For Consumers
For Developers
About Us
Contact Us
LOGIN
For Consumers
For Developers
About Us
Contact Us
LOGIN

Privacy Notice - Ongoing Consent

Updated: 24 June 2021

Ongoing consent

This Privacy Notice applies when you grant ongoing consent for Akahu to access your account(s). 

If you grant one-off consent for Akahu to access your account(s), this Privacy Notice does not apply. You should instead review the relevant notice at akahu.io/privacy-notice-oneoff.

Plain English section

This plain English section is here to provide a simple explanation of the most important questions that you might have about Akahu. However this plain English section is not legally binding. The remaining sections of this Privacy Notice below are the legal terms that apply. 

  • Consent: Akahu will obtain your consent before carrying out any instruction regarding your accounts.
  • Privacy: Akahu does NOT sell or rent your data for research or marketing purposes. 
  • Storing your data: If you grant ongoing consent to Akahu in relation to your accounts, we will store your data and your login credentials (in order to carry out your ongoing instructions) until you revoke your consent or request that we delete your data. 
  • Data minimisation: When you instruct Akahu to exchange your data with a 3rd party, we aim to minimise any data shared with that 3rd party. For example, if the 3rd party wants to verify your income, we’ll aim to retrieve your transaction data and filter non-relevant transactions to reduce oversharing.

Introduction

Welcome to Akahu. We take the privacy and protection of your data seriously. We want you to clearly understand how we collect, use, store, disclose, and otherwise process information about you. That's what this privacy notice is for, so please read it carefully and feel free to contact us if you have any questions - our contact details are at the end of this notice.

In this notice, 'Akahu', 'we', 'us' and 'our' is Akahu Technologies Limited and 'you' and 'your' is you - the person using an app that integrates with our services, or using our services directly.  

You should also read our End User Terms, as they are an agreement between you and us, and include important information about your use of our services.

We may update this notice from time to time, and the updated notice will apply from the time it is posted to our website. You may view an up-to-date copy of this notice at any time at akahu.io/privacy-notice-ongoing. If you do not agree to any changes, you must stop using our services.

You may choose not to provide us with information about you, but if you don't, we may not be able to provide any of our services to you, and functionality within third party applications that rely on our services may not be available to you.

Background

To understand what information we collect and how we use it, you first need to understand how our services work.  This is set out in detail in our End User Terms, but we’ve included a summary below.

Akahu is an open finance platform. We make it simple to access the data that organisations hold about you, and to share that data with trusted third parties of your choice. Our services allow you to connect your data sources (such as a bank account) to Akahu in order to exchange specific data with third party apps (such as a new financial service that you want to join) ('Third Party App').

For Third Party Apps: Akahu provides software that app developers use to enable functionality within their Third Party Apps, such as:

  • linking transaction data or balances from accounts you connect to Akahu (such as your bank account);
  • initiating payments in a Third Party App; and 
  • verifying your identity.

For you: Akahu provides an interface for you to connect accounts and consent to sharing specified data with Third Party Apps. If you provide a Third Party App with ongoing consent to access your account, you will connect the relevant account(s) to Akahu, then Akahu will retrieve or send the specified data on behalf of the Third Party App. For example, you might consent to sharing your bank transaction data on a daily basis with a Third Party App that enriches and categorises your spending. 

Third Party Apps that collect your data will do so in accordance with their own terms and privacy policies - you should read those terms and policies carefully as we do not control how those providers engage with you or use your data.

MyAkahu

The purpose of Akahu is to empower consumers to control and leverage their data. If you have granted ongoing consent, you can log in at my.akahu.nz to exercise visibility and control over accounts that you’ve connected to Akahu.

In MyAkahu you can:

  • view any ongoing consents that you have granted to Akahu and any Third Party Apps;
  • view a log of data requests from each relevant Third Party App;
  • revoke any ongoing consent that you have provided to Akahu and Third Party Apps;
  • instruct us to delete your data that we store.

If you haven't already created or confirmed your Akahu account, you'll need to do that first - follow the instructions on the website.

What information do we collect

We may collect the following types of information.

Information you provide which may include:

  • Identification details such as your name, email address, and phone number.
  • Biometrics, including photos you provide as part of identity verification.
  • Details of accounts you connect to Akahu such as login information and credentials for those accounts, which may include tokens, passwords, and security questions and answers.
  • Any written communications with us such as queries or instructions.

Information we collect from accounts you connect to Akahu, which may include:

  • Account information, such as the provider name, account name, account type, account ownership, branch, and account number.
  • Financial information, such as balances, payment due dates, transaction details and history, credit limits, and product details.
  • Identifiers and information about the account owner(s), including name, email address, phone number, date of birth, address information, and other personal identifiers.
  • Information about usage, such as your energy consumption if you link your power company account, or data usage if you link your mobile phone account.

Information we receive from your device -  when you use your device to connect to Akahu, we receive identifiers and electronic network activity information about that device, including IP address, hardware model, operating system, which Akahu features you access, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services.

Information we receive from other sources - we may also receive information about you directly from Third Party Apps and other third parties, including our service providers and identity verification services.

When you agree to our End User Terms and connect an account to Akahu, you give us the authority to act on your behalf to exchange your data to and from the provider of the accounts you have connected to Akahu within the scope of this Privacy Notice.

How we use and disclose your information

We use your information in a number of different ways. The most common use is to facilitate the exchange of data between Third Party Apps and the account(s) you have connected to Akahu. 

We also may use your information:

  • to operate, provide, maintain, and improve Akahu, and to develop new services;
  • to protect you, developers, our partners, us, and others from fraud, malicious activity, and other privacy and security-related concerns;
  • to communicate with you regarding Akahu or Third Party Apps;
  • to provide customer support to you or to developers, including to help respond to your inquiries related to Akahu or Third Party Apps;
  • to investigate any misuse of Akahu or Third Party Apps, including criminal activity, or other unauthorised access to our services; 
  • to provide or facilitate verification of your identity; 
  • to comply with laws; and
  • for other notified purposes with your consent.

We may share your information:

  • with providers of Third Party Apps that you have instructed Akahu to share your data with;
  • with our service providers, partners, or contractors in connection with the services they perform for us or Third Party Apps;
  • if we believe that disclosure is appropriate to comply with applicable law, regulation, or legal process;
  • in connection with a change in ownership or control of all or a part of our business;
  • between us and our current and future related companies;
  • as we consider appropriate to protect the rights, privacy, safety, or property of you, Third Party Apps, our partners, us, and others; or
  • for any other notified purpose with your consent.

Sometimes the people we disclose your information to will be located outside New Zealand and may not be subject to laws that provide a comparable level of protection to New Zealand's Privacy Act 2020 (Privacy Act).  By using Akahu or a Third Party App, you are authorising us to transfer your personal information overseas.  We will use reasonable endeavours to ensure people we disclose your information to overseas protect it in a way comparable to the protections under the Privacy Act, such as including provisions in our contracts with them or by checking to ensure they are subject to laws with equivalent protections.

Digital ID verification

Many organisations verify the identity of their customers before they provide services to them. 

To streamline identity verification processes, Akahu enables Third Party Apps to access your data (with your consent) from your connected account(s) (such as your bank account) and other sources (such information we collect directly from you), to help you to verify your identity electronically. For example, a Third Party App may request your name, date of birth, address, and your driver licence details, which Akahu may help to verify from data sources that you connect to Akahu.

Storage of your information

Your information will be stored in data centres that are owned either by us or our related companies or our external service providers. We currently use Australian-based data centres. We use a range of physical and electronic data security measures to protect information from loss and unauthorised use, access, modification, or disclosure.

Deletion of your information

We will delete your information when we no longer need it for the purposes for which it was collected.

When you grant ongoing consent for Akahu to access your account(s): 

  • Akahu will store your data in our databases until your consent expires or is revoked. We will then delete your data within 24 hours of that expiry or revocation. 
  • You can use MyAkahu to manage any ongoing consent that you have granted to Akahu. You can also instruct us, via MyAkahu, to delete information about you, which we will action as soon as possible.

We will not delete information we are required by law or regulatory obligations to retain.

Access to and correction of your information

You can request access to and correction of personal information we hold about you by contacting us - our details are at the end of this notice.

Under the Privacy Act, in some circumstances we do not have to give you access to or correct your personal information. If that is the case, we will explain why and provide information about how you can complain should you wish to do so.

Complaints

We hope that you won't have any issues with how we process your data, but if you do, you can get hold of us using the contact details at the end of this notice. We'll do our best to work with you to resolve the complaint.

You can also complain to the Privacy Commissioner if you're not happy with how we're handling things - see privacy.org.nz for more details.

How to contact us

We're always keen to hear from you. You can get hold of us at hello@akahu.nz.