Privacy policy

First AML Limited (“First AML”) complies with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information.  Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect your personal information.
This policy does not limit or exclude any of your rights under the Act.  If you wish to seek further information on the Act, see www.privacy.org.nz

Changes to this policy

We may change this policy by uploading a revised policy onto the website.  The change will apply from the date that we upload the revised policy.

Who do we collect your personal data from?

We collect personal information about you from:
• Reporting Entities where you have authorised the Reporting Entity to provide us with personal information, 
• You, when you provide that personal information to us, including via our website, electronic forms or through any contact with us (e.g. telephone call, mail or email).

How we use your personal data

We will use your personal information:
• to conduct customer due diligence on you or an Entity you are associated with on behalf of a Reporting Entity in accordance with the AML/CFT Act 2009, and/or
• to verify your identity, and/or
• for any other purpose authorised by you or the Act.

Disclosing your personal information

We may disclose your personal information to: 
• a Reporting Entity with whom you have an established relationship
• a person who can require us to supply your personal information (e.g. a regulatory authority)
• any other person authorised by the Act or another law (e.g. a law enforcement agency)
• any other person authorised by you.

Protecting your personal information

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

Protecting your personal information

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

Accessing and correcting your personal information

to access your readily retrievable personal information that we hold and to request a correction to your personal information.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.  If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

Data management and security

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other Personal information is held on secure servers located in the US, in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.
Data held cannot be seen by anyone outside of First AML. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.

Your consent

By accessing this website or by submitting information to First AML, you consent to First AML collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.