Privacy policy

Thank you for your interest in how we handle your data

Thank you for your interest in how we handle your data.

At Cubro, we're committed to providing you with the highest level of protection for your data and privacy. As a New Zealand company, we always strive to be compliant with some of the most stringent data protection laws in the world.

Thousands of customers already trust Cubro with their data and we ensure that the highest safety standards for data storage and processing are always met. We only collect data when it's truly necessary, and in our customers' best interests, e.g. to send you product updates via email.

The following outlines how we are applying the guidelines with specific reference to how they align with the relevant privacy regulations that apply.

When you provide us with your personal information (whether directly or indirectly) you are deemed to have read this Data Protection Policy and to accept and consent to the provisions of this Data Protection Policy without qualification.

Data Protection Policy Overview


This Data Protection Policy is intended to provide information on the processing of personal data in our companies. We hereby fulfil our statutory obligations under NZ legislative requirements as well as align with relevant overseas regulation, such as the EU General Data Protection Regulation (EU-GDPR, EU 2016/679).

Please read this Data Protection Policy carefully and make sure that you understand it. If you have any further questions or there is something you do not understand, please contact us.

For Cubro the protection of your privacy always has the highest priority. We have safeguards against malware, viruses, and other digital threats on our own systems and the protection of your personal data is very important to us.

This Data Protection Policy describes how we handle data which may be directly or indirectly related to natural persons (personal data) and which hardware and software is used.

In this document we also explain how we use cookies and analysis tools throughout our websites and in our products and services.

We comply with relevant privacy laws and this Data Protection Policy at all times. We only share data with others as described in these provisions. Please note that further information may be added to our Data Protection Policy depending on the product or service concerned.

It is important to note that, if we are unable to collect, use, hold, disclose and otherwise process your personal information in the manner authorised by this Data Protection Policy then we may not be able to provide you with the full benefit of our products, services, offers or online and digital platforms.

How can you contact us?

Cubro Ltd is responsible for data protection. If you wish to contact us regarding your data, you can do so in the following ways:

  • Call our Customer care team on 0800 656 527 between 8am to 5pm, Monday to Friday
  • Email [email protected]
  • Visit our Headquarters at 149 Taurikura Drive, Tauriko, Tauranga 3171 or
  • Write to us at Cubro, PO Box 9144, Greerton, Tauranga 3142

What do we mean by certain terms?

By modifying the data, identification of a natural person is no longer possible.

Activity data
Data stored about the user's activities.

Analytical tools
Programs allowing analyses of user behaviour.

Use of IT infrastructures and services that are not kept locally but are hired as a service and can be accessed via a network (e.g. the internet).

Cookies are small text files that are stored on your computer or in your browser.

General Data Protection Regulation, revision of data protection regulations for the European Union.

A (portable) object, such as a smartphone, tablet, notebook, or PC, used to access apps or programs and information services.

IP address
An address within the computer network based on the Internet Protocol (IP). This address is assigned to the device and thus allows the device to be addressed and so accessed. 

MAC address
Address of each individual network adapter.

Personal data
This information relates to a specific or identifiable natural, living person. 

Modification of data in such a way that it is no longer possible to allocate it to a certain data subject without additional supplementary information. 

Malicious software
Programs developed to cause damage to a device or system.

Synonymous for ‘intelligent, clever’ devices (e.g. smartphone, smart TV, smart watch)

Freely selectable wireless network name.

Web console
Internet based software solution for managing your account or your settings.


What personal data is processed by us?

We process different data when you use our online products or visit our websites. We collect personal information from or about you in a variety of ways. We will try to collect personal information directly from you, either in person, over the phone, by email, or through our digital and online channels. However, we may also collect your personal information from other third parties, including our digital integrations, related entities, service providers, contractors, and agents.

Generally, the types of personal information that we collect from or about you depends on the circumstances in which the information is collected. Most of the data is collected in a pseudonymised or anonymised form. We have described below examples of the types of personal information that may be collected, however this is not an exhaustive list:

Information when you visit our websites
When you visit one of our websites or access one of our online services, we may process information on the region you are visiting us from, information on your device, its operating system and browser, your user behaviour on our site during the current session, and whether you have visited us before. For this, we use cookies.

