建行新西兰 New Zealand Home Page > Home 自定义专栏右边
China Construction Bank (New Zealand) Limited (CCBNZL) and China Construction Bank Corporation New Zealand Branch (the Branch) (together CCBNZ, we, us, or our) are committed to protecting the privacy and handling personal information of our customers in a responsible, transparent, and lawful manner.
This Privacy Policy outlines how CCBNZ collects, use, stores, discloses, and protects customer's personal information in compliance with the Privacy Act 2020 (the Act), including its 13 Information Privacy Principles (IPPs). The IPPs set out standards for the handling of personal information, which is defined as any information about an identifiable individual, such as their name, contact details, financial data, or other identifying information.
This policy applies to all individuals interacting with CCBNZ, including customers, applicants, guarantors, and visitors to our office, website, or other services. The policy forms part of CCBNZ's terms and conditions for our products and services. If customers provide personal information about another person (e.g., a joint applicant or beneficiary), you must ensure they are aware of this policy and consent to the handling of their information as described herein.
We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. The latest version will be available on our website at [nz.ccb.com/Ing/newzealand/en/tszl/719330.shtml], and we will notify you of material changes where required. Your continued use of our services after any update constitutes acceptance of the revised policy.
Our products and services have their own terms and conditions that may include specific privacy terms. If the privacy terms in your product are different from the terms in this privacy policy, then the privacy terms in this privacy policy will apply.
Personal information is any information about a specific individual. The information does not need to name the individual as long as they are identifiable in other ways.
This includes information that can be used to identify our customer for example (but not just limited to):
- Name and/or surname.
- Personal details, i.e. Date of birth, passport details, driver license detail, etc.
- Tax details.
- Credit history.
- Signature.
- Email address.
- Telephone number (or mobile number).
- Publicly available information.
- Recordings of phone calls.
This is the right to collect, share, manage and store personal information.
3.1 Our Right to Collect Personal Information
In accordance with the Act we have the right to collect personal information where it is necessary for lawful purposes directly related to our functions as a bank. We adhere to the Information Privacy Principles (IPPs) within the Act. IPPs 1-4, govern the purpose, source, and manner of collection:
- IPP 1 (Purpose of collection):
We collect personal information only for lawful purposes connected with our banking activities, such as providing financial services, and only to the extent necessary.
- IPP 2 (Source of personal information):
We prefer to collect information directly from you, but may obtain it from third parties where authorized.
- IPP 3 (Collection of information from subject):
When collecting from you, we inform you of the purpose, recipients, and your rights, unless an exception applies (e.g., for fraud prevention).
- IPP 4 (Manner of collection):
Collection is done in a fair, lawful, and non-intrusive way.
The types of personal information we collect depend on your relationship with us and may include:
- Identification and contact details (e.g., name, date of birth, address, email, phone, IRD number, passport, driver's license).
- Financial and employment information (e.g., income, expenses, assets, liabilities, employment details, credit history, bank statements, transaction records).
- Socio-demographic details (e.g., marital status, nationality, occupation, gender, age, dependents).
- Digital and interaction data (e.g., IP addresses, device information, browser details, location data with consent, call recordings, chat transcripts, usage patterns on our platforms).
- Sensitive information in limited cases (e.g., health details for insurance, ethnicity or criminal history for compliance).
- Other information (e.g., survey feedback, social media interactions, CCTV footage, publicly available data from registers like the Companies Office).
We collect this information directly from you during applications, enquiries, transactions, or interactions via relationship managers, phone, email, mobile chat applications, social media, websites, or by mail. Indirectly, we may collect from credit reporting agencies (e.g., Centrix), other financial institutions, employers, referees, authorised representatives, or public sources for verification, fraud detection, or compliance.
If you do not provide requested information, we may be unable to offer certain products or services.
3.2 How we collect information
CCBNZ only collects information that is necessary for lawful purposes, in line with IPP 1 (purpose of collection) and IPP 4 (manner of collection). Personal information are collected through set processes during customer engagement with relationship managers (or other CCBNZ staff), or third party interventions (i.e. lawyers or aggregators) when an application is submitted for one of our products. This will include the collection of copies of documents with personal details, signatures and/or phone recordings (for verification or training purposes) or written communication (emails or hard copy documents).
Information can also be collected from third parties and may include credit records, financial records and transaction history, employment details or complaints processes.
Digital information such as IP addresses and cookies may also be collected when our website is accessed. Using mobile devices for WeChat the IP addresses, cookies device location and other electronic identifiers turned on may be collected.
Information from third parties include information on publically available social media platforms that can be used for marketing and business development purposes.
Publically available registers include registers such as the Registrar of Companies, or commercial information from credit reporting agencies, market researchers or data and/or analytics providers.
Other ways of collecting information includes participate in promotions, surveys, or competitions, as well as visit our premises, where CCTV may record footage for security.
At times we may also collect information indirectly from third parties, such as:
- Credit reporting agencies (e.g., Centrix) for credit checks.
- Other financial institutions, employers, or referees for verification.
When you choose not to provide the personal information that is legally required by CCBNZ during an onboarding process, CCBNZ may not be able to offer a services to you.
The following information is required when a customer applies for a product or service:
- Personal and contact details.
- Passport, driver licence or birth certificate and address verification.
- Information that helps us decide if a product is right for you.
- Income and expenses, credit and debit card numbers.
- Tax details and financial history.
- Valuations or information relating to assets for example, property, savings or KiwiSaver records.
For credit approval and transaction monitoring the following information are collected:
- Payment and transaction data including the date, time, amount, frequency, type, location, origin and recipients.
- Applications can be made directly to CCB NZ Group or via brokers. This includes email correspondence, verified copies of personal documents and financial details (Source of Funds (SoF) or Source of Wealth (SoW)) of customer.
The collection of this information is required to fulfil other legal requirements, including but not limited to the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act , or AML/CFT), or the prevention and detection of fraud.
3.3 How we use information
CCBNZ may also use personal information for a range of purposes including for the provision of products and services, and meeting legal obligations.
We use your personal information only for the purposes for which it was collected or for directly related purposes, as permitted by IPP 10 (Limits on use of personal information).
These purposes include:
- Providing, administering, and personalising products and services (e.g., processing applications, managing accounts, handling transactions, assessing credit).
- Compliance and risk management (e.g., identity verification under the AML/CFT Act, fraud prevention, regulatory reporting to Inland Revenue or the Reserve Bank of New Zealand (RBNZ), Financial Markets Authority (FMA), Commerce Commission (ComCom), or other regulatory authorities).
- Improving operations (e.g., analysing trends, system testing, staff training with anonymised data, internal artificial intelligence (AI) for customer behaviour insights and service enhancement).
- Marketing and communications (e.g., informing you about relevant offers from us or partners via email, SMS, mail, or digital channels; you can opt out anytime).
- Business management (e.g., debt recovery, audits, handling complaints, supporting mergers).
- Other lawful purposes (e.g., regulatory requests or legal instruction (Court Orders), and financial hardship assistance).
We participate in comprehensive credit reporting under the Credit Reporting Privacy Code, using and sharing credit-related information to assess creditworthiness.
The use of information also assist us to better understand client preferences to conduct and improve our business. This allows CCBNZ to deliver a service to our customers and making assessments of their financial position for products.
The development of technology enhance analytics and information gathering through public websites and accredited vendors to meet our legal obligations. Information shared with these vendors are securely stored. The vendors used are subjected to annual security tests and accreditation.
A further example of technology enhancements are the use of "cookies". These are text files stored by the browser when visiting websites. The information collected via "cookies" are used for product and service development. Customers may be able to configure their browsers to be notified when "cookies" are offered and decide whether to accept it or not.
Information collected may be used within the wider China Construction Bank Corporation to manage our business efficiently, develop new products and set strategies for the business both locally and internationally.
3.4 How we share and disclose information
We have the right to share and disclose personal information where necessary for the above purposes, subject to IPP 11 (Limits on disclosure of personal information) and IPP 12 (Disclosure of personal information outside New Zealand). We ensure disclosures are limited and protected.
Recipients of the information may include:
- Affiliates and group companies for service delivery and analytics.
- Service providers and partners (e.g. IT providers, cloud storage, payment processors, debt collectors, auditors, insurers, fraud prevention such as the Police, Regulators or other financial institutions for fraud detection and prevention such as the Australian
Financial Crimes Exchange (AFCX), etc.). Where possible, we propose limiting sharing of any personal information, but we also recognise the strong public and Government expectation that the industry deliver data sharing to prevent fraud and scams and also to recover funds. This may require the sharing of data between banks for these purposes and AFCX. All contractual engagement has sufficient provisions for the safe storage and permitted use of information including the awareness to respond to data
breaches and security incidents.
- Third parties (e.g. credit reporting agencies, other banks for verification, market researchers, and authorised representatives like co-borrowers or lawyers).
- Government and regulatory bodies (e.g. law enforcement, courts, and regulators) as required by law.
- Overseas recipients (e.g. the Peoples Republic of China, Australia, or other countries for processing by group companies or providers). Under IPP 12, we ensure comparable protections through contracts, adequate privacy laws in the recipient country, or your consent if required.
We require all recipients to handle information securely and confidentially, often under confidentiality agreements. We do not sell your personal information. Disclosures may also occur for legal compliance, such as assisting in fraud investigations or preventing money laundering.
A customer can decide whether or not the information can be shared, but that may limit the service offered for example:
- Decline the offer, products or services that you want.
- Effective management of the products or services.
- Ability to respond or assist with your queries.
- Confirmation of your identity and/or protect you against fraud.
3.5 How we store information (Keeping information Safe)
Personal information will be stored in either hard copy or electronic form with secure data protection at the offices of CCB NZ Group at Level 29, 48 Shortland Street, Auckland, New Zealand and/or China Construction Bank Corporation's principal offices at no. 25 Financial Street, Xicheng District, Beijing 100033, the People's Republic of China, or one of our bank's data centres in the People's Republic of China. The information may also be held at such other third party providers when information has been shared in accordance with the Bank's Privacy Policy or legally requested.
All information is stored in line with IPP 5 (Storage and security of personal information). CCBNZ implement best practice measures to protect against loss, misuse, or unauthorised access, including:
- Encryption for data transmission and storage.
- Firewalls, access controls, and identity management.
- Employee training on privacy, security policies, and compliance.
- Regular audits, monitoring, and reviews of systems against industry best practices.
- Secure buildings and data centres.
Information is only retained as long as necessary for our purposes or legal requirements (e.g., at least 7 years under tax and AML/CFT Act) as per IPP 9 (Agency not to keep personal information longer than necessary). After this, data is securely destroyed or anonymised.
If a notifiable privacy breach occurs that may cause serious harm, we will notify you and the Office of the Privacy Commissioner promptly, as mandated by the Privacy Act 2020, and the FMA and RBNZ within 72 hours.
Before using or disclosing information, we take reasonable steps to ensure its accuracy, completeness, and relevance, per IPP 8 (Accuracy, etc., of personal information to be checked before use).
CCBNZ also applies a range of physical and electronic data security measures to protect information from loss, unauthorised use, access, modification or disclosure. This includes:
- Controlled access to CCBNZ‘s office and information systems through identity and access management.
- Information security policies that bound employees to keep information safe and secure.
- All employees are required to complete training about information security.
- All systems are password protected and only designated personnel are allowed access to the systems applicable to their roles to prevent unauthorised access.
- CCBNZ regularly monitor, review and update internal policies to comply with industry best practice.
4.1 Access and correcting information
CCBNZ will endeavour to keep information up to date. It is the responsibility of the customer to provide complete and accurate information to CCBNZ when applying for a product or when there is a change in the customer's personal information.
The customer must immediately inform CCBNZ of a change in their tax residency status. CCBNZ is also obliged under the AML/CFT Act to conduct Ongoing Customer Due Diligence (OCDD). This will allow CCBNZ to contact customers during the customer relationship to confirm and/or update personal information.
Customers may request access and corrections to personal information. There is no charge in updating personal information, but in some instances where the information is requested a reasonable fee may be charged to process the customer's request to cover the activities of locating, collating and supplying the information.
Customers have the right to withdraw information at any time, but this may impact the service and may result in the cancellation of the service.
The data CCB NZ Group collect is personal data, and customers have the right:
- To see what data are held (right of access also known as subject access requests).
- Request CCB NZ Group to stop using the data, but keep it on record.
- To have all or some data deleted or corrected.
These rights in relation to your personal information is in line with your right to:
- Access (IPP 6): Request access to your information.
CCBNZ will respond within 20 working days (extendable if needed), generally at no cost, though a reasonable fee may apply for complex requests. Access may be refused in limited cases (e.g., if it endangers safety or breaches another's privacy), and we will
explain why.
- Correction (IPP 7): Request correction if inaccurate, incomplete, or misleading. We will correct it or attach a statement of your views if we disagree, and notify relevant third parties, at no charge.
- Unique Identifiers (IPP 13):
We use identifiers like account numbers only as necessary and ensure they are unique.
To exercise these rights visit our office or contact us at:
Email: info@nz.ccb.com
Dial: 0800 299 5533; or
In person at: CCBNZ
Vero Centre Level 29,
48 Shortland Street, Auckland.
CCBNZ prioritise the maintenance and protection of our customer's privacy.
Concerns relating to privacy breaches can be raised directly to the relationship managers who will best attempt to resolve the matter as soon as possible.
If the complaint cannot be resolved you can contact the Complaints Officer through the following channels:
Email: info@nz.ccb.com
Dial: 0800 299 5533; or
In person at: CCBNZ
Vero Centre Level 29,
48 Shortland Street, Auckland.
If you are not satisfied with the internal complaints process you can contact the Banking Ombudsman, an independent dispute resolution service:
Email: bankomb.org.nz
If the complaint is about how CCB NZ Group handle personal information you can contact the Office of the Privacy Commissioner at:
Email: enquiries@privacy.org.nz
Dial: 0800 803 909, or
+64 4 474 7590, or
+64 9 302 8680
Write to: PO Box 10 094
Wellington
6143
Our digital platforms may use cookies, web beacons, and analytics tools to enhance functionality, security, and user experience. Cookies may collect usage data, which we combine with other information for personalisation and advertising. Types include session, persistent, functional, necessary, tracking, and social cookies. You can manage preferences via browser settings or our cookie consent tool.
We use CCTV at our premises for safety, security, and fraud prevention. Footage is stored securely, accessed only by authorised personnel, retained for 30-90 days, and may be shared with law enforcement.
Calls and interactions may be recorded for quality, training, and compliance, with anonymised use where possible.
If you are located in the European Union you may also have rights under the General Data protection Regulation (GDPR).
The GDPR set the rules for the usage, collection, storage and sharing of personal information in a lawful, fair and transparent manner. The GDPR also sets out the customer's rights as a "data subject".
If you have a complaint you can access the UK Information Commissioner's Office (IOC) website to make a complaint at https://ico.org.uk/
Next review date is September 2028 unless material changes needs to be made earlier.
