Privacy & Data Policy

1. Overview

Data Zoo Limited (3287828), trading as Data Zoo. References below relating to ‘Data Zoo’, ‘we’ or ‘our’ are in relation to our branded products and website.
This privacy policy explains how Data Zoo handles personal Information. Data Zoo carries out its business operations in accordance with the Privacy Act 1993. A copy of the Act can be found at Data Zoo collects personal information for the purpose of carrying out its business.

2. The Privacy Act 1993

Data Zoo recognises that consumers have rights over the use and dissemination of Information about themselves. Data Zoo adheres to the National Privacy Principles, which can be found at A Guide to the Privacy Act 1993

Notice – Data Zoo collates Information from many organisations so as to enable Data Zoo’s clients to perform related Data Zoo services in the use of this data. Data Zoo only access data that is privacy compliant.

Choice – Data Zoo is careful to recognise any valid requests from individuals to suppress their names from our clients’ marketing efforts. Consumers may request to opt out by writing to us at Data Zoo or contact the privacy officer. Consumers also have the right to ask Data Zoo what personal information we access about you. Consumers may request this by writing to us at Data Zoo or contact the privacy officer. Data Zoo reserves the right to charge a processing charge for this request.

3. Licensed Databases

Data Zoo publishes personal information accessed from the following databases:

  • Telephone directory
  • Property ownership
  • Motor vehicle registration
  • Company directorship and shareholding
  • Drivers licence particulars
  • Credit bureau particulars
  • NZ Post change of address
  • DIA Confirmation Service
    • NZ Passports
    • NZ Citizenship
    • NZ Births registration

Telephone directory

This is a national telephone directory service, which is licensed to Data Zoo by Yellow Pages Group. Yellow collects information from the telecommunications providers of all listed telephone numbers. The information collected is name, address and telephone number. If you wish that your details do not appear in directories such as Data Zoo you should contact your telephone service provider to suppress your information from all public directories. It should be noted that in New Zealand, it is illegal to provide or perform a reverse searching capability. Data Zoo does not allow this action to be performed on any of its systems.

Property Ownership
This database is a list of all property owners as collated and administrated by Land Information NZ (LINZ). The Information collected includes name, address, title number and encumbrance and lodgement date. This data is used as per the LINZ’s Terms & Conditions for access; use and disclosure.

Motor Vehicle *
This database is a list of all registered motor vehicles as collated and administrated by New Zealand Transport Authority (NZTA). The Information collected includes name, address, motor vehicle registration and date of birth. Access to this Information is permission based or where an interest party has a security interest in the relevant motor vehicle. Only under certain circumstances will the NZTA suppress your personal information. This is a Permission Based Access only and is real time.

Company Directors and Shareholders Database
This database is a list of all New Zealand company directors and shareholders, which is collected and administered by the New Zealand Companies office. The Information collected includes name, address, and lodgement/appointment date. Only under certain circumstances will the New Zealand Companies Offices suppress your personal information.

Drivers Licence *
This database is a list of all New Zealand Motor Vehicles licences issued and administrated by New Zealand Transport Authority (NZTA). The information available is for a “Yes/No” verification real time. The information collected includes name, address, Licence and version number and DOB. This information obtained is not stored or cached. This is a Permission Based Access only.

Consumer Credit Bureau *
This database is a provider under contract from Centrix and provides information about individuals listed on their credit bureau. The Credit Reporting Privacy Code stipulates access to credit reporting data on an individual is available under certain strict conditions as legislated.This is a Permission Based Access only.

DIA Confirmation Service * (passports, births & citizenship verification)
This service is provider under contract from DIA and provides information about individuals (a) issued passports (b) New Zealand registered births and (c) Individuals who have obtained new Zealand citizenship. This service provides a “Yes” or “No” verification against the mandatory information provided against the DIA service. This is a permission Based Access only and is real time.

