Privacy Policy

Updated 10 December 2024

The changes to this Privacy Policy come into effect on 24 December 2024 for those customers who have been approved for a Zip account as at 10 December 2024

Thank you for visiting our website https://zip.co/nz (the Website) and considering the use of our Zip Co NZ Products. This Privacy Policy applies to the use of our Zip Co NZ Products, the Zip Co NZ Platform (the Platform), the Zip New Zealand website, and any other interaction between us (collectively, our Services). 

Zip Co NZ Limited (Company Number: 6162932) and our subsidiary companies including Zip Co NZ Finance Limited (Company Number: 6688857) (collectively referred to as Zip Co NZ, we, us or our) recognise the importance of safeguarding your personal information. This Privacy Policy governs the collection, use and disclosure of your personal information by us. We are bound by, and comply with, the Privacy Act 2020 (Privacy Act).

This Privacy Policy should be read carefully and in conjunction with any other privacy notice or collection statement we provide to you when Zip Co NZ collects your personal information or credit related information. By accessing our Website or using our services, you consent to the collection, use, storage and dissemination of your personal information in accordance with this Privacy Policy. 

If you are located outside of New Zealand and utilise our Services in another country, you can view that region’s policy on our website at www.zip.co by selecting your country.

If you do not provide your personal information, we may be unable to provide you with the Services. 

  1. Information we collect
  2. How we use and share your personal information
  3. Bank Connect 
  4. Identity verification and fraud 
  5. Protection and storage of your information
  6. Access to and correction of your personal information
  7. Marketing Communication
  8. Use of Cookies
  9. How long we hold your information for
  10. PCI DSS Policy
  11. Changes to this policy
  12. How to get in touch with us 

Information we collect

When using or seeking to use our Services, we collect the information about you in three ways:

(i) when you provide it to us directly;

(ii) when we gather personal information while you are using our Services, including through cookies and similar technologies (see Use of Cookies below); and

(iii) when we collect information from other third party sources, including publically available registers and social media.

The types of information we collect include:

  1. Personal information means information about an identifiable person. This includes contact information such as your name, address, phone number ,email address,gender, date of birth, drivers licence number, passport, 18+ card, Kiwi Access card, New Zealand Visa issued by New Zealand Department of Immigration, or other identification data. 
  2. Credit information such as credit score, bank statements, transaction history, partial card numbers and card expiry dates (we do not collect or hold full card numbers, which are held by the payment gateway), and your repayment and default (if any) history.We primarily obtain credit information provided to us by credit reporting bodies. Credit information is used to assess your eligibility to be provided with finance.
  3. Digital footprint: digital information from your computer or device in relation to your use of our Services, including your IP address, location identifiers, device type, activity logs, cookie and browser identifiers, web browser, and operating system may also be collected, primarily for the purposes of fraud prevention.
  4. Biometric data is also a class of information that we may collect. This includes biometric data such as images, photographs or videos, used to apply for our product. Information about your digital footprint, including your IP address, device type, web browser, and operating system may also be collected, primarily for the purposes of fraud prevention.
  5. Financial information such as income, expenditure, assets, financial liabilities, employment and utility bills. 

In addition we may collect information from you when you communicate with us or our service providers (in writing or verbally) such as communicating with our customer support or when you participate in any survey, promotion or competition we may run. Your telephone calls to us may be monitored or recorded for training purposes and to provide you support and to resolve disputes.. 

As part of our assessment of fraud and credit suitability, we also utilise third parties and may collect personal information from third parties such as credit agencies and identity verification providers and other commercial information service providers. We may also access personal information about you that is available publicly, such as on public and subscribed registers, and details you have shared publicly on social media platforms, which may be used to supplement our customer database.

We may also collect information from any retailer (commonly known as a Zip merchant partner) where you are seeking to use our Services including personal information such as your full name, mobile phone number, email address, what you are purchasing, cost of purchase and shipping details. 

We may also collect certain digital information from your computer or device in relation to your use of our Services, such as IP address, activity logs, cookie and browser identifiers, operating system identifiers and location identifiers. 

If you are a business and are or become a merchant partner of Zip, we will collect information about your company and its business dealings, as well as some personal information about individuals within your business. This may include:

  • Personal information relating to directors and beneficial owners;
  • Company information, records and financial information such as tax returns; and
  • Details of your company’s employees, contractors or suppliers.

From time to time we may collect other information about you, or your business to provide you with our products and services. 

Using and sharing your personal information

We will primarily use your personal information in order for us to provide our Services to you or assess your suitability for us to provide such Services.

