Book a demo Log in / Sign up

Privacy Information Notice Template for New Zealand

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Information Notice?

A Privacy Information Notice is a crucial compliance document required under New Zealand's Privacy Act 2020. Organizations must provide this notice to individuals when collecting personal information to ensure transparency and compliance with privacy principles. The notice should be provided at or before the time of data collection, or as soon as practicable thereafter. It must detail what personal information is being collected, how it will be used and stored, who it will be shared with, and how individuals can access and correct their information. The document needs regular review and updates to reflect any changes in data handling practices or regulatory requirements. For organizations operating internationally, the Privacy Information Notice may need to address additional requirements from other jurisdictions while maintaining compliance with New Zealand law.

Frequently Asked Questions

Is a Privacy Information Notice legally required under New Zealand law?

Yes, Privacy Information Notices are mandatory under New Zealand's Privacy Act 2020. Organizations must provide this notice when collecting personal information directly from individuals, explaining what information is collected, how it's used, and individuals' rights. Failure to provide adequate privacy information can result in Privacy Commissioner investigations and penalties.

Can I be fined if my Privacy Information Notice is missing or incomplete in New Zealand?

Yes, incomplete or missing Privacy Information Notices can lead to Privacy Commissioner complaints and enforcement action under the Privacy Act 2020. The Privacy Commissioner can issue compliance notices, and serious breaches may result in penalties up to $10,000 for individuals or $50,000 for organizations.

How is a Privacy Information Notice different from a Privacy Policy in New Zealand?

A Privacy Information Notice is provided at the point of collection and explains specific collection practices, while a Privacy Policy is a broader document covering all privacy practices organization-wide. The Notice focuses on immediate collection transparency, whereas the Policy provides comprehensive privacy governance information.

How long does it typically take to prepare a Privacy Information Notice for New Zealand businesses?

Simple notices for basic data collection can be drafted in 1-2 hours using templates. More complex organizations with multiple data collection points, third-party sharing, or international transfers may require 1-2 days for comprehensive notice development and legal review.

Which New Zealand privacy principles must be addressed in a Privacy Information Notice?

Privacy Information Notices must primarily address Privacy Principles 3 (collection from individual) and 4 (manner of collection). They should cover purpose of collection, intended recipients, consequences of not providing information, and individuals' rights to access and correct their personal information under the Privacy Act 2020.

Can overseas companies skip Privacy Information Notices when collecting data from New Zealanders?

No, the Privacy Act 2020 applies to overseas organizations that carry on business in New Zealand or collect personal information in New Zealand. Foreign companies must provide Privacy Information Notices when collecting personal information from New Zealand residents, regardless of where the company is based.

Should Privacy Information Notices mention third-party data sharing with overseas recipients?

Yes, Privacy Information Notices must disclose if personal information will be shared with third parties, including overseas recipients. Under Privacy Principle 11, organizations must ensure overseas recipients provide comparable privacy protection or obtain individual consent for international transfers.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

New Zealand

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Privacy Information Notice

A Privacy Information Notice is a legal requirement under New Zealand's Privacy Act 2020 that ensures organizations transparently communicate their data collection and handling practices to individuals. This document serves as your primary tool for compliance with privacy principles and helps build trust with customers, employees, and other data subjects by clearly explaining how their personal information will be managed.

When do you need this document?

You must provide a Privacy Information Notice whenever you collect personal information from individuals, whether directly through forms, surveys, or applications, or indirectly through third parties, website analytics, or CCTV systems. This applies to businesses collecting customer data, employers gathering employee information, healthcare providers handling patient records, educational institutions managing student data, and any organization conducting marketing activities or operating websites that collect user information. The notice must be provided at or before the time of collection, or as soon as practicable thereafter.

Key legal considerations

Your Privacy Information Notice must clearly identify your organization as the data controller and specify the types of personal information being collected, including sensitive information like health records or financial data. The document should detail all purposes for collection and use, ensuring these align with Privacy Principle 3 requirements for collection limitations. You must explain your data retention policies, security measures, and any automated decision-making processes. The notice should also cover your policies for sharing information with third parties, including service providers and overseas recipients, and clearly explain individuals' rights to access, correct, and complain about their personal information handling.

Legal requirements in New Zealand

Under the Privacy Act 2020, your Privacy Information Notice must comply with all 13 privacy principles, particularly Principles 2 and 3 regarding collection from individuals and collection purposes. The notice must be written in plain language that individuals can reasonably understand and be readily available when collecting information. For online collection, this means prominent placement on websites and digital platforms. If you transfer personal information overseas, you must comply with Privacy Principle 11 and may need additional safeguards. Organizations sending commercial electronic messages must also consider the Unsolicited Electronic Messages Act 2007 requirements. The Privacy Commissioner has enforcement powers including investigation authority and penalty provisions up to $10,000 for individuals and $100,000 for organizations, making compliance essential for avoiding regulatory action.

GOVERNING LAW

Applicable law

This Privacy Information Notice is drafted to comply with New Zealand law. Key legislation includes:

Privacy Act 2020: The primary legislation governing privacy in New Zealand, which sets out 13 privacy principles covering the collection, storage, use, disclosure, and access to personal information
Unsolicited Electronic Messages Act 2007: Regulates commercial electronic messages and requires consent for sending commercial messages, which is relevant for privacy notices involving marketing communications
Privacy (Cross-border Disclosure of Personal Information) Amendment Act: Provides framework for international transfer of personal information and the obligations when sharing data across borders
Electronic Transactions Act 2002: Governs electronic transactions and digital communications, relevant for online privacy notices and electronic consent mechanisms
EU General Data Protection Regulation (GDPR): While not NZ law, it's often considered as a best practice standard and may be relevant if the organization deals with EU residents or data

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it