Skip to main content
Forms Legal

Cookie Policy (New Zealand)

Cookie Policy (New Zealand)

Effective Date: [Effective Date]

This Cookie Policy explains how [Organisation Name] ("we", "us", or "our") uses cookies and similar tracking technologies on our website at [Website URL] (the "Website").

This Cookie Policy should be read together with our Privacy Policy, which explains how we collect, use, and protect personal information in accordance with the Privacy Act 2020 (NZ) and the 13 Information Privacy Principles (IPPs).

1. WHAT ARE COOKIES?

1.1 Cookies are small text files that are placed on your device (computer, tablet, or smartphone) by websites you visit. They are widely used to make websites work efficiently, remember your preferences, and provide website operators with information about how visitors use their websites.

1.2 Similar technologies include web beacons (also called pixel tags or clear GIFs), which are tiny images embedded in web pages or emails that allow us to track whether you have visited a page or opened an email. We use the term "cookies" in this Policy to cover cookies and similar tracking technologies.

1.3 Cookies may be set by us ("first-party cookies") or by third-party services that we use on our Website ("third-party cookies"). First-party cookies are generally necessary for the Website to function. Third-party cookies are set by external services and are subject to those third parties' privacy policies.

1.4 Cookies may be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a set period or until you delete them).

2. WHY WE USE COOKIES

2.1 We use cookies and similar technologies for the following purposes:

  • to ensure the Website functions properly and securely;
  • to remember your preferences and settings;
  • to understand how visitors use the Website so we can improve it;
  • to measure the effectiveness of our marketing and communications; and
  • to deliver relevant advertising to you on our Website and on third-party platforms.

2.2 Where cookies collect personal information (as defined in the Privacy Act 2020), we handle that information in accordance with our Privacy Policy and the Information Privacy Principles.

3. ESSENTIAL (STRICTLY NECESSARY) COOKIES

3.1 Essential cookies are necessary for the Website to function and cannot be switched off without preventing you from using the Website. They are typically set in response to actions you take, such as logging in, adding items to a cart, or filling in forms.

3.2 We use the following essential cookies: [Essential Cookies Description].

3.3 Because essential cookies are strictly necessary for the Website to work, your consent is not required to set them. However, we are committed to being transparent about all cookies we use, in accordance with Information Privacy Principle 1 of the Privacy Act 2020.

4. HOW WE MANAGE COOKIE CONSENT

4.1 We manage your cookie consent using [Consent Mechanism].

4.2 You may change or withdraw your cookie consent at any time by contacting us at [Contact Email] or by adjusting your browser settings as described in clause 8 below. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.

4.3 Please note that some parts of the Website may not function correctly if you decline or disable certain categories of cookies.

5. HOW TO CONTROL COOKIES THROUGH YOUR BROWSER

5.1 Most web browsers allow you to control cookies through their settings preferences. You can usually find these settings in the 'Options', 'Settings', or 'Privacy' section of your browser. Common browser help pages include:

  • Google Chrome: Settings > Privacy and Security > Cookies and other site data
  • Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data
  • Apple Safari: Preferences > Privacy
  • Microsoft Edge: Settings > Cookies and Site Permissions

5.2 Please note that restricting cookies may impact the functionality of the Website. If you delete all cookies, any preferences set using cookies (including your cookie consent choices) will be lost and will need to be set again.

5.3 For more information about cookies and how to manage them, you can visit www.allaboutcookies.org.

6. HOW LONG DO COOKIES LAST?

6.1 [Cookie Duration]

6.2 In accordance with Information Privacy Principle 9 of the Privacy Act 2020, we do not retain personal information collected through cookies for longer than is necessary for the purpose for which it was collected. We periodically review our cookie retention periods to ensure they remain appropriate.

7. PRIVACY ACT 2020 AND YOUR RIGHTS

7.1 To the extent that cookies collect personal information (as defined in the Privacy Act 2020), that information is handled in accordance with our Privacy Policy and the 13 Information Privacy Principles (IPPs).

7.2 Under the Privacy Act 2020, you have the right to access the personal information we hold about you (IPP 6) and to request that we correct any inaccurate or incomplete information (IPP 7). To exercise these rights, please contact us at [Contact Email].

7.3 If you are concerned about how we handle your personal information collected through cookies, you may make a complaint to the Privacy Commissioner of New Zealand at www.privacy.org.nz or by calling 0800 803 909.

8. CHANGES TO THIS COOKIE POLICY

8.1 We may update this Cookie Policy from time to time to reflect changes in our cookie practices, technology, or legal requirements. When we make material changes, we will update the Effective Date at the top of this Policy and, where appropriate, notify you through our cookie consent tool or by other reasonable means.

8.2 We encourage you to review this Cookie Policy periodically. The most current version will always be available on our Website at [Website URL].

9. CONTACT US

9.1 If you have any questions about this Cookie Policy or how we use cookies, please contact us:

[Organisation Name] Email: [Contact Email] Postal address: [Contact Address]

9.2 This Cookie Policy is governed by the laws of New Zealand, including the Privacy Act 2020 and the Contract and Commercial Law Act 2017.

Maintained by Vladislav Sergienko, Founder·Template last modified: ·Report an error

What Is a Cookie Policy (New Zealand)?

A Cookie Policy in New Zealand sets the organisation's rules and expectations on cookie use and the responsibilities of staff and users, supporting compliance with the Privacy Act 2020.

Under the Privacy Act 2020, any collection of personal information through cookies — including IP addresses, device identifiers, browsing history, or any data that can be used to identify an individual — must comply with the 13 Information Privacy Principles (IPPs). IPP 1 limits collection to information necessary for a lawful purpose connected to the organisation's functions. IPP 3 requires that individuals be informed of the purpose of collection at or before the time of collection. This transparency obligation effectively requires a Cookie Policy for any New Zealand website that uses tracking technologies beyond strictly necessary session cookies.

A New Zealand Cookie Policy should distinguish between the four main categories of cookies: essential cookies (required for the website to function, no consent required), analytics cookies (collect usage data such as page views and session lengths, typically using tools like Google Analytics or Matomo), functionality cookies (remember user preferences such as language or region), and marketing and advertising cookies (track behaviour across sites to enable targeted advertising through platforms such as Google Ads, Meta Pixel, or LinkedIn Insight Tags). Each category should be described transparently, including the names of any third-party services that set cookies.

Although New Zealand does not require a cookie consent banner for domestic users, implementing a consent mechanism for non-essential cookies is established standards and aligns with the Privacy Act 2020's transparency and collection limitation principles. The Office of the Privacy Commissioner of New Zealand administers the Privacy Act 2020 and can investigate complaints, issue compliance notices, and refer serious privacy breaches to the Human Rights Review Tribunal. Websites that also serve users in the European Union must additionally comply with GDPR cookie consent requirements for those users, which requires explicit opt-in consent before non-essential cookies are placed.

New Zealand's Privacy Act 2020 also imposes mandatory data breach notification obligations. If a privacy breach — including one involving cookie-collected data — is likely to cause serious harm to affected individuals, the organisation must notify the Privacy Commissioner and the affected individuals as soon as practicable. A well-structured Cookie Policy helps demonstrate the organisation's accountability and transparency under the Privacy Act 2020.

The Privacy Act 2020 introduced mandatory breach notification obligations under Section 114. If an organisation experiences a notifiable privacy breach — including one involving cookie-collected data that is likely to cause serious harm — it must notify the Privacy Commissioner and affected individuals as soon as practicable. A Cookie Policy that clearly describes the organisation's data handling practices demonstrates accountability under the Privacy Act 2020 and supports compliance with the Office of the Privacy Commissioner's guidance on website privacy.

When Do You Need a Cookie Policy (New Zealand)?

A Cookie Policy is needed by any New Zealand website or online service that uses cookies or similar tracking technologies beyond strictly necessary session cookies — which includes the vast majority of commercial websites.

You need a Cookie Policy if your website uses Google Analytics or any other analytics platform that places cookies on users' devices. Google Analytics 4, by default, anonymises IP addresses, but depending on your configuration, analytics data may still constitute personal information under the Privacy Act 2020. Disclosing the use of analytics tools in a Cookie Policy is required by IPP 3 (transparency obligation).

You need a Cookie Policy if your website uses advertising or remarketing cookies, such as the Google Ads remarketing tag, Meta (Facebook) Pixel, or similar advertising tracking tools. These cookies collect personal information — browsing behaviour and user profiles — used to target advertisements, which constitutes direct marketing under IPP 10 of the Privacy Act 2020 and must be disclosed.

You need a Cookie Policy if your website embeds third-party social media plugins such as Facebook Like buttons, Twitter/X share buttons, or similar widgets — these typically set third-party cookies on users' devices that are outside the website operator's direct control.

You need a Cookie Policy if your website is subject to the European Union's General Data Protection Regulation (GDPR) — for example, if you have users in the EU or if your website targets EU consumers. The GDPR requires explicit opt-in consent before non-essential cookies are placed, and a compliant cookie consent mechanism with a detailed Cookie Policy is mandatory.

Even where no specific legal requirement applies, having a Cookie Policy is established standards for transparency and trust. It demonstrates respect for users' privacy, reduces the risk of complaints to the Office of the Privacy Commissioner, and is increasingly expected by users of New Zealand websites. Publishing a clear Cookie Policy also supports the organisation's accountability obligations under the Privacy Act 2020.

Under Information Privacy Principle 3 of the Privacy Act 2020, website operators must inform visitors at or before the time of collection that personal information is being collected, the purpose of collection, and the intended recipients of the information. A Cookie Policy is the standard mechanism for fulfilling this transparency obligation in New Zealand. Organisations that fail to disclose cookie-based data collection may face complaints to the Office of the Privacy Commissioner, who can investigate and issue compliance notices under Section 88 of the Privacy Act 2020.

What to Include in Your Cookie Policy (New Zealand)

A well-drafted New Zealand Cookie Policy should include the following key elements to satisfy the Privacy Act 2020's information privacy principles and meet user expectations.

**Explanation of cookies.** A clear, plain-language explanation of what cookies are and how they work — including the distinction between first-party cookies (set by the website itself) and third-party cookies (set by external services), and the difference between session cookies (expire when the browser is closed) and persistent cookies (remain for a set period). This helps users make informed decisions about their privacy.

**Cookie categories.** A description of each category of cookie used on the website: essential cookies (necessary for the site to function, exempt from consent requirements), analytics cookies (tools such as Google Analytics or Matomo that collect usage data), functionality cookies (remembering user preferences such as language, currency, or region), and marketing and advertising cookies (third-party platforms such as Google Ads, Meta Pixel, and LinkedIn Insight Tag that track browsing behaviour for targeted advertising).

**Named third-party services.** A specific list of all third-party services that set cookies on the website, including the service name, the category of cookie, the data collected, and a link to each provider's own privacy or cookie policy. Under IPP 3 of the Privacy Act 2020, users must be informed of third parties who may receive their personal information.

**Cookie consent mechanism.** A description of how users can accept or decline non-essential cookies and how their consent preferences are stored. In New Zealand, a consent banner is not legally required for domestic users, but it is strongly recommended as established standards and aligns with Privacy Act 2020 transparency obligations.

**Browser controls.** Step-by-step instructions for controlling or deleting cookies through browser settings, with links to help pages for common browsers including Chrome, Firefox, Safari, and Edge. Users should be clearly informed of their ability to opt out.

**Cookie retention periods.** The typical duration each category of cookie remains on the user's device. Under IPP 9 of the Privacy Act 2020, personal information should not be retained longer than necessary for the purpose of collection. Industry practice suggests analytics and advertising cookies should not exceed 13 months.

**Privacy rights statement.** A statement of users' rights under the Privacy Act 2020 — including the right to access personal information held about them (IPP 6) and to request correction of inaccurate information (IPP 7). Users should be directed to the Office of the Privacy Commissioner at www.privacy.org.nz to make complaints.

**Breach notification.** A reference to the organisation's obligations under the Privacy Act 2020 to notify the Privacy Commissioner and affected individuals in the event of a notifiable privacy breach involving cookie-collected data.

The forms-legal.com Cookie Policy (New Zealand) provides a thorough ready-to-use template covering all of these elements, tailored to the Privacy Act 2020 and New Zealand website operators.

**Contact details for privacy enquiries.** The Cookie Policy should identify a Privacy Officer or contact point within the organisation to whom users can direct access requests under Section 22 of the Privacy Act 2020 or correction requests under Section 44. The contact email or postal address should be current and monitored.

**Policy update date and review cycle.** The Cookie Policy should state when it was last reviewed and how users will be notified of material changes. Outdated cookie policies that do not reflect the organisation's actual use of cookies may give rise to complaints under the Privacy Act 2020.

The forms-legal.com Cookie Policy (New Zealand) provides a complete ready-to-use template covering all Privacy Act 2020 requirements including the 13 information privacy principles and Section 114 breach notification obligations.

