Privacy Policy

Version 1.0 Effective: 14 April 2026 Last reviewed: 14 April 2026

This Privacy Policy explains how Commercial Collections Limited ("we," "us," or "our"), a commercial debt collection company operating in New Zealand (Company Number: 9283382, NZBN: 9429052403897), collects, uses, stores, and discloses personal information.

We handle personal information in accordance with the New Zealand Privacy Act 2020, the Credit Reporting Privacy Code 2020, and other applicable New Zealand laws. This policy describes our practices so that individuals we deal with — including debtors, clients, and website visitors — can understand how their information is managed.

1. Information We Collect

We collect personal information that is necessary for us to perform our debt collection services and operate our business. This may include:

Contact Information: Name, address, phone number, email address.

Identification Information: Details necessary to verify identity, such as confirming name, address, or a reference number associated with the debt.

Financial Information: Details about the debt, payment history, bank account details (for payment processing or verification), and credit history information (where lawfully obtained).

Communication Records: Records of correspondence, including emails, letters, and recordings of voice calls and video calls to and from our company.

Publicly Available Information: Information obtained from public registers or sources (e.g., Companies Office, PPSR).

Technical Information: IP address, browser type, and operating system when you visit our website.

Information from Third Parties: Information provided to us by our clients (the creditors) or other third parties involved in the debt recovery process (e.g., credit reporting agencies, legal representatives).

2. How We Collect Information

We collect information in various ways, including:

Directly from You: When you communicate with us by phone, email, mail, or through our website.

From Our Clients: The individuals or businesses who have engaged us to collect a debt.

From Third Parties: Such as credit reporting agencies, financial institutions, government agencies, or public registers.

Automatically: Through website technologies (like cookies) or when you make a phone call or video call to us.

3. Purpose of Collection and Use of Information

We collect and use personal information for the following purposes:

  • To provide our debt collection services to our clients.
  • To verify identity.
  • To communicate regarding the debt.
  • To negotiate payment arrangements and process payments.
  • To locate individuals where necessary.
  • To comply with our legal and regulatory obligations, including obligations under the Credit Reporting Privacy Code 2020.
  • To manage and resolve disputes.
  • To improve our services and internal processes.
  • For internal record-keeping and administrative purposes.
  • For quality assurance, training, and compliance purposes, including the recording of voice and video calls.

4. Use of Artificial Intelligence

We use artificial intelligence (AI) tools to support and enhance our work. AI may assist us with tasks such as data analysis, drafting and reviewing communications, transcription and summarisation, workflow automation, and internal decision support.

In the course of these activities, personal information we hold may be processed by AI systems, including systems provided by trusted third-party service providers. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, including contractual protections consistent with our obligations under the Privacy Act 2020. Decisions that materially affect an individual remain subject to human judgement; AI is used to inform our work, not to replace it.

Where AI services involve processing outside New Zealand, the protections described in section 6 apply.

5. Disclosure of Information

We may disclose personal information to:

Our Clients: The individuals or businesses to whom the debt is owed.

Service Providers: Third-party service providers who assist us in our operations (e.g., IT support, AI service providers, payment processors, mailing services, legal advisors, process servers, cloud hosting services). These providers are bound by confidentiality and data-handling obligations.

Credit Reporting Agencies: In accordance with the Privacy Act 2020 and the Credit Reporting Privacy Code 2020.

Financial Institutions: For payment processing or verification.

Regulatory Bodies and Law Enforcement: Where required by law or to comply with a court order.

Other Parties: With consent or as otherwise permitted by law.

We may also transfer information in the case of a sale, merger, consolidation, liquidation, reorganisation, or acquisition.

We do not sell, rent, or lease personal information to third parties.

6. Storage and Cross-Border Data Transfers

Personal information we hold is primarily stored on our collections management platform, which is hosted in New Zealand or in other jurisdictions whose privacy laws are considered comparable to the New Zealand Privacy Act 2020 (for example, Australia and countries within the European Union/United Kingdom).

Some of our service providers process information in Australia and the United States. The United States does not have privacy laws that are considered comparable to the New Zealand Privacy Act 2020 across the board. In these cases, we comply with our obligations under the Act by ensuring that the recipient is subject to privacy safeguards that are comparable to those in New Zealand law. This is supported by contractual agreements (such as Data Processing Addendums) that require these providers to protect personal information to a high standard, and by the use of providers who hold internationally recognised security certifications such as ISO 27001 and SOC 2.

We take reasonable steps to ensure that any overseas recipient of personal information is subject to privacy obligations that are substantially similar to those in the Privacy Act 2020.

7. Security and Retention of Information

We take reasonable steps to protect personal information from loss, unauthorised access, modification, or disclosure. This includes:

  • Implementing physical, electronic, and procedural safeguards.
  • Using secure servers and encryption where appropriate.
  • Restricting access to personal information to authorised personnel only.

We retain personal information only for as long as it is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or regulatory requirements. When personal information is no longer required, we take reasonable steps to securely destroy it or permanently de-identify it.

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

8. Your Rights

Subject to the grounds for refusal set out in the Privacy Act 2020, you have the right to request access to readily retrievable personal information that we hold about you, and to request correction of that information.

Before we act on a request, we require evidence sufficient to confirm that you are the individual to whom the personal information relates. This is to protect against unauthorised disclosure.

In respect of a request for correction, if we consider the correction is reasonable and we are reasonably able to make the change, we will do so. If we do not make the correction, we will take reasonable steps to note on the personal information that a correction was requested.

To exercise either of these rights, contact us via the contact page on this website. Your request should:

  • Provide evidence of your identity; and
  • Set out the details of your request (e.g. the personal information you are seeking access to, or the correction you are requesting).

We do not charge for making an access or correction request. However, as permitted by the Privacy Act 2020, a reasonable charge may apply where a request involves providing additional copies of information already supplied, or in other limited circumstances permitted by the Act. Where any charge is to be made, we will tell you before proceeding so that you can decide whether to continue with the request.

9. Complaints

If you have a concern about how we have handled your personal information, please contact us in the first instance. We will investigate and endeavour to resolve the matter promptly.

If you are not satisfied with our response, you have the right to make a complaint to the Office of the Privacy Commissioner in New Zealand.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website, and we encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us using the contact form on this website.

Commercial Collections Limited