Master Privacy Policy

Effective 15 December 2023

How and when this privacy policy applies to you

This document sets out our Master Privacy Policy and is part of our terms and conditions. You can find out more about our terms and conditions at bnz.co.nz/terms-and-conditions.

How this privacy policy works with your product terms and conditions

This privacy policy covers all our products and services – including the ones you can use without paying – and all our interactions with you. These interactions include using our apps and websites, telephone calls with our contact centre, and going into one of our branches.

Our products and services have their own terms and conditions that may include specific privacy terms. If your product or service privacy terms are different from the terms in this policy, the terms in this privacy policy will apply instead.

Sub-policies are also part of this privacy policy

These sub-policies are part of this policy but aren’t included in the document:

If the terms in a sub-policy are different from the terms in this policy, the terms in that sub-policy will apply.

A summary of this privacy policy is available for children and young people

We’ve also developed a summary of this Master Privacy Policy that sets out key points for children and young people.

When this privacy policy applies

This privacy policy applies from 15 December 2023 (the effective date), unless agreed otherwise.

Download our privacy policy PDF 148KB

Summary

We value your trust and respect your privacy

This document sets out our Master Privacy Policy for our products and services, and all our interactions with you. We’ve used examples in this policy to help explain some points – please remember that these examples describe common scenarios but don’t cover all situations.

This privacy policy sets out how we collect, use, share and protect your personal information. Personal information includes any information that could identify you - for example:

  • your name, personal and tax details, and home address
  • information we collect when you use our websites, social media profiles, and apps
  • video recordings of you when you’re in a branch, and recordings of you from phone calls with us.

Personal information is central to our business

We use it when we:

  • design and deliver products and services
  • recommend products and services that we think meet your needs
  • protect our customers and our business interests
  • comply with laws, and with our responsibilities and obligations as a financial services business.

We only use information if we’re allowed to - or if the law requires it

Whenever we work with personal information, we comply with the laws of New Zealand, including the Privacy Act 2020, and laws of other countries that apply to us. We are allowed to use personal information when:

  • you’ve agreed to let us use it - for example, you’ve given us a copy of your salary to confirm your income so that we can decide if we offer you a loan
  • we fulfil a contract, and to give you the products or services you’ve asked for
  • we run and develop our businesses – for example, to understand how customers use our products and services
  • we meet our legal obligations – for example, to comply with anti-fraud and anti-money laundering laws.

You have rights to access your personal information

We respect the trust you give us to hold your personal information because we know that your information - and your privacy - are important. For more information on your rights, including how to make a request to access or correct your personal information, read ‘You have the right to request your personal information’.

Get in touch if you have any questions or complaints

We want to be open, honest and transparent about how we work with personal information. If you have any questions, please see ‘How to get in touch with us’.

1. Who we are

BNZ is a registered bank under the Reserve Bank of New Zealand Act 1989. BNZ is a subsidiary of the National Australia Bank (NAB) group of companies.

Our registered address is Level 4, 80 Queen Street, Auckland 1010, New Zealand.

In this document, ‘BNZ’, ‘we’, ‘us’ or ‘our’ means Bank of New Zealand, and all our wholly owned businesses.

‘Our related companies’ means companies who are part of the NAB group.

‘You’ and ‘your’ means our customers and other people who use or apply for our products and services, or interact with us directly or indirectly through another financial institution. If you give us information about another person, please make sure that you have their permission first. ‘You’ and ‘your’ includes the person:

  • whose name was used to set up the account
  • that uses our products and services
  • who gives us personal information.

‘Privacy Act’ means the Privacy Act 2020 and any laws that change or replace it.

2. How we’ll tell you if this privacy policy changes

We may update this privacy policy to reflect changes in our products or services, and changes in laws we have to comply with.

We’ll tell you about those changes at least 14 days before the changes come into effect. If we have to make changes to protect the security of your information, or to comply with a change in the law, we can tell you after we’ve made the change.

Our website will always have the current version of this privacy policy

To keep up to date with how and what we do with your information and your rights, download the Master Privacy Policy PDF 148KB or ask for a copy.

How we’ll tell you about changes to this privacy policy

Depending on how significant the changes are, we’ll tell you about changes in one or more of the following ways:

  • Putting a notice on our website.
  • Sending you an email or notifying you through internet or mobile banking.
  • Displaying information in our branches and Partners Centres.

