Reading time: 5 minutes

A privacy policy is a crucial document for your business because it outlines how you comply with New Zealand privacy law. It also lets customers know what information of theirs you use and their choices about that process. If you collect personal information (such as email addresses or financial details) from your customers, you need a privacy policy. You display your privacy policy on your website or on a sign in your store. Make sure your privacy policy is:

  • transparent;
  • easy to read;
  • low in technical terms and jargon; and 
  • easily accessible.

A legal professional can help you draft a privacy policy that suits your needs. This article will outline some key clauses you should include in your privacy policy. 

Collecting Information

You need to have a clause outlining what personal data you collect from your customers and how you gather it. You may also include a disclaimer informing customers that you collect this information about them.

If you interact with EU customers, you should include a pop-up or banner when customers visit your website asking for their consent for tracking cookies. Otherwise, you may face GDPR penalties.

Include a detailed list of exactly what information you collect and how each item relates to your business purposes. If customers can opt out of this collection, let them know in this clause.

Use of Information

Next, you need to detail how you use the information you collect. Along with your detailed list of what information you log, include its purpose and what you use it for. Explain that you aim for complete transparency in this usage, and back this statement up by outlining everything you collect. Such purposes may include:

  • customer communication;
  • market research; or
  • business development.

For example, let customers know you use web analytics that tracks their usage data to understand how users interact with your site to improve website functioning.

Sharing Information

As part of your usage clause or in a clause of its own, you must let customers know whether you share their information. Generally, you cannot share customers’ personal information unless:

  • you have their consent; or
  • sharing it was your purpose for collection.

If you share this information, make sure you detail who you are sharing it with. This could include:

  • staff;
  • third-party advertisers;
  • investigatory bodies; and
  • potential business buyers.

Note that there may be more requirements if you share information with an overseas organisation. Ensure you note this as a clause in your privacy policy.

Storage and Security

Another key clause you need is one that outlines how you:

  • store information; and
  • protect information.

Detail what security measures you have to secure customers’ personal data. You should also outline the risks of storing data (especially online) so that customers are aware of this and know how you are combatting those risks. These measures would include physical and digital measures. Also, you should outline any in-house administrative procedures you engage in to protect this information. 

For example, you may only let senior staff access sensitive customer records with their own keys or passwords.

It would also be a good idea to put in a disclaimer noting that while you take all steps to protect information you transmit over the internet, you cannot guarantee complete security. You would note that visitors engage at their own risk. Also, let customers know:

  • how long you will store their information; and 
  • how you will dispose of it securely.

Accessing Information

Under New Zealand privacy law, your customers have a right to ask you if they can:

  • access their personal information; and
  • correct their personal information.

You should include a clause in your privacy policy outlining this process. You can refuse this access in some instances, however, and you should include these instances in this clause. However, you should aim to make sure you can easily retrieve information for customers if they wish to see it.

For example, you may withhold information from a customer if it is not readily retrievable. If retrieving it would be costly or require a specialist, then that may qualify.

You should ensure that the personal information you use is correct and up to date. Detail your business’s dedication to this in your privacy policy, as well as any processes you engage to uphold this. 


Finally, a vital clause is one that provides contact details. It should outline how customers can contact you for privacy concerns and report any complaints. Let customers know if they can contact you:

  • via phone number;
  • through email;
  • in-store; or
  • through your website.

Key Takeaways

If your business deals with your customers’ personal data, or any other personal information, you should have a privacy policy. This outlines what information you collect and use and how you comply with your privacy law obligations. If you would like more information or help with drafting your privacy policy, contact LegalVision’s New Zealand privacy lawyers on 0800 447 119 or fill out the form on this page.

Frequently Asked Questions

What is a privacy policy?

A privacy policy is a document that outlines how your business handles your customers’ privacy, and how you comply with your privacy law obligations. You would display it on your website or on a sign in-store.

Do I need a privacy policy?

If your business handles personal information, you should have a privacy policy. This ensures that customers know what data of theirs you collect, and you are complying with the law.

What is a privacy statement?

A privacy statement is a brief statement that lets customers know how you collect, use, and disclose their personal information. You should make sure that your business has one.

What should a privacy policy include?

Your privacy policy should cover how and why you collect information, as well as what information this is. You should also let customers know whether you share their information, and how you make sure their personal data is secure.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards