Effective 2 August 2021
These sub-policies are part of this policy but aren’t included in the document:
If the terms in a sub-policy are different from the terms in this policy, then the terms in that sub-policy will apply.
We value your trust and respect your privacy
- your name, personal and tax details, and home address
- information we collect when you use our websites, social media profiles, and apps
- video recordings of you when you’re in a branch, and recordings of you when you call us.
Personal information is central to our business
We use it when we:
- design and deliver products and services
- recommend products and services that we think meet your needs
- comply with laws, and with our responsibilities as a financial services business.
We only use information if we’re allowed to - or if the law requires it
Whenever we work with personal information, we comply with New Zealand laws, including the Privacy Act, and laws of other countries that apply to us. We are allowed to use personal information when:
- you agree to let us use it
- we fulfil a contract, and to give you the products or services you’ve asked for
- we run and develop our businesses
- we meet our legal obligations.
You have rights to access your personal information
We respect the trust you give us to hold your personal information because we know that your information - and your privacy - are important. For more information on your rights, including how to make a request to access or correct your personal information, read ‘You have the right to access and correct personal information’.
Get in touch if you have any questions or complaints
We want to be open, honest and transparent about how we work with personal information. If you have any questions, get in touch.
1. Who we are
BNZ is a registered bank under the Reserve Bank of New Zealand Act 1989. BNZ is a subsidiary of the National Australia Bank (NAB) group of companies.
Our registered address is Level 4, 80 Queen Street, Auckland, New Zealand.
In this document, ‘BNZ’, ‘we’, ‘us’ or ‘our’ means Bank of New Zealand, all our wholly owned businesses, and BNZ Life Insurance Limited.
‘Our related companies’ means companies who are part of the NAB group.
‘You’ and ‘your’ means our customers. If you give us information about another person, please make sure that you have their permission first. ‘You’ and ‘your’ includes the person:
- whose name was used to set up the account
- that uses our products and services
- who gives us personal information.
‘Privacy Act’ means the Privacy Act 2020 and any laws that change or replace it.
We’ll tell you about those changes at least 14 days before the changes come into effect. If we have to make changes to protect the security of your information, or to comply with a change in the law, we can tell you after we’ve made the change.
Depending on how significant the changes are, we’ll tell you about changes in one or more of the following ways:
- putting a notice on our website
- sending you an email or notifying you through internet or mobile banking
- displaying information in our branches and Partners Centres.
3. How we collect personal information
We collect information when you interact with us, and from third parties.
When you apply for products or services
We collect two types of information when you apply for a product or service.
Information we use to help confirm your identity
- Personal and contact details, signatures, and biometric details like voice identification.
- Government issued identifiers or documents such as your driver licence number, passport, IRD number, or birth certificate.
- Information that verifies your identity, including RealMe and documents that verify your address.
Information that helps us decide if a product’s right for you
- Income and expenses, credit and debit card numbers, tax details, and financial history.
- Valuations or information relating to assets – for example, property or KiwiSaver.
- Your health, lifestyle or social relationships.
- Your interactions with us.
When you’re a customer or use our products or services
We collect three types of information when you use our products or services.
Information on your payments and transactions, and insurance claims
Payment and transaction data including the date, time, amount, frequency, type, location, origin and recipients. It also includes:
- details of repayments and whether they’re made on time and in full
- information on your insurance cover or claims. (If you are the life assured there will be information collected at claim time about you.)
Information on how you use our products or services, or interact with us
- Whether you access our services online, on an app, or in branches.
- How you interact with us when you use social media, take part in competitions or promotions, or come into our branches.
- Whether you use a computer or mobile to connect to our services, and data on how you use our services.
- Any audio or video recordings we make when you interact with our staff or when yu use our premises, facilities or services.
Information you give us when you answer a survey or questions we ask
- Your views on products, services or how well we’re doing, or information that might help us better understand this.
- Information you give us when we carry out a financial health check.
- Information you give us to confirm or update our records.
When you use our websites, apps, and social media channels
We collect personal information when you use our websites, apps, and social media profiles. This information could include your social media handles, IP address and location data from your devices.
We aren’t responsible for privacy policies on third-party apps and websites
Sometimes our apps and websites have links to third-party apps and websites. We take care when we choose websites we link to, but we aren’t responsible for their content, accuracy, or privacy practices.