3. How we collect personal information

We collect information when you interact with us, and from third parties.

When you apply for products or services

We collect two types of information when you apply for a product or service.

Information we use to help confirm your identity

  • Personal and contact details, signatures, and biometric details you provide to us, like your photo or voice identification.
  • Government issued identifiers or documents such as your driver licence, passport, IRD number, or birth certificate.
  • Information that verifies your identity, including RealMe and documents that verify your address. 

Information that helps us decide if a product’s right for you

  • Income and expenses, credit and debit card numbers, tax details, visa status, and financial history.
  • Valuations or information relating to assets – for example, property or KiwiSaver.
  • Your employment, health, lifestyle or social relationships.
  • Your interactions with us.

When you’re a customer, use our products or services, or interact with us

We collect three types of information when you use our products or services.

Information on your payments and transactions, and insurance claims

  • Payment and transaction data including the date, time, amount, frequency, type, location, origin and recipients. 
  • This data also includes details of repayments and whether they’re made on time and in full.
  • Information on your insurance cover or claims.

Information on how you use our products or services, or interact with us

  • Whether you access our services online, on an app, or in branches and Partners Centres.
  • How you interact with us when you use social media, take part in competitions or promotions, or come into our branches and Partners Centres.
  • Whether you use a computer or mobile to connect to our services, and data on how you use our services.
  • Analytics such as viewing and device data about how you use our services - for example, which pages you visit on our websites and the type of device you are visiting on.
  • Any audio or video recordings we make when you interact with us - for example, CCTV recordings when you’re in a branch or when you use an ATM, and recordings of any video, webchat, or voice call with us.
  • Information automatically generated during calls to and from BNZ, including transcriptions of call recordings and metadata.
  • Information we are required to collect from you to manage any requests you make to us.

Information you give us when you answer questions we ask or when you give us feedback

  • Your views on products or services, or information that might help us better understand this.
  • Information you give us when we carry out a financial health check, such as your current needs and future goals.
  • Information you give us to confirm or update our records.
  • Information you give us when you raise a concern or complaint, or give us feedback about how we are doing.

When you use our websites, apps, and social media channels

We collect personal information when you use our websites, apps, and social media profiles. This information could include your social media handles, IP address and location data from your devices.

We use cookies and other software to collect information

You can find out more about how we use cookies in our cookies policy.

We aren’t responsible for privacy policies on third-party apps and websites

Sometimes our apps and websites have links to third-party apps and websites. We take care when we choose websites we link to, but we aren’t responsible for their content, accuracy, or privacy practices.

When we work with third parties or use their information

We collect personal information about you from third parties, so we can offer you products or services you’ve applied for and run our business efficiently.

When you apply for a product or service

  • You ask a third party – a legal or financial adviser, a surveyor or valuer – to give us information.
  • You agree that we can ask health service providers or doctors for information about you when you apply for particular products or services.
  • You agree that we can check if a product or service is right for you – this may mean we run a credit check on you with a credit reporting agency, or check employment references you’ve given us.

When we work with third parties to offer you products or services

  • We work with third parties to offer you products or services – for example, brokers, credit card providers, or our related companies.
  • They introduce you to us so we can offer you products and services – for example, loyalty programs, a car dealership that helps arrange loans, or a financial services company.
  • We work with Inland Revenue and other third parties to deliver superannuation services such as KiwiSaver.

When we work with third parties to help run our businesses

  • They give us legal, financial or marketing advice, or advice to help us run our business. This can include transactional information like international payments, and details of repayments.
  • They help us detect and prevent fraud, scams and other financial crime. For example, the Financial Crime Prevention Network.
  • They help us comply with laws. For example, government bodies like Inland Revenue or the police.
  • They are publicly available sources - for example, news articles and social media content, and public or government registers.
  • They help us or a third party get in touch with you in an emergency.

You can decide not to provide your information, but it will limit what we can do for you

You can choose not to give us some of your personal information. However, if you don’t, we may not be able to:

  • offer you the products or services that you want
  • manage your products or services
  • respond to or help with your questions
  • confirm your identity or protect you against fraud.

4. How we use personal information

We use your personal information when you apply for our products and services, when you’re a customer, and when you use our free products and services. We also use this information to manage our business efficiently and develop new products.

