Debitsuccess Privacy Statement
1. Personal Information
1.3 References to the Privacy Act include any subordinate legislation, by-law, regulation, order, statutory instrument or determination made under it, any re-enactment of, or amendment to, the Privacy Act and all legislation passed in substitution for that legislation.
2. What is “personal information”?
2.1 Personal information is information that can or may be used to identify you. Examples of the types of information we collect are set out in the following paragraph.
3. What information we collect and hold
3.1 Personal information we may collect and hold includes without limitation:
3.1.1 Details and content you provide to us
When you register to use our services, we may collect personal information necessary to offer and fulfil the services you request. This includes your name, postal address, telephone number, email address and any other details. If you are a merchant or individual signing up to accept payments for an account, we may collect verification information necessary and your bank account and financial details to be able to accept payments.
When you use our services, for example to make direct debit payments to merchants or to receive payments from payers, we collect information about the transaction as well as information associated with the transaction including your name, address, telephone number, email address, credit card, bank account information, merchant information, including information about the funding and amounts used to complete the transaction.
When you make a payment using our services, we also collect the information you provide us about the other participants associated in the transaction. This includes for example the personal information of transacting parties and payment amounts.
We may also collect information when you fill in a form on our website or participate in an online survey we conduct. We may also collect information about you when you ask to be included in an email mailing list.
We may collect information when you otherwise communicate or interact with us.
We may collect personal information directly from you as a customer of our client.
3.1.2 Information we collect from others
We may collect information from third parties, such as from merchants and data providers including transaction details, outstanding payments and customer records.
Our clients may use our services in their workplace or business. This means we may collect personal information that the client may send to us either manually or automatically through our services.
3.1.3 Information we collect from your use of our online services
We may collect a variety of information from your interaction with our websites and our online services including your IP Address; the date, time and duration of your visit; the number of pages you have downloaded; and the type of browser you use.
Please see Cookies below
4. Why do we collect personal information?
4.1 Collection of personal information is essential for the provision of our products and services to our clients and provision of products and services provided on behalf of our client(s) to you. Without personal information, we would not be able to provide these products and services.
4.2 Personal information is used to:
4.2.1 administer our relationship with you (including collecting your payments, following up on any missed payments, refunding payments, dealing with any ad hoc enquiries you may have, and otherwise dealing with other matters relevant to the provision of our products and services to you);
4.2.2 perform our internal administration and operations (including, without limitation, distributing payments to our clients, accounting, reporting, risk management, record-keeping, archiving, systems development and testing and staff training);
4.2.3 provide our products and services to our clients such as customer service and debt collection (including via the use of a third party);
4.2.4 collect outstanding debts (including via the use of a third party); and
4.2.5 comply with our legal obligations.
4.3 Personal information may also be used for:
4.3.1 monitoring, evaluating, developing and identifying products and services;
4.3.3 gathering and aggregating information for statistical and research purposes;
4.3.4 maintaining your account and your details;
4.3.5 communicating with you;
4.3.6 providing you with access to restricted areas of the website;
4.3.7 taking measures to detect fraud and credit loss; and
4.3.8 any other uses to which you consent.
5.1 For statistical purposes, we may collect information on website activity through the use of ‘cookies’. A cookie contains information that makes it easier for our server to interact with your computer. Cookies do not identify individual users, although they do identify a user’s browser type and your Internet Service Provider (ISP).
5.4 You can configure your browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions.
5.5 In some instances, you may be required to accept certain cookies to use our or benefit from our services.
6. External Links
6.1 Our websites may contain links to other third-party websites. While these links are provided for your convenience, you should be aware that the information handling practices of the linked websites are unlikely to be the same as ours.
6.2 We accept no responsibility for personal information provided to third parties through these links.
7. Disclosure of personal information
7.1.2 service providers, whom we use to provide you with services that we offer including those that verify your identity, assist in processing transactions, information technology service providers, mailing houses and market research organisations, and organisations that provide us with professional advice such as lawyers, accountants and business advisers, and business partners;
7.1.3 third parties where we reasonably believe there has been an infringement of your rights or those of a third party and disclosure of your information may remedy or assist in the remedy of the infringement;
7.1.4 other parties to transactions when you use our services, such as other users, merchants and their service providers. We may share information with the other participants in your transactions to facilitate the transaction and to help resolve disputes and detect and prevent fraud. If you make payments through our services to a merchant, we will provide details of transactions, payment details and call note history as well as reporting to the merchant;
7.1.5 the client in respect of whose product or service the information was collected and other organisations that are contracted to our client to provide services in relation to the information collected; and
7.1.6 third parties where we believe in good faith we are required to do so by law,
7.1.7 third parties where an exception applies under the Privacy Act; or
7.1.8 third parties with your consent.
7.2 Notwithstanding the above, we may disclose aggregate information and other information that does not personally identify you to such third parties as we may see fit.
8. Integrity and retention of personal information
8.2 Where that information is no longer required, it will be destroyed, deleted or disposed of in a secure manner.
8.3 Please contact us if at any time you believe that your personal information held by us is inaccurate, incomplete or not up-to-date.
9. How we hold your personal information
9.1 We will take all reasonable steps to ensure that the information we collect is stored in a secure environment and protected from misuse, interference, loss, unauthorised access, modification or disclosure. We hold information both electronically and in some instances in hard copy form with various service providers that assist us with information storage.
9.2 We have a range of policies and practices in place aimed at providing a secure environment. These measures are reviewed regularly to ensure their on-going viability. Security measures that we have implemented include, but are not limited to:
9.2.1 educating our staff as to their obligations with regard to your personal information;
9.2.2 requiring our staff to use personalised passwords when accessing our systems;
9.2.3 providing secure storage for all physical records;
9.2.4 ensuring that the facilities and records containing personal information are protected on-site by enhanced security measures including restricted access rooms, alarms and cameras;
9.2.5 employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised access to our systems; and
9.2.6 practising a clean desk policy.
9.3 We will hold personal information only for as long as is reasonably necessary, having regard to the purpose of collection.
9.4 We are one of the few billing companies that holds the highest level of Payment Card Industry Data Security Standards (PCI DSS) compliance certification. This means that we are Level 1 PCI DSS compliant and independently certified. PCI DSS is a comprehensive data security standard intended to help organisations proactively protect customer account data.
10. Direct marketing
10.1 From time to time we may also use your personal information to let you know about other products and services from us that you might be interested in, but we will not if you tell us not to. If you do not want to receive direct marketing messages or want to change your contact preferences, please contact us.
10.2 We will only use any personal information we hold on you for the purpose of direct marketing if:
10.2.1 we collected the information involved; and
10.2.2 we believe you would reasonably expect us to use or disclose the information for direct marketing; and
10.2.3 we provide an option for you to request that we do not use the information for direct marketing – and you have not utilised this offer.
11. Accessing your personal information
11.1 You have the right to request access to, and to obtain a copy of, your personal information held by us, and we are required to respond to your request within a reasonable period of time. Your request must be accompanied by the information we require in order to verify your identity.
11.2 In most cases, we will provide you with the access to your personal information that you have requested, though there are limited circumstances permitted by the Privacy Act where we may refuse. If we do not give you the access you have requested, or only give you restricted access, we will let you know why.
11.3 We may also charge a fee for providing you with access to your personal information. This fee must be reasonable and must relate to making the personal information available following the request. We may require the charge to be paid in advance.
12. Correction of personal information
12.1 Please contact us if at any time you believe that the personal information held by us is inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to correct your information within a reasonable period of time, so that it is accurate, up-to-date, complete, relevant and not misleading. We may also correct your personal information if we determine that it is inaccurate, out of date, incomplete, irrelevant or misleading.
13. If we can’t collect your personal information
13.1 If you do not provide us with the personal information we have requested, we may not be able to provide you with our services.
14. Right to Object
14.1 You have the right to object to us using your personal information for the purposes of marketing.
15.1 Our services are not directed to children under the age of 13. We do not knowingly collect information, including personal information, from children or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13.
16.2 We are committed to abiding by the terms set out in this document. However, if something does go wrong and you have a privacy related complaint, please let us know as it gives us the opportunity to address the problem. Our representative will be in touch with you regarding your complaint within a reasonable time. If the issue is more complicated, we may require additional documentation from you to help resolve the issue. In turn, we will keep you updated on the progress of your complaint.
16.3 If you are still unhappy, you can contact the Privacy Commissioner. You can submit an online complains by visiting the website at www.privacy.org.nz.
16.4 The Privacy Commissioner can be contacted at:
Address: Office of the Privacy Commissioner
PO Box 10094, Wellington 6143
Tel: 0800 803 909
17. Changes to this policy