Happy Family

External Privacy Policy

Privacy policy overview

At Nest Home Loans we appreciate the trust you place in us when you use our services and we take that responsibility seriously. This Privacy Policy is for Nest Home Loans customers and it sets out the way we comply with the requirements of the Privacy Act and other applicable legislation.

How we collect information

The information we collect from you may include your identity and contact details, other details such as gender and marital status, family and lifestyle information, financial information and health information. We may collect information about your past and future plans and any other factors that might be applicable for the purpose of determining the suitability of financial products.

We might also collect information from you when you contact us, interact with us, visit us, visit our website and when you request or use our products or services.
We collect information about you online using cookies, web tags, other technology and automatic collection methods. We use Google Analytics to monitor search behaviour. We may also collect information about you that is publicly available, for example from public registers or social media. We may collect financial information for credit checks or finance applications.

We collect information from third parties with your consent. You provide your consent when you sign our authorisation and declaration form. Please take the time to read this form carefully.

We collect information about you from others, such as service providers, lenders, lawyers, agents, mortgage advisers, insurers, valuers, advisers, medical professionals, banks and other financial institutions, credit reporting and fraud prevention agencies, employers (whether current or not) or family members.

What happens if you don’t give us consent to collect your personal information?

If you don’t provide us with your personal information when requested, or revoke your consent for us to collect personal information from other parties, or provide us with incomplete information during the course of our relationship with you, we may no longer be able to provide you with certain products or services.

How do we use your personal information?

We use your information to provide you with our advisory services.

We use the information we collect about you to give you better financial advice. For example, we may use your information to:

  • Provide products and services
  • Establish borrowing eligibility
  • Credit checking
  • Establish your identity and the identity of others included in our scope of service
  • Assess applications and conduct underwriting
  • Provide you with quotes
  • Administer our products and services
  • Manage our relationship with you
  • Ensure that the products you have and services you receive are meeting your needs and are improved where necessary
  • Assess complaints about the products you use or services you receive
  • Manage and monitor our risks, including identifying and investigating any illegal activity, such as fraud
  • Comply with our legal and ethical obligations – such as sanctions checking or anti-money laundering and countering financing of terrorism laws
  • Cancel, transfer or change your financial products
  • Conduct customer analysis and research, to ensure that the products and services we offer are the best they can be
  • Price and design our products and services
  • Improve customer experience and train our staff
  • Contact you within a reasonable time following the lapse or cancellation of your policy, or where a quote or application is not proceeded with, for marketing or survey purposes
  • Identify and tell you about other products or services that we think may be of interest to you (you can opt-out of this)
  • Conduct special offers or campaigns (you can opt-out of this)

We may also use your information in other ways where permitted by law.

Who do we disclose your information to?

Third parties

We may share your personal information with a variety of third parties where this is permitted by law or required to meet the purposes set.

This can include:

  • Lenders who we are applying to for finance
  • Any third party you authorise us to disclose your personal information to
  • Suppliers of outsourced functions, for example, mailing houses, remote workers, research and insight agencies, debt collection agencies, consultants and professional services firms, information technology support and properties management
  • Lawyers, agents, advisers and persons acting on your behalf (for example, guardians and persons holding power of attorney)
  • Other individuals named on a policy, for example, policy owners or a payer
  • Persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets - this includes investors, reinsurers and rating agencies
  • Your current employer, former employers, group scheme policy owners, or other individuals or organisations involved in administering a group scheme
  • Data storage providers
  • Entities established to help identify illegal activities and prevent fraud
  • Government or law enforcement agencies in New Zealand or overseas, where permitted or required by law - note that we will only share information with these agencies where we believe there are reasonable grounds for doing so
  • Medical professionals such as medical practitioners, hospitals, or health service providers

Under 16s and special needs

If you are under 16, or have special needs, we may share your information with your parents or legal guardian or any person appointed to manage your affairs

Sending information overseas

We may send your information overseas, including to other members of our company who work remotely and to trusted service providers or other third parties which operate or hold information outside New Zealand.

We use cloud-based data storage providers located in New Zealand and Australia and overseas. Your information may also be stored with them.

How do we keep your personal information secure?

Storing your personal information

We store your personal information in the following jurisdictions and locations:
  • In New Zealand at all of our offices and through our suppliers that provide IT support, document archiving and destruction services
  • In Australia on the computer servers
  • In the cloud on Microsoft servers which are located internationally and accessible to our branches and our workers in New Zealand and the Philippines

Our security safeguards

Wherever your personal information is held, we take all reasonable steps to ensure that it’s safe and secure.

Staff education and training

Privacy training is a mandatory requirement for new and existing staff.

Taking precautions when transferring your personal information to third parties (domestic and overseas).

When we send personal information overseas (as set out above), or use trusted third parties to handle or store personal information, we contractually require our business partners to ensure that appropriate information handling and security arrangements are in place.

When we send your information overseas, we make sure that appropriate information handling and security arrangements are in place and/or contractual arrangements exist that place appropriate information handling and security obligations on the recipients or holders of the information (see section 5 below for more information) wherever possible. Please note that New Zealand law may not apply to some of these entities.

Building security

We have protection in our building to guard against unauthorised access, such as security barriers and alarms. We also have a clear desk policy in meeting areas, to ensure that personal information is not left in view of any external visitors.

System security

We take reasonable steps to protect our systems from unauthorised external and internal access. We have firewalls, intrusion detection systems and virus scanning tools. We limit access to our systems by requiring the use of passwords and ensuring that staff can only access the personal information they need to do their job.

Retaining and destroying your personal information

We will retain your personal information until it is no longer needed to complete financial advisory services relating to the policy, policy owner, life assured or payer, borrower or guarantor or to meet any other legislative requirements. Please note that in certain instances it may be necessary for us to retain some of your personal information after you have ceased to do business with us. It may also be necessary for us to retain information you provide us in an application even if you do not do business with us. This is because the information is required to be held by us for compliance purposes.

We destroy the information we no longer need in a secure manner.

How can you access, update and correct your personal information?

Can you get access to your information?

You have the right to ask us for a copy of any personal information we hold about you. Please note that you may only request information about yourself, unless you have the consent of other parties to request information on their behalf.

You can request your information by calling us on 0800 337 426, emailing us or writing to us.

How long does it take to access your information?

The Privacy Act requires us to make a decision on your access request – and convey this to you – within 20 working days of receiving it. However, we will try and respond to your request as soon as reasonably practicable. Where we cannot make a decision within 20 working days, we will let you know within this time and explain why.

Usually, we will release your information to you at the same time we respond. However, where we cannot do this, we will provide you with your information shortly afterwards.

Can we refuse to provide your information to you?

The Privacy Act permits us to withhold personal information from you in certain circumstances. For example, we can refuse to provide you with commercially sensitive information or legal advice that is subject to legal privilege. We might also refuse to provide you with information that is also about other people, if we have reason to believe that it would be unwarranted to do so.

If we decide to refuse your request, in whole or in part, we will tell you this within 20 working days and explain why. You can challenge our decision.

Where we do not hold the information you have requested, but we know who does, we’re required to transfer your request to that other person or agency. We will do this as soon as possible within 10 working days, and let you know.

Can you correct your information?

You can ask us to correct any information we hold about you, or have provided to others, that you believe is inaccurate.

You can do this by contacting us on 0800 337 426. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction.

If we’re unable to correct your information, we’ll tell you why. Where we refuse to correct the information, we will, if appropriate, attach your request to the information as a “statement of correction”. You can challenge our decision.

How do you make a privacy complaint?

We accept that sometimes we can get things wrong. If you have a concern about your privacy you have the right to make a complaint and we’ll do everything we can to put matters right.

If you have a concern about the way we’ve handled your personal information, you can call, email or write to us and we will follow our internal complaints procedure.


Getting Started is Easy

Let’s find out how much you can borrow.
Get In Touch

BNZ Logo
Westpac Logo
ASB Logo
TSB Logo
Cooperative Bank Logo
SBS Bank