Reading time: 5 minutes

If your business deals with your customers’ personal information, such as their names or financial details, you must take sufficient care to protect their privacy. New Zealand law implies privacy obligations on any business that deals with such information. One of these obligations is to let your customers know how you handle their personal information and why. You can do this with a privacy policy, which you can display on your business’ website or a sign in-store. A privacy policy outlines: 

  • what personal information you collect and why; and
  • how your customers can expect your business to handle their privacy.

This article will examine four reasons why your New Zealand business needs a privacy policy.

1. You Need to Comply With the Law.

As an agency that handles customers’ personal information, the law requires that you do so according to the Privacy Act’s privacy principles. These principles regulate how you deal with personal data and its:

  • collection;
  • use;
  • storage;
  • security;
  • disclosure; and
  • disposal.

Under New Zealand law, you need to inform your customers about how you handle their personal information. A privacy policy helps you fulfil this requirement. In particular, you need to take reasonable steps to tell people:

  • that you are collecting their data and why;
  • if any particular laws apply;
  • who can access their information;
  • whether they have a choice in giving you their information;
  • what happens when they do not give you their information;
  • that they can access and correct their information you hold;
  • that you have security measures in place to protect their information; and
  • your contact details.

If a customer thinks you have not adequately informed them about your usage of their personal information, they can make a complaint to the Privacy Commission. Such complaints can lead to compliance notices and further legal consequences if these complaints are found to have merit.

A privacy policy means that customers are aware of exactly how you handle their information so that you can comply with the law. You should include a link to your policy at any time you collect customer information.

For example, if you collect cookies from customers visiting your website, detail this in your policy so they are aware of this fact.

2. Third-Party Services May Require It

Your business’ online store may use third-party services for advertising or measuring web traffic, such as Google Analytics. Many of these web analytics tools require that you have a privacy policy available for your customers to be eligible for their services. This is both to discharge any of their own legal requirements and limit their liability if something goes wrong. Check their terms and conditions or user agreements to ensure you are aware of such requirements.

For example, if you want to display your app on the Google Play Store, they require that you have a privacy policy for your app. The Apple App Store mandate this as well.

3. Customers Care About Privacy

Customers care about their personal information and will not respond well to a business that does not adequately consider their privacy concerns. Data breaches and cyberattacks on businesses are receiving more coverage in the media, and customers are sensitive to that. 

To relieve their concerns, you can provide ample and transparent information in your privacy policy about how you deal with their private information. You need to demonstrate your commitment to protecting customers’ privacy. Most customers now will expect such a disclosure in the form of a privacy policy, so it will be detrimental for you not to have one.

Your privacy policy will set out what customers can expect from your business regarding privacy. Therefore, you need to show you can meet those expectations. Furthermore, do not use personal information in a way that your customers will not have considered. To meet this standard, your policy needs to be:

  • transparent;
  • accurate;
  • legible;
  • easy to understand; and
  • up to date.

4. Ease of Access

Depending on the nature of your business, the kind and volume of personal information you collect will vary. Your policy should reflect this. Therefore, it can be helpful to have a singular document that comprehensively sets out what data you collect. A privacy policy also sets out what standards you and your team need to meet when dealing with that data. 

If you do not collect a lot of personal information, you may not need a complete privacy policy. However, you still need to disclose what personal information you do collect. You can include privacy provisions in your terms and conditions or another similar document. Either way, if you need assistance, be sure to seek advice from a legal expert.

Key Takeaways

If your business deals with personal information you should have a privacy policy. Not only does the law require it, but third-party services may need it as well. Your customers will also respond more favourably to a business that shows it values their privacy. If you would like more information or help with your privacy policy, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a privacy policy?

A privacy policy is a document that sets out how you deal with your customers’ personal information (also known as personally identifiable information) and what steps you take to protect their privacy. It lets them know what they can expect from your business.

Do I need a privacy policy?

If you deal with personal information, such as names or email addresses, you should have a privacy policy. This is because a privacy policy ensures you meet your disclosure requirements under New Zealand privacy law.

What should a privacy policy include?

A privacy policy should include a list of what personal information you collect and why. It should also tell your customers how you will use that information and who you may share it with. You should also include your contact information for any privacy concerns.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards