The New Zealand Automobile Association Inc ("AA") considers the protection of privacy to be of utmost importance, whether you’re an AA Member, customer or other user of a product/service from the AA or one of our related ventures.
We are committed to providing you with a personalised service that meets your requirements in a way that safeguards your privacy. We appreciate the trust you have placed in us.
This policy explains how we may collect information about you and use it in order to satisfy your particular requirements. It outlines some of the security measures that we take in order to protect your privacy and gives certain assurances on things that we will not do.
This policy was last updated 22 May 2018.
Collection of information
We may collect personal information from you in a number of ways. This includes when you:
- agree to take a service from us. This may include your contact details, date of birth, payment method and possibly bank details
- contact us with an enquiry, or in response to a communication from us, in which case this may tell us something about your preferences.
Use of information
What we will do
We may use personal information about you for a number of purposes, including:
- Assisting to identify you when you telephone us to make an enquiry. We may ask you for your date of birth or telephone number so that we can avoid disclosing information to a person who is not authorised by you to receive it
- Responses to enquiries from you
- Administration and contact about improved administration of any accounts, services and products provided by us previously, now or in the future
- Preventing or detect fraud or loss where we are able
- Contacting you by any means (including mail, email, telephone or text messages) about other services or products, where we think you would appreciate receiving an offer from us
- Carrying out marketing analysis and profiling and creating statistical and testing information
It is our practice to search the Marketing Association Do Not Call and Do Not Mail registers before sending any direct marketing material. If you have registered your details through these channels, you will not receive any direct marketing material from us through the specified mediums.
In some circumstances, we may do certain credit checks with licensed credit reference agencies when you apply to take a service or product. If this is applicable, then it will be stated in the terms and conditions applying to that particular service or product.
When you first provide personal information to us, we will normally give you the opportunity to indicate whether you would prefer us not to contact you in this way. However, you can send us an email at any time to change your preferences or use the unsubscribe links at the bottom of any of our direct marketing email communications.
We may monitor and record communications we receive. This may be done for:
- identifying improvements to the service which we provide
- ensuring compliance with our practices and procedures
- situations where, for example, a contract is entered into by that means, to provide evidence of the transaction.
What we won't do
We will not:
- Send you communications that are not provided for under this policy
- Disclose your personal information (unless authorised to do so) except as mentioned below
- Sell/rent contact information lists to parties who are not part of our business
Use of information
We may disclose information we hold about you to third parties where AA has contracted those third parties for the purpose of:
- providing services you have requested;
- as part of the process of sale of one or more of our businesses;
- where legitimately requested for legal or regulatory purposes;
- as part of legal proceedings; or
- prospective legal proceedings.
We, and other third-party credit organisations, may also access information about you to:
- Help make decisions on credit, or credit related and insurance proposals and claims for you and other members of your household; and
- Check your identity to prevent money laundering unless other satisfactory proof of identity is provided.
Protection of information
We maintain strict security measures in order to protect your personal information. The procedures to protect your privacy include checking your identity when you telephone us, using secure passwords for our computer systems, and encrypting data on our website.
When you provide personal information online it is protected by encryption, so it cannot be read as it is transmitted over the internet between your browser and our server. Our site is secured via an SSL certificate with a 2048 bit RSA key with a SHA256 signed signature.
Access to personal information
The Privacy Act 1993 gives you the right to access and correct personal information held by us. Your information is held securely and will not be disclosed to any other person or organisation unless authorised by you. To query or access any personal information we hold, email us at email@example.com
When AA Members or non-Members contact us to make changes we will need to verify that you are the person authorised to obtain and update personal information. We will therefore ask you for identifying details such as your Membership number (the 16-digit number found on your AA Membership card) if appropriate, surname and date of birth.
If you are unable to satisfy the identification requirements, you will not be able to access or change the information
Cookies are pieces of information that a website transfers to your device’s hard disk for record keeping purposes. They help us to understand how visitors use our website so we can develop and improve the design, layout and functionality of the site.
We may match your cookies information to what we know about you for analysis purposes. We can use such analysis to improve the functionality and your experience of the website.
If you do not want us to deploy cookies into your browser, you can set your browser to reject cookies, or to notify you when a website tries to put a cookie on your computer. However, rejecting cookies may affect your ability to use some of the products and/or services at our website.
Credit card details
In line with credit card data security standards when you pay AA using a credit card on line, in store or by telephone your credit card information is not stored by AA.
The New Zealand Automobile Association (AA) includes itself and any division, subsidiary, third party under contract, or joint venture companies including AA Financial Services, AA Insurance and AA Life.
AA Members agree to abide by the rules of The New Zealand Automobile Association Incorporated. Copies are available from any AA Centre or online.
The Member understands that the information provided may be used by the AA for administrative purposes and for the purpose of providing the Member with information relating to products and services from time to time. Where any Member is an Associate Member, products and services may be offered to both Members in the household jointly or singularly.
For people located in Europe
This information lets you know how the AA will process your personal information as a Data Controller.
If you are an individual based in the European Union (“EU”), where your details are provided to the AA in connection with providing or offering products or services to you, you have the following additional rights in accordance with the General Data Protection Regulation (GDPR):
EU Data Subject Rights
In certain circumstances you may exercise the following rights in relation to your personal information:
- Right to access your personal information (Art 15 GDPR).
- Right to rectify your personal information (Art 16 GDPR).
- Right to request that your personal information is erased (Art 17 GDPR).
- Right to restrict the use of your personal information (Art 18 GDPR).
- Right to data portability (in certain specific circumstances) (Art 20 GDPR).
- Right to object to processing of your personal information (Art 21 GDPR).
Where you have provided your consent to processing (e.g. to receive information about products and services), you may withdraw your consent at any time by emailing firstname.lastname@example.org
How long we keep your information
The AA will retain your personal information for as long as is required to perform the service or for the purposes for which the data was collected, depending on the legal basis for which that data was obtained.
Where the AA requires your personal information to comply with contractual or other legal requirements, failure to provide this information may mean the AA will not be able to provide certain services.
Legal Basis for Processing under the GDPR
In this section we provide information on the legal basis for our processing of your Personal Data as required by Art 13 and 14 of the GDPR:
When you register your information online, such processing is necessary for the performance of our services, Art 6 (1) (b) GDPR.
For sensitive data (including biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art 9(2)(a) GDPR.
For non-sensitive Personal Data which we need in order to perform the services, such processing is necessary for the performance of our Services, Art 6 (1) (b) GDPR.
With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, and our legitimate interest is to enhance our services.
When you communicate with us or sign up for promotional material, we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages.
When we leverage and/or collect cookies, device IDs, Location Data, data from the environment, and other tracking technologies, we process such data on the basis of your consent, Art 6 (1) (a) GDPR, and based on our legitimate interest, Art 6 (1) (f) GDPR, our legitimate interest is to provide you with better services or marketing.
When we aggregate data, such processing is either necessary for the performance of our services, Art 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customised Services and marketing.
Additional use of Personal Data
This Policy applies to personal information held about individuals. It does not apply to information we hold about companies and other organisations. The Office of the Privacy Commissioner has further details of the New Zealand Privacy Act 1993 and how it protects personal information in New Zealand.
The Association Secretary
PO Box 5