Debt Collection & Credit Management | FeeSynergy for Accountants
Based in Christchurch; servicing New Zealand wide

Privacy Policy

UnderControl Credit Management Limited ("we", "our", "us") complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person). This policy sets out how we collect, use, disclose and protect your personal information.
This policy does not limit or exclude your rights under the Act. If you wish to seek further information on the Act, you can contact our Privacy Officer by email at admin@undercontrol.co.nz or visit www.privacy.org.nz for further information.

Who We are

We are a credit management and debt collection agency based in Christchurch, New Zealand. We act on behalf of creditor clients to recover debts owed to them by third parties, and we provide a range of credit management services to professional services firms across New Zealand.
 
Legal Name: UnderControl Credit Management Limited
Trading Name: UnderControl Credit Management
Address: C/- Baker Tilly Staples Rodway Christchurch, Level 2, 329 Durham Street North, Christchurch, 8013
Phone: 03 338 5754
Privacy Officer: Contact via admin@undercontrolcredit.co.nz

What is personal Information?

Personal information means information about an identifiable individual. This includes information relating to living individuals and, in some cases, deceased individuals where maintained by relevant authorities.
Under Information Privacy Principle 1 (as updated by the Privacy Act 2020), we collect only the personal information that is necessary for our functions — we do not collect identifying information unless we genuinely need it. This principle of data minimisation is central to how we operate.

Personal Information We Collect

The personal information we collect depends on your relationship with us. We collect only what is necessary for the relevant purpose.

If you make an enquiry via our website or contact us directly:

  • Name
  • Phone number
  • Email address
  • Details of your enquiry
  • IP address, browser type, and access times (collected automatically)

If you are a client (creditor) engaging our services:

  • Business name and contact details
  • NZBN and other business identifiers
  • Details of debts owed to you by third parties
  • Copies of invoices, contracts, and supporting documentation
  • Information about your debtors (as described below)

If you are a debtor whose account has been referred to us:

  • Full name and any known aliases or trading names
  • Contact details (residential and postal addresses, phone numbers, email addresses)
  • Date of birth and driver's licence number (for identity verification purposes only, and only when supplied)
  • Employment details and income information (where relevant to payment capacity)
  • Bank account details (for payment arrangements, when supplied by you)
  • Details of the debt including amount owed, date incurred, account history, and supporting documentation
  • Information about your financial circumstances (to assess repayment capacity and negotiate payment arrangements)
  • Records of all communications and negotiations
  • Credit information and credit history (where applicable)

How we collect information:

We collect personal information directly from you, from our clients (creditors), from debtors, from credit reporting agencies, from publicly available sources (such as public registers and directories), and from third parties you authorise us to contact.
Where we collect your personal information from someone other than you, we will take reasonable steps to notify you that we have done so, the purpose of the collection, the intended recipients, and your right to access and correct that information, unless an exception applies under the Act (Information Privacy Principle 3A).
Where we collect personal information from or about children or young people, we take particular care to ensure that the manner of collection is fair in the circumstances, consistent with Information Privacy Principle 4.

Why We Collect and Use Personal Information

General purposes:

  • To respond to enquiries about our services
  • To communicate with clients and debtors
  • To manage our business relationships and contractual obligations
  • To comply with legal and regulatory requirements

Debt collection purposes:

  • To recover debts on behalf of our clients
  • To verify the identity of debtors
  • To contact debtors regarding outstanding debts through various channels
  • To negotiate and manage payment arrangements
  • To assess debtors' financial capacity and ability to repay
  • To commence legal proceedings where necessary
  • To report credit defaults to credit reporting agencies (where legally permitted)
  • To trace debtors who cannot be contacted at known addresses
  • To protect against fraud and manage business risks

Marketing purposes:

  • To send information about our services to potential business clients who have opted in to receive such communications
We will not use your information for purposes unrelated to those stated above without your consent, except where required or authorised by law.
We do not use your IRD number, driver's licence number, passport number, or other government-issued identifiers as our own identifier or account number for you. However, we may request these identifiers to verify your identity.

How We Store and Protect Your Information

Your personal information is stored securely in our Customer Relationship Management (CRM) system and other secure electronic databases, as well as in physical files where necessary. We take reasonable steps to protect your information from misuse, loss, unauthorised access, modification, and disclosure, including:
  • Restricting access to authorised personnel only
  • Password-protected systems and secure multi-factor authentication
  • Encryption of sensitive data during transmission and storage
  • Secure physical storage facilities with controlled access
  • Regular security reviews and system updates
  • Staff training on privacy obligations and information security
  • Secure disposal procedures for information no longer required
While we take all reasonable steps to protect your information, no transmission over the internet or electronic storage method is completely secure. We cannot guarantee absolute security.

How Long We Keep Personal Information

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy and to comply with our legal obligations. We take reasonable steps to destroy or de-identify personal information once it is no longer required.
  • Enquiry information: Retained for as long as necessary to respond to enquiries and manage client relationships
  • Debt collection records: Retained for a minimum of 7 years after the debt is resolved or the file is closed
  • Payment and financial records: Retained for 7 years in accordance with tax and financial reporting requirements
We may retain information for longer periods where required by law, for ongoing legal proceedings, or for other legitimate business purposes.

Sharing and Disclosing Your Personal Information

We will not sell, rent, or trade your personal information. We may share your information in the following circumstances.

With our clients (creditors):

We share information about debt recovery progress, payment arrangements, and debtor contact with the clients who engage our services.

With credit reporting agencies:

We may disclose certain credit-related information to credit reporting agencies in accordance with the Credit Reporting Privacy Code 2004. This includes reporting credit defaults where debts meet the required criteria.
We currently disclose information to the following credit reporting agencies:
 
Agency: Centrix Group Limited

Contact: +64 9 969 9706 | admin@centrix.co.nz
Agency: Illion New Zealand Limited
Contact: 0800 269 254 | pac.nz@illion.co.nz
Website: www.illion.co.nz
Agency: Equifax NZ
Contact: 0800 692 733 | publicaccess.nz@equifax.com
For more information about how these agencies manage credit information, contact them directly to request a copy of their privacy policy.

With service providers:

We may share information with trusted third-party service providers who assist us in delivering our services, including:
  • CRM and IT service providers
  • Legal advisers and barristers
  • Process servers and field agents
  • Document storage and management providers
  • Tracing and investigation services
  • Mailing and communication service providers
These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

Legal and regulatory disclosures:

We may disclose information where required or permitted by law, including to courts, tribunals (including the Disputes Tribunal), law enforcement agencies, government agencies and regulators (including Inland Revenue), legal representatives, and insurers.

Other disclosures:

  • To any entity that acquires or expresses interest in acquiring our business or assets
  • To third parties with your consent
  • To persons authorised by you or by law

Sending Your Information Overseas

The Privacy Act 2020 introduced Information Privacy Principle 12, which governs how personal information may be disclosed to organisations or individuals outside New Zealand.
We may disclose personal information to overseas entities in limited circumstances, such as when our service providers operate overseas or when it is necessary to facilitate debt recovery involving a debtor who has relocated overseas.
We will only disclose personal information overseas where:
  • The overseas entity is subject to the Privacy Act because they carry on business in New Zealand; or
  • The overseas entity is subject to privacy laws that provide comparable safeguards to the Privacy Act 2020; or
  • The overseas entity is contractually required to comply with privacy standards equivalent to New Zealand law (for example, through model contract clauses); or
  • You have been expressly informed that your information may not receive the same protection as provided under the New Zealand Privacy Act and you have expressly authorised the disclosure.
Currently, some of our data may be stored or processed through service providers with servers located in Australia. We ensure that appropriate security and information handling arrangements are in place and that the information remains subject to confidentiality obligations.
Where we use overseas cloud-based service providers to store or process information on our behalf as our agent, this is not treated as a disclosure under the Act. We remain responsible for ensuring those providers handle your information in accordance with the Privacy Act 2020.

Credit Reporting

For debts that meet the criteria under the Credit Reporting Privacy Code 2004, we may report default information to credit reporting agencies. This may affect your credit rating and your ability to obtain credit in the future.

Before Reporting a default, we will:

  • Ensure the debt meets the minimum threshold (currently $100 for individuals)
  • Verify that the debt is not statute-barred or subject to a reasonable dispute
  • Provide you with written notice of our intention to list the default
  • Give you a reasonable opportunity (typically 5 working days) to resolve the debt or dispute the default
  • Ensure all regulatory requirements are met

Your rights regarding credit reporting:

You have rights under the Credit Reporting Privacy Code 2004, including the right to request a copy of your credit report from credit reporting agencies, request correction of inaccurate information, add explanatory statements to your credit file, and complain about breaches of the Code. If you believe a default has been incorrectly listed, please contact us immediately or contact the relevant credit reporting agency directly.

Sensitive Information

In certain circumstances we may collect sensitive information such as information about your health, ethnicity, or other personal circumstances. We only collect and use sensitive information:
  • With your explicit consent; or
  • Where we are legally required or authorised to do so; or
  • Where necessary to assess your financial circumstances or payment capacity
We take extra care to protect sensitive information and restrict access to those who genuinely need it for the purposes stated.

Information About Other People

If you provide us with personal information about another person (for example, a co-debtor, guarantor, or referee), you confirm that:
  • You have the authority to provide that information to us
  • You have informed that person that you have provided their information to us
  • You have advised them of the contents of this Privacy Policy and their rights to access and correct their information

Your Rights: Access and Correction

Under the Privacy Act 2020, you have the right to access personal information we hold about you and to request correction of any errors or outdated information. You may also request deletion of your information (subject to legal and contractual retention obligations) and information about how we use and disclose your personal information.

How to make a request:

Contact our Privacy Officer at admin@undercontrolcredit.co.nz with your full name and contact details, the details of the information you are requesting or wish to correct, and proof of identity (we may need to verify your identity before providing access).

Response timeframe:

We will respond to your request as soon as reasonably practicable and in any case within 20 working days of receiving your request. If your request is urgent, please specify this and explain why, and we will prioritise accordingly.

