Sign in
Privacy Policy NZ Inc.

New Zealand Privacy Policy —

Privacy Policy for New Zealand Citizens

Effective November 17, 2023
This NZ Privacy Policy supplements the main Privacy Policy available at

New Zealand Privacy Act 2020

This Bill repeals and replaces the Privacy Act 1993, as recommended by the Law Commission's 2011 review of the Act. Its key purpose is to promote people's confidence that their personal information is secure and will be treated properly. The Bill become law in December 2020 when it will be known as the Privacy Act 2020 (the “Act”).

The Act governs how organizations and businesses can collect, store, use and share an individual’s information.

If a person thinks his or her privacy has been breached resulting in harm, he or she can complain to the Privacy Commissioner. The Privacy Commissioner will then attempt to resolve the dispute. If it is not resolved, the person may take the complaint to the Human Rights Review Tribunal and may seek compensation.

The Act introduced additional ways to enforce the information privacy principles. For example, the Privacy Commissioner will be able to make binding decisions on complaints about access to information and issue compliance notices. The Bill also requires agencies (the name used for any entity handling personal information) to notify the Privacy Commissioner and affected individuals of any unauthorized access to or disclosure of personal information where that poses a risk of harm.

What follows is how is compliant with the Privacy Act 2020. The list isn’t exhaustive. Only the fundamental clauses are described.

Prescribed Countries

New Zealand can make or receive a request for mutual assistance from any country, and there is no need for countries to be prescribed in regulations. This means that personal data may be sent overseas provided that the agency receiving and processing the data adheres to the Act. New Zealand has declared by regulations a number of countries to be prescribed foreign countries that include the United States of America. See Information Privacy Principle 12.

Information privacy principle 3

Collection of information from subject

When We collect personal information, we take any steps that are, in the circumstances, reasonable to ensure that the individual concerned is aware of (a) the fact that the information is being collected; (b) the purpose the purpose for which the information is being collected; and (c) the intended recipients of the information. You have the right to access and correct the information You provide to Us.

Information privacy principle 5

Storage and security of personal information

We use security safeguards to protect Your information from (a) loss; (b) unlawful or unintended access, modification, or disclosure; and (c) other misuse.

Information privacy principle 6

Access to personal information

Upon an individual’s request, We will confirm or deny whether We have any information about the individual. If We do, We will deliver or correct the information if the individual cannot do it themselves in the Service. The individual must be satisfactorily identified before personal information can be sent.

Information privacy principle 7

Correction of personal information

Upon an individual’s request, We will correct the personal information if the individual cannot do it themselves in the Service. The individual must be satisfactorily identified before personal information can be sent.

Information privacy principle 8

Accuracy, etc, of personal information to be checked before use or disclosure

We will not use or disclose personal information without taking reasonable steps to ensure that the information is accurate, up to date, complete, relevant, and not misleading. Also, We will not hold personal information for longer than is required for the purposes for which the information may lawfully be used.

Information privacy principle 10

Limits on use of personal information

We will only process personal information for the purpose with which the information was obtained.

Information privacy principle 11

Limits on disclosure of personal information

We will not disclose the personal information to any other agency or to any person unless We reasonable believe that (a) it is for the purpose in connection with which the information was obtained; (b) the disclosure is to the individual concerned; or (c) the disclosure is authorized by the individual concerned.

Information privacy principle 12

Disclosure of personal information outside New Zealand

We will only disclose personal information to a foreign person or entity if (a) the individual concerned authorizes the disclosure after being expressly informed the foreign person or entity may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Privacy Act; or (b) We believe on reasonable grounds that the foreign person or entity is subject to privacy laws that, overall, provide comparable safeguards to those in the Privacy Act; or (c) by a valid legal authority subject to applicable laws.


(47) We will give reasonable assistance to a person who requests access to their personal


(50) If We receive a request for personal information, we will respond to the individual no later than 20 working days after the day on which the request is received.

(52-58) We may be legitimate reasons for not disclosing personal information.

(65) A correction request may be made only by the individual concerned or the individual’s representative

(83) If We receive an inquiry from the Commissioner, We will respond as soon as possible.

(117) If there is a “notifiable privacy breach”—briefly defined as a breach that is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so—We will assess the breach and notify the affected individual(s) as soon as practical with information regarding the breach.

Changes to this Privacy Policy

We may update our privacy policies from time to time. We will notify You of any changes by posting the updated policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this policy.

We encourage You to review this policy periodically for any changes. Changes to this policy are effective when they are posted on this page.

Contact Us

If You have any questions about this policy, You may contact us at this link: