Let’s get your team trained and using Microsoft Copilot and moving your business forward. Click here to book 09 974 2379Client PortalRemote Support
Belton IT Nexus
NZ AU
Contact us
01 Run

We become your IT department and own the day-to-day.

Managed IT Your whole environment, owned Managed Devices Endpoints, patched & tracked Microsoft 365 The workplace, managed Cloud & Azure Run properly, costs watched Connectivity Internet & networks that work Business VoIP Phones on any device
02 Protect

Security operations you can verify, and show.

24-Hour CyberSOC Security ops that don't clock off Identity & Access MFA enforced, takeover stopped Email Security Phishing & fraud, stopped Endpoint Protection EDR on every device Backup & Recovery Provably restorable Security Bundles Per-user, no hidden fees
03 Improve

Honest strategy, budgets you can plan around.

IT Advisory & vCIO Honest, predictable plans Compliance & Governance Audit-ready evidence Projects & Consulting Build what you can't buy Procurement Right kit, fair price, visible Licensing Right-sized, never wasted Data Centres & Hosting Sovereign, servers in minutes
04 Build

AI, automation and software, where they genuinely help.

AI & Copilot Rolled out so it sticks Copilot Workshops Hands-on team training Business Automation Hand work to the platform Software Development Custom builds, done properly Client Portal AI-first insights & budgets White-Label Our bench, your brand
Belton · Run / Protect / Improve / BuildView all services ›
Professional Services

Firms that run on trust, time and confidential data.

Accounting Ledgers & client data Legal Privilege & matter files Business Advisory Plans & reporting Mortgage & Finance Loan files & AML/CFT Insurance Claims & client records Insurance Brokers Cover & premiums
Built & Made

Site, studio and floor, where uptime is the product.

Construction Sites & project files Architecture Drawings & large models Quantity Surveyors Cost data & big files Manufacturing Floor & ERP uptime Healthcare Patient data & privacy
Trade & Technology

Fast-moving operations that can't carry downtime.

Logistics Fleet, orders & tracking Retail & Wholesale POS & storefronts Technology Cloud-native teams Distribution Inventory & systems
Belton · Sector-specialised IT & securityAll industries ›
Guides & Frameworks

Plain-English playbooks for the controls that matter.

Essential Eight ASD's eight, explained DIY Cybersecurity Lock down the basics Cyber Standards Guide ISO, SMB1001 & more M365 Selection Guide Pick the right licences
Tools & Assessments

Self-serve checks that map where you stand.

Security Assessment Score your posture Network Assessment Find the weak spots M365 Security Checklist Find the gaps Cyber Insurance Readiness Be claim-ready
Reading & Learning

Get more from the tools you already pay for.

SME Tech Outlook 2026 Where NZ tech heads next Copilot Learning Hands-on with Copilot FAQ Straight answers CEO's Blog Plain-English views
Belton · Knowledge, not gatekeepingResource library ›
The Firm

A senior team with the skills and scale for any project.

About Belton Who we are, plainly How We Work Our delivery process Who We Work With The fit we look for Leadership Jason & Amy Agnew + team
Proof & Partners

The evidence behind the claims, and ways to build with us.

Case Studies Real outcomes, named Accreditations The proof behind the practice Industries Sector-specialised White-label / Partners Our bench, your brand
Connect

Real people, fast, no ticket-queue runaround.

Contact Us Talk to a human, today Book a Session A 90-minute discovery Find Us Newmarket, Auckland Remote Support Get help now
Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›
Home/ Privacy Policy

Privacy Policy

How we collect, use, and protect your information.

Belton IT Nexus Limited ("Belton", "we", "us") is a managed IT and cyber security provider. That means we don't just hold the usual website-visitor information: clients trust us with access to their systems, their data and, necessarily, their credentials. This policy explains how we handle all of it, in line with the New Zealand Privacy Act 2020 and, for Australian clients, the Privacy Act 1988 (Cth) including the Australian Privacy Principles.

Who this policy covers

  • Website visitors and prospective clients, people who browse this site, submit forms or book sessions.
  • Clients and their personnel, people whose IT environments we manage, monitor and support.
  • Suppliers and partners we deal with in running our business.

Information we collect

From website visitors and enquirers: name, email, phone, company, and anything you choose to tell us in a form or conversation.

In delivering services to clients, we also handle:

  • Directory and account information in client systems, such as staff names, work email addresses, roles and sign-in activity.
  • Device and monitoring data: hardware details, software inventory, patch status, alerts and logs from the systems we manage.
  • Support records: tickets, emails, call notes and remote-session records.
  • Administrative credentials and secrets required to manage client environments, covered specifically below.
  • Backup data, which may contain any information a client stores in their systems.

Two roles, two responsibilities

For our own business (enquiries, marketing, billing, our website), we decide how information is used and we are accountable for it. For information inside client environments, including staff details and business data, we act on the client's instructions: we access and use it only to deliver the contracted services, and the client remains responsible for their own privacy obligations to their people. We never use client-environment data for our own marketing, and we never sell personal information to anyone.

How we handle credentials and secrets

Administering IT means holding privileged credentials. We treat them as the most sensitive information we hold:

  • Stored only in purpose-built, encrypted, access-controlled credential-management systems, never in spreadsheets, email or chat.
  • Access on a least-privilege basis: engineers see only the credentials their work requires, behind enforced multi-factor authentication.
  • Access is logged and traceable to a named person.
  • Credentials are rotated or revoked when staff leave, when an engagement ends, or when compromise is suspected.

How we use personal information

  • To respond to enquiries and deliver the services clients engage us for.
  • To run, secure and improve our website and our own systems.
  • To communicate service updates, and (for our own contacts, with opt-out) occasional marketing.
  • To meet legal obligations and protect our systems and people.

Sharing and overseas disclosure

We do not sell, trade or rent personal information. We share it only with:

  • The platforms we deliver services through (remote management, security, backup, documentation and productivity vendors). We select platforms that hold independent certifications such as SOC 2 and ISO 27001, documented on our accreditations page.
  • Website and communications providers (analytics, hosting, form processing), described under Cookies and analytics below.
  • Professional advisers (lawyers, accountants, auditors) under confidentiality.
  • Authorities, where the law requires it.

Some providers process information outside New Zealand, including in Australia, the United States and the European Union. Where personal information goes overseas, we take reasonable steps to ensure it receives protection comparable to the Privacy Act 2020 (IPP 12), through provider certifications, contractual terms and our own configuration.

Data residency and sovereignty

Where a client requires data to remain onshore, we offer sovereign hosting in New Zealand (Auckland and Christchurch) and Australia (Sydney, Melbourne, Brisbane, Perth). Residency for each workload is agreed and documented; see our data centres page.

Security

Our controls are aligned to ISO/IEC 27001 principles and mapped to the Essential Eight: enforced MFA, least-privilege access, managed and patched endpoints, encrypted and restore-tested backups, and 24/7 security monitoring. Our Compliance & Security Statement sets this out in a form you can take to your own advisers. No system is perfectly secure, and we don't claim ours is; we claim it is deliberately built, monitored and improved.

Retention

We keep personal information only as long as it's needed for the purpose it was collected, for legal and accounting obligations, or as agreed in a client contract. When a client engagement ends, client-environment data and credentials in our control are returned, handed over or securely destroyed in accordance with the offboarding terms of the agreement.

Cookies and analytics

Our website uses cookies and similar technologies to operate the site, remember preferences, and understand how visitors use our pages. You can control cookies through your browser settings. We use the following third-party providers, which may collect usage and device information such as pages viewed, links clicked, approximate location and browser type:

  • PostHog, product and website analytics, including aggregated usage metrics, heatmaps and, where enabled, session recordings in which form fields and other entered text are masked. We also use PostHog as a backup record of enquiries you submit through our forms, so your message is not lost if email delivery fails.
  • Google Analytics, website traffic and audience measurement.
  • Cloudflare, content delivery, security and privacy-focused web analytics.
  • Web3Forms, processing of website form submissions.

Some of these providers process and store information on servers located outside New Zealand, including in the United States.

Your rights

Under the Privacy Act 2020 you may:

  • Request access to the personal information we hold about you (IPP 6).
  • Request correction of information that is wrong or incomplete (IPP 7).
  • Opt out of marketing communications at any time.
  • Ask us to delete information; we will do so unless we have a genuine legal or contractual reason to keep it, which we'll explain.

If your information sits inside a client's environment that we manage, we may need to direct your request to that client, since they control that information; we'll help rather than bounce you.

Privacy breaches

If a privacy breach occurs that is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and the affected people as required by the Privacy Act 2020 (and, for Australian-held information, the Notifiable Data Breaches scheme). Where a breach involves a client environment we manage, we notify that client without undue delay so they can meet their own obligations, and we support the response end to end.

Complaints

Contact our privacy officer first at privacy@belton.co.nz; we take complaints seriously and respond promptly. If you're not satisfied with our response, you can complain to the Office of the Privacy Commissioner (privacy.org.nz) or, in Australia, the OAIC (oaic.gov.au).

Changes and contact

We update this policy when our practices or the law change, and post changes here with a new revision date.

Privacy Officer, Belton IT Nexus Limited
Email: privacy@belton.co.nz · Phone: +64 9 974 2379
Level 3, 101 Carlton Gore Road, Newmarket, Auckland 1023, New Zealand

Last updated: June 2026

And relax

Getting started is the easy part.

Onboarding without drama

We do the switch: your current provider, the migration, the handover, all of it. Most teams barely notice the cutover happened.

Everything looked after

On the right plan, compliance, reporting and budgets are handled inside the partnership. You run the business; we run the IT underneath it.

Your QBR writes itself

Quarterly business reviews are generated automatically from your live environment: spend, posture, recommendations and roadmap, ready for the board, reviewed with your account manager.

The honest bit: the full looked-after experience comes with the right plan. We charge fairly for what we take on, and when costs step up it's because you are taking on more, always moving in the right direction.

Get started in 2 minutes Speak to someone
NEW ZEALAND OWNED & OPERATED EST. 2004
Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia
  • Auckland
  • Christchurch
  • Sydney
  • Melbourne
  • Brisbane
  • Perth
International data-centre operations
  • Singapore
  • Germany
  • Netherlands
  • USA

Servers available in minutes, not days.

Explore data centres & hosting →
Accredited partners
Microsoft Solutions Partner, Modern Work Fortinet Partner Lenovo Partner HP Partner Apple Business Manager