ASB Bank New Zealand Limited (ASB) addresses biometric information processing primarily in its Privacy Statement and Mobile Banking Terms and Conditions, treating it as sensitive personal information under the Privacy Act 2020.⁠Asb

Account closure is governed by ASB’s Personal Banking Terms and Conditions (October 2025 version) and detailed in customer help resources.⁠Asb +1

These policies are publicly available on ASB’s website (asb.co.nz) as of the latest available versions (Privacy Statement referenced with updates into 2025; Personal Banking Terms effective October 2025; Mobile Banking Terms effective March 2026). The Privacy Statement explicitly states that it does not replace the terms and conditions governing the customer relationship.⁠Asb

Biometric Information Processing Policy

ASB’s Privacy Statement classifies biometric information (such as fingerprints or facial scans) as sensitive information. It is collected and used only for specific purposes: automated biometric verification or biometric identification, or (in the case of behavioural profiling) to detect suspicious financial and cyber activities, including fraud.⁠Asb

Key excerpts from the Privacy Statement:

• “biometric information (such as fingerprints or face), where this information is collected and used for the purpose of automated biometric verification or biometric identification”
• “Biometric information (such as fingerprints or face), where this information is Collected and Used for the purpose of automated biometric verification, biometric identification, or behavioural profile information (such as your keystroke typing patterns or scrolling or swiping activity) while you interact with us digitally, to detect suspicious financial and cyber activities, including fraud.”⁠Asb

ASB also collects related digital information when customers use online or mobile services, including “type of authentication used (for example touch ID or face ID)”. This is not automatically linked to the individual unless needed for fraud or security reasons. Further details appear in the Mobile Banking Terms and Conditions.⁠Asb

Practical use in services:

• The ASB ID app (for identity verification/onboarding or address confirmation) uses NFC scanning of an eligible e-passport or NZ driver licence plus a “selfie-style” facial scan. The data is forwarded (with consent) to trusted third-party providers for automated verification. Third parties retain the information only for a short period; ASB complies with the Privacy Act 2020 and uses strong encryption.⁠Asb +1
• Mobile app/device authentication: Biometrics (fingerprint or face identification) serve as “Security Credentials” alongside username/PIN/password. Customers must keep these confidential, not allow others to store their biometrics on the device if biometrics are enabled on ASB apps, and notify ASB immediately if another person may access the device or biometrics. Failure to do so can affect liability for unauthorised use.⁠Asb

Collection, use, storage, and disclosure (general Privacy Statement rules applying to biometrics):

• Collected directly from the customer (e.g., via app) or, in limited cases, from third parties for verification/fraud prevention.
• Used for identity confirmation, fraud/risk management, legal compliance (e.g., AML/CFT), and service provision.
• Stored securely in New Zealand or overseas (with safeguards) using physical, electronic, and other measures. May be shared with related companies (CommBank Group), service providers, regulators, or law enforcement where required or consented.
• Customers have rights to access, correction, and complaint under the Privacy Act 2020; ASB provides contact details for privacy queries.⁠Asb

Mobile Banking Terms and Conditions (Section 16) further confirm that by using mobile services, customers permit ASB to collect, hold, use, and disclose personal information (which can include images uploaded or biometric authentication data) in accordance with the terms, the Privacy Statement, and the Open Banking Privacy Statement (where applicable). Third-party partners handle data per their own privacy policies.⁠Asb

No public policy document specifies exact retention periods for biometric templates beyond the “short period” noted for third-party ID verification or general secure storage obligations. Behavioural data (e.g., keystrokes, swipes) used for fraud detection is generated from digital interactions and handled under the same sensitive-information framework.⁠Asb

ASB does not require customers to provide biometrics, but refusal may limit access to certain digital services (e.g., ASB ID app or biometric login).⁠Asb

Account Closure Requirements

Customer-initiated closure (Personal Banking Terms and Conditions, Clause 29.2; practical guidance on help pages):

• Customers may close an account or end a service by advising ASB at any branch or by phone. Closing all accounts and ending all services terminates the overall agreement.⁠Asb
• Practical steps (ASB Help – “How do I close my account?”):
  • Prerequisites: Download statements/documents; move automatic payments/direct debits; pay any overdrawn amounts, loans, or credit card balances; ensure the account balance is zero.
  • Single-signatory accounts: Use the ASB Mobile Banking app (select account → “Close this account” and follow prompts), send a secure message via FastNet Classic (include account number), or visit a branch with two forms of ID (including photo ID).
  • Joint accounts requiring two or more signatories: All signatories must attend a branch with ID.
• ASB Securities or KiwiSaver accounts have separate forms/processes (e.g., specific closure form or Inland Revenue involvement for KiwiSaver full payout).⁠Asb

