Book a demo Log in / Sign up

Contact Form Privacy Policy Template for New Zealand

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Contact Form Privacy Policy?

The Contact Form Privacy Policy is essential for any organization operating in New Zealand that collects personal information through online contact forms. This document is designed to comply with the Privacy Act 2020 and related New Zealand legislation, providing transparency about data handling practices and protecting both the organization and its users. It should be implemented when setting up any online contact form or updating existing forms to ensure compliance with current privacy laws. The policy typically includes information about data collection methods, usage purposes, storage security, third-party sharing, and user rights regarding their personal information. This document is particularly crucial given the increasing focus on data protection and privacy rights in the digital age, and helps organizations build trust while maintaining legal compliance.

Frequently Asked Questions

Is a Contact Form Privacy Policy legally required under New Zealand's Privacy Act 2020?

Yes, under New Zealand's Privacy Act 2020, organizations must provide clear information about how they collect, use, and store personal information through contact forms. This includes stating the purpose of collection, who will have access to the information, and how long it will be retained. Failure to comply can result in privacy complaints and potential penalties from the Privacy Commissioner.

Can I be fined if my website doesn't have a Contact Form Privacy Policy in New Zealand?

Yes, operating without proper privacy disclosure can lead to complaints to the Privacy Commissioner and potential penalties. Under the Privacy Act 2020, individuals can seek damages for privacy breaches, and the Privacy Commissioner can issue compliance notices. The maximum penalty for serious or repeated breaches can reach $10,000 for individuals or $100,000 for organizations.

How is a Contact Form Privacy Policy different from a general Privacy Policy in New Zealand?

A Contact Form Privacy Policy is specifically focused on information collected through contact forms, while a general Privacy Policy covers all data collection activities. The contact form version is more targeted, addressing specific fields like name, email, and message content, and typically includes details about response timeframes and contact purposes. Many businesses use both documents together for comprehensive coverage.

How long does it typically take to create a Contact Form Privacy Policy for New Zealand businesses?

Using a template, most businesses can complete a basic Contact Form Privacy Policy within 1-2 hours by customizing the standard clauses. However, businesses with complex data handling practices or multiple contact forms may need 4-6 hours to ensure all scenarios are covered. Adding legal review can extend the timeline by several days depending on lawyer availability.

Which Privacy Act 2020 principles must be included in a New Zealand Contact Form Privacy Policy?

Key principles include Purpose Limitation (clearly stating why information is collected), Collection Limitation (only collecting necessary information), and Use Limitation (using data only for stated purposes). The policy must also address Data Quality, Security Safeguards, Openness, Individual Participation rights, and Accountability. Each principle must be clearly explained in plain language that users can understand.

Can I copy another company's Contact Form Privacy Policy for my New Zealand business?

Copying another company's policy is not recommended and may not provide adequate protection. Each business has unique data collection practices, retention periods, and third-party integrations that must be specifically addressed. Using an inappropriate policy can create compliance gaps and potentially mislead users about how their information is actually handled, leading to Privacy Act violations.

Where should I display my Contact Form Privacy Policy on my New Zealand website?

The policy should be easily accessible before users submit their information, typically through a link near the contact form or a checkbox requiring acknowledgment. It must be prominently displayed and available at the point of collection, not buried in website footers. Many businesses also include a brief summary directly on the contact page with a link to the full policy document.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

New Zealand

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Contact Form Privacy Policy

A Contact Form Privacy Policy is a critical legal document that governs how your organization collects, uses, and protects personal information submitted through website contact forms. Under New Zealand's Privacy Act 2020, you must provide clear information about your data handling practices whenever you collect personal information from users through digital channels.

When do you need this document?

You need a Contact Form Privacy Policy if your website includes any form that collects personal information from visitors. This includes basic contact forms requesting names and email addresses, detailed inquiry forms collecting business information, subscription forms for newsletters or updates, feedback forms requesting opinions or experiences, and support request forms gathering technical details. The policy is also essential when integrating third-party contact form services or plugins, as you remain responsible for compliance regardless of the technology provider. Any organization operating a website in New Zealand that collects personal information must have this policy in place before going live.

Key legal considerations

Your Contact Form Privacy Policy must address several critical legal requirements to ensure compliance. The policy should clearly identify what personal information you collect, including names, email addresses, phone numbers, and any additional details requested through your forms. You must explain the specific purposes for collecting this information, whether for responding to inquiries, providing services, marketing communications, or business development. The document should detail how you store and secure collected data, including technical and organizational measures to protect against unauthorized access or disclosure. You must also address whether personal information is shared with third parties, such as service providers, marketing platforms, or business partners, and under what circumstances. The policy should explain users' rights under the Privacy Act 2020, including their ability to access, correct, or request deletion of their personal information.

Legal requirements in New Zealand

New Zealand's Privacy Act 2020 establishes specific obligations for organizations collecting personal information through contact forms. The Act requires that you collect personal information directly from individuals where practicable, and you must inform users about the collection at or before the time of collection. Your policy must comply with the 13 Privacy Principles, particularly regarding the purpose of collection, use and disclosure limitations, and security safeguards. If you plan to use collected information for marketing purposes, you may also need to comply with the Unsolicited Electronic Messages Act 2007, which regulates commercial electronic communications. The Fair Trading Act 1986 requires that your privacy statements are accurate and not misleading, while the Contract and Commercial Law Act 2017 supports the legal validity of electronic consent and communications. Your policy should be easily accessible from your contact form and written in clear, plain language that users can understand.

GOVERNING LAW

Applicable law

This Contact Form Privacy Policy is drafted to comply with New Zealand law. Key legislation includes:

Privacy Act 2020: The primary legislation governing privacy in New Zealand, which sets out the privacy principles for collecting, using, storing and disclosing personal information. It includes requirements for transparency, purpose of collection, and data security.
Unsolicited Electronic Messages Act 2007: Regulates commercial electronic messages and spam, particularly relevant if the contact form will be used for marketing communications or newsletter subscriptions.
Contract and Commercial Law Act 2017: Contains provisions about electronic transactions and the legal validity of electronic communications, relevant for online form submissions and digital consent.
Fair Trading Act 1986: Ensures businesses do not engage in misleading or deceptive conduct, which includes making false statements about how personal information will be used.
Privacy (Information Sharing) Regulations: Provides specific requirements for information sharing between agencies and organizations, relevant if collected data will be shared with third parties.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it