Reading time: 5 minutes

Any organisation or business that manages personal information in New Zealand must abide by our privacy law. Your online marketplace will likely qualify under this definition, as you will handle personal information like:

  • customer names;
  • delivery addresses;
  • credit card details;
  • IP addresses; and
  • other personally identifiable information.

Following this, you need to identify any privacy concerns attached to your online marketplace and mitigate them as much as possible. Users will have certain expectations about how you handle their privacy, and if you fail to meet those expectations, you could face severe reputational loss. This article will detail five privacy tips for your online marketplace.

1. Draft Comprehensive Legal Documents

For your online marketplace, you will likely need three critical legal documents that dictate how your website deals with privacy. The table below outlines what these are and how they are relevant for privacy issues.

Privacy Policy

Details what personal information your marketplace collects from its users, how you intend to use it, and other privacy issues. It will also include any legal requirements for collecting information and how users can contact you for privacy concerns.

Website Terms of Use

Outlines your expectations for visitors to your site. Includes how you expect users to treat the privacy of others when interacting with the site.

Marketplace Terms and Conditions

This document outlines the contractual relationship between you and your marketplace’s users, including sellers and buyers. Details what personal information you collect in any transactions on your site and how you expect the other party to treat other users’ privacy. For example, removing identifying tags from any photos they post.

In your terms and conditions, as well as your terms of use, you should reference and include links to your privacy policy. Ensure that these documents are easily accessible and write them in plain English. Include an acceptance of these documents when users create an account on your website as well.

For example, you may include a link to your privacy policy in your website footer.

2. Secure Your Website Connections

If users complete purchases on your online marketplace, they will exchange sensitive financial information, such as their credit card details. Ensure that your website has an active security certificate, especially any page that handles such transactions. When you store any personal information, implement adequate security measures to protect this data.

3. Keep To Your Agreed Purposes

When you collect information from your marketplaces’ users, you have to tell them why you are taking this data and what you intend to use it for. Under NZ privacy law, you cannot deviate from these purposes unless:

  • you have a users’ express consent to do so;
  • the new purpose directly relates to the original one; or
  • the law requires such deviation.

For example, you cannot use the email addresses you originally collected for account creation for a new purpose of email marketing. You need consent for this new purpose.

Users rely on what you tell them in your privacy policy, so keep to what you promise.

4. Keep Users Updated

If anything changes about how you deal with users’ personal information, you need to inform them. Update your privacy policy and related documents, and ask for consent when you need it.

This also applies if your online marketplace is the victim of a privacy breach. These can range in seriousness, but you should inform your users if they:

  • are likely to face negative consequences because of the breach; and
  • need to do anything to protect their information.

For example, say that a data breach compromised the passwords of 100 users of your platform. You then need to tell those users what happened and recommend changing their passwords.

If a privacy breach occurs that is likely to cause harm to an individual (or has already caused harm), you need to inform both the individual and the Privacy Commission.

5. Inform Users of Who Has Access

One of your obligations under New Zealand privacy law is to take reasonable steps to ensure your users know who has access to their information. This may include:

  • suppliers and manufacturers;
  • third-party advertising services;
  • payment gateways;
  • the authorities, where the law requires disclosure;
  • service providers, such as IT specialists; and
  • other users.

For example, you may allow your buyers and sellers to use Afterpay as a third party service. You need to inform your users that you will disclose their personal information to facilitate this process.

As a marketplace operator, you may engage with overseas parties when providing your services, such as overseas manufacturers. You need to take extra care when sharing personal information with these parties. The law requires that either New Zealand privacy law applies to such disclosure or protections to the same standard as New Zealand’s own.

Key Takeaways

Your online marketplace will likely take in a considerable amount of personal information from its users, such as financial details and delivery information. You need to take extra care when dealing with such information to comply with the law and meet your users’ privacy expectations. If you would like more information or help with privacy issues related to your online marketplace, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What qualifies as personal information?

Personal information is any information about an identifiable individual. This means that when you use this information, you can identify who it is about. Examples can include names, photos, or mobile numbers.

What is an online marketplace?

An online marketplace is an online platform where individuals can meet to complete transactions. Sellers can sell their goods and services, and buyers can buy them. The marketplace operator will usually charge a fee for this platform.

Do I need a privacy policy?

If you collect personal information, you should have a privacy policy. This is to inform your users of when you collect their information, and you can comply with your legal requirements under privacy law.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards