Effective date: 31 March 2026

Purpose

This policy explains how and when the Govt.nz app (‘App’) collects personal information, what the Public Service Commission (‘we’, ‘our’, ‘us’) does with it and your rights to see or change it.

More information about the App and digital wallet is available at About the Govt.nz app. You should also read the App’s terms and conditions, available at Terms of use for the Govt.nz app.

Some capitalised words used in this policy are defined in the App’s terms and conditions.

This policy applies only to personal information in connection with your use of the App.

We may change this policy from time to time. We will notify you of changes to the policy by posting them on the App or in any other way we deem appropriate. Changes will be effective immediately upon such notification except if a change materially affects your rights, in which case the change will be effective 30 days after its notification. Continued use of the App after an update becomes effective constitutes your acceptance of the revised policy.

The App respects your privacy and is committed to protecting your personal information. This privacy policy explains how we collect, use, disclose and safeguard your personal information in accordance with the New Zealand Privacy Act 2020.

Information we collect

We only collect your personal information from you and not from anyone else.

Use of App

We may collect the following types of information when you use the App or communicate with us:

• Device and usage data — this includes device type, operating system, browser and screen type, app installs and crash or diagnostic data, and IP addresses.
• Contact information — we may collect personal information through your support interactions with us, such as when you email us or provide feedback.

Use of digital wallet

We do not have access to any personal information stored in your Digital Credentials. Each Digital Credential is issued to you by an Issuing Agency, which you can add to your wallet. The digital wallet does not access or collect any information from your Digital Credential when you add a Digital Credential to the wallet, or when you share information with a third party (‘Requestor’). The wallet does not perform any analytics, profiling, or data processing involving personal information. The wallet simply holds Digital Credentials and allows you to share your chosen information with other people.

The wallet is secured using your device’s biometric authentication methods (such as fingerprint or facial recognition). The App does not collect, store or transmit your biometric data and we have no access to this information when you use your digital wallet. Authentication is managed on your device, and your biometric data remains on your device.

How we use your information

Use of App

We use the information we collect to:

• provide, operate and maintain the App
• communicate with you regarding support requests
• improve the functionality, security and performance of the App
• comply with our legal obligations, including those under the Privacy Act 2020.

Use of digital wallet

The digital wallet does not process or use any Digital Credential information when a Digital Credential is stored in the digital wallet or when you share information with Requestors. The App and digital wallet allow you to directly share only the information you choose with the Requestor. When you share information, the information is not transmitted to us, the Issuing Agency or any person other than the Requestor, and we do not use that information in any way.

Sharing of information

Use of app

We may share your information only:

• to the extent allowed by law and consistent with the limits on disclosure set out in the Privacy Act 2020
• with your consent, such as where you have opted in to third-party integrations or services
• where consent is permitted in accordance with the Privacy Act 2020.

Any personal information collected, such as through our customer support interactions with you, will be used only for the purpose for which it was collected and any directly related purposes. There will be no secondary or unrelated use or disclosure of personal information without your consent or unless required or allowed by law.

Use of digital wallet

When you choose, and provide consent to, share Digital Credential information stored in your digital wallet with a Requestor, that information will be shared solely with the Requestor. The Requestor will also receive information that allows them to verify the Digital Credential is being used on the device to which it was issued. We will not receive or collect that information and nor will the Issuing Agency. We and the Issuing Agency cannot see where or when you use your Digital Credentials.

Once shared, the App does not control how the Requestor uses, stores, processes, discloses or retains your information, all of which is the sole responsibility of the Requestor. You may want to check a Requestor’s privacy practices before sharing your information to make sure you only share information with people you trust.

Retention of information

We retain the personal information we have collected only for as long as necessary to:

• provide the services you have requested
• comply with law (including the Public Records Act 2005)
• resolve disputes, if a dispute is or may occur.

When your personal information is no longer required, it will be securely deleted, anonymised or archived in accordance with our data retention policies.

Your rights

Under the New Zealand Privacy Act 2020, and where applicable, the General Data Protection Regulation (GDPR) or Australian Privacy Principles (APPs), you have the right to:

• request access to the personal information we may hold about you
• request correction of your personal information if it is inaccurate or incomplete
• withdraw consent for optional data collection or sharing at any time
• lodge a complaint with the Office of the Privacy Commissioner (NZ) or another applicable regulator.

To exercise your rights, contact us at commission@publicservice.govt.nz.

Use of digital wallet

We have no access to the personal information in any Digital Credentials you store in your digital wallet or share with Requestors. If you want to request access to or correction of personal information:

• in a Digital Credential, you need to contact the Issuing Agency that issued the credential
• that you have shared with a Requestor, you need to contact the Requestor.

Security

We use reasonable security safeguards, including technical, administrative and organisational measures, to protect your personal information from loss and unauthorised access, use, modification or disclosure and other misuse.

However, no method of transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.

Some service providers, such as for the hosting of the Digital Credential issuance platform, are located outside New Zealand. Where information is transferred internationally, we ensure safeguards are in place consistent with the Privacy Act 2020.

Use of digital wallet

The personal information stored in your Digital Credentials and in the digital wallet is stored entirely on your device. It is not transmitted to us or any other person, and Digital Credentials are not stored in any systems other than on your device.

The information in your Digital Credentials and in the digital wallet is protected by your device’s security measures, including that it may be accessed only by your device’s authentication methods (PIN, fingerprint or facial recognition). The Digital Credential information is encrypted during storage and during sharing with Requestors.

We and the Issuing Agency do not have a copy or backup of your Digital Credentials. If you lose your device, you will need to get new Digital Credentials, just as you would if you lost physical credentials (such as a licence or ID card). Your Digital Credentials can be revoked by the Issuing Agencies, so if you lose your device, you should contact all Issuing Agencies for your Digital Credentials to revoke any Digital Credentials stored on your device so they can’t be used by anyone else.

Contact us

If you have questions, concerns or requests regarding this privacy policy or out privacy practices, contact us at:

The Privacy Officer
Te Kawa Mataaho Public Service Commission
PO Box 329
Wellington 6140

Or send an email to commission@publicservice.govt.nz.