Please configure

How we store and keep your personal information safe

How long we keep your information for 

We usually only keep your personal information for as long as it’s needed in connection with its original purpose. After that, we delete it or anonymise it.  

Some personal information may be retained for longer for purposes directly connected to the original purpose or to comply with our legal and regulatory obligations. For example, we generally keep:  Text messages for a month to help verify or fix delivery. 

  • Contact centre recordings and live chat messages for up to three years, or more to help with coaching, complaint investigation or legal retention requirements. 
  • Billing records for seven years, even after you stop being a customer, to help reconnect you and to improve our credit, fraud management controls and decision-making/credit scoring models. 

Our storage and security measures 

We apply strict security measures and follow industry standards to keep your personal information secure. Most of your personal information is stored on our own servers here in New Zealand. If we do need to store your information online, in the cloud, we carefully select trusted data centre providers and take all reasonable precautions to ensure the safety and integrity of your information.  

What you can do 

To help with our efforts to keep your personal information safe, we ask you to: 

  • Keep unique account information such as your account number, PIN and password secure. Don’t share them with anyone. 
  • Always select strong, unique passwords or PINs. Don’t re-use them from other services or platforms now or in the past, and don’t re-use them on other services or platforms in the future. 

We may assume that any verbal or online request or instruction we receive is authorised by you, if it’s accompanied by suitable verification such as your Spark account number, personal identification number or password.

What we will do if there is a data breach

If, despite our efforts, we become aware of a data breach that we think could compromise your security, we’ll tell you as soon as we can. We may also report the breach publicly, if we consider it appropriate to report or if we’re required to by law.