When we work with third parties or use their information
We collect personal information about you from third parties, so we can offer you products or services you’ve applied for and run our business efficiently.
When you apply for a product or service
- You ask a third party – a legal or financial adviser, a surveyor or valuer – to give us information.
- You agree that we can ask health service providers or doctors for information about you when you apply for particular products or services.
- You agree that we can check if a product or service is right for you – this may mean we run a credit check on you with a credit reporting agency, or check employment references you’ve given us.
When we work with third parties to offer you products and services
- We work with third parties to offer you products and services. For example, brokers, credit card providers, or our related companies.
- They introduce you to us so we can offer you products and services. For example, loyalty programmes, a car dealership that helps arrange loans, or a financial services company.
- We work with Inland Revenue and other third parties to delivery superannuation services such as KiwiSaver.
When we work with third parties who help us run our businesses
- They give us legal, financial or marketing advice, or advice to help us run our business. This can include transactional information like international payments, and details of repayments.
- They help us prevent fraud and financial crime or comply with laws. For example, government bodies, like the Inland Revenue or the police.
- They are publicly available sources. For example, news articles and social media content, and public or government registers.
- They help us or a third party get in touch with you in an emergency.
You can decide not to provide your information, but it will limit what we can do for you
You can choose not to give us some of your personal information. However, if you don’t, we may not be able to:
- offer you the products or services that you want
- manage your products or services
- respond to or help with your questions
- confirm your identity or protect you against fraud.
4. How we use personal information
We use your personal information when you apply, when you’re a customer, and when you use our free products and services. We also use this information to manage our business efficiently and develop new products.
When you apply for a product or service
We’ll use your personal information to confirm your identity, process your application, and tell you if we can or can’t offer you a product or service. We may also use the information to confirm you can act on behalf of another customer.
When you apply for a product or service, we have to decide if it’s right for you. We’ll use your personal information to:
- run checks on your credit history
- decide if you meet the conditions we set for a product or service
- decide if we’ll need a guarantor or security.
When you use any of our products and services
When you use our products and services, including the free ones, we’ll use your personal information to communicate with you about those products and services. We’ll keep a record of how we can contact you – for example, by email, phone, or text.
Personal information helps us do what you ask us to
We use personal information to do the things you expect us to do when you sign up for a product or service. This includes:
- managing our day-to-day business and keeping business records
- making and managing payments
- receiving and managing insurance claims
- preparing and sending statements that set out fees, charges and interest
- working with other companies to deliver or improve our products or services and communications.
We may also use your information to decide when to:
- suggest better ways to use our products and services, or tell you about new features
- tell you about a product or service we think will meet your needs
- inform you when your accounts may require attention or action.
We may also use your information to do things that are out of the everyday, like help:
- keep people safe – for example, by helping the police get in touch with people if they need to
- track payments and transactions.
When we market products or services to you
We use your personal information to decide what marketing information to send you. We also use it while working with our advertising partners to decide where to place adverts on websites and social media.
Marketing messages we send you may include news about products or services we believe will be relevant to you.
You can opt out of our marketing communications
If you ask us not to send you any email marketing materials or research surveys, we’ll make that change in our systems as soon as we can. You can opt out of our email marketing communications by:
- clicking the ‘unsubscribe’ links when you get marketing emails
- going into any of our branches
- calling our contact centre on 0800 275 269.
If you do opt out, we still have to send you operational communications. These may include messages that:
- are about your products or services - for example, we’ll tell you when a term deposit is about to come to an end (this is called maturing)
- we have to send to comply with New Zealand laws - for example, to tell you about an interest rate change on your home loan.
When we manage our business
We use your information to run our day-to-day operations.
Personal information helps us run our business efficiently
We use personal information to do the kind of things most companies do, for example:
- preparing management reports and business plans
- recovering money that customers owe us.
And some of this work is the kind of thing financial services companies have to do, for example:
- managing financial risks for our business and our customers
- monitoring our systems for fraud or financial crime
- planning, building and monitoring systems and processes for lending money.
Personal information helps us improve our offers and our customer service
We constantly look for ways to improve our products or services, and our standard of customer service. We use personal information to help us:
- find ways to improve customer service – for example, we may use recorded calls for staff training and quality improvement
- add new features to our products or services, and develop new products or services
- make sure we can correct any errors in the services you have received, such as contacting you to arrange refunds
- come up with ideas on ways to help people be good with money.
