Privacy Policy

Vega Group Holdings Limited, its subsidiaries, authorised bodies, related entities, financial advisers, and representatives comply with the Privacy Act 2020, as applicable.

This Privacy Policy explains how we collect, hold, use, disclose, store, and protect personal information. It also operates as our privacy collection notice and does not limit or exclude any rights you have under the Privacy Act 2020.

If you provide personal information to us through our website, social media pages, forms, advisers, or services, we will handle it as set out below. We may update this Privacy Policy from time to time, and the latest version applies from the date it is published or otherwise made available.

A downloadable PDF version of this Privacy Policy is available from our website and includes the policy title, version number, effective date, and last updated date.

Vega Group Holdings Limited is a New Zealand registered company. Our group includes Vega Business Limited, Vega Mortgages Limited, Vega Protect Limited, Vega Wealth Limited, authorised bodies, related entities, financial advisers, and representatives operating under or with Vega, as applicable. In this Privacy Policy, "Vega", "we", "us", and "our" means Vega Group Holdings Limited, those entities, authorised bodies, related entities, financial advisers, and representatives, as applicable.

Vega Group Holdings Limited (FSP773794) is a licensed Financial Advice Provider. This Privacy Policy applies where personal information is collected, held, used, or disclosed by Vega in connection with Vega services.

We may collect personal information directly from you, from your interactions with our website or social media channels, from forms, downloads, advisers, and service enquiries, and from third parties where authorised, necessary for our services, or permitted by law.

This may include contact details, identity documents, financial information, credit history, employment or business information, information relevant to mortgage, lending, insurance, wealth, protection, or related advice services, communications with us, marketing preferences, website usage information, and any other information reasonably necessary for our services or the purposes in this Privacy Policy.

Some information may be sensitive, such as health or insurance-related information. We will only collect sensitive information where it is reasonably necessary for the relevant service, where you have authorised us to collect it, or where collection is otherwise permitted by law.

We collect and use personal information for lawful purposes connected with our business and services, including to respond to enquiries, provide mortgage, lending, insurance, wealth, protection, and related services, assess needs, eligibility, and suitability, prepare and manage applications, renewals, reviews, claims, and related services, verify identity, meet legal, regulatory, licensing, AML/CFT, compliance, audit, training, quality assurance, and record-keeping obligations, communicate with relevant parties, improve our services and systems, and send service or permitted marketing communications.

We do not sell your personal information. We may disclose personal information where necessary for the purposes described in this Privacy Policy, where you have authorised us, or where disclosure is otherwise permitted or required by law.

We may disclose information to lenders, insurers, aggregators, referral partners, financial advisers, representatives, credit reporting agencies, identity verification and AML/CFT providers, compliance consultants, auditors, professional advisers, technology and cloud providers, CRM and marketing platforms, overseas support staff and contractors, regulators, dispute resolution schemes, government agencies, courts, tribunals, law enforcement agencies, and any other person or organisation you authorise.

Where we provide your personal information to a lender, that lender may collect your personal information indirectly from Vega, your adviser, an aggregator, or an application platform. Each lender will have its own privacy policy, which explains how it collects, uses, discloses, stores, and protects your personal information, and how you can access and request correction of that information. A list of lender privacy policies is available here: https://vegalend.co.nz/lender-privacy-policies, or can be provided to you on request.

If you provide details through our website, social media platforms, forms, downloads, guides, events, campaigns, or other channels, we may add your information to our marketing database and contact you about our services and related matters that may be relevant to you.

You can unsubscribe from marketing communications at any time using the unsubscribe function in our emails or by contacting [email protected]. We may still send service, transactional, or legally required communications.

If you choose not to provide personal information we reasonably require, we may be unable to respond to your enquiry, provide services, assess products or services, submit applications, meet legal or regulatory obligations, or keep you informed about relevant products and services.

We keep personal information only for as long as reasonably required for the purposes for which it was collected, including to provide services, meet legal, regulatory, licensing, compliance, dispute-resolution, and record-keeping obligations, and protect our legitimate business interests.

We take reasonable steps to protect personal information from loss, unauthorised access, misuse, disclosure, alteration, or destruction. Safeguards may include access controls, secure systems, confidentiality obligations, backups, security monitoring, anti-virus and malware protection, and other appropriate technical and organisational measures.

We use cloud-based systems and third-party providers to store, process, and manage personal information. Some providers or support staff may be located outside New Zealand, including in New Zealand, Australia, the United States, India, and other locations.

Before disclosing personal information to an overseas recipient, we take reasonable steps to satisfy ourselves that the recipient is required to protect the information in a way that, overall, provides comparable safeguards to the Privacy Act 2020, unless an exception applies. Although we take reasonable steps to ensure appropriate safeguards are in place, overseas laws may differ from New Zealand laws, including in relation to government access powers.

We take reasonable steps to ensure personal information held by us is accurate, complete, and up to date. You may ask us to confirm whether we hold personal information about you, request access to that information, and ask us to correct it if you think it is wrong.

To request access, correction, or removal from subscription lists, contact [email protected].

If a privacy breach occurs, we will assess and manage it in accordance with the Privacy Act 2020, including notifying affected individuals and the Office of the Privacy Commissioner where required.

If you have any questions, concerns, or complaints about how we handle personal information, please contact our Privacy Officer at [email protected] or Vega Group Holdings Limited, 152 Fanshawe Street, Auckland Central, Auckland 1010.

We will consider and respond to privacy complaints within a reasonable time. We may ask for further information so we can properly assess and respond. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner at privacy.org.nz.

While we take reasonable steps to maintain secure internet connections, any information you provide over the internet is provided at your own risk. Our website may use cookies, analytics tools, tracking pixels, embedded forms, social media tools, and similar technologies to operate the website, understand use, improve our services, and support marketing or communications. You may be able to disable cookies through your browser settings, although this may affect website functionality.

Our website may contain links to and from other websites. Those websites have their own privacy policies and practices, and we do not accept responsibility for them.

This Privacy Policy was last updated on 4 June 2026.

Download Privacy Policy PDF