top of page

Privacy Policy

Who does this Privacy Policy apply to?

This Privacy Policy (“this Policy”) applies to “Ampyl Sciences Ltd” (“we” or “us”), which includes our trading name CannFX and the entities owned or controlled by Ampyl Sciences Ltd. Where we are providing services to you this Policy should be read in conjunction with the agreement under which you engaged us to provide services to you (the Terms). In the event of any inconsistency, the Terms take precedence over this Policy.


We want you to know that we are committed to protecting your privacy and handling your personal information in an open and transparent way.

What does this Privacy Policy cover?

This Policy explains how we collect, handle, store and protect personal information when:

  • We provide services to our clients;

  • You use “this Website” or provide other information to us as a non-client; or

  • We perform any other activities that form part of the operation of our business.


When we refer to “this Website” we are talking about websites associated with Ampyl Sciences Ltd. This includes;

  • Pages accessed using the URL, and

  • Pages that link directly to this Policy, such as the websites operated by Ampyl Sciences Ltd.


Are all areas of this Website covered by this Policy?

Certain areas of this Website may have separate privacy statements that apply to personal information collected via those pages. A separate statement may be necessary because of the nature of the personal information being collected (for example, information collected during the recruitment process) and to provide additional detail about how we handle information collected via those pages.

What laws apply to us?

When handling personal information we will comply with the New Zealand Privacy Act 2020 (as amended from time to time) (the Privacy Act).


Where applicable, we will also comply with data protection laws of other jurisdictions, such as the European General Data Protection Regulation (GDPR).

We take our obligations under the Privacy Act and other applicable data protection laws seriously. Therefore, in addition to this Policy, we also:

  • Maintain an internal privacy policy; and

  • Where appropriate or required by the Privacy Act:

    • include terms in our agreements with our clients that describe how we handle personal information during the delivery of our services; and

    • include terms in our agreements with third parties that describe how we handle the transfer of personal information offshore, ensuring that such third parties are required to protect the information in a way which provides comparable safeguards to the Privacy Act.

What personal information do we collect?

Information we collect when we provide services to our clients

We may be provided with personal information directly by our clients to enable us to deliver services or to perform due diligence checks before we agree to provide services. This information may relate to customers or it may relate to third parties.

As part of providing services to our clients, we may also collect personal information from other sources (such as directly from individuals themselves or information that is publicly available).

The types of personal information we may collect or be provided with include, but are not limited to:

  • Contact details;

  • Gender;

  • Employment records;

  • Complaint details;

  • Government identifiers such as driving licence, passport and visa/work permit status.

Where we are provided with personal information by a client, we take reasonable steps to ensure that the client has complied with the relevant obligations under the Privacy Act (and any other applicable data protection laws) in relation to that information. 

We also collect personal information (such as contact details and account details) from suppliers, contractors and third party service providers that we engage to help us operate our business.

Information we collect when we perform any other activities that form part of the operation of our business

We may collect personal information when performing other activities that form part of the operation of our business, but which do not directly form part of providing services to our clients. For example, we might collect personal information from members of the public as part of undertaking surveys, research on current issues or as part of projects or initiatives we are conducting with other organisations.

The types of information that we collect may vary depending on the nature of the activity. However, we will take reasonable steps to provide clear information about the nature of those activities and the purpose for which we are collecting your information.

Information we collect via this Website (Log information, cookies, and web beacons)

We may collect personal contact details from you when you use this Website. For example, if you sign up to receive promotional materials or communications about services provided by us.

To improve your experience when you use this Website and ensure that it is functioning effectively, we also use cookies (small text files stored in a user’s browser) and Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies).

Protecting children's privacy

We understand the importance of protecting children's privacy. This Website is not designed for, or intentionally targeted at, children 16 years of age or younger. It is not our policy to intentionally collect or store information about anyone under the age of 16. Where we do collect information from young people, we will ensure that the way we collect that information is fair in the circumstances.

How do we use your personal information?

We use the personal information that we collect to provide clients with agreed services. The Terms in place govern the provision of our services and set out the purposes for which we may use any information that the client provides to us (including any personal information). We use that information as permitted by the Terms and this Privacy Policy and we do not use that information for any other purposes, unless it is necessary to comply with a legal or professional right or duty.

How we use information collected when we perform other activities that form part of the operation of our business?

When we collect personal information as part of performing other activities that form part of our business, we will take reasonable steps to provide clear information about the nature of those activities and how we will use any personal information collected.

We may also use non-personal, de-identified and aggregated information for several purposes including for data analytics, research and promotional purposes.

How do we use information collected via this Website or through other sources? Do we use it to market goods and services to you?

We will not use your personal information collected via this Website or through other sources to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy notice).

We may use your personal information collected via this Website:

  • To provide you with promotional materials or communications about services provided by us that we feel may be of interest to you;

  • To manage and improve this Website;

  • To tailor the content of this Website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you;

  • To seek feedback on our services; and

  • For market or other research purposes (however, we will only ever report aggregated results of any research we undertake, and will never include your personal information in those results unless you explicitly give us your consent).

If you do not want to receive marketing materials from us, you can click on the unsubscribe function in the communication.

Are there any other ways we use your personal information?

We may also use personal information to protect the rights of Ampyl Sciences Ltd or to comply with a legal or professional right or duty.

When will we disclose your personal information?

We will only disclose your personal information as set out below. Importantly, we will never disclose or sell your personal information to third parties for advertising purposes, or for any other purpose without your authorisation.

We may disclose personal information to:

  • Other entities in the Ampyl Sciences Network;

  • Third parties that we engage to assist us in providing services to our clients or in the operation of our business (i.e. our subcontractors, advisors and suppliers).

These entities and third parties may sometimes be located in other geographies, including in Australia, Europe, United Kingdom and the United States.

We may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties:

  • To comply with legal or regulatory obligations or requests, such as under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009; or

  • Where there is a legal or professional right or duty to disclose.

We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.

Transfer of personal information outside New Zealand

We may store personal information within services provided by offshore cloud service providers.

Some of the recipients of your personal information referenced above may be based in countries or regions outside of New Zealand. Accordingly, any personal information that is collected in connection with our services or your use of this Website may be transferred to countries or regions with privacy laws that are different from New Zealand’s privacy laws. We will ensure that any such transfer of personal information will only be undertaken in compliance with the Privacy Act.

Where we disclose your personal information to other entities in the Ampyl Sciences Network, or to third party service providers, we will ensure that the relevant third party processes your personal information in accordance with our instructions and in a manner consistent with the Privacy Act (or the GDPR, where applicable).

Blogs, forums, wikis, and other social media


This Website hosts various blogs, wikis, and other social media applications or services that allow you to share content with other users (collectively ‘social media applications’). Importantly, any personal information that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any social media applications will be handled in accordance with this Policy.

On what basis do we process personal information about you?

Certain data protection laws, such as the European GDPR, require us to have a ‘legal basis’ for processing personal information. Where those laws apply, we may process your personal information for the purposes outlined above because:

(a) You have consented to the processing of your personal information for those purposes;

(b) We have a legitimate interest in processing your personal information, which may be to:

• provide services to you and/or to the entity that has engaged us to provide the services;
• support the management of our client engagements;
• evaluate, develop or improve our services or products; or
• protect our business interests; or

(c) We are subject to legal, regulatory or professional obligations.

(d) The processing is necessary for the establishment, exercise or defence of legal claims.

How do we protect your information?

We hold personal information in hard copy and electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:

  • Staff education and training to ensure our staff are aware of their privacy obligations when handling your personal information;

  • Administrative and technical controls to restrict access to personal information to only those people who need access;

  • Technological security measures, including fire walls, encryption and anti-virus software;

  • Physical security measures, such as staff security passes to access CannFX premises, laptop cable locks and the use of privacy screens where appropriate.

How can you access your personal information, or seek to have it corrected?

You may access your personal information, or seek to have that information corrected if you believe that it is incorrect, at any time.

If you wish to make any changes to your personal information, you may contact us by emailing the CannFX Privacy Officer at It is your responsibility to ensure the information we hold about you is accurate.


Depending on the jurisdiction in which you are located, you may also have the right to:

  • Ask that we delete personal information that we hold about you, or restrict the way in which we use your personal information;

  • Withdraw consent to our processing of your personal information (to the extent our processing is based on your consent);

  • Obtain and/or move your personal information to another provider; and/or

  • Object to our processing of your personal information.

If you believe these rights apply to you and wish to exercise these rights, please contact the CannFX Privacy Officer at

Breach notification

If there is a breach of privacy involving your personal information, we will comply with any legal obligations in the Privacy Act.

Who can you contact if you have further questions or if you wish to make a complaint?

If you have any questions or concerns regarding your privacy, or if you would like to make a complaint, please contact:

CannFX Privacy Officer
Ampyl Sciences Ltd
PO Box xxx
New Zealand

How do we handle complaints that we receive?

We take all the privacy complaints we receive seriously.

We will acknowledge the receipt of a complaint and will work with you to resolve it. If you would like more information about our process for handling complaints, please contact

Where can I find out more about my privacy rights?

For further information about privacy and the protection of privacy, visit the Office of the Privacy Commissioner’s website at

What is our process for making changes to this Privacy Policy?

We may modify or amend this Privacy Policy from time to time.

To let you know when we make changes to this Policy, we will amend the revision date at the bottom of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Policy to be informed about how we are protecting your information.

This Policy was updated May 2021.

Stay up to date with our latest news

Thanks! We'll be in touch.

bottom of page