When gathering sensitive information, we use secure data capture forms which are fully encrypted and sent directly to our secure database once submitted. Part of this process involves obtaining consent to use data only for the specific purpose of completing Customer Due Diligence checks.
Security is not just a feature, it’s part of our DNA.
As a third party provider who manages and stores your sensitive information, First AML takes data storage and data flows very seriously. Our systems and processes are audited and stress tested to ensure we are meeting international standards.
From start to finish
End to end data flow encryption
Safe and sound
Data management and security
This policy sets out how we will collect, use, disclose and protect your personal information.
First AML Limited (“First AML”) complies with the New Zealand Privacy Act 1993 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
Level 4, 125 St George’s Bay Road, Parnell, Auckland.
In accordance with the legislation, we are required to verify your name, DOB and address. We will be collecting this by asking for your Identification Documents such as a Passport or Driver’s License.
If the requested information is not provided by the client, First AML may not be able to complete customer due diligence.
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
We collect personal information about you from:
- Reporting Entities where you have authorised the Reporting Entity to provide us with personal information,
- You, when you provide that personal information to us, including via our website, electronic forms or through any contact with us (e.g. telephone call, mail or email).
We may disclose your personal information to:
- Reporting Entity with whom you have an established relationship.
- A person who can require us to supply your personal information (e.g. a regulatory authority.)
- Any other person authorised by the Act or another law (e.g. a law enforcement agency.)
- Any other person authorised by you.
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
You may contact us to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other Personal information is held on secure servers located in the US, in data centres that are SOC 1, SOC 2 and ISO 270001 certified. The data centres have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.
Data held cannot be seen by anyone outside of First AML. Data is encrypted when it is sent to and from our servers, as well as when it is at rest. To protect data in transit, 256-bit SSL/TLS encryption is used. At rest, data is protected using 256-bit AES encryption.
By accessing this website or by submitting information to First AML, you consent to First AML collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.