01. Introduction
UP Group Money Transfer Limited (“UP Group Money,” "we", "our", or "us") is committed to protecting your privacy and handling your personal information in a lawful, transparent, and secure manner.
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you:
- Visit or Use our website ("Site");
- Create an account with us;
- Use our money transfer and related financial services; or
- Communicate with us.
This Privacy Policy is intended to comply with applicable privacy, anti-money laundering, counter-terrorism financing, sanctions, and financial services laws, including but not limited to:
- The New Zealand Privacy Act 2020;
- The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 ("AML/CFT Act");
- Applicable financial crime prevention regulations;
- Sanctions screening obligations; and
- Any other applicable laws and regulatory guidance.
By accessing or using our Site or services, you acknowledge that you have read and understood this Privacy Policy.
02. Personal Information We Collect
We collect personal information that is reasonably necessary to provide our services, comply with legal obligations, prevent fraud, and manage our business operations.
The types of personal information we may collect include:
Identity Information
- Full legal name;
- Previous names or aliases;
- Date of birth;
- Gender;
- Nationality and citizenship status;
- Photograph or selfie verification;
- Signature.
Contact Information
- Residential address;
- Postal address;
- Email address;
- Telephone number.
Identification and Verification Information
To comply with AML/CFT and Know Your Customer ("KYC") obligations, we may collect:
- Passport details;
- Driver licence details;
- National identity card information;
- Proof of address documents;
- Tax identification numbers;
- Source of funds and source of wealth information;
- Occupation and employer information;
- Bank account details;
- Beneficiary and recipient information.
Transaction Information
- Money transfer history;
- Payment details;
- Recipient information;
- Transaction amounts and currencies;
- Device and IP address information;
- Transaction patterns and behaviour.
Technical Information
When you use our Site, we may automatically collect:
- IP address;
- Browser type;
- Device identifiers;
- Operating system;
- Cookies and usage data;
- Login activity;
- Website interaction data.
03. How We Collect Personal Information
We may collect personal information:
- Directly from you;
- When you register an account;
- When you submit forms or identification documents;
- Through your use of our Site and services;
- From third-party identity verification providers;
- From banks and payment providers;
- From government agencies and public registers;
- From fraud prevention and sanctions screening databases; and
- From regulatory or law enforcement authorities where permitted by law.
04. Purpose of Collecting and Using Personal Information
We use your personal information only where lawful and necessary for legitimate business and regulatory purposes, including to:
Provide Services
- Create and manage your account;
- Process money transfer transactions;
- Provide customer support;
- Communicate with you regarding transactions and services.
Identity Verification and AML/CFT Compliance
We are legally required to verify customer identities and monitor transactions under AML/CFT laws. Personal information may therefore be used to:
- Verify your identity;
- Conduct customer due diligence ("CDD");
- Perform enhanced due diligence where required;
- Monitor transactions for suspicious activity;
- Comply with sanctions and politically exposed person ("PEP") screening obligations;
- Detect and prevent money laundering, terrorism financing, fraud, scams, and other unlawful activities;
- Report suspicious activities to regulators or authorities where legally required.
Legal and Regulatory Compliance
We may use your information to:
- Comply with legal obligations;
- Respond to lawful requests from regulators, courts, or law enforcement agencies;
- Enforce our Terms and Conditions;
- Protect our legal rights and interests.
Business Operations
We may also use information to:
- Improve our Site and services;
- Conduct internal analytics and risk assessments;
- Maintain security and operational integrity;
- Prevent cyber threats and unauthorised access.
Marketing Communications
Where permitted by law, we may send service updates, promotions, or marketing communications. You may opt out of marketing communications at any time.
05. Legal Basis for Processing
We process personal information where:
- You have provided consent;
- Processing is necessary to provide our services;
- Processing is necessary to comply with legal obligations;
- Processing is necessary for fraud prevention and security purposes; or
- We have a legitimate business interest that is not overridden by your privacy rights.
06. Disclosure of Personal Information
We may disclose your personal information to:
Internal Personnel
Employees, contractors, and authorised representatives who require access to perform their duties.
Service Providers and Third Parties
Including:
- Identity verification providers;
- Payment processors;
- Banking partners;
- Cloud storage providers;
- Fraud detection providers;
- Compliance and sanctions screening providers;
- IT and cybersecurity providers;
- Professional advisers and auditors.
Such third parties may only use personal information for authorised purposes and are required to maintain confidentiality and security safeguards.
Regulators and Authorities
We may disclose information where required by law or regulatory obligations, including to:
- Law enforcement agencies;
- Financial intelligence units;
- Courts and tribunals;
- AML/CFT supervisors and regulators;
- Tax authorities.
Business Transfers
If UP Group Money Transfer undergoes a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction subject to appropriate confidentiality protections.
07. International Transfers of Personal Information
Due to the international nature of money transfer services, your personal information may be transferred to, processed, or stored outside New Zealand.
Where information is transferred internationally, we take reasonable steps to ensure that appropriate safeguards and protections are in place in accordance with applicable privacy laws.
08. Data Retention
We retain personal information only for as long as necessary to:
- Provide services;
- Comply with legal and regulatory obligations;
- Resolve disputes;
- Enforce agreements; and
- Satisfy AML/CFT record-keeping requirements.
Under AML/CFT laws, we may be required to retain certain records for a minimum statutory period even after your relationship with us ends.
After retention periods expire, information will be securely deleted or anonymised.
09. Data Security
We implement reasonable technical, administrative, and physical safeguards to protect personal information against:
- Unauthorised access;
- Misuse;
- Interference;
- Loss;
- Alteration; and
- Disclosure.
Security measures may include:
- SSL/TLS encryption;
- Secure server infrastructure;
- Restricted staff access;
- Multi-factor authentication;
- Monitoring and cybersecurity protections.
While we take reasonable precautions, no method of internet transmission or electronic storage can be guaranteed as completely secure.
10. Cookies and Website Analytics
Our Site may use cookies and similar technologies to:
- Improve website functionality;
- Analyse website traffic;
- Personalise user experience;
- Maintain security and fraud prevention measures.
You may disable cookies through your browser settings, although certain Site functions may not operate properly.
11. Your Privacy Rights
Subject to applicable laws, you may have the right to:
- Access personal information we hold about you;
- Request correction of inaccurate information;
- Request deletion of personal information;
- Object to certain processing activities;
- Withdraw consent where processing is based on consent;
- Request information regarding disclosures of your information.
Certain rights may be limited where retention or processing is required by law, including AML/CFT obligations.
Requests may be submitted using the contact details below.
12. Third-Party Websites
Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices, security, or content of external websites.
Users should review the privacy policies of third-party websites before providing personal information.
13. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
If we become aware that personal information of a minor has been collected unlawfully, we will take reasonable steps to delete it.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to:
- Reflect legal or regulatory changes;
- Improve transparency;
- Reflect changes in our services or operations.
Updated versions will be published on our Site with a revised effective date.
Where required by law, we may notify users of material changes.
15. Contact Us
If you have any questions, concerns, complaints, or requests relating to this Privacy Policy or your personal information, please contact:
If you are dissatisfied with our response, you may contact the New Zealand Privacy Commissioner