Fees:

There is no fee for requesting correction or deletion of your information. For access requests, a reasonable fee may be charged to cover the costs of retrieving, collating, and providing the information. We will advise you of any applicable fee before proceeding.

Circumstances where we may decline a request:

We may decline to provide access in certain circumstances permitted by law, including where providing access would involve unwarranted disclosure of another person's information, would breach legal professional privilege, or is otherwise required or authorised by law. If we decline your request, we will explain the reasons for our refusal.

Access directions:

If we refuse or fail to provide access to your personal information without a proper basis, the Privacy Commissioner may issue us with a binding access direction requiring us to release that information to you under the Privacy Act 2020. Access directions may be appealed to the Human Rights Review Tribunal.

Notifiable Privacy Breaches

A privacy breach is where there has been unauthorised or accidental access to, disclosure, alteration, loss, or destruction of personal information, or where we are prevented from accessing information on a temporary or permanent basis.
The Privacy Act 2020 requires us to notify the Office of the Privacy Commissioner and affected individuals of any privacy breach that we reasonably believe has caused, or is likely to cause, serious harm. It is a criminal offence under the Act to fail to notify the Privacy Commissioner of a notifiable privacy breach, with a fine of up to $10,000.
The Privacy Commissioner provides an online notification tool (NotifyUs) at www.privacy.org.nz for lodging breach notifications.
In the event of a notifiable privacy breach, we will:
  • Seek to quickly identify and secure the breach to prevent further breaches and reduce harm
  • Assess the nature and severity of the breach, including the type of information involved and the risk of harm
  • Advise and involve the appropriate authorities where criminal activity is suspected
  • Notify you as soon as practicable after becoming aware of the breach, including details about the breach and the information affected
  • Explain the steps we are taking to mitigate harm and advise you on any actions you should take to protect yourself
  • Notify the Privacy Commissioner and affected individuals as required under Part 6, Subpart 1 of the Privacy Act 2020 (sections 114 and 115)

Privacy Queries and Complaints

If you have a complaint about how we have handled your personal information or believe we have breached the Privacy Act 2020, please contact our Privacy Officer:
 
Privacy Officer — UnderControl Credit Management Limited
Phone: 03 338 5754
Post: C/- Baker Tilly Staples Rodway Christchurch, Level 2, 329 Durham Street North, Christchurch, 8013
 
We will acknowledge your complaint within 2 working days of receipt. We will let you know if we need any further information to investigate your complaint. We aim to resolve complaints as quickly as possible and will strive to respond substantively within 5 working days, though some complaints take longer. If your complaint is taking longer, we will keep you informed of progress.

If you are not satisfied with our response:

You have the right to lodge a complaint with the Office of the Privacy Commissioner:
 
Office of the Privacy Commissioner
Phone: 0800 803 909
Post: PO Box 10094, The Terrace, Wellington 6143

Email Marketing and Opting Out

We may use your email address to send marketing communications about our services to potential business clients. You can opt out of receiving marketing emails at any time by clicking the unsubscribe link included in all marketing emails or by contacting us directly at admin@undercontrolcredit.co.nz.
We do not send marketing communications to debtors. Communications with debtors are limited to those necessary for debt collection purposes.

Website Use, Cookies, and Tracking

Our website uses cookies to improve your user experience and to help us analyse how visitors use our site. Cookies are small text files placed on your device when you visit a website.
The cookies our website sends to your device cannot read your hard drive, obtain any information from your browser, or command your device to perform any action.

Types of cookies we use:

  • Strictly Necessary Cookies: Essential for the website to function. They enable basic functions like page navigation and access to secure areas.
  • Functional Cookies: Enable the website to remember choices you make (such as language preferences) and provide enhanced features.
  • Performance / Analytics Cookies: Help us understand how visitors interact with the website by collecting information anonymously. We may use Google Analytics for this purpose.

Managing cookies:

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Disabling cookies may affect your ability to use certain features of our website. For more information, visit www.allaboutcookies.org.

Google Analytics:

We use Google Analytics to understand how visitors use our website. Google Analytics collects only the IP address assigned to you on the date you visit the site, not your name or other identifying information. You can opt out of Google Analytics by downloading the opt-out browser add-on at https://tools.google.com/dlpage/gaoptout. For more information about how Google uses data, visit www.google.com/policies/privacy/partners.

Third Party Websites

Through our website you may be able to link to other websites that are not under our control. We are not responsible for the privacy or security practices of those websites and they are not covered by this Privacy Policy. Third-party websites should have their own privacy policies, and we encourage you to read them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. The latest version will always be available on our website at undercontrolcredit.co.nz/privacy-policy.
If the changes are significant, we may advise you directly or post a prominent notice on our website. We encourage you to review this Privacy Policy periodically.

Consent and Acceptance

By using our website, providing us with your personal information, or engaging our services, you acknowledge that you have read and understood this Privacy Policy, you consent to the collection, use, and disclosure of your personal information as described herein, and you understand your rights under the Privacy Act 2020.
If you do not agree with this Privacy Policy, please do not use our website or contact us through our digital platforms. You are welcome to contact us by phone on 03 338 5754.

Further Information

For more information about privacy in New Zealand:
Last updated April 2026