Updated: 31 August 2021
This Privacy Notice applies when you grant ongoing consent for Akahu to access your account(s).
If you grant one-off consent for Akahu to access your account(s), this Privacy Notice does not apply. You should instead review the relevant notice at akahu.io/privacy-notice-oneoff.
This plain English section is here to provide a simple explanation of the most important questions that you might have about Akahu. However this plain English section is not legally binding. The remaining sections of this Privacy Notice below are the legal terms that apply.
Welcome to Akahu. We take the privacy and protection of your data seriously. We want you to clearly understand how we collect, use, store, disclose, and otherwise process information about you. That's what this privacy notice is for, so please read it carefully and feel free to contact us if you have any questions - our contact details are at the end of this notice.
In this notice, 'Akahu', 'we', 'us' and 'our' is Akahu Technologies Limited and 'you' and 'your' is you - the person using an app that integrates with our services, or using our services directly.
You should also read our End User Terms, as they are an agreement between you and us, and include important information about your use of our services.
We may update this notice from time to time, and the updated notice will apply from the time it is posted to our website. You may view an up-to-date copy of this notice at any time at akahu.io/privacy-notice-ongoing. If you do not agree to any changes, you must stop using our services.
You may choose not to provide us with information about you, but if you don't, we may not be able to provide any of our services to you, and functionality within third party applications that rely on our services may not be available to you.
To understand what information we collect and how we use it, you first need to understand how our services work. This is set out in detail in our End User Terms, but we’ve included a summary below.
Akahu is an open finance platform. We make it simple to access the data that organisations hold about you, and to share that data with trusted third parties of your choice. Our services allow you to connect your data sources (such as a bank account) to Akahu in order to exchange specific data with third party apps (such as a new financial service that you want to join) ('Third Party App').
For Third Party Apps: Akahu provides software that app developers use to enable functionality within their Third Party Apps, such as:
For you: Akahu provides an interface for you to connect accounts and consent to sharing specified data with Third Party Apps. If you provide a Third Party App with ongoing consent to access your account, you will connect the relevant account(s) to Akahu, then Akahu will retrieve or send the specified data on behalf of the Third Party App. For example, you might consent to sharing your bank transaction data on a daily basis with a Third Party App that enriches and categorises your spending.
Third Party Apps that collect your data will do so in accordance with their own terms and privacy policies - you should read those terms and policies carefully as we do not control how those providers engage with you or use your data.
The purpose of Akahu is to empower consumers to control their data. If you have granted ongoing consent, you can log in at my.akahu.nz to exercise visibility and control over accounts that you’ve connected to Akahu.
In MyAkahu you can:
If you haven't already created or confirmed your Akahu account, you'll need to do that first - follow the instructions on the website.
We may collect the following types of information.
Information you provide which may include:
Information we collect from accounts you connect to Akahu, which may include:
We will collect information from your accounts until you revoke access or your consent expires.
Information we receive from other sources - we may also receive information about you directly from Third Party Apps and other third parties, including our service providers.
When you agree to our End User Terms and connect an account to Akahu, you give us the authority to act on your behalf to exchange your data to and from the provider of the accounts you have connected to Akahu within the scope of this Privacy Notice.
When you grant consent for Akahu to exchange specific data with a Third Party App, our most common use is to exchange that data between the account(s) you have connected to Akahu and that Third Party App. For example, you might consent to sharing your bank transaction data with a Third Party App that categorises your spending. Akahu's role is to facilitate and automate that data exchange.
We also may use your information:
We may share your information:
Sometimes the people we disclose your information to will be located outside New Zealand and may not be subject to laws that provide a comparable level of protection to New Zealand's Privacy Act 2020 (Privacy Act). By using Akahu or a Third Party App, you are authorising us to transfer your personal information overseas. We will use reasonable endeavours to ensure people we disclose your information to overseas protect it in a way comparable to the protections under the Privacy Act, such as including provisions in our contracts with them or by checking to ensure they are subject to laws with equivalent protections.
Many organisations verify the identity of their customers before they provide services to them.
To streamline identity verification processes, Akahu enables Third Party Apps to access your data (with your consent) from your connected account(s) (such as your bank account) and other sources (such information we collect directly from you), to help you to verify your identity electronically. For example, a Third Party App may request your name, date of birth, address, and your driver licence details, which Akahu may help to collect and/or verify from data sources that you connect to Akahu.
Your information will be stored in data centres that are owned either by us or our related companies or our external service providers. We currently use Australian-based data centres. We use a range of physical and electronic data security measures to protect information from loss and unauthorised use, access, modification, or disclosure.
We will delete your information when we no longer need it for the purposes for which it was collected.
When you grant ongoing consent for Akahu to access your account(s):
We will not delete information we are required by law or regulatory obligations to retain.
You can request access to and correction of personal information we hold about you by contacting us - our details are at the end of this notice.
Under the Privacy Act, in some circumstances we do not have to give you access to or correct your personal information. If that is the case, we will explain why and provide information about how you can complain should you wish to do so.
We hope that you won't have any issues with how we process your data, but if you do, you can get hold of us using the contact details at the end of this notice. We'll do our best to work with you to resolve the complaint.
You can also complain to the Privacy Commissioner if you're not happy with how we're handling things - see privacy.org.nz for more details.
We're always keen to hear from you. You can get hold of us at firstname.lastname@example.org.