Privacy Policy and Collection Statement

Date: 26 May 2015


We believe that privacy is an important individual right, and to that end we will endeavour to abide by the New Zealand Privacy Principles, as set out in the Privacy Act 1993 (the Act).

This policy sets out how we collect, use, manage and store personal information in accordance with the Act. By using the POLi Payments System you agree to the collection, use and disclosure of personal information in accordance with this Privacy Policy.

1. Terminology

In this Policy:

customer is a reference to a person who uses the POLi Payments System;

Facebook means;

NZPP means the New Zealand Privacy Principles prescribed by the Privacy Act 1993;

personal information means information about an identifiable individual;

POLi Payments System means the payment systems that exists in an online environment which includes the POLi Facebook application, Merco Ltd’s web site (, Merco Ltd’s payment products and Merco Ltd’s back office systems. Poli Payments is a trade mark of SecurePay which is owned by Australia Post;

Type A Information means the types of information described in clause 2.1 of this Privacy Policy;

Type B Information means the types of information described in clause 2.2 of this Privacy Polcy;

“we” “us” and “our” are reference to SecurePay and/or Merco Ltd where the context requires;

Websites means our website at; and

“you” and “your” means a natural person whose personal information we have knowingly collected.

2. What personal information we collect

2.1          Personal information is information that can reasonably be used to identify a specific person. Depending on the purpose for which we collect personal information, personal information we collect or hold may include your name, telephone or mobile phone number, email address, bank account numbers and any other personal information you or a person ostensibly authorised by you submits to us, as well any other information that we consider is necessary (such as information about your opinions) to perform our functions and activities.

2.2          We may also collect your financial information including bank account balances, bank account payment limits, a record of your previous banking transactions and  information about your internet banking sessions. If you do not wish to disclose that information to us, then you should not operate or use our software.

2.3          We may also collect information about how you interact with our payment applications.

3. How we collect personal information

3.1          We collect personal information in a number of ways, including:

(a)            where you provide information directly to us using the POLi Payments System using a computer or other device;

(b)            where we receive personal information from merchants with whom you deal and where you elect to use the POLi Payments System in respect of that merchant;

(c)            where you complete feedback forms online or using a hardcopy form;

(d)            where you interact directly with our employees and such other persons acting for us or on our behalf, such as our customer service team or human resources team;

(e)            from third parties, such as our service providers or identity verification services;

(f)             from related entities in our corporate group;  and

(g)            from publicly available sources of information.

3.2          If you do not wish for your personal information to be collected in a way anticipated by our Privacy Policy, we will use reasonable endeavours to accommodate your request. If we do comply with your request, or you provide us with inaccurate or incorrect information, we may not have sufficient information to conduct our business and we may be limited:

(a)            in our ability to provide our services to our merchants and Facebook users including processing a transaction;

(b)            in our ability to keep you informed of company updates and services information;

(c)            in considering your application for employment with us; and

(d)            in our ability to respond to your inquiry or request.

4. Purpose of collection, use and disclosure

4.1          We collect, use and disclose personal information for the primary purpose of conducting our business, which includes:

(a)            supplying services to our merchants, namely the ability for them to receive payments from you arising from your interaction with the POLi Payments System, whether directly or through our payment collection service;

(b)            supplying services to Facebook users to receive payments or donations from other Facebook users by way of Facebook applications;

(c)            supplying your personal information to financial institutions, and pre-populating fields on the financial institutions’ internet banking systems with certain personal information, arising from your interaction with the POLi Payments System;

(d)            resolve payment disputes and collect funds;

(e)            deliver service and company update notices to our merchants;

(f)             processing refunds;

(g)            collecting feedback forms (online or hardcopy) to improve our services;

(h)            responding to an inquiry or request;

(i)             engaging with contractors or outsources service providers who assist our business operations such as fraud prevention and technology services;

(j)             assessing a person’s application for employment with us;

(k)            identifying any malicious software or activity on your mobile device, computer or other device used;

(l)             improving our software and services;

(m)          compiling and maintaining mailing lists derived from our Websites or our Facebook applications and communicating with persons on those lists;

(n)            where permitted by law, promoting us and our goods and services;

(o)            collecting and disclosing personal information to related bodies corporate in connection with the corporate group’s own internal operations;

(p)            fulfilling obligations to, and cooperating with, government authorities;  and

(q)            where you otherwise provide your consent, whether express or implied.

4.2          To process your payments or to enable you to receive funds, we may share some of your Type A  Information with third parties such as Facebook users, contractors and outsourced service providers, financial service providers, charitable organisations or our merchants. Unless you have agreed, these parties are not allowed to use your personal information for any other purpose except to enable that payment and process refunds of these transactions.

4.3          If a payment fails, or is invalidated at a later stage, we may also provide the intended recipient or a relevant outsourced service provider with details of the unsuccessful payment in order to facilitate a resolution. That party may then provide us with some of your personal information, such as your email address or your mobile number, in order for us to notify you that the payment was unsuccessful or that a resolution has been found.

4.4          We will not use, sell, rent or disclose your personal information for direct marketing purposes. We will not share any of your banking information, such as bank account numbers and internet banking passwords, with a third party unless required by law. We will only disclose your personal information in accordance with this Privacy Policy.


4.5          Type B Information is collected for the purposes of debugging and improving the POLi Payment System. Type B Information is not disclosed to any third parties and is deleted after 14 days.


5. Overseas disclosure

5.1          Due to the nature of our business, Type A  Information collected by us is likely to be disclosed to overseas recipients, being related bodies corporate, outsourced service providers we may engage in connection with our business or merchants to whom we provide our services and with whom you make a transaction.  As at the date this Privacy Policy was most recently updated, personal information is, depending on the recipient, therefore likely to be disclosed to one or more countries such as the countries listed below:

Canada, Malaysia, British Virgin Islands, Gibraltar, Hong Kong, Cyprus, India, Singapore, Philippines, Vanuatu, Germany and the United Kingdom.

5.2          Third party recipients of your personal information may be located in countries with less strict privacy laws than those that exist in New Zealand. However we will take reasonable steps to ensure that those recipients do not breach the NZPPs in relation to your personal information, such as by seeking compliance with the NZPPs in our terms of engagement with those parties. In the event that personal information must be disclosed overseas other than as described above, we will endeavour to obtain consent from you.

5.3          Please contact us if you do not wish for your personal information to be disclosed overseas. If you do not contact us to make this request, and an overseas recipient of your personal information breaches the NZPPs, we will not be accountable under the Act and you will not be able to seek redress under the Act.

6. Storage and security of personal information

6.1          Where we hold your personal information, we will take reasonable steps to ensure that the information is secure and may only be accessed by authorised persons. Where we store your personal information, it is stored on secure servers in Australia and New Zealand that are protected in controlled facilities and have protection measures such as usernames, passwords, data encryption and firewalls.

6.2          Although we take all reasonable measures, we are not responsible for third party circumvention of security measures on our electronic databases or at any such premises. Please note that third party recipients of personal information, such as Facebook, financial institutions, and merchants, have their own privacy policies and we are not responsible for their actions, including their handling of personal information.

6.3          We cannot control the actions of other users with whom you share your information. Further, we cannot guarantee that only authorised persons will access you personal information and we cannot guarantee that information you share with us on our website will not become publicly available.

6.4          To ensure security of your personal information, you should maintain the confidentiality of your internet banking and Facebook passwords in connection with the POLi Payments System. Please notify us immediately at if you believe there has been any unauthorised access to your information or any other breach of security in connection with the POLi Payments System.

6.5          If any personal information that we hold is no longer required for the purpose in which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.

7. Access and correction

7.1          We will use reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.

7.2          You may request access to the personal information we hold about you by contacting our Privacy Officer.  If we determine, having regard to the NZPPs, that it is either not lawful or not required by law to provide you access to the personal information we hold, we will provide you with a written response within a reasonable period of time, setting out our reasons.  If we are otherwise obliged or permitted to give you access to that personal information, we will do so within a reasonable time.  We reserve the right to charge you a fee for giving access.

7.3          Subject to paragraph 7.5, if personal information we hold about you is incorrect, we will, on your request to correct it or where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, take such steps as are reasonable in the circumstances to ensure that the information is corrected.

7.4          If you wish to have your personal information deleted please let us know and we will delete that information wherever practicable and subject to us retaining personal information in order to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations or take other actions as required or permitted by law. If we become aware that your personal information is no longer needed for any of our purposes, we will take reasonable steps to de-identify or destroy it.

7.5          If you request us to correct personal information that we hold about you and we refuse to do so, we will, to the extent reasonable, provide you a written response as to our reasons.  In such cases we will, if so requested by you, take such steps (if any) as are reasonable in the circumstances, attach to the information, in such a manner that will always be read with the information, any statement provided by you of the correction sought.

8. POLi Payments System

8.1          When you interact with our POLi Payments System, we may make a record of your visit and logs for statistical and business purposes and we may collect information including your server address, domain name, IP address, the date and time of visit, the pages accessed and documents downloaded, the previous site visited, the type of browser used, the type of operating system being used, and device identifiers. We may also track some of the actions you take while interacting with our POLi Payments System, such as when you provide information or content to us.

8.2          When you interact with our POLi Payments System, we also interact with your financial institution’s internet banking system by pre-populating fields with information such as  the relevant merchant’s details, identification codes, payment details, description of the transaction and any other personal information required to complete the relevant transaction.

8.3          We use “cookies” (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make our payment services easier to use, to protect you from fraud, to help ensure your account security and to recognise you as a customer. You can remove or block cookies using the settings in your browser, but this will impact your ability to interact with our POLi Payments System.

8.4          Where our POLi Payments System or our Websites contains links to other websites, we do not control those websites, and we are not responsible for the privacy practices of the content of such websites. We do not take responsibility for the content in, or currency of, any externally linked sites. The inclusion of any link on our POLi Payments System does not imply endorsement by us of the linked site, nor does it suggest any relationship with the organisation linked.


9. Questions and complaints

9.1          If you have a question about how we handle personal information, wish to lodge a complaint about our compliance with the NZPPs you may contact our Privacy Officer:


post:     Privacy Officer

11 Westhaven Drive, Auckland 1010 or PO Box 90840, Victoria St, Auckland 1142, New Zealand

phone: +64 9 363 6724

The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. We will aim to resolve all complaints as soon as practicable for us to do so.

9.2          If you are not satisfied with our response, you may take your complaint to the Office of the Privacy Commissioner, whose website is:

10. Changes to this Policy

10.1        We may change this Privacy Policy at any time. If we make changes to this Privacy Policy we will notify you by publication here. The revised version of the Privacy Policy will be effective at the time we post it.


Trademarks, Copyright and Disclaimer

Copyright Notice Merco Ltd, CN 2208567, NZBN 9429032398212.

This web site and its contents are the property of Merco Limited.

Whilst Merco Ltd has sought to ensure that the content of this site is correct and current at the time of publication, it is for general information only and is not to be relied upon as being complete or accurate. Merco Ltd takes no responsibility for any error, omission or defect therein. The content is further subject to change from time to time.

Merco Ltd does not endorse any merchant or bank, their websites, or any goods or services provided by them. These are the responsibility of the relevant merchant and/or bank. Merco Ltd has no control over these. Concerns about these should be directed to the relevant merchant and/or bank.

To the extent that this website contains links or references to third party websites, these are provided for convenience only. Merco Ltd does not endorse the products and/or services of any third party site owner.