Reading time: 6 minutes

Privacy breaches are a serious matter, and customers are becoming more worried about how their personal information is used by the services they engage. Apps are no exception as they can collect a lot of information very easily. In New Zealand, privacy law is changing, so it is important to ensure that your app still complies with the law’s privacy obligations. Customers will also be reassured knowing that you care about their privacy and will have increased user confidence in your app. If you collect any personal information from users, you have to have a privacy policy outlining how you:

  • collect;
  • store; and
  • use that information.

This article will outline how you can make sure you are doing this according to the law.

Personal Information

If you are a business or organisation that collects personal information from customers and users, you must comply with NZ privacy law. Personal information is information that can be used to identify a person, such as:

  • email addresses;
  • geotracking information;
  • IP addresses;
  • photos;
  • full names; and
  • financial information.

For example, suppose you are developing a photo editing app and people can upload their personal photos to edit in your app. In that case, you are collecting personal information and need to comply with your obligations under NZ privacy law.

If you collect personal information from NZ citizens, these laws apply to you whether or not you have a legal or physical presence in NZ. If you find that there has been a privacy breach within your app, you have to notify the Privacy Commissioner immediately. When the information you are using is publicly available, it does not count as personal information.

Having a Privacy Policy

It is always good practice to have a privacy policy as part of your app’s terms and conditions. Both the Google and Apple app stores require that apps have a privacy policy. This is an appropriate way to make sure that your app follows your legal obligations to protect user privacy. You should have a privacy statement at the beginning of your privacy policy, which clearly outlines how you intend to preserve user privacy. The Privacy Commissioner’s website has a useful tool to help you develop a statement.

Your privacy policy should cover how you intend to:

Collect Information

You can only collect information for a lawful purpose. For example, if your food delivery app needs users’ addresses for delivery purposes, this is a lawful purpose. 

You have to collect that information directly from users themselves, and let them know that you are doing so. That way, they will not be surprised that you have collected this personal information. You also have to collect information in a way that is lawful and fair.

Hold Information

You have an obligation to store user information securely, and inform them how you will do so. Just like a brick and mortar business would keep personal customer information in a locked filing cabinet, you need to take reasonable steps to protect sensitive information. The more sensitive the data is, the more you need to do to protect it. Sensitive information could include:

  • payment details; and
  • health information.

You also need to make sure that people can readily access what personal information you have about them, and allow them to correct it if need be. For example, if people have an account on your app, you would allow them to amend the personal information associated with that account in the user settings.

Use and Share Information

When you use your users’ personal information, you need to make sure that it is accurate, and you are only using it for the purpose you collected it for. You can use this personal information for things outside your original purpose if:

  • you have user permission;
  • it is directly related to your original purpose; or
  • it is necessary to comply with your legal obligations.

For example, suppose your app collected email addresses for registration purposes. In that case, you could not then share those email addresses with a third party for ad targeting without getting user permission first.

You also cannot store personal information for longer than you need it. The longer you have a person’s personal information, the more likely there is a chance a privacy breach could occur. You may need some personal information for your app to function. The law does not specify a time limit, so you can develop your own policies for what this means in your situation.

Key Takeaways

If you collect personal information from users of your app, you need to comply with your obligations under privacy law in NZ. You can do this with a privacy policy, but you also need to select someone on your development team to be a privacy officer. They should be aware of your privacy obligations and make sure you are complying with them. If you would like more information or help with your app’s privacy policy, contact LegalVision’s IT lawyers on 0800 005 570 or fill out the form on this page.

FAQs

Does my app need a privacy policy?

It is a good idea to include a privacy policy as part of your app. Most app stores require one, and it is a good way to make sure you are complying with your obligations under NZ privacy law.

Do I need to let users of my app know that it uses their personal information?

Yes, usually you would do so in your privacy policy. But, you should also have a pop-up box asking for user permissions when they download your app, or your app requires access to parts of their phone.

What is personal information?

Personal information is information that can be used to identify a person, or combined with other information to identify said person. This can include full names, email addresses, and phone numbers.

What do I need in my privacy policy?

You need to outline what information you collect, how you collect it, and why. You should also include a description of how you use that information and who else may have access to it, such as advertisers.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards