1.1 Your privacy is important to Merco Limited (”Merco” “we”, “us” or “our”) and we are committed to protecting your data in accordance with the Privacy Act 2020 (“Privacy Act”) and the Information Privacy Principals (“IPP”) set out in section 22 of the Privacy Act.
Customer is a reference to a person who uses the POLi Payments System, or any other payment technology provided by Merco;
Merchant means any business entity, sole trader or organisation that has entered into a Merchant Agreement with Merco and/or that offers POLi as a form of payment to its customers;
Merchant Agreement means an agreement between Merco and a Merchant whereby Merco agrees to make the POLi Payments System available to the Merchant to use as a payment system for the Merchant’s customers;
Personal Information means information which may reasonably identify you and is about you.
POLi Payments System (or POLi) means the online debit payment system known as POLi which mediates in the payments process as a supporting system for the transfer of funds from a Customer’s bank account to a Merchant’s bank account.
Websites means our websites at www.polipay.co.nz, www.polipayments.com, www.merco.co.nz and any other website we may have; and
“you” and “your” means any Customer, Merchant or other person who uses our Website, the Poli Payments System, any other services we offer or who gives us Personal Information about themselves, as the case may be.
3. Personal Information we collect
3.1 We may collect Personal Information about Customers, Merchants and other people who use the POLi Payments System or who come into contact with us during the ordinary course of business.
3.2 We may collect the following Personal Information:
(a) your name, title, phone number, email address and other contact information;
(b) in respect of a Merchant, your name, website and address and other contact information;
(c) information that may identify items purchased using the POLi Payments System;
(d) a Customer’s payer bank account number and payer bank account name. In both cases this information is stored in an encrypted format;
(e) a Merchant settlement bank account number and bank account name and proof of the same; and
(f) records of our interactions with you.
3.3 We may also collect statistical information about your visit to our Websites including (but not limited to) IP address, device type, operation system, internet browser, time spent on our Websites, pages visited, links clicked. We use "cookies" on our Websites to monitor your use of the website. “Cookies” are pieces of information that a website stores on a visitor’s computer, which can identify your web browser, but not you. You can disable your web browser from accepting cookies before using our website, however if you do so, some features of our Websites may not fully function.
4. How we collect Personal Information
4.1 We collect Personal Information from Customers, Merchants and non-Merchants in a number of ways, including:
(a) when you use the POLi Payments System using a computer or other device;
(b) where you complete feedback or enquiry forms on our Websites or using a hardcopy form;
(c) where you interact directly with our employees and such other persons acting for us or on our behalf, such as our customer service team;
(d) when a Merchant contacts us to discuss an issue that a Customer has with the POLi Payments System; and
(e) from publicly available sources of information.
4.2 If you are a Merchant, we collect Personal Information from you in a number of ways, including:
(a) when you complete an enquiring via email or a web form on our Website, in both cases this will be captured in our helpdesk system;
(b) when you apply for a POLi account via a web form on our Website, in which case the data will be captured within our CRM system;
(c) where you interact directly with our employees and such other persons acting for us or on our behalf; and
(d) from publicly available sources of information.
5. If we are not able to collect Personal information
(a) in respect of Merchants, process any Merchant applications or enter into a Merchant Agreement with you;
(b) in respect of Customers, provide our services to you through our Merchants including processing a transaction through the POLi Payments System;
(c) keep you informed of company updates and services information; and
(d) respond to your inquiry or request.
6. Purpose of collection, use and disclosure
6.1 We collect, use and disclose Personal Information for the primary purpose of conducting our business, which includes:
(a) entering into a Merchant Agreement;
(b) supplying services to our Merchants, namely the ability for them to receive payments from Customers arising from a Customer’s interaction with the POLi Payments System or any other payment system provided by Merco;
(c) resolving payment disputes and collecting funds;
(d) delivering service and company update notices to our Merchants;
(e) processing refunds;
(f) collecting feedback forms (online or hardcopy) to improve our services;
(g) responding to an inquiry or request from you;
(h) engaging with contractors or outsourced service providers who assist our business operations such as fraud prevention and technology services;
(i) improving our software and services;
(j) compiling and maintaining mailing lists derived from our Websites and communicating with persons on those lists;
(k) where permitted by law, promoting us and our services;
(l) fulfilling obligations to, and cooperating with, government authorities; and
(m) where you otherwise provide your consent, whether express or implied.
7. Sharing your Personal Information
7.1 We may share some Customers’ Personal Information with Merchants and with other third parties who assist us. Your information will be provided to third parties only in connection with the services we provide to you, or with your consent, as set out below.
7.2 We will not disclose Personal Information to third parties except where disclosure is:
(a) authorised by you;
(b) necessary for our business functions to provide you with services or to fulfil requests you make to us;
(d) required by law, including to law enforcement authorities, the courts, government agencies, regulatory authorities or third parties, both in New Zealand and overseas, where we are required to or we believe the disclosure will assist us to comply with any law or legal rules or will assist in the investigation, detection and/or prevention of fraud, money laundering or other criminal offences;
(e) permitted under the Privacy Act;
(f) to anyone when it will be used in a way that cannot identify you.
7.3 We will take reasonable steps to ensure that any Personal Information we share is accurate, up to date, complete, relevant and not misleading.
7.4 We will not share any of your banking information, such as bank account names and bank account numbers with any third party (except our Merchants, as necessary for the provision of services to you) unless required by law.
7.5 If we disclose your Personal Information to third parties, we will take reasonable steps to ensure third party recipients of Personal Information protect your Personal Information, such as requiring our Merchants to enter into confidentiality agreements.
8. Overseas disclosure
8.1 Some of our Merchants are based overseas and we may need to disclose Personal Information to those overseas Merchants, for example if we need to discuss the details of a failed or disputed payment with the Merchant.
8.2 If we do need to transfer or share your Personal Information with an overseas-based Merchant, we will only do so if we are comfortable that the overseas entity is subject to the Privacy Act and/or will protect that information in a way that is comparable to the Privacy Act. In the event that we may need to transfer or share your Personal Information to an overseas entity who does not have equivalent or comparable privacy law protections in place, we will advise you and seek your express consent to provide your Personal Information to that entity, prior to sharing this information.
9. Storage and security of Personal Information
9.1 Where we hold your Personal Information, we will take reasonable steps to ensure that the information is secure and may only be accessed by authorised persons. Where we store your Personal Information, it is stored on secure servers in Australia and New Zealand that are protected in controlled facilities and have protection measures such as usernames, passwords, data encryption and firewalls.
9.2 If any Personal Information that we hold is no longer required for the purpose in which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.
10. Access and correction to Personal Information
10.1 We will take reasonable steps to ensure the Personal Information we collect, hold and disclose is complete, up to date and accurate, relevant and not misleading so far as it is practicable for us to do so.
10.2 Under the Privacy Act you have the right to request Personal Information that we hold about you and request that we correct the Personal Information we hold if you believe it is wrong. You may request access to and correction of the Personal Information we hold about you by contacting our Privacy Officer. We reserve the right to charge you a reasonable fee for providing you with Personal Information.
11. Questions and complaints
PO Box 90840
11.2 The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. We will aim to resolve all complaints as soon as practicable for us to do so.
11.3 If you are not satisfied with our response, you may take your complaint to the Office of the Privacy Commissioner, whose website is: www.privacy.org.nz.
12. Changes to this Policy