This includes, but is not limited to using your personal information to:

  • Make decisions to provide you with our Services initially and on an ongoing basis, including evaluating your creditworthiness,verifying your identity or increasing or decreasing your spend limit;
  • Provide you with our Services, including the arrangement of the instalment plan, financial hardship plan (if applicable), and responding to any queries and providing any information about us;
  • Manage your scheduled instalment payments and late fees (if any) and manage the Services we provide;
  • Improve, customise and enhance our Services including for use in research;
  • Communicate with you via phone, text message, notifications, email, our platform, our website, our chat tool or post and otherwise to manage our relationship with you;
  • Manage and prevent fraud and other security risks in connection to your account; 
  • Provide you with marketing materials and other news updates and promotions with respect to our Services;
  • Gaining insights into your interest and preferences so we can enhance the delivery of our Services to you; and.
  • Comply with any relevant law or legal obligations.

Your information will be used and disclosed for the purposes for which it was collected and with your consent. There may be situations where your information is used or disclosed under an exemption in the Privacy Act.

We do not sell or provide access to your personal information to third parties for them to market directly to you without your consent. However, we may share your personal information with third parties for the following purposes:

  • Within our groups and subsidiary companies;
  • To our third party service providers engaged to perform identity verification and/ or fraud detection services;
  • To our payment system providers or retailers in order to manage a transaction or respond to a query or complaint or improve their service offering;
  • To enforce our rights including debt collection and assigning debts to third party debt collection agencies;
  • On a confidential basis to our agents, contractors and external service providers;
  • To our third party service providers, engaged to perform services on our behalf such as text messaging and email services;
  • To other organisations that are involved in managing or administering your finance, such as third party suppliers, and credit reporting bodies;
  • To other third parties including retail partners (Zip merchant partners), card scheme providers, and organisations who purchase our debt and to who we assign our debt to;
  • To third party service providers and funders to assist us in the funding of our business, including by way of securitisation as investors, advisors, potential acquirers, trustees and rating agencies; 
  • To our commercial partners and credit agencies to enable them to improve their services to us and to you;
  • To persons who represent you, such as financial mentors, finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney, authorised representatives and accountants;
  • To entities we outsource some of our functions, or provide information and infrastructure systems to us;
  • To associated business and other organisations, including media and social media platforms, (unless you tell us not to) and their agents for the purpose of marketing their and / or our products and services to you;
  • We may share information relating to your instalment arrangements with us including your repayment history and any non-compliance or default history. A credit reporter may hold such information on their database and use it for providing credit reporting services to other users of the credit bureau;
  • We may share information relating to your personal creditworthiness, including your credit score, age, where you have shopped and geographical location to persons involved in providing funds, including by way of securitisation;
  • If permitted or required to do so by law, such as Anti-Money Laundering and Countering Financing of Terrorism Act 2009, government and law enforcement agencies or regulators; 
  • In other circumstances where you have first consented to the disclosure.

Where your personal information has been utilised in the development of any statistical or analytical data and has been aggregated and anonymised, we may sell, distribute and disclose such data to retailers and other third parties.

Bank Connect 

With your consent, we may ask you to share your personal and financial information (including your personal online banking details and online account and card statements) with our third party service providers, to enable them to perform digital data capture (the collection and/or copying of your screen display data, including financial information, from the Platform) on our behalf for the purposes of assessing affordability.

Identity verification and fraud

Zip is required by law to confirm your identity in order to provide you with our Services. This involves sending your personal information, including your identity documents and biometric data to third parties.

The identity document details you provide during an application process as evidence of your identity will be checked with the relevant government agency via the Document Verification Service. If you do not provide your drivers’ licence or passport number, or your document is not verified by the Document Verification Service, we may be unable to identify you and your account may not be approved or unlocked.

When you use the Zip app or website, behavioural biometric, technical and digital data is used to help protect against fraud and minimise security risks in connection with your Zip account.

Protection and storage of your personal information

Your personal information will predominantly be stored in electronic form in secure cloud-based data centres located in New Zealand or overseas that may be owned by third party service providers. Your personal information may also be stored in paper form. All such information whether electronically or physically stored is kept secure using generally accepted standards of security.

When we store your personal information, we will take reasonable steps to keep your personal information secure and to prevent unauthorised disclosure. 

Access and correction of your personal information

Zip seeks to ensure your information is up to date. Subject to any applicable exceptions set out in the Privacy Act, you have the right to request access to or correction of personal information we hold about you by contacting us here or make a request to the Privacy Officer using the details below. 

Under New Zealand Privacy law, you can request access or correction to your personal information or credit-related information at any time by contacting Zip’s Privacy Officer using the details below. The time we take to respond to your request will depend on the type of access or correction request you make. We usually reply within twenty (20) working days of receiving your request. We will notify you if it takes longer and we will seek your written consent to an extension if we are required by law to do so.

We may contact you via phone to confirm your identity and the reason for the request before releasing or correcting any personal information or credit-related information about you. This is to protect your identity and ensure Zip does not disclose any personal information or credit-related information to persons who do not have the right to access or correct that information.

Zip may not always be required to provide access to, or correct, your personal information or credit-related information due to certain exceptions in the Privacy Act. This includes situations such as where:

  • It is unlawful to give access;
  • Giving access would pose a serious threat to any person’s life, health or safety, or to public health or safety;
  • The information relates to existing or anticipated court or legal proceedings;
  • Giving access would have an unreasonable impact on other people’s privacy;
  • Giving access would reveal evaluative information in connection with a commercially sensitive decision-making process by Zip; or
  • Your request is vexatious.

We will write to you and explain why we cannot provide access or correct your information. In some cases where we refuse to correct your information, you can ask us to include a statement attached to your personal information that says you believe it is inaccurate, incomplete, misleading or out of date.

Marketing communications

By accepting the terms of this Privacy Policy and providing us with your personal information, we may use your personal information for the purpose of informing you about our products and services (including via SMS, email or notifications and messages in the Zip Platform). You may opt out of receiving these communications at any time, in a number of ways:

  1. Clicking “Unsubscribe” or replying “STOP” to any electronic marketing or SMS messages or offers you receive; 
  2. Updating your Notification preferences on your mobile device; 
  3. Submitting a request via the Help Centre; or 
  4. Contacting us via phone at 09 4898144

After you’ve opted-out of receiving marketing communications, we may still contact you for transactional or informational purposes. For example, changes to our terms and conditions. 

You will not be charged for updating your preferences.

Use of Cookies

We use technology such as cookies, pixels, pixel tags, tracking links and other third party technologies (collectively known as “cookies”) to collect certain information about you when internet browsing or device applications. Cookies can record information about your visit to our website. This enables us to provide a more customised experience next time you visit. You can switch off cookies by adjusting your web browser settings however this may interfere with your use of our website and platform. 

We also allow approved third-party partners (including Branch, Meta, Google, TikTok, Youtube and LinkedIn) to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence. You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application.

How long we hold your information

We will hold your personal information only for as long as necessary to achieve the purpose for which we collected it for and in order to comply with document retention laws, or any other relevant law or legal obligation.

Your personal information may also be kept after your account is closed in order to carry out certain activities, such as:

  • Collecting outstanding balances owed;
  • To conduct investigations or resolve disputes;
  • Account maintenance or troubleshooting;
  • Preventing or detecting fraud or unauthorised activity; or
  • Where otherwise permitted by law.

PCI DSS Policy

For security purposes, Zip Co NZ does not keep or hold your full debit or credit card data. We use Windcave, New Zealand’s largest payment gateway. Windcave adhere to a comprehensive set of requirements created by the Payment Card Industry Security Standards Council for ensuring the safe handling of sensitive customer debit and credit card data. Windcave is a Level 1 Service Provider and is compliant to PCI DSS Version 3.2.1 standard. More information can be found https://www.windcave.com/certifications-and-compliance.

Changes to this policy

We may amend this Privacy Policy from time to time by posting a revised version on our Website or sending you an email or text two weeks before the effective date of any amendment. If you continue to use our Services following the effective date of any amendment, then you will be deemed to have accepted the amendment to this Privacy Policy. If you do not accept any amendment to this Privacy Policy, you must stop using our Services.

How to get in touch with us

If you have any questions regarding this policy or should you wish to lodge a complaint in relation to our use or disclosure of personal information, you can contact us here or email the Privacy Officer at [email protected]

Zip is committed to resolving your query as soon as possible and will acknowledge your complaint within five (5) business days of receipt. We will investigate and provide a response on how we have resolved your complaint within twenty (20) business days. If our investigation takes longer, we will notify you and provide you with a reason for the delay.

If you remain dissatisfied with the outcome and would like an independent review of the complaint and the response you can refer your complaint to Zip’s independent external dispute resolution scheme provider, the Financial Services Complaints Limited (FSCL), which provides a free service that may help to investigate or resolve your complaint. Contact details are as follows:

Email FSCL at [email protected]

Telephone FSCL on 0800 347 257

Write to FSCL, PO Box 5967, Wellington 6145

If you are still unsatisfied with the resolution , you have the right to make a complaint to the Office of the Privacy Commissioner at: 

PO Box 10094
Wellington
6143

Phone: 0800 803 909