Skip to content
Let's chat

Privacy policy

At Luminate Financial Group Limited, we understand that protecting your personal information matters. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our website, interact with us, or use our services.

In this Privacy Policy:

  • we, us, our means Luminate Financial Group Limited and related entities where relevant
  • you, your means anyone who visits our website, contacts us, uses our services, or provides personal information to us

This Privacy Policy applies whenever you:

  • visit our website
  • use our digital tools or online forms
  • contact us by phone, email, social media, or other digital channels
  • enquire about or use our products and services

This includes when cookies and website tracking tools begin collecting information as you browse our website.

We collect, use, and manage personal information in line with the Privacy Act 2020 and its amendments. 

Collection of personal information

Personal information means information about an identifiable individual.

We only collect personal information that is reasonably necessary for our business and service delivery.

We may collect information directly from you when you:

  • speak with us by phone or video call
  • complete a website form
  • send us an email
  • interact through social media
  • participate in a promotion, campaign, or event

The types of information we may collect include:

  • name
  • date of birth
  • contact details
  • details of your enquiry
  • financial and lending information
  • product or service information
  • preferences you share with us
  • identification and identity verification (e.g., your Driver’s Licence or Passport)
  • biometric information, such as digital facial recognition data, where used to verify your identity against your identification documents.

If it is not obvious that we are collecting personal information, we will aim to make this clear.

Sensitive Information:
We treat biometric data and government-issued identification as highly sensitive information. We only collect and process this information to meet our identity verification and Anti-Money Laundering  obligations. We do not use this data for marketing or any purpose other than verification.

Information collected from other sources

Sometimes we may collect personal information about you from other sources where lawful and appropriate.

This may include:

  • publicly available information
  • your accountant, solicitor, adviser, or authorised representative
  • lenders, insurers, service providers,
  • employers or business partners

Where we collect personal information indirectly, we will take reasonable steps to let you know as soon as practical unless an exception under the Privacy Act applies.

This includes telling you:

  • that we have collected your information
  • what information has been collected
  • why we collected it
  • who it may be shared with
  • where it came from
  • your right to access and correct it

We only collect, use, or exchange personal information where reasonably necessary to provide services, meet legal obligations, or support related business processes.

Third-party information exchange schedule

Third party Information exchanged Purpose
Equifax, Centrix and APLYiD → Personal details including full name, date of birth, and address
← Credit report, repayment history, liabilities, creditworthiness indicators, and adverse credit events, verify identification and provided details.		 Conduct credit checks, verify identity, anti-money laundering (AML) checks and address verification, and assess credit applications.
Major banks and lenders including but not limited to: ANZ, ASB, BNZ, Westpac, Kiwibank and selected non-bank lenders → Application details, financial information, loan purpose, supporting documents
← Lending decisions, account history, financial records relevant to the application		 Assess lending options, submit applications, and manage lending processes.
CoreLogic, Valocity and Relab → Property details, valuation requests, limited borrower details
← Property records, ownership data, valuation information, comparable sales, market insights		 Support property assessment, valuation, ownership checks, and fraud prevention.
Tower Insurance and Initio → Personal identification details, employment and financial information, insurance application details
← Underwriting decisions, exclusions, premium terms		 Arrange and assess insurance options.
Financial Services Complaints Limited (FSCL) → Complaint details and relevant client information
← Complaint outcomes or determinations		 Resolve complaints and disputes.

Financial Markets Authority (FMA) and Department of Internal Affairs (DIA)

 → Regulatory notifications, reports, and relevant personal information
← Regulatory guidance, correspondence, or outcomes		 Meet legal and regulatory obligations.
Strategi Limited → Limited personal information where relevant to compliance review
← Compliance advice, reports, and recommendations		 Support compliance assurance and monitoring.

Investor trustee / supervisor - Steve Bignell, Chartered Accountant, Strettons, Chartered Accountants

 → Investor identification details, investment records, application details, compliance information
← Oversight requirements, reporting obligations, trustee instructions where applicable		 Meet trustee oversight obligations and support investment compliance requirements.

Duncan Cotterill (Lawyers) and Rubiix Accountants Limited

 → Limited personal information where relevant to legal or accounting review
← Compliance advice, reports, and recommendations		   Support compliance. legal and accounting services.


This schedule reflects common third parties we work with. Depending on the service you use, other relevant providers may also be involved where necessary.

Cookies and website information

When you visit our website, we use cookies and similar tracking tools to understand how people use our site and improve performance.

This may include:

  • pages viewed
  • time spent on pages
  • IP address
  • browser type
  • device information
  • general location data
  • form activity

Cookies may begin operating as soon as you visit our website.

You can manage cookie settings through your browser.

How we use personal information

We may use your personal information to:

  • assess whether our products or services are suitable for you
  • respond to enquiries
  • provide advice or services
  • manage applications
  • communicate with you
  • meet legal and regulatory obligations
  • improve our website, products and services
  • provide updates about products or services that may be relevant to you

You can opt out of marketing communications at any time.

Storage and protection of personal information

We take reasonable steps to protect your information from misuse, loss, unauthorised access, modification, or disclosure.

This includes:

  • controlled access to systems
  • staff privacy and security training
  • physical office security
  • monitored systems and security controls
  • secure cloud storage

We use trusted cloud and software providers, including systems that may store information in New Zealand, Australia, or other approved locations.

No online system can be guaranteed completely secure, but reasonable safeguards are applied.

Automated tools and AI-assisted processing

We may use automated tools, including AI-assisted systems, to help manage and improve our services.

This may include helping us:

  • transcribe phone and video calls
  • summarise conversations
  • organise and reply to emails and enquiries
  • support internal quality review
  • improve response times and service consistency
  • research content for blogs, products and services
  • analyse changes to interest rates and competing services. 

These tools assist our team but do not replace human review where decisions affecting services or outcomes are made.

Personal information processed through these tools remains subject to our privacy and security obligations.

Overseas disclosure

Some service providers may store or process information outside New Zealand.

Where this happens, we take reasonable steps to ensure information is protected by safeguards comparable to New Zealand privacy requirements, or we obtain consent where required.

Disclosure of personal information

We may share personal information where needed to provide services or meet legal obligations.

This may include:

  • lenders and financial institutions
  • lawyers, accountants or agents authorised to act on your behalf 
  • insurers
  • compliance providers
  • dispute resolution bodies
  • regulators
  • related entities including Luminate Finance Limited

We do not sell personal information.

Retention of information

We only keep information for as long as needed for legal, regulatory, or business purposes.

Where regulated financial advice or lending services are involved, records may be retained for at least seven years. After that, information is securely destroyed or de-identified where appropriate.

Where we collect biometric information for identity verification, this data is typically deleted or de-identified once the verification process is complete and the required audit trail is established, unless otherwise required by law.

Access and correction

You can request access to your personal information and ask for corrections at any time.

Contact us by:

  1. Submitting your request via our contact us form

  2. Sending a letter to Level 1, 11 McColl Street, Newmarket, Auckland 1023.

  3. Emailing hello@luminate.co.nz

We may need to verify identity before releasing information.

Where records must legally be retained, deletion may not always be possible.

Questions or complaints

If you have questions or concerns about privacy, contact:

hello@luminate.co.nz
0800 333 400

If you are not satisfied, you can contact the Office of the Privacy Commissioner.

Last update: 1 May 2026