* Permission Based Access
This data is ONLY available through the individual giving consent for their information to be search on. A written or electronic capture of this consent must be obtained from the company performing the enquiry through the Data Zoo System from the individual concerned. Data Zoo will require evidence that a company who access our services has the appropriate consent capture measures in place before the access to the Permission Based databases will be allowed.

Data Security built to protect your data
Data Zoo understands that your trust in us depends on how well we manage data and keep our Information and Systems secure. 

Our security is comprehensive, proactive and designed to ensure that all Information is secure in your dealings with Data Zoo. Data Zoo conforms to the highest industry accepted security practices.

  • Firewalls and encryption are used to protect all data and our applications and databases have built-in security that prevents unauthorised access, as well as electronic auditing to monitor access.
  • Further information on our IT security policies can be provided on request or from our website.

4. The Unsolicited Electronic Messages Act 2007 (UEM)

Data Zoo adheres to the principles outlined by The Unsolicited Electronic Messages Act 2007 and supply information in accordance with this Act.
The Unsolicited Electronic Messages Act 2007

5. Complaints Procedure

If you think Data Zoo has breached the Code, you should contact us and we will investigate your complaint in accordance with our Complaints Procedure. For further information on the complaints procedure see our Complaints Handling Policy or please contact our privacy officer.

If you are not satisfied with the outcome of your complaint you may complain to the Privacy Commissioner. Details of how to do so can be found on the Commissioner’s website

6. Website use and telephone or postal contact

As a visitor to our website, you will not be asked to provide any personal Information except where you send us an enquiry or where you are an existing customer with an assigned user name and password. We may also collect personal Information from you when contact us. Collection of personal Information is for the purpose of carrying out our business.
Personal Information held by Data Zoo will only be used and disclosed for the following purposes:

  • the purpose for which it was collected;
  • any other use or disclosure permitted by the Privacy Act, Code or applicable law;
  • at times we may engage the Data Zoo services of trusted third parties to carry out Data Zoo services on our behalf which may involve the use or disclosure of personal Information (for example lawyers, auditors, hosting Data Zoo services).
  • to provide Information to individuals about products or Data Zoo services that we think may be of interest to them;
  • to communicate special offers, promotions or market research surveys.

Data Zoo will retain your personal Information for no longer than necessary in order to carry out its business.

7. Access and Correction

All requests to access Information held on an individual or company or an associate of the company must be directed to our Privacy Officer ONLY in writing with sufficient identification provided, to ensure that we do not give out your details to someone else. Any additions or alterations will be actioned within a reasonable time.

8. Information Collection

From time to time, Data Zoo will ask individuals, companies, prospects and clients to provide personal information that will help Data Zoo efficiently perform various business transactions and to validate and confirm whom we are dealing with. We need to know who you are in order to determine whether you have a right to access information.

That information may be sought as you;

1. Request information from Data Zoo.

2. Register for a free trial or demonstration of certain products and services.

3. Sign up or subscribe to products and services.

Use of Personal Information — It is not practicable for us to offer individuals ‘anonymity’. Our Data providers and Data Zoo need to know who you are in order to determine whether you have a right to access information from our Licensed Databases.

Accuracy and Security — Data Zoo enables you to view all the retrievable information you have provided us and correct it should there be changes or errors in the information. We use strict security systems to prevent information from being made available to any unauthorised person or business. Data Zoo’s information systems are monitored for inappropriate access from unauthorised users through the use of intrusion detection and monitoring systems.

9. Protecting Consumer Privacy

Our marketing data is publicly available information. Some information is considered in the public domain, meaning that anyone has access to it. This type of information includes telephone directory listings, property ownership, change of address and companies’ listings. As a New Zealand Marketing Association member Data Zoo and all members are required to suppress consumer marketing information against the Do Not Call (DNC), Do Not Mail (DNM) and Death Index (DI) register.

Do Not Mail (DNM) – Opt Out options

A consumer has two options to not receiving unsolicited addressed marketing mail to their home.

  1. Register with the New Zealand Marketing Association’s Suppression DNM list, this is an industry based mail suppression register.
  2. Opt out of Data Zoo’s marketing solutions

Do Not Call (DNC) – Opt Out options

Data Zoo obtains telephone information under licence from Yellow Pages Group (YPG). YPG have the responsibility for maintaining the national telephone directory that is published electronically or via the telephone books.

A consumer has two options to not receive unsolicited phone calls to their home.

  1. Register with the New Zealand Marketing Association’s Suppression DNC list, this is an industry based phone number suppression.
  2. If a consumer does not want their information published then they should contact their telecommunications supplier to get their number made silent or to ask for the number to be removed from the YPG directory.

Death Index Register (DI) 

The Death Register is sourced from the Department of Internal Affairs’ Births, Deaths and Marriages division and is managed by the NZ Marketing Association. It contains a list of full names and addresses of a deceased person. This file has been compiled since 2001.

All deceased records are recorded at the place of death. This address is validated against NZ Post and only valid addresses (DPID) are entered into the deceased register.

Please note that in some cases the registered address for the deceased person may not be their place of residence. This may be the case if they moved to a hospice but they still had public records identifying them at their previous residential address. We have no method in matching and determining that this would be one in the same person.

10. Data Zoo Privacy contact details

[email protected]

Attn: Privacy Officer
Data Zoo
PO Box 90882
Victoria St West,

Updated on 3 March 2017.

Data Policy

1. Collection

We collect personal information necessary for our business from government and non-government third party data sources that are accessible in accordance with privacy and other laws. The nature of our business does not lend itself to direct collection from individuals themselves. We seek assurances from all our data sources that the information has been collected and is held in accordance with applicable privacy laws and specifically that individuals concerned have been notified about the likely uses of the information (including disclosure to us). The types of information we collect include name, address and contact details. For identity verification purposes, we also collect date of birth, driver licence particulars, and vehicle registration information. We confirm a match against name, address and date of birth and other required elements, for identity verification purposes where permitted by law.

2. Use & Disclosure

Our customers include providers who use our services to verify the identity of their customers to help them fulfil legal obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2009 (AML/CFT) legislation and/or to meet organisational requirement. Providers, or ‘reporting entities’, include entities that provide one or more designated services as defined in the AML/CFT.

3. Data Quality

We take a number of steps to ensure that the personal information we use or disclose is accurate, complete and up-to-date, although in some cases we are constrained by an obligation not to alter data without consulting the data source.

4. Data Security

We have security systems and programs in place to seek to ensure that the information we hold, including personal information, is protected from misuse and loss and from unauthorised access, modification or disclosure.

Our policies are designed to ensure that all information is secure both in our own databases and when our customers are accessing it. Access to our systems is monitored electronically, providing an auditable record of who, what and when data was accessed.

5. Access & Correction

Individuals may request access to any personal information about themselves held in our databases. Requests must be made in writing to our privacy officer with sufficient identification provided, to ensure that we do not give out your details to someone else. If an individual requests correction of their personal information and we can establish that it is not accurate, complete or up-to-date, we will correct it.

In some cases, requests for correction will need to be referred back to the source of the information, to ensure that any inaccuracies do not simply re-appear when we next receive updates.

6. Data Retention & Disposal

Data from third party sources, once it has been used to create or updated the data provided, it is either deleted or returned to the source as agreed with the source. Data in the various databases is continually updated but is otherwise held for as long as required in relation to the particular products that draw on those databases. Customer data files are held for limited periods agreed with the customer for the explicit purpose of providing the service, after which the original customer data file and related output files will be deleted.

The customer has the ability to delete or advise us to delete data at any time. When data is deleted it is permanently and irrevocably destroyed. This applies to any backup copies of databases.

7. Compliance

Violations of our policies can lead to civil and criminal liability. As a result, violations will be thoroughly investigated and may result in disciplinary action up to, and including, termination of the relationship between Data Zoo and the entity in violation of policy. Any action thus taken does not preclude the pursuit of criminal and/or civil prosecution.