Registration information
To activate or use some of our products or services, you need to create an account. During the process of setting up your Account, we will ask you for certain personal information such as your name, email address, possibly supplemented by additional information, such as your telephone number and address details.

Support enquiries
If you contact us for support enquiries, we will store your data in connection with this particular enquiry, such as contact details, information on your enquiry and any related material that may help us provide the service you request. In some cases we may ask you to provide us with additional information to handle your support enquiry.

Usage information
When using our products and services, we collect and process personal data at various points. The respective collection and processing of personal data depends on the product used and the associated services and product features. In some cases, you may deliberately submit or provide us with files for verification. If these contain personal data, processing is carried out in accordance with the guidelines set out in this Data Protection Policy. For example:

Cubro online ordering - With Cubro Online Ordering, we provide a web console which you can use to manage your account and our services that you use. For this, we collect and process personal data at various points to help us optimise the services you use.

Payment information
Cubro does not currently offer any online payment options on its website or online services. We will not request details of payment cards, and do not store payment card details on our systems and storage.

Digital Integration
With our digital integration offering for Operating Theatres, the Customer may authorise Cubro to have Remote Access to the system. This Remote Access is for the sole purpose of providing upgrades, updates, maintenance and troubleshooting operational issues.
We use Digital Integration Data to enable the integrated features, improve the functionality and user experience of our service and provide relevant support for integrated features.
We maintain appropriate security measures to protect Digital Integration Data. We also require our third-party integration partners to adhere to strict data security standards.
Cubro will not save any personal information, patient records, case data or patient operating notes.


Why and on what legal basis do we store personal data?

Processing purposes
We process your data, whether it can be traced back directly or indirectly to a natural person or not, for the following purposes: 

  • To provide services to you.
  • To process your registration and administer the services you have access to.
  • For correct operation of our products and services.
  • For convenient and straightforward use of our products and services.
  • To send you direct marketing, by post and electronic means, including by email, phone and text/SMS.
  • To offer you optimised advertising and product information.

Your consent is required for the processing of certain data. In these events we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.
In these cases we will inform you about the purpose of the data processing and about your right of revocation.

Storage and deletion periods
Any personal information that falls within the scope of this Data Protection Policy is collected and held by us or trusted third parties we may engage to store information on our behalf. We will take reasonable steps to protect your personal information from misuse, interference, corruption, loss or unauthorised access, modification or disclosure, including through physical, electronic and procedural safeguards.

We will only keep your personal information for as long as it is required for the purposes for which it was collected.
Should the data no longer be required for the purpose it was collected, it will be anonymised and/or deleted in accordance with legal regulation.

Should you wish to have your data deleted, please note that due to technical restrictions it may take up to 180 days to permanently delete your data from the live systems.

Further, please note that after the confirmation of your deletion request it is not possible to restore your data.

How do we use cookies, analysis and tracking tools, and social media registrations?

When you use a product or service, cookies are uploaded to your browser. Cookies may be used to identify your browser so that our website is displayed correctly. We also use cookies at various points on our website to analyse the use of our website and thereby optimize it, such as a shopping cart function for orders in the Cubro online store.

Cookies are stored on your individual device and you have full control over their use. You may deactivate or restrict the transmission of cookies by changing the settings of your web browser.

Cookies that are already stored may be deleted at any time. Should you visit the Cubro site with cookies deactivated, you may possibly not be able to use all of the functions on our site to the full extent.

In addition to our own systems, we also use the following third-party tools for marketing purposes and to make your visit to our websites or the use of our products/services more user-friendly.


Analytical tools

Google Analytics 360

We use Google Analytics 360, a web analysis service from Google (Google Inc.). Google Analytics uses cookies that enable us to analyse your use of our websites. The data generated by cookies about your use of our website and may involve the transfer of data to servers in the USA. Prior to this, however, Google will shorten your IP address if it originates in a member state of the European Union or in other signatory states to the Agreement on the European Economic Area and thus make it anonymous (Google's anonymizeip process). The entire IP address is transferred to a Google server in the USA and saved there only in exceptional cases. Google uses this data to evaluate your use of the website, to generate reports on website activities for Cubro, and to provide other services associated with website and internet use. Google can transfer this information to third parties, where appropriate, if legally mandated or if Google contracts with third parties to process such data. Google will not associate your IP address with other Google data.
You still have the option to prevent Google from collecting data generated by cookies and relating to your use of the website (including

Further information on Google Analytics can be found here.

Adobe Analytics (Omniture)

We use Adobe Analytics by Adobe (Adobe Systems, Inc.). The program uses cookies and tracking pixels, which are either retrieved from your device or stored there and enable an analysis of your use of our website and online services. This process collects and saves data based on pseudonyms. These profiles are used to analyse visitor behaviour on our services and to adapt our offerings and design based on user needs. 

Without your express consent, the pseudonymised usage profiles will not be merged with other personal information that we may have received from you. Adobe does not process your IP address and only saves it in a shortened form. You may also opt-out of the collection and storage of your information by Adobe at Opt-out here

For more information about Adobe Systems' Privacy Policy, click here.

We use Hotjar, a web analytics service provided by Hotjar. Hotjar uses cookies to process information including standard internet log information and details of the visitor’s behavioural patterns upon visiting our site. This is done to provide you with a better experience, and to facilitate the use of certain functions. Cookies are small data files transferred onto computers or devices by sites for record-keeping purposes and to enhance functionality on our site. Hotjar stores this information in a pseudonymized user profile. Hotjar does not process this information to identify individual users or to match it with further data on an individual user. 

We may use remarketing services to advertise on third party websites to you after you visit our Website. We manage this through a variety of remarketing services and ad exchanges which use cookies to inform, optimise and serve ads based on your past visits to our Website. 

[For example, we use Google AdWords, provided by Google Inc, and Facebook Custom Audiences, Facebook Dynamic Ads and Facebook Pixel, provided by Facebook Inc, to deliver targeted advertisements to individuals who visit our Website.] 

The remarketing services we use offer you the opportunity to opt out of their tracking systems. You can read about the information they collect and how to opt through each remarketing service’s own privacy policy.  Additionally, you can exercise your choice to opt out through the following link:  

For more info about the cookies we make use of in conjunction with Hotjar, please visit Cookie Information. You may opt-out of the collection and storage of your information by Hotjar at any time by following the instructions under the following link: Opt-out here 

For more information about the software used and Hotjar’s Privacy Policy, just go here. 

Why and who do we share personal data with?

We respect the privacy of your personal information and will take all reasonable steps to keep it confidential. However, we may disclose your personal information if required in connection with the purposes described in this Data Protection Policy. This may include disclosure where:

  • You have expressly given us your consent for this;
  • disclosure is required to enable us to correspond with you and do business together and for reasons related to our business operations, such as to ensure we continue to deliver quality products and services to our customers and potential customers; 
  • it is legally permissible and necessary for the execution of our contractual relationships with you; 
  • data transmission is based on a legal obligation; 
  • data disclosure is justified by a particular interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time. 

Personal information that we collect is either held by us on our systems and storage facilities or is held by these parties on our behalf. Some information we hold will be stored in ‘the cloud’ in secure databases on our behalf by third parties based overseas. The use of these services, and the transfer of information overseas (if applicable) will not relieve us of our obligations under the Privacy Act and this Privacy Policy.

We share personal data with the following recipients or categories of recipients for the aforementioned reasons: 

  • Employees (internal and external), officers, contractors, agents, and third party service providers (for example, mailing houses, marketing agencies, support service providers, software service providers, airline programme partners, market research providers, printers, insurance providers, financiers, website and data hosting providers, data analytics providers, warranty companies, payment processors and other IT suppliers); 
  • Public authorities
  • our related or affiliated companies and their respective employees, officers, contractors, service providers and agents (and our related or affiliated companies may disclose the personal information directly to their contractors, service providers and agents);  
  • our accountants, insurers, lawyers, auditors and other professional advisors in order for us to obtain their advice; 
  • any other third parties to whom you direct or permit us to disclose your personal information (e.g. third parties with whom we have directly or indirectly arranged services for your benefit); 
  • any other third parties that require the information for law enforcement, formal dispute resolution, or to prevent a serious threat to public safety; and 
  • as otherwise permitted or required by or under any applicable law.  

As a specific example: 

SurveyMonkey (SurveyMonkey USA) - we use this platform to conduct surveys such as on your product satisfaction. For your protection, personal data is processed in a pseudonymised form.

How do we collaborate with partners on your behalf?

We may share anonymised and aggregated information (which is not capable of identifying you) with our contractors, affiliates, business partners and other third parties. 

In providing and managing our customer products, we also contract with other businesses to provide services to us and we may disclose personal information to them to enable them to provide those services.

We require these service providers to adhere to our confidentiality requirements and to the requirements of the Privacy Act. 


What do we use international partners for?

We use a global IT infrastructure including computers, cloud-based servers, networks, and software solutions of international companies to provide our services. In certain specific cases your personal data may be forwarded to third countries based on your express consent. In these countries, the same level of data protection is not always governed by and established in law as in New Zealand. 

For this reason, we have taken a number of measures in accordance with relevant standards and legislation to ensure the highest possible protection of your personal data. 

When we disclose personal information to third parties based offshore, we will comply with the requirements of the Privacy Act that relate to the transfer of personal information offshore. 

We insist that our partners take reasonable technical and organisational precautions, including complying with generally accepted industry standards, to protect personal information that they hold. However, no method is completely secure and we cannot be responsible for any breach of security caused by third parties. 


What data protection settings are available?

Browsers used to access our products offer you a number of options and settings. These are usually explained to you when you first install or use them. It is quite possible that by changing the settings, certain Cubro services may no longer function properly. 


How can you revoke your consent?

If you have given us your consent to process certain data, e.g. to receive a newsletter or third-party offers, you have the right to revoke this consent - also in part - at any time. You can do so by contacting us directly.

In the case of direct advertising, you have a general right to object without having to provide information on the particular situation. Please inform us of your objection in writing (e.g. email) or by telephone.


What are your rights?

You have the following rights in connection with your personal data, subject to possible legal restrictions: 

The right to be informed, rectification, erasure, restriction of processing, portability, and object. 

Right to information
If you would like to know what personal data we hold on you, please contact us directly. Following your request, we will send you information about the data we have via email. The provision of this information may take some time, depending on the scope of the activity data. 

Right to rectification
You can request to change or update your data at any time by contact us directly.

Right to erasure
If you wish to delete your data, please contact us directly. We will then erase your data in accordance with legal requirements.

Wherever possible, we will block your data immediately, however due to technical restrictions it may take up to 180 days to permanently delete your data, provided there are no legal obligations and statutory rights preventing deletion. 

Please note that after the confirmation of your deletion request it is not possible to restore your data. 

Right to restriction of processing
You have the right to restrict the processing of your personal data. To this end, please inform us of the categories of data affected by your request and the reasons for your request. We will examine the facts immediately and inform you of the result.

Right to data portability
Please let us know in text form (e.g. email) which data you would like to transfer to whom. We will examine your request immediately and inform you of the result.

Right to lodge a compliant
If you are dissatisfied with our efforts in connection with data protection, you have the right to lodge a complaint with the data protection supervisory authority responsible in New Zealand.

  • Office of the Privacy Commissioner – PO Box 10094, Wellington 6143.
  • OR Click Here


How do we protect personal data?

We have put in place safeguards that are state-of-the-art and meet the requirements of data protection legislation to protect your personal data. These are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorised knowledge or access by third-parties. 

To transfer data between our websites, our applications and backend systems, communication is encrypted using the latest SSL (Secure Socket Layer) procedure. 

We protect the systems and processing by a series of technical and organisational measures. These include data encryption, pseudonymisation and anonymisation, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing. 

Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements. 


What possibilities are there for minors to use our services?

Our products and services may not be ordered or installed by minors.


What other information is important?

Public information
Remember that the data you send to forums, such as our web based social media facilities, will be classified and treated as information that is ‘manifestly made public’. If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum. 

Changes to this data protection policy
This Data Protection Policy is revised on an ad-hoc basis to adapt it to current developments in relation to our company, our products and services, legal requirements and social developments. 

Last Updated: April 2024