Updated: 11 March 2017
Approved by: Chief Executive Officer
Reviewed date: 24 November 2021
Ownership: Chief People & Customer Officer
- Privacy Act 2020 (NZL)
- Public Records Act 2005 (NZL)
- Privacy Act 1998 (AUS)
Key Relevant Documents
- Data Classification Policy.
- Data Governance Policy.
- Disclosure & Communication Policy.
- IT Acceptable Use Policy.
- IT Security Policy.
- Record Storage, Retention, Archives & Destruction Policy.
Information We Collect
Personal information is information or an opinion about you or which is reasonably identifiable as you, whether or not the information or opinion is true and whether or not the information is recorded in a material form. When you register for services that we may offer, place an order, meet us face-to-face meeting, correspond with us online, via mobile applications, mail, email or telephone, subscribe to our newsletter, or fill out any forms provided to us you provide us with, and we may collect, the following personal information (without limitation):
- Your name.
- Your date of birth.
- Your physical and/or postal address.
- Your email address.
- Your phone number.
- A copy of your passport (or other proof of identification).
- Credit information, such as details relating to your credit history, credit capacity, and credit eligibility.
- Records of our interactions with you.
- Statistics on page views.
- Your Smartpay customer number.
- Your bank account number.
In addition to the above, if you conduct a business or financial transaction with Smartpay, or through a merchant using a system that is managed by Smartpay, we will collect payment and transaction data (including the cardholder’s name, amount, frequency, type, location, origin and recipients) from you at the time we process those transactions, as required in order to allow the transaction to be completed (“Cardholder Data”).
We may collect personal information about:
- Contractors and suppliers.
- Third parties seeking or using our services.
- Other people who come into contact with us in the ordinary course of business
In some cases, we collect personal information from third parties including public sources, our related companies and our service providers (including credit agencies).
Using Your Personal Information
Any of the personal information we collect from you may be used in one of the following ways:
To undertake customer due diligence to ensure we comply with our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, including:
- To prevent and (if necessary) report financial crimes.
- To personalise your experience of our Website (your personal information helps us to better respond to your individual needs).
- To improve customer service (your information helps us to more effectively respond to your customer service requests and support your
- To process transactions, or deliver purchased products or services requested.
- To administer the product(s) or service(s) we provide you (including by answering any question, requests or complaints you may have).
- To track traffic through our Website.
- To consider your employment or contractual engagement application.
- Where you have specifically consented to us doing so, to:
- Communicate with you in relation to products and services we offer which we feel may be of interest to you; and/or.
- Communicate with you on behalf of our business partners.
- Such other purposes that we will notify you of at the time we collect your personal information.
- The personal information you submit is gathered only on a voluntary basis; you may choose to not provide the personal information, although this may mean that you are unable to access certain services.
Sharing Your Information
We do not sell personal information to third parties. Except as set out below, your personal information will not be exchanged, transferred, or given to third parties for any reason without your consent.
We may share your personal information with third parties in the following circumstances:
- To the extent necessary to deliver purchased products or services requested.
- To enterprise resource planning (ERP) service providers, as necessary for the storage of your information on the cloud. Currently, Smartpay stores data (including personal information) in the cloud using various solutions.
- To the extent necessary with our service providers who assist us in operating our website, conducting our business, or servicing you, so long as these parties agree to keep this information confidential.
- Reporting overdue debts to Debt Collection Agencies or Credit Reporting Agencies.
- Registering a Security Interest against Smartpay owned equipment.
- Where we believe in good faith that we are required to do so by law.
- Where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities.
- We may provide non-personally identifiable information to other parties for marketing, advertising, or other uses.
Protecting Your Information
We implement a variety of security measures to safeguard against loss, access, use, modification or disclosure of your personal information when you enter, submit, or access your personal information.
We will retain your personal information only for as long as necessary to fulfil the purpose(s) for which it was collected and to comply with applicable laws. Your consent to such purpose(s) remains valid after termination of our relationship with you.
We will take all reasonable steps to ensure that your personal information is accurate, up to date, complete, relevant and not misleading.
Storing & Transferring Your Personal Information
Smartpay’s business is operated in and from New Zealand and Australia. Accordingly, information is, in the first instance, processed in New Zealand and/or Australia.
We may store your information in the cloud or on other types of electronic storage systems. All electronic storage system premises are located in Australia or New Zealand. Smartpay ensures any cloud provider used is certified for security of the cloud in compliance with all the laws and regulations. Note that cloud agents are not to disclose information that Smartpay stores on their services except as legally required.
The Payment Card Industry Data Security Standard (“PCI DSS”) includes a number of security requirements relating to cardholder data. Smartpay does not collect full card number/data information, only partial for fraud tracking purposes only, so Smartpay does not have to be PCi DSS compliant.
- Track traffic patterns to our Website.
- Ensure that the most relevant content is being shown to you.
Terms & Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at:
Your Rights to Access Information
We will take reasonable steps to ensure that any personal information we collect is accurate, up-to-date, complete, relevant and not misleading, and any personal information that we use or disclose is up-to-date, complete, accurate and relevant.
Phone: New Zealand 0800 476 278 or Australia 1800 846 787.
Mail: PO Box 100490, Auckland, New Zealand. Attention: Privacy Officer.
Privacy Breaches & Escalations
Smartpay takes Privacy seriously and any Privacy breaches will be escalated internal to the Smartpay Executive Team and the Smartpay Board immediately.
Smartpay will follow the guidelines of the Privacy Commission in relation to the handling of any privacy breaches.