How to request deletion of your data, and how we assess those requests
Last updated: 2 Jun 2026 · Privacy Policy
Under the New Zealand Privacy Act 2020, you have the right to ask us to delete or correct personal information we hold about you. This page explains how we handle erasure requests specifically — how to make one, how we assess it, what the possible outcomes are, and what you can expect from us in terms of timing.
Not all personal information can be erased on request. TrustPoint holds certain records for health and safety compliance purposes under the Health and Safety at Work Act 2015 (HSWA). Where retaining records is necessary to fulfil those obligations, we will explain this clearly in our response and tell you what we can do instead.
Short version: Account and profile data can typically be deleted. Compliance and audit records linked to a site, contractor relationship, or WorkSafe obligation are retained for up to seven years but can be pseudonymised so they are no longer associated with you by name.
Email us at operations@trustpoint.nz with the subject line “Personal Information Erasure Request”. Please include:
We may ask you to verify your identity before processing your request. This is to protect you — we will not delete or modify another person’s data based on an unverified request.
When we receive an erasure request, we follow this process:
If your request is complex or involves a large volume of records, we may notify you within 20 working days that we need additional time, and provide a revised estimate.
The table below describes what happens to each category of personal information following an erasure request we are able to fulfil.
| Data type | Outcome | Reason |
|---|---|---|
| Account name and email address | Deleted | No continuing compliance purpose once the account is closed. |
| Company name and NZBN | Deleted | No continuing compliance purpose once the account is closed and all relationships are terminated. |
| Worker name and phone number (persons record) | Pseudonymised | The gate induction record must be retained for HSWA. The worker’s name is replaced with an anonymised token and their phone number is removed, so the record no longer identifies them personally. |
| Gate induction records (site, timestamp, readiness state) | Retained (7 years) | Required for WorkSafe NZ audit trail. Retained in pseudonymised form after the worker’s personal details are removed. |
| Uploaded compliance documents (certificates, insurance, H&S plans) | Retained (7 years) | Form part of the compliance evidence record for the Builder–Contractor relationship. Required for potential WorkSafe investigations. Company identifying information remains but document files may be deleted on request if no active regulatory proceedings are known. |
| Audit trail events (approvals, overrides, relationship changes) | Retained (7 years) | Tamper-evident audit chain required under HSWA. Cannot be altered without breaking the hash chain. Retained as an aggregate record; no personal-name field in most event types. |
| Email address used for login attempts and rate-limiting | Deleted | No continuing purpose once account is closed. |
| Notification preferences and in-app notifications | Deleted | No continuing purpose once account is closed. |
| Stripe billing records | Retained per Stripe policy | Stripe is a separate data controller for payment records. Erasure requests for payment data should be directed to Stripe’s privacy team. |
Where we pseudonymise your data rather than delete it, this means:
ANON-3f7a2b);Pseudonymisation is a recognised technique under the Privacy Act 2020 and aligns with the principle of using the least privacy-invasive means to achieve a lawful purpose.
We may decline to erase personal information if:
If we refuse your request, we will tell you in writing within 20 working days, explain why, and advise you of your right to complain to the Office of the Privacy Commissioner.
We will respond to your request within 20 working days of receiving it, as required by the Privacy Act 2020 (section 46). If we need more time, we will notify you and give a revised date.
Where we are carrying out pseudonymisation, the technical work is performed directly on the live database by a TrustPoint operator and is typically completed within the same timeframe.
If you are not satisfied with how we have handled your erasure request, you may complain to the Office of the Privacy Commissioner:
privacy.org.nz — Phone: 0800 803 909
We encourage you to contact us first at operations@trustpoint.nz so we have the opportunity to resolve the issue directly.
Every feature described on this site is built and operational. If something doesn’t work as described, tell us: operations@trustpoint.nz