Security is not just a feature, it’s part of our DNA.

As a third party provider who manages and stores your sensitive information, First AML takes data storage and data flows very seriously. Our systems and processes are audited and stress tested to ensure we are meeting international standards.

From start to finish

End to end data flow encryption

When gathering sensitive information, we use secure data capture forms which are fully encrypted and sent directly to our secure database once submitted. Part of this process involves obtaining consent to use data only for the specific purpose of completing Customer Due Diligence checks.

Safe and sound

Data management and security

All data is held on secure servers with round the clock security and cannot be accessed by anyone outside of First AML.

Privacy policy details

Privacy policy general

This policy sets out how we will collect, use, disclose and protect your personal information.

First AML Limited (“First AML”) complies with the New Zealand Privacy Act 1993 (the Act) and the Australian Privacy Act 1998 when dealing with personal information.  Personal information is information about an identifiable individual (a natural person).

This policy does not limit or exclude any of your rights under the Act.  If you wish to seek further information on the Acts, see www.privacy.org.nz for New Zealand or https://www.oaic.gov.au/privacy/the-privacy-act/ for Australia.

Physical address

Level 4, 125 St George’s Bay Road, Parnell, Auckland.

Information we will be collecting

In accordance with the legislation, we are required to verify your name, DOB and address. We will be collecting this by asking for your Identification Documents such as a Passport or Driver’s License.

If information not provided

If the requested information is not provided by the client, First AML may not be able to complete customer due diligence.

Changes to this policy

We may change this policy by uploading a revised policy onto the website.  The change will apply from the date that we upload the revised policy.

Who do we collect your personal data from?

We collect personal information about you from:

  • Reporting Entities where you have authorised the Reporting Entity to provide us with personal information,
  • You, when you provide that personal information to us, including via our website, electronic forms or through any contact with us (e.g. telephone call, mail or email).

Disclosing your personal information

We may disclose your personal information to:

  • Reporting Entity with whom you have an established relationship.
  • A person who can require us to supply your personal information (e.g. a regulatory authority.)
  • Any other person authorised by the Act or another law (e.g. a law enforcement agency.)
  • Any other person authorised by you.

Protecting your personal information

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.

Accessing and correcting your personal information

You may contact us to access your readily retrievable personal information that we hold and to request a correction to your personal information.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.  If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

Data management and security

We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other Personal information is held on secure servers located in the US, in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

Data held cannot be seen by anyone outside of First AML. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.

Your consent

By accessing this website or by submitting information to First AML, you consent to First AML collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.