This policy sets out how we will collect, use, disclose and protect your personal information.
First AML Limited (First AML) complies with the New Zealand Privacy Act 1993 (and, once in force, the Privacy Act 2020) (the NZ Act) and the Australian Privacy Act 1998 (the AU Act) when dealing with personal information. The NZ Act and AU Act are together considered “the Acts”.
Personal information is information (and under the AU Act this includes an opinion) about an identifiable individual (a natural person).
This policy does not limit or exclude any of your rights under the Acts. In addition, it does not limit or exclude any rights that you have or may have under the General Data Protection Regulation 2016/679 (GDPR).
If you wish to seek further information, please see www.privacy.org.nz for New Zealand and https://www.oaic.gov.au/privacy/the-privacy-act/ for Australia.
Suite E, 317 New North Road, Kingsland, Auckland 1024, New Zealand.
6/66 Wentworth Ave, Surry Hills, NSW 2010
56190, Dominion Road, Auckland 1446, New Zealand.
AML/CFT Act means, as applicable, the New Zealand Anti-Money Laundering and Countering Financing of Terrorism Act 2009 or the Australian Anti-Money Laundering and Countering Financing of Terrorism Act 2006.
Reporting Entity has the meaning given to that term in the applicable AML/CFT Act.
Information we will be collecting
In accordance with the legislation that applies to our services, we are required to verify your name, date of birth and address. We will be collecting this by asking for your Identification Documents such as a Passport or Driver’s License.
When you use our website, our electronic forms or otherwise communicate with us (e.g. through a telephone call, mail or email) you may provide other personal information to us, such your feedback, your enquiries, your preferences and opinions and we may indirectly collect other personal information about your use of our online based services or communication tools, such as:
We will also collect any other personal information which is requested by us and/or provided to us by you or a third party.
If information is not provided
If the requested information is not provided by, First AML may not be able to complete customer due diligence.
Changes to this policy
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
Who do we collect your information from?
We collect personal information about you from:
For what purposes do we collect, hold, use and disclose personal information?
We may collect, hold, use and disclose your personal information for the following purposes:
If you are a staff member of a Reporting Entity, we may collect, hold, use and disclose your personal information for the purpose of advertising and marketing. This includes sending you promotional information about our products and services, and information about third parties that we believe may be of interest to you.
Disclosing your personal information
We may disclose your personal information to:
Your personal information may be transferred outside of the country in which you are located. Where we transfer personal information overseas, we will do so in accordance with any applicable requirements set out in the Acts.
Protecting your personal information
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
Accessing and correcting your personal information
You may contact us to access the personal information that we hold and to request a correction to your personal information. Before you exercise these rights, we will need evidence to confirm that you are the individual to whom the personal information correlates.
In respect of a request for access, we will, within a reasonable period of time, provide you access to the personal information unless we are legally permitted to withhold access. If we are permitted to withhold access, we will provide you written notice of this.
In respect of a request for correction, if we consider that the correction is reasonable we will make the correction within a reasonable period of time. If we are legally permitted to not correct your personal information and we do not make the correction, we will provide you written notice of this and take reasonable steps to note on the personal information that you requested the correction.
If you wish to make a complaint, please contact us using the details above and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the relevant privacy authority.
Data management and security
The personal information that we hold is stored on secure servers located in Australia in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, redundant power supply systems, and strict controls for physical access.
Data held on our servers cannot be seen by anyone who has not entered into a contract with First AML which includes confidentiality obligations. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.
By accessing our website or by submitting information to First AML, you understand that First AML will collect, maintain, use and disclose personal information about you and provided by you or by another person as described above.
Last updated: 29 March 2021