Bank-initiated closure or termination (Personal Banking Terms and Conditions, Clauses 29.3–29.4 and 13.1):

• ASB may close an account or end a service by giving at least 14 days’ written notice.⁠Asb
• Immediate closure/suspension (no notice) is permitted if:
  • The customer (or someone they allow) is using or obtaining the service illegally, fraudulently, unlawfully, or improperly (including breaching the Acceptable Use Policy).
  • Continuing the agreement would cause ASB to breach a court order or other legal requirement.
  • The customer has otherwise broken the terms and conditions.
• Additional suspension/refusal triggers (Clause 13.1) include fraud risk, failure to provide information, insufficient funds, legal/sanctions requirements, disputes, bankruptcy/insolvency, or unmet identification obligations.⁠Asb +1

Obligations upon closure (Clause 30):

• Customer must repay all owed amounts (overdrafts, loans, cards, fees, interest) and return any ASB property/devices on request.
• ASB will transfer any remaining funds (after retaining amounts for liabilities, legal requirements, or losses) and cancel direct payments.
• Statements remain available for seven years post-closure.⁠Asb +1

These policies align with New Zealand regulatory obligations (e.g., AML/CFT, Privacy Act 2020) and may be updated; customers should check the latest versions on asb.co.nz/legal or asb.co.nz/documents for their specific products. For personalised advice, contact ASB directly.

ASB Bank New Zealand Limited (ASB) is the financial services provider in question. It uses tools and service providers outside New Zealand (including cloud-based storage, related companies in the CommBank Group in Australia, and other overseas third-party service providers).⁠Asb

The latest enforceable policies are ASB’s Personal Banking Terms and Conditions (effective October 2025) and Mobile Banking Terms and Conditions (including Open Banking) (effective 30 March 2026), together with the Privacy Statement (updated 2 September 2025). These are publicly available on asb.co.nz and incorporate compliance with the Privacy Act 2020 (the primary New Zealand legislation governing personal information handling, with no subsequent overriding amendments as of April 2026). Supporting legislation includes the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act, as amended; record-keeping obligations remain enforceable) and related laws such as the Tax Administration Act 1994 (for CRS/FATCA reporting).⁠Asb +2

What Happens to Personal, Biometric, and Other Information When the Commercial Relationship Ends

ASB’s terms do not provide for automatic deletion of all customer data upon account closure or termination of the relationship. Instead:

• Personal information (including transaction records, account details, contact information, and other data collected for service provision, risk management, or compliance) continues to be held, used, and disclosed by ASB only as long as necessary for the purposes for which it was collected or as required by law. This is explicitly governed by the Privacy Act 2020 and cross-referenced in the terms. Purposes include ongoing legal compliance, risk management, fraud investigation, debt recovery, regulatory reporting, and responding to legal requests.⁠Asb

• Upon closure (customer-initiated or bank-initiated with notice or immediately in cases of fraud/breach), the terms require repayment of debts and return of ASB property, but impose no obligation on ASB to delete data immediately. ASB may retain sufficient funds or data to cover liabilities, court orders, sanctions, or legal requirements. Statements and records remain available for statutory periods (typically 7 years for financial/tax records; 5 years post-relationship for AML/CFT customer due diligence records under the AML/CFT Act). Once no longer required, data is deleted or de-identified in line with Privacy Act obligations.⁠Asb

• Biometric information: ASB does not centrally store or process customer biometric templates (e.g., fingerprints or facial scans) as part of device login. Biometrics are used only as “Security Credentials” on the customer’s own mobile device (via Touch ID/Face ID). The bank collects only the type of authentication used (e.g., “touch ID or face ID”). Customers must protect device biometrics and notify ASB immediately if another person may access or store biometrics on the device. There is no bank-held biometric data subject to long-term retention post-closure.⁠Asb

  For identity verification via the ASB ID app (required for onboarding/address confirmation under AML laws), a facial scan (“selfie-style”) plus e-passport or NZ driver licence data is forwarded (with consent) to trusted third-party providers. These third parties retain the information only for a short period; ASB does not retain the raw biometric data long-term. Upon relationship end, any temporary verification data is already deleted by the third parties.⁠Asb

