Reading time: 5 minutes

Starting an online business can be an excellent way to take advantage of the growing online market and find a new customer base. Increased online connectivity means a greater spread for your brand, but it also brings its own privacy risks. When you deal with customers’ personal information, such as their credit card details or email addresses, you need to handle that data with due care. The law requires that you tell people how you deal with their personal data and protect that information according to its sensitivity. The most efficient way to comply with this obligation to inform is with a privacy policy. Here, you outline how you handle personal data within your online business and how customers can exercise their privacy rights in that process. Therefore, this article will explain why you need a privacy policy for your New Zealand online business.

Meeting Your Privacy Obligations

Any organisation in New Zealand that deals with personal data is an ‘agency’ and must comply with New Zealand privacy law. Personal information you may process at your online business includes:

  • customers’ names;
  • email addresses;
  • cookies;
  • delivery addresses;
  • credit and debit card details;
  • IP addresses; and
  • other information that can identify an individual.

You need to honour your privacy obligations under the law when dealing with such data. Indeed, when you deal with personal data, you need to:

  • collect data legally, directly from its source where possible;
  • collect data for a legitimate purpose, and inform your customers of that purpose;
  • secure any information you hold, at a level proportionate to its sensitivity;
  • take steps to ensure the information you use is accurate and up to date;
  • keep information for as long as you need it, and no longer;
  • dispose of information securely;
  • only share data at appropriate times;
  • meet the requirements for sharing personal information overseas; and
  • handle unique identifiers carefully, according to the law.

You should have a privacy officer at your online business that ensures you meet the standards under the Privacy Act.

Handling Personal Data Online

When you operate online for your business, you will need more information from your customers to complete transactions. You will also likely gather more data from your customers through web analytics to improve your services. The more personal data you take in, the greater the loss if there is a data breach.

For example, you may allow customers to use a “Remember My Card Details” option in their transactions to speed up future purchases. This means greater convenience for your customers and greater risk for you because you need to store these card details securely. You need to have appropriate security measures to protect this information because of its sensitive nature.

All businesses need to take precautions against security threats. For physical businesses, this is installing an alarm to protect against burglary. For your online business, this means being aware of potential cyber threats and implementing preventative measures. Because you may collect more sensitive data online, you need to take steps to protect that information. 

Many online services, such as eCommerce platforms and services like Google Analytics, will require that you have a privacy policy to use them.

Operating Online With a Privacy Policy

Because of the added risk of doing business online, customers want to engage with businesses they know value their privacy and have implemented solid measures to protect it. Therefore, they will look to your privacy policy to determine what information of theirs you use and how you protect that information. In addition to meeting your privacy obligations under the law, having a privacy policy shows you:

  • value your customers’ privacy;
  • are transparent in your information usage; and
  • understand the greater privacy risks when operating online.

For example, you need to tell your customers who you share their information with, and a good way to do this is in your privacy policy. For example, you may include third-party advertising services who use their online behaviour data to determine what ads to show. The law requires that this is communicated to your customers, and they can find this information in your privacy policy.

What Should My Privacy Policy Cover?

You need to tailor your privacy policy to suit your business and meet your privacy needs. Therefore, your privacy policy should detail:

  • a specific list of what personal data you collect;
  • how you collect personal information;
  • the purposes for personal data collection;
  • reassurance about the security of your information storage;
  • how you intend to use personal data;
  • any laws that apply to their personal data;
  • who has access to any personal data;
  • who you may share this personal data with;
  • whether customers can choose not to give you their information;
  • what happens if they don’t give you information;
  • a person’s right to access the data you hold; and
  • your contact information.

Key Takeaways

A privacy policy is a critical legal document for your online business, as it informs your customers how you handle their personal data in a way that complies with the law. Indeed, this is especially important in the online context because of increased privacy risks. If you would like more information or help with your online business’ privacy policy, contact LegalVision’s eCommerce lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a privacy policy?

A privacy policy is a document that outlines how you collect, use, and disclose the personal information you have collected. You should have an accessible privacy policy that is easy to understand.

When do I need a privacy policy?

If your business deals with personal information, such as phone numbers or IP addresses, you should have a privacy policy. This is to ensure your customers know how you handle their personal information.  New Zealand privacy law requires this disclosure, and so does the EU’s General Data Protection Regulation (GDPR).

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards