First AML Limited - Privacy Policy

Privacy Policy General

This policy sets out how we will collect, use, disclose and protect your personal information.

First AML Limited (First AML) complies with the New Zealand Privacy Act 1993 (and, once in force, the Privacy Act 2020) (the NZ Act) and the Australian Privacy Act 1998 (the AU Act) when dealing with personal information. The NZ Act and AU Act are together considered “the Acts”. 

Personal information is information (and under the AU Act this includes an opinion) about an identifiable individual (a natural person).

This policy does not limit or exclude any of your rights under the Acts.  In addition, it does not limit or exclude any rights that you have or may have under the General Data Protection Regulation 2016/679 (GDPR).

If you wish to seek further information, please see for New Zealand and for Australia.

Our physical Address

New Zealand:

Suite E, 317 New North Road, Kingsland, Auckland 1024, New Zealand.


6/66 Wentworth Ave, Surry Hills, NSW 2010


56190, Dominion Road, Auckland 1446, New Zealand.

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009

In this policy:

AML/CFT Act means, as applicable, the New Zealand Anti-Money Laundering and Countering Financing of Terrorism Act 2009 or the Australian Anti-Money Laundering and Countering Financing of Terrorism Act 2006.

Reporting Entity has the meaning given to that term in the applicable AML/CFT Act.

Information we will be collecting

In accordance with the legislation that applies to our services, we are required to verify your name, date of birth and address. We will be collecting this by asking for your Identification Documents such as a Passport or Driver’s License. 

When you use our website, our electronic forms or otherwise communicate with us (e.g. through a telephone call, mail or email) you may provide other personal information to us, such your feedback, your enquiries, your preferences and opinions and we may indirectly collect other personal information about your use of our online based services or communication tools, such as:

  1. Your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour.
  2. Information about your access to and use of our online services, including through the use of Internet cookies, your communications with our online services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
  3. Additional personal information that you provide to us, directly or indirectly, through your use of our services, associated applications and/or accounts from which you permit us to collect information.

We will also collect any other personal information which is requested by us and/or provided to us by you or a third party.

If information is not provided 

If the requested information is not provided by, First AML may not be able to complete customer due diligence.

Changes to this policy

We may change this policy by uploading a revised policy onto the website.  The change will apply from the date that we upload the revised policy.

Who do we collect your information from?

We collect personal information about you from: 

  1. Reporting Entities where you have authorised the Reporting Entity to provide us with personal information. 
  2. You, when you provide that personal information to us directly or indirectly, including via our website, electronic forms or through any contact with us (e.g. telephone call, mail or email).

For what purposes do we collect, hold, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

  1. To provide our services to Reporting Entities and to you, including to verify your identification and complete customer due diligence.
  2. To enable you to access and use our website, electronic forms and any of our other online services.
  3. To contact and communicate with you about our services, including to request identification documentation.
  4. For our internal record keeping, administrative, invoicing and billing purposes.
  5. For analytics, market research and business development, including to operate and improve our services and any associated applications.
  6. To comply with our legal obligations and resolve any disputes that we may have.
  7. If you have applied for employment with us; to consider your employment application.
  8. If otherwise required or authorised by the Acts or any other applicable law.

If you are a staff member of a Reporting Entity, we may collect, hold, use and disclose your personal information for the purpose of advertising and marketing. This includes sending you promotional information about our products and services, and information about third parties that we believe may be of interest to you.

Disclosing your personal information 

We may disclose your personal information to: 

  1. A Reporting Entity with whom you have an established relationship. 
  2. A person who can require us to supply your personal information (e.g. a statutory or regulatory authority). 
  3. Any other person authorised by the Acts or another applicable law (e.g. a law enforcement agency or our third party providers who provide services to us, such as data storage services, IT service providers, lawyers and marketing providers). 
  4. Any other person authorised by you.

Your personal information may be transferred outside of the country in which you are located. Where we transfer personal information overseas, we will do so in accordance with any applicable requirements set out in the Acts.

Protecting your personal information 

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

Accessing and correcting your personal information 

You may contact us to access the personal information that we hold and to request a correction to your personal information. Before you exercise these rights, we will need evidence to confirm that you are the individual to whom the personal information correlates.

In respect of a request for access, we will, within a reasonable period of time, provide you access to the personal information unless we are legally permitted to withhold access. If we are permitted to withhold access, we will provide you written notice of this.

In respect of a request for correction, if we consider that the correction is reasonable  we will make the correction within a reasonable period of time. If we are legally permitted to not correct your personal information and we do not make the correction, we will provide you written notice of this and take reasonable steps to note on the personal information that you requested the correction.


If you wish to make a complaint, please contact our Data Protection Officer by email at and provide us with full details of the complaint.

We will promptly investigate your complaint and respond to you as soon as is practically possible within 20 working days, in email, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the relevant privacy authority:

New Zealand
Office of the Privacy Commissioner
PO Box 10 094, Wellington 6143

Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW 2001

Data management and security 

The personal information that we hold is stored on secure servers located in Australia in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, redundant power supply systems, and strict controls for physical access.

Data held on our servers cannot be seen by anyone who has not entered into a contract with First AML which includes confidentiality obligations. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.

Your acknowledgement

By accessing our website or by submitting information to First AML, you understand that First AML will collect, maintain, use and disclose personal information about you and provided by you or by another person as described above.

Platform Terms of Use 

To access our platform terms of use, please visit

Last updated: 28 September 2021