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). Cookie Policy (New Zealand) (New Zealand) [Legal document template]. Forms Legal. https://forms-legal.com/new-zealand/business/policies/cookie-policy-new-zealand

MLA

"Cookie Policy (New Zealand) (New Zealand)." Forms Legal, 2026, https://forms-legal.com/new-zealand/business/policies/cookie-policy-new-zealand.

BibTeX
@misc{formslegal-cookie-policy-new-zealand,
  author       = {{Forms Legal}},
  title        = {Cookie Policy (New Zealand) (New Zealand)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/new-zealand/business/policies/cookie-policy-new-zealand}},
  note         = {Free legal document template. Based on Privacy Act 2020}
}

Also available for these jurisdictions:

United StatesUnited StatesGhanaGhanaIrelandIrelandKenyaKenyaMalaysiaMalaysiaPakistanPakistan

Frequently Asked Questions

Based on Privacy Act 2020 — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know

Related Documents

You may also find these documents useful:

Privacy Policy (New Zealand)

Create a compliant New Zealand Privacy Policy for your business or website. Our template is drafted in accordance with the Privacy Act 2020 (NZ) and covers all 13 Information Privacy Principles (IPPs), including IPP 1 (purpose of collection), IPP 3 (collection from subject), IPP 5 (storage security), IPP 6 (access), IPP 7 (correction), IPP 10 (limits on use), IPP 11 (limits on disclosure), and IPP 12 (unique identifiers and overseas disclosure). Includes mandatory privacy breach notification under sections 113-119 of the Privacy Act 2020, Privacy Commissioner complaint process, direct marketing obligations under the Unsolicited Electronic Messages Act 2007, and overseas data transfer provisions.

Website Terms of Use (New Zealand)

Create compliant Website Terms of Use for your New Zealand business, drafted in accordance with the Contract and Commercial Law Act 2017 (CCLA), the Consumer Guarantees Act 1993 (CGA), the Fair Trading Act 1986 (FTA), the Privacy Act 2020, and the Harmful Digital Communications Act 2015. Our template covers acceptance mechanisms, intellectual property protections under the Copyright Act 1994 and Trade Marks Act 2002, user obligations, limitation of liability, consumer guarantee disclaimers, and governing law. Unlike generic templates, this document reflects New Zealand-specific legal requirements — including the mandatory acknowledgement that consumer guarantees under the CGA cannot be excluded in consumer transactions.

Terms and Conditions (New Zealand)

Create New Zealand Terms and Conditions compliant with the Contract and Commercial Law Act 2017 (CCLA), Consumer Guarantees Act 1993 (CGA), and Fair Trading Act 1986 (FTA). Covers consumer guarantees under sections 6-12 (goods) and 28-31 (services) of the CGA, B2B contracting-out under section 43 of the CGA, GST at 15% under the Goods and Services Tax Act 1985, Privacy Act 2020 obligations, intellectual property under the Copyright Act 1994, payment terms in NZD, cancellations, returns, limitation of liability, and dispute resolution (including Disputes Tribunal). Suitable for NZ businesses selling goods or services to consumers or other businesses.

Terms of Service (New Zealand)

Create New Zealand Terms of Service compliant with the Contract and Commercial Law Act 2017 (CCLA), Consumer Guarantees Act 1993 (CGA), Fair Trading Act 1986 (FTA), and Privacy Act 2020. Covers consumer guarantees for digital services (ss 28-31 of the CGA), B2B contracting-out under section 43, GST at 15% under the Goods and Services Tax Act 1985, user registration, acceptable use, intellectual property under the Copyright Act 1994, limitation of liability, Privacy Act 2020 obligations (including mandatory breach notification), termination, and dispute resolution (including Disputes Tribunal). Suitable for New Zealand SaaS platforms, websites, apps, and online service providers.

Non-Disclosure Agreement (NDA) (New Zealand)

Protect your confidential business information under New Zealand law with a legally sound Non-Disclosure Agreement (NDA). Whether you are sharing trade secrets with a prospective partner, disclosing proprietary technology to a developer, or presenting financial projections to a potential investor, a properly drafted NZ NDA keeps your sensitive information under strict legal protection. Our template complies with the Contract and Commercial Law Act 2017 (CCLA) and includes provisions addressing the Privacy Act 2020 and the Information Privacy Principles (IPPs). Choose between a unilateral or mutual NDA, with optional non-solicitation and liquidated damages clauses.