• Other information (digital interaction data, images uploaded via mobile services, etc.): Retained per the same “necessary or legally required” rule. Specific examples in Mobile Terms include chatbot dialogues (12 months unless escalated, then 7 years for interactions). No automatic purge occurs on closure; retention is driven by Privacy Act 2020 and mandatory regulatory periods.⁠Asb

In summary, closure ends the active commercial relationship and service access, but does not trigger immediate deletion. Data is retained for compliance with New Zealand and overseas laws (e.g., AML/CFT record-keeping, tax reporting) and destroyed/de-identified thereafter. Customers retain rights of access and correction under the Privacy Act 2020 at any time.⁠Asb

Information Technically Captured by Third Parties Engaged by ASB for Local and International Compliance

ASB discloses personal information (including identity, transaction, and compliance-related data) to third parties only where permitted by law or for stated purposes (identity confirmation, credit checks, risk/fraud management, AML/CFT, regulatory compliance). Third parties “technically capture” (receive and process/store) copies or extracts as required for their role. Names of specific commercial screening providers are not publicly disclosed (for security reasons), but categories and data flows are detailed in the terms:⁠Asb

• Identity verification providers (ASB ID app biometrics): Face scan + e-passport/NZ driver licence chip data is forwarded (with explicit consent). Third parties confirm a match in seconds (similar to airport eGate) and retain the information only for a short period. Strong encryption is used; ASB and third parties comply with Privacy Act 2020.⁠Asb
• Credit reporting agencies, credit providers, and debt collection agencies: Default/credit information is disclosed and captured for credit reporting services and updates to databases.⁠Asb
• Service providers, agents, business partners, cloud/storage providers: Receive data for service delivery, fraud detection, data processing, or cloud storage. Some operate outside New Zealand.⁠Asb
• ASB group/related companies (CommBank Group in Australia): Data may be shared for group purposes (including compliance and service provision).⁠Asb
• Regulators, government agencies (NZ or overseas), external dispute resolution schemes, other banks/financial institutions: Data is disclosed to comply with NZ or overseas laws (e.g., AML/CFT reporting, CRS/FATCA tax information exchange, sanctions screening, payments processing). Overseas regulators may capture data for their functions.⁠Asb
• Other authorised parties (brokers, advisers, guarantors, persons acting on customer behalf).

Overseas tools and transfers: Data may be sent or stored outside New Zealand (to ASB group members, cloud providers, or other service providers). ASB ensures “appropriate data handling and security arrangements are in place” (contractual safeguards meeting Privacy Act 2020 overseas disclosure rules). The Privacy Act 2020 continues to apply to the customer’s information even if held overseas.⁠Asb

Third-party partners in Open Banking or mobile services hold data per their own privacy policies (ASB does not control it once shared with consent).⁠Asb

No public policy requires third parties to delete data immediately upon ASB customer closure; retention by third parties follows their contracts with ASB and applicable foreign laws (e.g., Australian Privacy Principles for CommBank Group). Biometric/ID verification data is explicitly short-retention only.

These policies are the latest available and enforceable as of April 2026. Customers should refer directly to asb.co.nz/legal/privacy.html and the current Terms PDFs for their specific situation or contact ASB for personalised queries. Policies align with, but do not replace, statutory obligations under the Privacy Act 2020 and AML/CFT Act 2009.

Full Reference List (All Sources Used in Both Outputs)

• ASB Bank Limited. (2025, September 2). Our Privacy Statement. https://www.asb.co.nz/legal/privacy.html [web:0, web:16, web:25, web:44]
• ASB Bank Limited. (2025, October 22). Personal Banking Terms and Conditions. https://www.asb.co.nz/documents/banking-with-asb/personal-banking-terms-and-conditions.html and PDF. [web:10, web:45]
• ASB Bank Limited. (2026, March 30). Mobile Banking Terms and Conditions (including Open Banking). https://www.asb.co.nz/documents/banking-with-asb/mobile-banking-terms-and-conditions.html and PDF. [web:35, web:46]
• ASB Help – “Is the ASB ID app safe to use?” (last updated 12 June 2023; content current). https://www.asb.co.nz/help/is-the-asb-id-app-safe-to-use.html [web:20, web:33, web:41]
• Additional supporting pages and search results confirming no changes to the above as of April 2026 crawls [web:1–9, web:11–15, web:17–19, web:21–24, web:26–32, web:34, web:36–39, web:42–43].

All references are to official ASB sources and New Zealand legislation in force as of the current date.