attention to the amended policy. The change will apply from the date that we upload the revised policy. The most recent version of this Policy will apply.

This policy was last updated on 20 July 2021.

What personal information do we collect?

We collect personal information as part of our ordinary business operations, including the provision of goods and/or services to you. Personal information that we collect from you may include:

  • Account information: when you set up your account and sign up for our service, we will require your name, username, password, email address, date of birth and some demographic information;
  • Content: uploaded while using our service, such as photos, videos and other personal information;
  • Identity: information which helps us confirm your identity, such as full name, date of birth, address verification, passport and/or birth certificate and IRD number;
  • Payment information: financial information such as your bank account or credit card information when you make payments to us for the use of our services, including billing and payment history and information necessary to process any of your purchases;
  •  Communications: your contact information including your residential address, postal address, email address, telephone number;
  • Other: any other information that you may provide to us in relation to our services; and
  • Device information: cookies (as explained below), website usage information, including how you interact with our website, your version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, log files, web beacons, tags, or pixels and other information relating to how you interact with the website;


When do we collect personal information from you?

We collect personal information from you when you interact with us, or we interact with you. The personal information we collect will depend on the nature and purpose of the interaction with us. We will generally collect your personal information when you:

  • set up an account with us and use our services;
  • contact us, whether via our website, telephone, text message, email and/or post,
  • enquire about our services;
  • agree to do business with us;
  • visit and use our website at or any other website we operate;
  • sign up to our mailing lists;
  • engage with our social media platforms;

By providing us with your personal information you are consenting to us collecting your personal information and using it in accordance with this Policy, Terms of Service and applicable law.


Why do we collect your personal information?

We collect personal information where it is necessary to respond to your request, provide our services and products to you, or to otherwise manage your interaction with us. When we obtain your personal information we will only use that personal information for the purpose for which it is collected, in accordance with our Terms of Service, as set out in this Policy or as permitted by law.


Generally, we will collect and use personal information from you for the following purposes:

  • to be able to provide you with our services and products;
  • setting up your account;
  • to load the website accurately for you, and to perform analytics on website usage to optimize our website;
  • to verify your identity;
  • receiving and responding to your enquiries in relation to our services;
  • receiving and processing your requests for us to provide services to you, contacting you in relation to the services you have requested, and providing those requested services;
  • to allow us to perform a contract we have with you;
  • to act on your requests;
  • to market our services and products to you, including contacting you electronically (e.g. by text or email for this purpose);
  • helping us to identify other services that might be beneficial to you; 
  • for our general business processes, management and to improve the services and products that we provide to you;
  • to undertake credit checks of you (if necessary);
  • to bill you and to collect money that you owe us, including authorising and processing credit card transactions;
  • to conduct research and statistical analysis (on an anonymised basis);
  • to protect and/or enforce our legal rights and interests, including defending any claim; and
  • for any other purpose for which the personal information was collected.

Who do we collect your personal information from?

In most instances we will collect personal information directly from you. However, given the nature of the services we provide, it will not always be possible to collect all personal information directly from you.

We will only collect personal information about you from third parties as set out in this Policy, as required by our services, where it is reasonably necessary in the circumstances, where we are obtaining such personal information from a publicly available source, or where you have provided your express or implied consent.

Examples of where we collect personal information about you from third parties include:

  • Third parties where you have authorised this, including personal information provided by Invited Users nominated by you;
  • publicly available sources; and

regulators, government authorities, Courts or the Police.

Who do we disclose your personal information to?

In the course of using your personal information, we may disclose your personal information to third parties. We will only share personal information with third parties where we are permitted under this Policy, where you have specifically authorised us to do so or in accordance with our legal obligations.

For example, we may disclose your personal information to:

  • third parties in the course of providing our products and services;
  • your Trustee where they notify us that you have passed away;
  • another company within our group;
  • any person as part of our services for example we will disclose information to third parties you have authorised through your use of the service such as your Invited Users and recipients of your messages;
  • any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products;
  • a credit reference agency for the purpose of credit checking you or other third parties (for anonymised statistical information);
  • a person who can require us to supply your personal information (e.g. a regulatory authority);
  • any other person authorised by the Act or another law (e.g. a law enforcement agency)
  • any other person authorised by you; and
  • any person or entity whom we are permitted to do so under law.

Where we do provide your information to third parties in accordance with this Policy, we will require that third party to protect your personal information. If a third party is located outside of New Zealand we shall ensure that such entities have similar levels of privacy protection as New Zealand.



At times, cookies may be used to help us serve you better. A cookie is a small element of data sent by a website to your browser, which may then be stored on your hard drive so we can recognise you when you return. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

 You may set your browser to notify you when you receive a cookie and, if you wish, to reject it, or clear cookies by using your browsers options.

We may use cookies in connection with your use of our website. If you choose not to have your browser accept cookies from our website you will be able to view text on screens, however you may not experience a personalised visit.

Web beacons, also known as clear gif technology, or action tags, assist in delivering the cookie. This technology tells us how many visitors clicked on key elements (such as links or graphics) on our website. We do not use this technology to access your personal information. It is a tool we use to compile aggregated statistics about the website’s usage. We may share this tracking information with third parties.

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.


Behavioural and Targeted Advertising

We collect your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example we use Google Analytics to help us understand how our customers use the website. You have the right to opt-out of Google Analytics here

You can further opt out of targeted advertising by visiting:




Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:


Direct Marketing

You may register with us to receive marketing and communications via email, text message or by post your name and contact details will be added to our marketing database. You consent to receiving messages from us by email, text message or post. If you decide that you no longer wish to receive marketing material from us you can elect to unsubscribe by selecting the option in the email or by emailing us at, replying ‘STOP” to any text message or by contacting us directly by telephone or post.


GDPR – European Economic Area

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and us;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. 


Protecting your personal information

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

You can play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services.

Please do not disclose your password to third parties.

Please notify us immediately if there is any unauthorised use of your account or any other breach of security.

We use Secure Sockets Layer (SSL) to protect data in transit between Lazarus and ours servers. SSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard encryption.


Accessing and correcting your personal Information

Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, email us at

Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.


Internet Use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.


What do we do if there is a breach of your privacy?

If we believe that there has been a privacy breach, then we will identify the breach and take reasonable steps to minimise any harm caused by the breach. Where we believe any breach of privacy poses a risk of serious harm, or is likely to cause serious harm then we are required to notify the Privacy Commissioner and affected parties.

Where you believe that there has been a breach in relation to your privacy, then please contact us as soon as possible.

If you are not satisfied with the way we have dealt with or resolved your complaint then you can escalate this by contacting the Privacy Commissioner at any time:

Office of the New Zealand Privacy Commissioner


Phone: 0800 803 909



How to get in touch with us

Your privacy is important to us, if you have a general privacy enquiry or complaint about a privacy breach then please contact our Privacy Officer at: