Privacy Policy
Effective: 11 September 2025
This Privacy Policy outlines how Commercial Collections Limited ("we," "us," or "our"), a commercial debt collection company operating in New Zealand (Company Number: 9283382, NZBN: 9429052403897), collects, uses, stores, and discloses your personal information.
We are committed to protecting your privacy and handling your personal information in accordance with the New Zealand Privacy Act 2020 and other applicable laws.
By interacting with us, you agree to the terms of this Privacy Policy.
1. Information We Collect
We collect personal information that is necessary for us to perform our debt collection services and operate our business.
This may include:
Contact Information: Name, address, phone number, email address.
Identification Information: Date of birth, driver's license number, passport number, or other identification details necessary for verification.
Financial Information: Details about the debt, payment history, bank account details (for payment processing or verification), and credit history information (where lawfully obtained).
Communication Records: Records of correspondence, including emails, letters, and recordings of voice calls and video calls to and from our company.
Publicly Available Information: Information obtained from public registers or sources (e.g., Companies Office, PPSR).
Technical Information: IP address, browser type, and operating system when you visit our website.
Information from Third Parties: Information provided to us by our clients (the creditors) or other third parties involved in the debt recovery process (e.g., credit reporting agencies, legal representatives).
2. How We Collect Information
We collect information in various ways, including:
Directly from You: When you communicate with us by phone, email, mail, or through our website.
From Our Clients: The individuals or businesses who have engaged us to collect a debt.
From Third Parties: Such as credit reporting agencies, financial institutions, government agencies, or public registers.
Automatically: Through website technologies (like cookies) or when you make a phone call or video call to us.
3. Purpose of Collection and Use of Information
We collect and use your personal information for the following purposes:
To provide our debt collection services to our clients.
To verify your identity.
To communicate with you regarding the debt.
To negotiate payment arrangements and process payments.
To locate you if necessary.
To comply with our legal and regulatory obligations.
To manage and resolve disputes.
To improve our services and internal processes.
For internal record-keeping and administrative purposes.
For quality assurance, training, and compliance purposes, we record voice calls and video calls made to and from our company.
To enhance the efficiency and effectiveness of our operations, we utilise artificial intelligence (AI) in our work. This may involve AI assisting with data analysis, communication strategies, process optimisation, and document workflows.
4. Disclosure of Information
We may disclose your personal information to:
Our Clients: The individuals or businesses to whom the debt is owed.
Service Providers: Third-party service providers who assist us in our operations (e.g., IT support, payment processors, mailing services, legal advisors, process servers, cloud hosting services). These providers are bound by confidentiality agreements.
Credit Reporting Agencies: In accordance with the Privacy Act 2020 and relevant credit reporting codes.
Financial Institutions: For payment processing or verification.
Regulatory Bodies and Law Enforcement: Where required by law or to comply with a court order.
Other Parties: With your consent or as otherwise permitted by law.
We may also transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We will not sell, rent, or lease your personal information to third parties.
5. Cross-Border Data Transfers
In order to provide our services, your personal information may be transferred to, and stored on, our collections management platform hosted in various countries, including but not limited to Australia, the United States, and countries in Europe.
Some of these countries may not have privacy laws that are considered 'comparable' to the New Zealand Privacy Act 2020. In these cases, we comply with our obligations under the Act by ensuring that the recipient of the information is subject to privacy safeguards that are comparable to those in New Zealand law. We do this through contractual agreements (such as Data Processing Addendums) that require these service providers to protect your personal information to a high standard. Our service providers demonstrate their commitment to security through internationally recognised certifications, such as ISO 27001 and SOC 2.
We take reasonable steps to ensure that any overseas recipient of your personal information is subject to privacy obligations that are substantially similar to those in the Privacy Act 2020.
6. Storage and Security of Information:
We take reasonable steps to protect your personal information from loss, unauthorised access, modification, or disclosure.
This includes:
Implementing physical, electronic, and procedural safeguards.
Using secure servers and encryption where appropriate.
Restricting access to personal information to authorised personnel only.
We retain personal information only for as long as it is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or regulatory requirements. When your personal information is no longer required, we will take reasonable steps to securely destroy it or permanently de-identify it.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
7. Your Rights
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information.
Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.
If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us via our contact page on this website.
Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
8. Complaints
If you have a concern about how we have handled your personal information, please contact us in the first instance.
We will investigate your complaint and endeavour to resolve it promptly.
If you are not satisfied with our response, you have the right to make a complaint to the Office of the Privacy Commissioner in New Zealand.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
We will notify you of any significant changes by posting the updated policy on our website.
We encourage you to review this policy periodically.
10. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us using the contact form on this website.
Commercial Collections Limited
Effective: 11 September 2025
This Privacy Policy outlines how Commercial Collections Limited ("we," "us," or "our"), a commercial debt collection company operating in New Zealand (Company Number: 9283382, NZBN: 9429052403897), collects, uses, stores, and discloses your personal information.
We are committed to protecting your privacy and handling your personal information in accordance with the New Zealand Privacy Act 2020 and other applicable laws.
By interacting with us, you agree to the terms of this Privacy Policy.
1. Information We Collect
We collect personal information that is necessary for us to perform our debt collection services and operate our business.
This may include:
Contact Information: Name, address, phone number, email address.
Identification Information: Date of birth, driver's license number, passport number, or other identification details necessary for verification.
Financial Information: Details about the debt, payment history, bank account details (for payment processing or verification), and credit history information (where lawfully obtained).
Communication Records: Records of correspondence, including emails, letters, and recordings of voice calls and video calls to and from our company.
Publicly Available Information: Information obtained from public registers or sources (e.g., Companies Office, PPSR).
Technical Information: IP address, browser type, and operating system when you visit our website.
Information from Third Parties: Information provided to us by our clients (the creditors) or other third parties involved in the debt recovery process (e.g., credit reporting agencies, legal representatives).
2. How We Collect Information
We collect information in various ways, including:
Directly from You: When you communicate with us by phone, email, mail, or through our website.
From Our Clients: The individuals or businesses who have engaged us to collect a debt.
From Third Parties: Such as credit reporting agencies, financial institutions, government agencies, or public registers.
Automatically: Through website technologies (like cookies) or when you make a phone call or video call to us.
3. Purpose of Collection and Use of Information
We collect and use your personal information for the following purposes:
To provide our debt collection services to our clients.
To verify your identity.
To communicate with you regarding the debt.
To negotiate payment arrangements and process payments.
To locate you if necessary.
To comply with our legal and regulatory obligations.
To manage and resolve disputes.
To improve our services and internal processes.
For internal record-keeping and administrative purposes.
For quality assurance, training, and compliance purposes, we record voice calls and video calls made to and from our company.
To enhance the efficiency and effectiveness of our operations, we utilise artificial intelligence (AI) in our work. This may involve AI assisting with data analysis, communication strategies, process optimisation, and document workflows.
4. Disclosure of Information
We may disclose your personal information to:
Our Clients: The individuals or businesses to whom the debt is owed.
Service Providers: Third-party service providers who assist us in our operations (e.g., IT support, payment processors, mailing services, legal advisors, process servers, cloud hosting services). These providers are bound by confidentiality agreements.
Credit Reporting Agencies: In accordance with the Privacy Act 2020 and relevant credit reporting codes.
Financial Institutions: For payment processing or verification.
Regulatory Bodies and Law Enforcement: Where required by law or to comply with a court order.
Other Parties: With your consent or as otherwise permitted by law.
We may also transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We will not sell, rent, or lease your personal information to third parties.
5. Cross-Border Data Transfers
In order to provide our services, your personal information may be transferred to, and stored on, our collections management platform hosted in various countries, including but not limited to Australia, the United States, and countries in Europe.
Some of these countries may not have privacy laws that are considered 'comparable' to the New Zealand Privacy Act 2020. In these cases, we comply with our obligations under the Act by ensuring that the recipient of the information is subject to privacy safeguards that are comparable to those in New Zealand law. We do this through contractual agreements (such as Data Processing Addendums) that require these service providers to protect your personal information to a high standard. Our service providers demonstrate their commitment to security through internationally recognised certifications, such as ISO 27001 and SOC 2.
We take reasonable steps to ensure that any overseas recipient of your personal information is subject to privacy obligations that are substantially similar to those in the Privacy Act 2020.
6. Storage and Security of Information:
We take reasonable steps to protect your personal information from loss, unauthorised access, modification, or disclosure.
This includes:
Implementing physical, electronic, and procedural safeguards.
Using secure servers and encryption where appropriate.
Restricting access to personal information to authorised personnel only.
We retain personal information only for as long as it is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or regulatory requirements. When your personal information is no longer required, we will take reasonable steps to securely destroy it or permanently de-identify it.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
7. Your Rights
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information.
Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction.
If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us via our contact page on this website.
Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
8. Complaints
If you have a concern about how we have handled your personal information, please contact us in the first instance.
We will investigate your complaint and endeavour to resolve it promptly.
If you are not satisfied with our response, you have the right to make a complaint to the Office of the Privacy Commissioner in New Zealand.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
We will notify you of any significant changes by posting the updated policy on our website.
We encourage you to review this policy periodically.
10. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us using the contact form on this website.
Commercial Collections Limited