When we must comply with our legal obligations
We have to comply with several New Zealand laws and some overseas laws. We may have to use personal information to comply with our obligations:
- to agencies that prevent or investigate unlawful activities like fraud, money laundering or other illegal activities
- to regulatory or government bodies like Inland Revenue and the police
- under the Anti-Money Laundering and Counter Financing of Terrorism Act 2009.
6. How we protect personal information
Your privacy is important to us. We take protecting your personal information seriously.
Where and how we store your personal information
We store most of our personal information in New Zealand or in Australia.
We store personal information electronically and physically. We store electronic information in facilities in New Zealand and overseas:
- that we manage
- that are managed by third parties, including cloud storage.
How we protect your information
We comply with international laws that set out how to protect both BNZ and customer information.
We protect your information in a range of ways.
- We have a cybersecurity team that looks after and protects your information. This team helps prevent, detect and respond to cybersecurity events and incidents.
- We train all our customer-facing staff on privacy and security, and make sure they get regular updates.
- We have a team that checks on third parties we work with when we share personal information to make sure they work to agreed standards.
How we protect your information when we transfer it outside BNZ
When we transfer your information outside BNZ, it may be to a company in New Zealand or overseas. Our contract with the company will require the company to protect your personal information.
We’ll use reasonable security safeguards, like file encryption, to protect your personal information.
What we do if there is a privacy breach
If we believe that there has been a privacy breach, we’ll identify the issue and take steps to minimise any harm.
If we believe the breach has caused, or is likely to cause serious harm, we’ll contact the Office of the Privacy Commissioner. We’ll also contact customers who may be affected by the breach.
If you believe there has been a privacy breach, contact us as soon as possible.
How long we keep your information for
We’re required to hold personal information by the Companies Act 1993, the Anti-Money Laundering and Counter Financing of Terrorism Act 2009, the Financial Transactions Reporting Act 1996, and other New Zealand and international laws.
We usually have to hold personal information for at least 7 years. But we have to keep certain types of information for longer, even if you’re no longer a customer.
7. You have the right to access and correct personal information
You, or someone you give authority to, has the right to request access to or correct your personal information.
You can request information about someone else if you have legal authority
You can request to access or correct someone else’s information if you have legal authority – for example, if you have a power of attorney.
You can access or correct certain information online, by phone, or in a branch
In most cases you can access or correct your information yourself and you won’t need to submit a request. The fastest way for you to access or correct your everyday information is to use internet banking. Or you can call us, or come into a branch, and we’ll do it for you.
Everyday requests for information are things like:
- balances and transaction history, tax or bank statements, and KiwiSaver information
- view or confirm product details like insurances and interest rates
- updates to personal information like an email, postal address or phone number.
If the information you want is not available using everyday channels, for example, the information is unusual, complex or sensitive, you may need to make a request for your personal information so we can gather it for you.
Keeping you updated if you make a request
We’ll normally get back to you with a response within 20 working days.
Please tell us if your request is urgent, and why, and we’ll take this into account. We’ll keep you up to date throughout the process.
We don’t normally charge a fee to complete personal information requests. However, there are some exceptions, but we’ll discuss this with you before we go ahead.
8. Your rights if you live outside New Zealand
International privacy laws may also apply to you
The following statement may apply if you live within the European Economic Area:
- BNZ EU GDPR privacy statement PDF 50KB
How to make a request under another country’s privacy laws
If you want to make a request for your personal information under an overseas privacy statements, make sure you have read the relevant statement carefully first.
9. How to get in touch with us
We care about your privacy and welcome your feedback.
Get in touch if you have a question or complaint about privacy
Our privacy and data protection officer monitors how we comply with privacy laws.
If you have any questions, feel that your privacy has been compromised in any way, or want to make a complaint, please contact the privacy and data protection officer:
- by email, at firstname.lastname@example.org
- by letter at:
Privacy and data protection officer
Private Bag 39806
Wellington Mail Centre
Lower Hutt 5045
What to do if you’re not satisfied with our resolution process
If you’ve been through our complaints and resolution process but aren’t satisfied, you can use one of these independent dispute resolution services: