PMR CONSULTING
Cyber Secure Assessment

PMR CONSULTING — Privacy & Data Use Policy

PMR MSP Health Check | PMR Cyber Secure | PMR Privacy Compass

Effective: May 2026 | Version 1.0

1. About This Policy

This policy explains how PMR Consulting Ltd ("PMR Consulting", "we", "us") collects, uses, stores, and protects information submitted through our online assessment tools: PMR MSP Health Check, PMR Cyber Secure Assessment, and PMR Privacy Compass. By completing an assessment, you acknowledge that your responses will be handled in accordance with this policy and the New Zealand Privacy Act 2020.

2. Who We Are

PMR Consulting Ltd is a New Zealand-registered company providing vendor-neutral technology advisory services to mid-market organisations. Our principal is Rick Rainey. Contact: info@pmrc.co.nz | pmrc.co.nz

3. What Information We Collect

When you complete an assessment, we collect:

  • Organisation name
  • Organisation size and sector
  • IT arrangement type (for MSP Health Check and Cyber Secure)
  • Infrastructure type (for MSP Health Check and Cyber Secure)
  • Whether your organisation holds health information (for Privacy Compass)
  • Your assessment responses (Yes/No/Partially answers to assessment questions)
  • Your email address (only if you access an assessment via a campaign link — not for direct access codes)

We do not collect names of individual respondents, contact details beyond email (where campaign entry is used), financial information, or any sensitive personal information beyond what is listed above.

4. How We Use Your Information

We use assessment data for the following purposes:

  • To calculate your organisation's assessment scores and maturity band
  • To generate your Independent Advisory Summary using an AI language model (see Section 6)
  • To present your results on the results page and in the downloadable PDF report
  • To allow PMR Consulting to follow up with advisory services where relevant
  • To analyse aggregated, anonymised assessment trends for service improvement purposes

We do not use your data for marketing to third parties, sell your data to any party, or use individual assessment results for any purpose other than those listed above.

5. Storage and Retention

Assessment data is stored in a Supabase database hosted on Amazon Web Services (AWS) in the ap-southeast-1 region (Singapore). This region was selected for proximity to New Zealand and Australia. Assessment responses are retained for 24 months from the date of completion. After this period, session data is deleted. You may request earlier deletion at any time by contacting info@pmrc.co.nz. PMR Consulting administrators can view assessment results through the secure admin panel. Access is protected by email-based authentication and is restricted to authorised PMR Consulting staff.

6. AI Processing of Assessment Responses

The Independent Advisory Summary included in your results is generated by an artificial intelligence language model operated by Anthropic PBC (claude-sonnet-4-20250514). Your assessment scores and organisation profile are submitted to the Anthropic API to produce this summary. The following data is sent to the Anthropic API:

  • Organisation name
  • Organisation size, sector, and arrangement type
  • Domain or section scores (percentages only — not individual question answers)
  • Overall maturity band

Individual question responses are NOT sent to the AI model. Only aggregated scores are used. PMR Consulting operates under Anthropic's enterprise API terms, which include zero data retention provisions — data submitted to the API is not used to train Anthropic's models. The generated narrative is cached in our database after first generation and is not re-submitted to the API on subsequent views. For Anthropic's privacy policy, see anthropic.com/privacy

7. Third-Party Services

We use the following third-party services in operating our assessment tools:

  • Supabase (database and authentication) — supabase.com/privacy
  • Anthropic PBC (AI narrative generation) — anthropic.com/privacy
  • Lovable (application hosting) — lovable.dev/privacy

No other third parties have access to your assessment data.

8. Your Rights Under the Privacy Act 2020

Under the New Zealand Privacy Act 2020, you have the right to:

  • Request access to personal information we hold about your organisation
  • Request correction of inaccurate information
  • Request deletion of your assessment data
  • Make a complaint to the Office of the Privacy Commissioner if you believe your privacy rights have been breached

To exercise any of these rights, contact us at info@pmrc.co.nz. We will respond within 20 working days.

9. Cookies and Tracking

Our assessment tools use session cookies for authentication purposes only. We do not use advertising cookies, tracking pixels, or analytics that identify individual users. Anonymous page-level analytics may be used for service improvement.

10. Changes to This Policy

We may update this policy from time to time. The current version and effective date are shown on this document and on the relevant pages of our assessment tools. Continued use of our assessment tools after a policy update constitutes acceptance of the revised terms.

11. Contact

For questions about this policy or to exercise your privacy rights:

PMR Consulting Ltd
Email: info@pmrc.co.nz
Website: pmrc.co.nz
Rick Rainey, Principal