Privacy statement - how we manage personal information

 

Police collect personal information directly and indirectly from a range of sources to fulfil its responsibilities under the Policing Act:

• keeping the peace
• maintaining public safety
• law enforcement
• crime prevention
• community support and reassurance
• national security
• participation in policing activities outside New Zealand
• emergency management.

The collection of relevant personal information is necessary to:

• investigate behaviour or actions that may amount to offending
• evaluate your suitability to own a firearm
• evaluate your suitability to work for New Zealand Police
• consider your suitability for a safety-sensitive role in the community
• respond to family harm and mental health call outs
• respond to traffic events and conduct driving impairment tests
• support the victim of a crime or interview a witness
• enable the location of a caller in response to an emergency call.

Police have a statutory role under the Family Violence Act 2018 to stop and prevent family violence. If you are involved in an episode of family violence, Police collect relevant information about you and your circumstances to help:

• with a family violence risk or needs assessment
• with a decision or plan that is related to family violence
• ensure that a victim is protected from family violence.

 

 

Police collect information from many sources and in various ways. Sometimes Police use legal powers to require individuals to provide information, sometimes we ask individuals to voluntarily provide information, and sometimes people contact Police by calling 111 (emergency), 105 (non-emergency) or *555 (driving incidents) to provide information so Police can respond to a situation.

Collecting directly from individuals

Police are often a first responder to events and collect personal information directly from individuals, for example, at the scene of a domestic incident, crime scene, or vehicle crash.

Police also collect information directly from individuals when they fill out forms such as applying for a firearms licence.

Collecting indirectly from other sources

Sometimes Police obtain information about you from other people or sources in the course of fulfilling its responsibilities under the Policing Act.

For example, Police sometimes collect information about individuals from family members, employers or from other associates. This can occur when Police has your consent to talk to your referees and others as part of the firearms licencing process to check you can be trusted to use firearms responsibly.

See 'Disclosing and sharing personal information' section below for further details about Police information sharing with other government and non-government agencies.

Our obligations to notify you

The Privacy Act 2020 (IPP3A) requires Police to take reasonable steps to notify people when it collects their personal information indirectly. This law change applies from 1 May 2026.

There are some situations in which the law allows Police not to notify you.

Given Police’s law enforcement role, telling people what information has been collected about them, who it was collected from, and why Police has collected it, may compromise our ability to maintain the law; ensure public safety; and prevent, investigate, and resolve offences.

Police may rely on one or more of the following grounds to not provide notification to people when Police collect information about them indirectly.

The person is already aware
Police will not notify a person if it has a reasonable basis to believe the person is already aware of information being collected about them from other organisations or sources. Some of our work relies on obtaining consent from people before proceeding to collect personal information about them - for example, as part of a person applying for a firearms licence. In those situations, Police have good reason to believe that the person is aware of what sort of information will be collected about them and why, and the range of people or organisations Police may contact to obtain information.

Notification would undermine the purpose of collection
Police will not notify a person if telling them would prejudice an investigation, risk assessment, or operational activity. This is a key protection so Police can carry out its law‑enforcement functions without compromising those activities.

It is not reasonably practicable to notify
Police will not provide notification when a person cannot be identified or located, because Police does not hold current contact details for that person.

The information is publicly available
Police are not required to tell people it has obtained information about indirectly if that information is already publicly available (e.g., open social media posts).

National security or international relations risks
Police’s functions include cooperation with overseas law enforcement jurisdictions. Police will not notify people about information it collects indirectly if doing so may affect New Zealand’s security, defence, or international relationships.

Serious threat to health or safety
Police can choose not to notify if doing so could create or heighten a serious health or safety threat to any person, or to the public at large.

It would not prejudice their interests
Police will not notify a person if the collection of information will not affect their interests.

Open-source information

Open-source information includes social media, online discussions on bulletin boards and chat rooms, websites that are open to the public, and publicly available data bases and directories. Police sometimes collect ‘open-source’ information to support its intelligence-gathering functions.

Collecting information using statutory powers

Police can apply for production orders under the Search and Surveillance Act 2012 to demand information relevant to a Police investigation or operation. An agency that has been served with a production order must comply with the order. These orders override the Privacy Act.

Sometimes Police need to obtain information covertly. Surveillance Device Warrants (issued under the Search and Surveillance Act) enable Police to use interception devices, visual surveillance devices and tracking devices to collect evidential material relevant to a criminal investigation.

Police can exercise other powers under that Act to undertake warrantless search or surveillance activities.

Automatic Number Plate Recognition (ANPR)

Police make use of ANPR technology to read motor vehicle number plate information and compare it against recorded vehicles of interest. Police can make a request for information to a business or organisation that operates ANPR technology. These requests for information are covered by the Privacy Act. A business or organisation is entitled to disclose that information where it is necessary to “avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences”.

Crime Prevention Cameras (CCTV)

Crime prevention cameras in public areas are used to prevent and detect criminal offences in identified high crime areas. They are not used to maintain surveillance on individuals or groups. Read Police’s policy on the use of CCTV in public places.

Police use CCTV within stations and premises to detect, deter, and prevent criminal or offensive behaviour, and to monitor the safety and security of our staff, detainees and visitors. Information collected may be used as evidence or as part of completing incident investigations.

Emergency Caller Location Information (ECLI) and Device Location Information (DLI)

When you call 111 from a mobile device, the call-taker (Police, local ambulance services and Fire and Emergency New Zealand [FENZ]) automatically gets information about your location to support a timelier response to an emergency incident. This is Emergency Caller Location Information (ECLI). Police only hold ECLI for the purpose of responding to emergency calls.

When a person has not themselves called 111 but there are dire fears for their health or safety, emergency services can locate their mobile device, subject to rigorous safeguards and controls. This is Device Location Information (DLI).

The Privacy Commissioner has authorised the use of Emergency Location Information via Schedule 4 of the Telecommunications Information Privacy Code.

 

 

Police use personal information and intelligence to fulfil its core functions and responsibilities such as:

Law enforcement

These instances may include:

• As a victim or witness of crime, presenting your evidence to Court.
• As an offender, providing details and evidence about you to Court.

See Family harm under the 'Disclosing and sharing personal information' section below for details about Police information use and sharing involving family violence.

Community policing and youth offending

Police officers work in communities with whānau and young people to help keep children and young people out of the criminal justice system whenever possible.

Police partners with iwi Māori providers to address underlying factors behind youth offending. Panels of trained kaumātua and facilitators lead a restorative whānau-centred process to hold youth offenders to account and address harm.

AWHI is a tikanga‐based voluntary referral for awhi – for help. With the consent of the individual, Police connect people needing help to wellbeing service providers in their community. Further information about AWHI can be found on this website.

Organised crime and national security

Detectives and technical specialists work to target New Zealand’s most serious criminals to disrupt, deter and combat organised criminal networks. Police specialists target illicit money flows leading to the restraint and forfeiture of criminal assets under anti-money laundering legislation.

Research

Police may use your personal information to carry out activities that improve our services, including:

• training staff
• research
• informing changes to the way we work.

 

 

Police disclose information to organisations in other sectors including justice, social, health, child protection, and land transport to enable Police and partner agencies to carry out their work. Police also participate in international sharing arrangements with counterpart agencies overseas.

Police may share personal information with another government agency for the investigation of offences and sometimes with non-government agencies where there is a serious threat to health or safety to you, your family, or for the wider community.

Police will only share or disclose information about you where that is permitted or required by law.

These instances may include:

• as a victim or witness of crime, presenting your evidence to Court
•  as an offender, providing details and evidence about you to Court
• as someone involved in a crime or crash, sharing information with Victim Support services
• providing a vetting response to a company, business, or organisation considering employing you.

Approved Information Sharing Agreements (AISAs)

Police is a party to four AISAs that each authorise the voluntary sharing of personal information for the following specific purposes:

• to identify and protect vulnerable children from harm and promote the wellbeing of vulnerable children and their families. See Vulnerable Children’s AISA (PDF 5.4MB)
• to prevent, detect, investigate or provide evidence of a serious crime that there are reasonable grounds to suspect has been committed, is being committed, or will be committed. See Serious Crime AISA
• to enable a cross-agency approach to preventing or reducing harm to individuals, families, communities, or society generally that is caused by, or contributed to by, the activities of gangs. See GHIC AISA
• to improve the accuracy of the information held by Police relating to the names, deaths, and non-disclosure directions of individuals. See AISA between Police and DIA

Memorandums of Understanding (MoUs)

Police is a party to many MoUs with both government and non-government agencies. These are not legally binding but serve to formalise the relationship between the parties and detail the conditions under which any exchange of information will occur. These MOUs outline how information is lawfully collected, exchanged and used, ensuring it is safeguarded against unauthorised or accidental access or loss. Police will only collect, share, or disclose information about you under these MoUs where that is permitted or required by law.

Police have MOUs with various sectors including:

• Emergency Management (for example, FENZ, Water Safety New Zealand)
• Health and Social sector (for example, Housing New Zealand - Kainga Ora, Ministry for Children - Oranga Tamariki)
• Community Prevention initiatives (for example, Federated Farmers of New Zealand, Neighbourhood Support NZ, Retail New Zealand)
• Justice and Law Enforcement (for example, Parole Board, Department of Corrections)
• Organised and Financial Crime (for example, Financial Markets Authority, Serious Fraud Office)
• Road Policing (for example, Insurance Council, New Zealand Transport Agency - Waka Kotahi).

Family harm

If you are involved in an episode of family violence, the Family Violence Act (FVA) enables Police to use and disclose relevant information about you and your circumstances to:

• help with a family violence risk or needs assessment
• help with a decision or plan that is related to family violence
• help to ensure that a victim is protected from family violence.

Under the FVA, Police may use and share personal information about a victim or perpetrator of family violence to assess relevant risks and needs, and to help support individuals and protect victims.

Personal information may only be shared under the FVA with certain government agencies and specialist family violence organisations. These could include the Department of Corrections, Health New Zealand – Te Whatu Ora, ACC, Oranga Tamariki and Women's Refuge or Iwi providers.

Information may be disclosed through the Family Safety System, a secure, accredited, platform that facilitates multi agency information sharing, for the purpose of coordinated risk assessment and safety planning, following reports of family violence.

National Security and International

Police work in partnership with national security agencies to identify national security risks and prevent national security incidents from occurring. Police also provide mutual law enforcement assistance through its membership of Interpol and cooperation with Europol.

Find out more about international information sharing agency-to-agency agreements and directions.

 

 

Police maintain secure physical and electronic environments to protect your personal information and records from unauthorised or accidental access, or disclosure, alteration, loss, or destruction. Police have a centralised Security and Privacy Incident Register (SPIR) to log incidents where security or privacy may be compromised.

When a new technology or significant process change is being considered that affects how we manage personal information, Police routinely consult with the Privacy Commissioner. We also undertake risk assessments to ensure that privacy, security, and ethical implications are carefully weighed before such technologies or process changes are trialled or introduced. This can include, privacy impact assessments, policy risk assessments, security risk assessments, and indirectly certification and accreditation.

 

 

Police are required under the Public Records Act 2005 to retain certain types of information for prescribed minimum periods of time, in accordance with a ‘disposal schedule’ issued by the Chief Archivist.

Police may need to retain your information for longer periods where we have an ongoing need and legitimate reason to do so. At times this may require Police to keep your personal information throughout your lifetime or longer.

 

 

Police have a small number of AI tools approved for use and are exploring opportunities for how they can enhance our service.

For any AI tool that we use, staff are responsible for ensuring that responses produced by AI are reviewed carefully for accuracy and appropriateness before any information is used for decision making. A decision is never made about you by an AI tool – a human is always involved.

 

 

You have the right to request access to, and correction of, the personal information we hold about you.  We will require proof of your identity before we provide you with a copy of your information. We will usually allow you to have access to the information in the way that you prefer but this is not always possible – we will discuss the options with you. If you are defending criminal charges in Court, your request will be managed according to provisions of the Criminal Disclosure Act 2008.

You can request information online or download a form to make the request.

We will respond to your request within 20 working days of receiving it and contact you if we need more time to action your request. If we refuse your request, we will tell you in writing the reason(s) for refusal and the steps you can take if you disagree with our decision.

If you think information we hold about you is incorrect you can ask us to correct any errors or omissions. You can use the same form you used to request access to your information to seek correction of your information. If we decline to correct the information, we will tell you why and inform you of your right to seek to have a suitable statement attached to the relevant record.

If Police decline to attach a statement of correction to the information, we will write to you to tell you why we have not done so and will inform you of your right to complain to the Privacy Commissioner.

 

 

We are committed to responding to you and working with you to resolve any concerns you have about our handling of your personal information.

If you have questions or concerns about this Privacy Statement or our privacy practices, you can lodge a complaint online by filling out our form.

If you are not satisfied with our response to your concerns, you can contact the Privacy Commissioner at:

Office of the Privacy Commissioner 
Address: PO Box 10 094, Wellington 6143
Phone: 0800 803 909