Reading time: 5 minutes

A lot of the information you may be collecting from customers will identify them in some way, such as their names or email addresses. Therefore, this is personal information, which means you are an agency under New Zealand privacy law. As an agency, you have various rules for how you deal with customers’ general information. One of these is to tell your customers that you are using their data and give them details about this process. Most businesses do this with a privacy policy or other document, such as a privacy statement. However, if you do not have an acceptable privacy policy or similar document, you can face legal consequences. Therefore, this article will provide five reasons why you should not be collecting customer information with a privacy policy.

1. You Need to Inform Customers When You Collect Their Personal Information

Personal information is any data you can use to identify a person, whether by itself or in combination with other information. It can include:

  • names;
  • addresses;
  • IP information;
  • financial details; or
  • photographs.

The law requires that when you collect personal information from your customers, they need to know about it. 

For example, if you are collecting cookies from customers visiting your website that can identify them, you need to tell them you are collecting their personal information in this way to protect their privacy.

You should also tell them:

  • why you are collecting their information;
  • that they can request access and correct to their personal information;
  • whether any laws or regulations apply to your information collection;
  • who has access to their data;
  • whether they can choose not to give you their information;
  • the consequences of choosing not to give you their information; and
  • how to contact you for privacy-related concerns.

A privacy policy or statement contains clauses or paragraphs dealing with all of these disclosure requirements.

2. You Could Face Legal Penalties

When you collect personal information, you need to tell people the information above, outlined in a privacy policy. Your privacy policy can also detail:

  • your intended usage of their information;
  • the security measures you have in place to protect their personal information; and
  • legal disclaimers.

However, if you fail to detail the necessary information, then you can face severe legal penalties. In addition, if a customer finds out that you have not explained how you collect their personal information, they can complain to the Privacy Commission about your interference with their privacy. Interference with privacy refers to when your business does not comply with the Privacy Act, which sets out the rules for handling personal information.

If the Privacy Commission thinks their complaint has merit, they can issue compliance notices with potential fines up to $10,000. In serious cases, they can recommend cases to the Human Rights Review Tribunal, where you can face orders to pay compensation up to $350,000.

You can avoid these legal penalties with a clearly identifiable privacy policy that includes all the information you need to tell your customers.

3. Some Overseas Laws Require Privacy Policies

New Zealand law requires that you inform your customers about when you collect their information, which you may not need a detailed privacy policy to do. However, in some cases, a detailed privacy statement can be enough.

However, if you sell to European customers online or monitor their behaviour, the General Data Protection Regulation (GDPR) will likely apply to you. Their rules around privacy policies and notices are stricter and more involved. Therefore, you will need a more comprehensive privacy policy to meet these requirements when collecting customer information.

4. Customers Expect a Privacy Policy

As more of our lives become dependant on the internet, privacy concerns are growing in importance for your customers. Most will expect a privacy policy of some description, and a lack of one will likely show that you are not a privacy-conscious business. Without a privacy policy or notice, you may alienate customers that want to know how you handle and secure their personal information.

5. Companies You Partner With May Require a Privacy Policy

Many global eCommerce companies provide online services for businesses, such as website platforms or advertising services. You may take advantage of these services for your online business. However, to protect their own liability, many of these companies have set requirements for businesses that contract with them in this way. One of these requirements is usually having a privacy policy when your business collects personal information.

For example, if you want to sell your app on the App Store or Google Play, you need to have a privacy policy.

You can miss out on these services if you do not meet their specifications. Therefore, you should ensure you have the compulsory privacy documentation.

Key Takeaways

When you are collecting information from your customers, a lot of it will likely be personal information linked to their privacy. Therefore, you need to comply with the Privacy Act when you do so. This law includes various disclosure obligations, which a privacy policy can fulfil. Without one, you run the risk of breaching the law and alienating both your customers and potential partners. 

If you would like more information or help with your privacy policy, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is the Privacy Act?

The Privacy Act is the law that sets out New Zealand’s privacy regulations. It aims to protect the rights of individuals in New Zealand, by setting rules for agencies that deal with personal information.

Do I need a privacy policy?

If your business collects or uses personal information, you need to have a privacy policy or statement that tells individuals you do this. It should be comprehensive and transparent, with the necessary disclosures of certain information that the law requires.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards