Privacy and Data Policy

Who is CoNZealand?

Our website address is:

We are the 78th World Science Fiction Convention (or Worldcon).

We operate under the Privacy Laws of New Zealand. These are the Information Privacy Principles.

What personal data we collect and why we collect it

We collect:

  • Your name and contact information
  • Your membership status of the bid
  • If you are volunteering for the convention or the bid
  • Gender and year of birth. These are collected for statistical purposes and only ever released in an anonymised form.
  • Depending on your interactions with our website, we may also store information needed to interact with you.
  • All of our information has been directly gathered from members either filling out a paper form, or filling in a form on the website.
  • At any time you can ask to be removed from our database, unless you are a member of the convention. We will need to keep minimal data until after the convention is over.

We use Stripe for credit card processing, and so DO NOT hold credit card information on our servers.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture from Gravatar is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you make contact via forms, your information and subsequent conversation will be stored on a mail server, or in a database related to our ticketing system. This system keeps your tickets available so you can see what has been discussed, and continue conversations with our staff.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for at least two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


We use Jetpack Analytics for basic web analytics.

Who we share your data with

If you become a member of CoNZealand, then we will, with your permission, share your data with the 77th Worldcon, and the 79th Worldcon for the purposes of Hugo nominations and voting, as well as any requirements to share your membership information with WSFS (World Science Fiction Society).

We also use various Google services so at times parts of your data will be transferred to those services for the purpose of administering the convention.

We will occasionally use web tools such as Mail Chimp to send email campaigns. This means that your data will occasionally be transferred securely to these servers.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We will delete all personally identifiable information after the business of the convention is wound up. This could be up to two (2) years after the convention is finished.

We will aggregate data in an anonymised fashion to help future conventions.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

As noted above, we use Google services for the administration of the convention. We use Google Suites for Non-Profits to store and manipulate data. You can read Google privacy policies on their website. By policy Google Suites complies with the US Safe Harbor Framework and does not share data outside our instance. This is a worldwide policy.

And we will need to share with MailChimp email addresses for the purpose of email campaigns.

Our servers are hosted in the USA, on a VPS. This server is running cPanel and various security software to prevent security breaches.

Backups are regularly taken to an encrypted server in New Zealand. These backups are snapshots, which retain data over time. In general, your data may remain in our encrypted backup snapshots up to 6 months.

Your contact information

If you have any concerns or questions, please contact us at

Additional information

How we protect your data

Administrators are required to use 2-factor authentication when logging in. And we encourage other levels to do the same.

We only allow our staff to see member data if they have a need to. We keep sensitive information segregated so only staff who need to, can see it.

Our servers are protected with industry standard protection, to a level we can afford.

What data breach procedures we have in place

If we discover a data breach, we will notify all affected users.

What third parties we receive data from

In order to administer Hugo nominations and voting, we will be receiving information from the 77th Worldcon and the 79th Worldcon. We will only receive the minimum data required for this, and treat this data with the same care as any other data.

Cookie Audit