When you apply for a product or service

We’ll use your personal information to confirm your identity, process your application, and tell you if we can or can’t offer you a product or service. We may also use the information to confirm you can act on behalf of another customer.

When you apply for a product or service, we have to decide if it’s right for you. We’ll use your personal information to:

  • run checks on your credit history
  • decide if you meet the conditions we set for a product or service
  • decide if we’ll need a guarantor or security
  • offer you the right products and services to help you achieve your goals.

When you use any of our products and services

When you use our products and services, including the free ones, we’ll use your personal information to communicate with you about those products and services. We’ll keep a record of how we can contact you – for example, by email, phone, or text message.

Personal information helps us do what you ask us to

We use personal information to do the things you expect us to do when you sign up for a product or service. This includes:

  • managing our day-to-day business and keeping business records
  • making and managing payments
  • assisting with insurance claims
  • preparing and sending statements that set out fees, charges and interest
  • working with other companies to deliver or improve our products or services and communications. 

We may also use your information to decide when to:

  • suggest better ways to use our products and services, or tell you about new features
  • tell you about a product or service we think will meet your needs
  • inform you when your accounts may require attention or action
  • support you when you are experiencing financial difficulty.

We may also use your information to do things that are out of the everyday, like help:

  • keep people safe – for example, to establish whether financial abuse may be happening
  • track payments and transactions – for example, locating a payment made to an incorrect bank account.

When we market products or services to you or provide personalised recommendations

We use your personal information to decide what marketing or personalised information to send you. We may use your information to deliver marketing that is relevant to your interests, or recommendations based on products or services you use. We may partner with third parties to collect information about how you use our websites and apps. This helps to improve the relevance of the marketing you see.

Marketing messages we send you may include news about products or services we believe will be relevant to you.

You can opt-out of our marketing communications

If you ask us not to send you any email marketing materials or research surveys, we’ll make that change in our systems as soon as we can. You can opt out of our email marketing communications by:

  • clicking the ‘unsubscribe’ links when you get marketing emails
  • calling our contact centre on 0800 275 269
  • going into any of our branches.

If you do opt out, we still have to send you operational communications. These may include messages that:

  • are about your products or services – for example, we’ll tell you when a term deposit is about to come to an end
  • we have to send to comply with New Zealand laws – for example, to tell you about an interest rate change on your home loan.

When we manage our business

We use your information to run our day-to-day operations.

Personal information helps us run our business efficiently

We use personal information to do the kind of things most companies do, for example:

  • preparing management reports and business plans
  • recovering money that customers owe us. 

We also do things that financial services companies need to do, for example:

  • managing financial and other risks for our business and our customers
  • monitoring our systems for, and helping to protect our customers against, fraud or financial crime
  • planning, building and monitoring systems and processes for lending money.

Personal information helps us improve our offers and our customer service

We constantly look for ways to improve our products or services, and our standard of customer service. We use personal information to help us:

  • find ways to improve customer service – for example, we may use recorded calls for staff training and quality improvement
  • add new features to or improve our products or services, and develop new products or services
  • help resolve any queries you may have about your interactions with us, including complaints
  • make sure we can correct any errors in the services you have received, such as contacting you to arrange refunds
  • come up with ideas on ways to help people manage their money.

Personal information helps us understand how you interact with us

We use personal information to perform analytics activities. We use analytics tools to measure activity on our website and for our products and services. We then combine that information with other data. This helps us:

  • identify and understand trends about how customers interact with our products, services, and platforms
  • improve our products and services, and create new ones that fit our customers’ needs better
  • analyse and understand risks more effectively.

When we must comply with our legal obligations

We have to comply with several New Zealand laws and some overseas laws. We may have to use personal information to comply with our obligations:

  • to agencies that prevent or investigate unlawful activities like fraud, money laundering or other illegal activities
  • to regulatory or government bodies like Inland Revenue and the police
  • under the Anti-Money Laundering and Counter Financing of Terrorism Act 2009 and the Credit Contracts and Consumer Finance Act 2003.

5. When we share personal information, and who we share it with

We share information with our related companies and other third parties. We only share personal information when we’re allowed to under New Zealand or international laws, or when we’re legally required to. 

When we share information outside BNZ

We share personal information with third parties who aren’t our related companies when:

  • we do something that’s part of a product or service – for example, we make a payment you set up or send you a statement you asked for 
  • we develop or update our systems and make changes to our products or services
  • you, or someone with authority over your account, says we can – for example, you may give us permission to confirm your salary with your employer, or to share your information with a credit reporting agency 
  • we have to defend or enforce our rights – for example, to collect money owed to us
  • we have to comply with our legal obligations in New Zealand or overseas 
  • we need to participate in resolving a dispute with you - for example, responding to complaints made to the Banking Ombudsman
  • we need to protect our business interests – for example, to help us detect or prevent fraud, scams, and other unlawful activity, and to manage our risk.

Who we share your information with

We share personal information with:

  • our related companies
  • credit reporting agencies
  • companies we work with to offer products or services 
  • companies who help us deliver and manage our products or services
  • government, dispute resolution, and regulatory bodies
  • companies, individuals, and service providers you’ve given us permission to share information with
  • industry groups that we’re members of, for example, the Financial Crime Prevention Network and the Anti-Scam Centre
  • organisations and individuals that can offer specialist assistance, for example, working with a family member or Age Concern when we suspect a customer is the victim of elder abuse. 

Some of the organisations we share information with may be overseas. These organisations may have to comply with laws that require them to disclose your personal information.

We share information with our related companies

We share and combine personal information BNZ holds with our related companies to get a better picture of your needs, to run our business, meet our obligations, and deliver products or services that require collaboration between our specialist entities.

We share information with credit reporting agencies

Credit reporting agencies may use that information to deliver a credit report (or credit score) to a company that runs a credit check on you. As a responsible lender, we participate in comprehensive credit reporting.  This means we provide credit reporting agencies with monthly updates on what credit accounts our customers have and whether they are meeting their repayments.

Credit reporting agencies have to comply with the Credit Reporting Privacy Code – you can find out more about the Code on the Privacy Commissioner’s website.

We share information with third parties we work with to offer products or services

We share personal information with companies we work with to offer our products or services to their customers. We also share information with companies we agree can offer their products and services to our customers – insurance products are one example.

We share information with third parties who help us deliver products or services

We share personal information with a range of third parties who help us deliver and manage our products or services. These third parties include:

  • brokers and organisations providing financial advice services
  • accountants, auditors, and lawyers
  • companies that help us manage insurance risk, including our re-insurers and underwriters
  • companies and individuals who provide a service to us that requires them to process or store personal information on our behalf such as social media platforms and other digital advertisers for targeted advertising
  • companies and individuals who help us develop new products or services 
  • agencies and institutions that help us manage our risk or prevent and identify fraudulent activity, for example through industry risk-sharing agreements
  • rating agencies who give our investment products financial ratings
  • companies that collect or purchase debts, or help with financial recoveries
  • organisations we may assign or transfer our rights or obligations to – for example, rights in relation to home loans.

We also share your information with anyone who you have told us may act as a guarantor for you, or is one of your guarantors.

We share information with government, dispute resolution, and regulatory bodies

We share information with government and regulatory bodies for two reasons:

  • The law requires us to tell them - for example, when a customer gives us fraudulent information, or commits – or tries to commit – an offence. 
  • The law requires us to share information with authorities like Inland Revenue, the Reserve Bank of New Zealand, or the Office of the Privacy Commissioner. These authorities may share this information with other parties.

We also share information with dispute resolution bodies like the Banking Ombudsman when asked to respond to any complaints they receive from our customers.

We share information with industry groups that we’re members of, such as the Financial Crime Prevention Network, to help us detect and prevent fraud, scams, and unlawful activity.

We share information with companies, individuals, and service providers when you’ve given us permission.

We’ll share information with companies when you ask us to.

And you may give us permission to share your information with others - for example:

  • an employer who can confirm your salary
  • third parties who can confirm information you’ve given us, or give us information we need – for example, real estate agents, valuers, insurers, underwriters, and brokers
  • organisations or individuals that provide budgeting services
  • doctors or health professionals who can confirm information you’ve given us
  • service providers you use and ask us to share your information with, such as accounting platforms you use.

6. How we protect personal information

Your privacy is important to us. We take protecting your personal information seriously. 

Where and how we store your personal information

We store most of our personal information in New Zealand or in Australia.

We store personal information electronically and physically. We store electronic information in facilities in New Zealand and overseas:

  • that we manage
  • that are managed by third parties, including cloud storage.

How we protect your information

We comply with international laws that set out how to protect both BNZ and customer information.

We protect your information in a range of ways.

  • We have a cybersecurity team that looks after and protects your information. This team helps prevent, detect and respond to cybersecurity events and incidents. 
  • We train all our customer-facing staff on privacy and security, and make sure they get regular updates.
  • We have a team that checks on third parties we work with when we share personal information to make sure they work to agreed standards.

How we protect your information when we transfer it outside BNZ

When we transfer your information outside BNZ, it may be to a company in New Zealand or overseas. Our contract with the company will require the company to protect your personal information.

We’ll use reasonable security safeguards, like file encryption, to protect your personal information. 

What we do if a privacy breach occurs

If we believe that a privacy breach has occurred, we’ll identify the issue and take steps to minimise any harm. 

If we believe the breach has caused, or is likely to cause serious harm, we’ll contact the Office of the Privacy Commissioner. We may also contact customers who may be affected by the breach. 

If you believe a privacy breach has occurred, please contact us as soon as possible.

How long we keep your information for

We’re required to hold personal information by the Companies Act 1993, the Anti-Money Laundering and Counter Financing of Terrorism Act 2009, the Financial Transactions Reporting Act 1996, and other New Zealand and international laws.

We usually have to hold personal information for at least seven years. But we keep certain types of information for longer, even if you’re no longer a customer, for example, superannuation records.

7. You have the right to access and correct personal information

You, or someone you give authority to, has the right to request access to or correct your personal information.  

You can request information about someone else if you have legal authority

You can request to access or correct someone else’s information if you have legal authority – for example, if you have a power of attorney.

You can access or correct certain information online, by phone, or in a branch

In most cases you can access or correct your information yourself and you won’t need to submit a request. The fastest way for you to access or correct your everyday information is to use internet banking. Or you can call us, or come into a branch, and we’ll do it for you.

Everyday requests for information are things like:

  • balances and transaction history, tax or bank statements, and KiwiSaver information
  • view or confirm product details like home loans and interest rates
  • updates to personal information like an email, postal address or phone number.

If the information you want is not available using everyday channels, for example, the information is unusual, complex or sensitive, you may need to make a request for your personal information so we can gather it for you. 

Find out how to make a request to access or correct your personal information

If you don’t have internet access, or you want to talk to us about how to access or correct your information, call us on 0800 275 269 or go into a branch.

Keeping you updated if you make a request

We’ll normally get back to you with a response within 20 working days. We may take longer in certain situations. We will keep you up to date throughout the process.

Please tell us if your request is urgent, and why, and we’ll take this into account.

We don’t normally charge a fee to complete personal information requests. If we are going to charge a fee, we’ll talk to you before we go ahead.

8. Your rights if you live outside New Zealand

If you live overseas, New Zealand privacy laws and this privacy policy still apply to your personal information.

International privacy laws may also apply to you

If you reside outside of New Zealand, other international privacy or data protection laws may apply to you – for example, the EU General Data Protection Regulation (EU GDPR). These international laws may set out additional rights, such as the right to erasure, restriction of processing, data portability or the right to have human intervention in automated decision-making.

If you move back to New Zealand, the New Zealand privacy laws will apply.

How to make a request under another country’s privacy laws 

If you think these international laws apply, please email us at privacy@bnz.co.nz with your request and details of where you reside.

9. How to get in touch with us

We care about your privacy and welcome your feedback. 

Get in touch if you have a question or complaint about privacy

Our Privacy Officer monitors how we comply with privacy laws. 

If you have any questions, feel that your privacy has been compromised in any way, or want to make a complaint, please contact the Privacy Officer: 

  • by email, at privacy@bnz.co.nz
  • by letter at: 
    Privacy Officer
    Level 4
    80 Queen Street 
    Auckland 1010 
    New Zealand 

What to do if you’re not satisfied with our resolution process

If you’ve been through our complaints and resolution process but aren’t satisfied, you can use one of the below independent dispute resolution services:

For privacy complaints

Office of the New Zealand Privacy Commissioner
Online: privacy.org.nz
Phone: 0800 803 909
(From overseas) +64 (0)4 474 7590
Email: enquiries@privacy.org.nz 

For general banking complaints

Office of the New Zealand Banking Ombudsman
Online: bankomb.org.nz
Phone: 0800 805 950
(From overseas) +64 (0)4 915 0400
Email: help@bankomb.org.nz