First AML Limited - Privacy Policy

Privacy Policy General

This policy sets out how we will collect, use, disclose and protect your personal information.

First AML Limited (First AML) complies with the New Zealand Privacy Act 2020 (the Act) and the Australian Privacy Act 1998 when dealing with personal information.

Personal information is information about an identifiable individual (a natural person).

This policy does not limit or exclude any of your rights under the Act.  In addition, it does not limit or exclude any rights that you have or may have under the General Data Protection Regulation 2016/679 (GDPR).

If you wish to seek further information, please see for New Zealand and for Australia.

Our physical Address

Suite E, 317 New North Road, Kingsland, Auckland.


56190, Dominion Road, Auckland 1446, New Zealand.

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009

In this policy:

AML/CFT Act means the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

Reporting Entity has the meaning given to that term in the AML/CFT Act i.e. these are businesses supervised under Section 5 of the Act. Including, but not limited to;

  • A designated non-financial business or profession (e.g. Real Estate Agency, Law Firm, Accounting Firm).
  • A Casino
  • A financial institution
  • A high-value dealer

Information we will be collecting

In accordance with the legislation that applies to our services, we are required to verify the following, this is limited to;

  • Name
  • Date of Birth
  • Address
  • Citizenship
  • ID Document

We will be collecting this by asking for your Identification Documents such as a Passport or Driver’s License.

What we will do with your information

We will never share this information with anyone other than the initial transaction it was required for OR if you have given us your express consent on each occasion it is required to be shared thereafter. E.g;

  • Information we have collected on behalf a Real Estate Agency which you have listed your property with. We will collect your data on their behalf and store on our systems which will be accessible to them only.
  • If a Law firm you are working with who is also a customer of ours is needing to complete Customer Due Diligence on you as required in the Act. We will seek your express consent prior to sharing your information with that Law firm.

If information is not provided 

If the requested information is not provided by our client, First AML may not be able to complete customer due diligence.

Changes to this policy

We may change this policy by uploading a revised policy onto the website.  The change will apply from the date that we upload the revised policy.

Who do we collect your data from?

We collect personal information about you from:

  • Reporting Entities where you have authorised the Reporting Entity to provide us with personal information.
  • You, when you provide that personal information to us, including via our website, electronic forms or through any contact with us (e.g. telephone call, mail or email).

Disclosing your personal information 

We may disclose your personal information to:

  1. Reporting Entity with whom you have an established relationship.
  2. A person who can require us to supply your personal information e.g. a statutory or regulatory authority, such as;
    • Department of Internal Affairs (DIA).
    • Financial Markets Authority (FMA).
  3. Any other person authorised by the Act or another applicable law e.g. a law enforcement agency, such as;
    • Ministry or Justice (MOJ).
    • NZ Police.
  4. Any other person authorised by you.
    • E.g. a reporting entity whom you are in the process of forming a relationship with and wish for us (First AML) to share your personal data with them for the purposes of completing Customer Due Diligence checks on you.

Protecting your personal information

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

Accessing and collecting your personal information

You may contact us to access your readily retrievable personal information that we hold and to request a correction to your personal information.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we consider that the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.  If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

Data management and security 

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity.

The personal information that we hold is stored on secure servers located in Australia in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, redundant power supply systems, and strict controls for physical access.

‘SOC’ stands for ‘Systems and Organisation Controls’. These are a reporting framework through which organisations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program (i.e. Amazon Web Services ‘AWS’ are our providers).

‘ISO27001’ is an international standard on how to manage information security. Its best practice approach helps organisations manage their information security by addressing people and processes as well as technology.

Data held cannot be seen by anyone outside of First AML. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.

Your consent

By accessing our website or by submitting information to First AML, you consent to First AML collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.

Platform Terms of Use 

To access our platform terms of use, please visit