How RealMe works

You can use RealMe to log in to many online services. If you choose to, you can retrieve personal information from trusted information providers to verify your identity or address to other organisations.

To do this, RealMe interacts with DIA's identity verification service and NZ Post's address verification service. These are separate systems with separate stores of personal information.

RealMe does not store your verified identity or verified address. Instead, each time you use your RealMe verified identity or address, RealMe:

  1. retrieves your verified information from DIA's identity verification service or NZ Post's address verification service
  2. asks you if you consent to your verified information being shared with the organisation
  3. shares your verified information if you consent
  4. displays your verified information for only as long as you're logged in.

Your information is only shared with your consent. Your personal information is not combined in a central database. Your information is retrieved from DIA's identity verification service or NZ Post's address verification service each time you log in and consent.

We do not have any visibility of, or collect or store, any information about you held by the organisations you interact with.

What this privacy statement covers

This privacy statement covers the parts of RealMe that provide login and information sharing to organisations integrated with RealMe.

It does not cover DIA's identity verification service or NZ Post's address verification service — separate privacy statements apply to these services. You will be shown and asked to consent to those privacy statements when applying for a verified identity and verified address.

View the privacy statements

Information we collect so you can use RealMe

Email address and phone number

When you create a RealMe account, you need to enter your:

  • email address
  • alternative email address (optional)
  • contact phone number (optional)
  • mobile phone number (optional for 2FA and support).

We'll confirm your email address by emailing you a confirmation code to enter. As recommended in the Terms of use, we remind you not to use an email address you share with other people. Your username, temporary password or other information will be sent to this email address when you request support, or forget your username or password.

Two-factor authentication details

Some participating organisations require you to enter a RealMe code when you log in to their service — this provides an extra level of security.

Where this occurs, in most cases you can choose whether to receive the code:

  • through an app on your mobile phone or device
  • by text message to your mobile phone, or
  • for some users, through a RealMe token issued to you.

Mobile phone number

If you use your mobile phone for two-factor authentication, you need to provide your mobile phone number.

Security questions and answers

To keep your account secure, you need to choose 3 security questions and provide answers. We use these questions and answers if you need to reset your password or contact the RealMe Help Desk.

You can also choose to provide a 5-digit secret PIN. This is not visible to the RealMe Help Desk.

If you do not provide required information

If you do not provide the required information, you cannot use RealMe. You can continue to receive services from participating organisations offline. Your use of RealMe is optional.

Site visit data collected

When you use RealMe or access your RealMe verified information, your visit and transaction information will be recorded, including your IP address and domain name. This information is recorded for security reasons.

Additional information about your computer and network may be collected if we think you are attempting to compromise RealMe or any associated service.

How we use the information we collect

We use the information collected:

  • to provide RealMe services
  • to invite your feedback about RealMe
  • for statistical purposes
  • to detect and prevent fraudulent or other unlawful use of RealMe.

Use of transaction information

In special circumstances, DIA may provide transaction information to a participating organisation to establish proof of a transaction with that organisation. This information may include:

  • the date and time of your log in
  • your IP address and domain name
  • details of your RealMe interaction with that organisation.

Information we provide to the identity verification service

If you apply for a verified identity through DIA's identity verification service, RealMe will provide your email address and mobile phone number to the identity verification service so this system can communicate with you.

The RealMe Help Desk may also provide your contact details to the identity verification service so relevant staff can communicate with you.

Collection and use of statistical information

When you visit www.realme.govt.nz we may collect statistical information about your visit to help us improve the website. This information is aggregated and does not identify individuals. It includes:

  • your IP address
  • the search terms you used
  • the pages you accessed on our website and the links you clicked on
  • the date and time you visited the site
  • the referring site or message through which you entered this website
  • your operating system
  • the type of web browser you use
  • other incidental matters, such as screen resolution and the language setting of your browser.

This information will be viewed by website administrators and other staff members through analytical tools like Google Analytics. It may also be shared with other government agencies.

Storage

RealMe uses third party providers to store and process information. Personal information submitted to RealMe is stored on Microsoft Azure cloud servers. RealMe login information, transaction history and consents are stored outside of New Zealand in the United States of America and Australia.

Personal information will be retained in compliance with the requirements of the Public Records Act 2005.

Security

We have procedures in place to prevent loss, unlawful access, use, modification, disclosure or other misuse of your information, consistent with good practice and as required by relevant law and policy. We take care to make sure only certain people with specific roles and authorised access levels are able to view your information and only for specific RealMe-related purposes.

Use of cookies

A cookie is a piece of code that creates a file on your computer to track the pages you view on our website. Turning off cookies will affect your ability to use all or part of RealMe.

Using RealMe generates session cookies that expire when you close your browser. These cookies do not store any information that identifies individuals.

Access and correction of information

Updating your details

If any of the information you've provided to RealMe changes, you can log in to your RealMe account to update it.

In your account area, you can:

  • change your username, password, contact details and security settings
  • manage your verified identity and verified address
  • delete your RealMe account.

Right of access and correction

Under the Privacy Act 2020, you have the right to view any personal information about you held by RealMe, and to ask that we correct it if it's wrong.

Transaction information from 1 January 2018 is available when you log in to your RealMe account. You can contact us if you want to see information before this date.

Contact the RealMe Help Desk if you would like to see or change your personal information. We will ask for proof of your identity before providing you with this information.

If you have any concerns about your privacy, contact:

The Privacy Officer
Department of Internal Affairs
PO Box 805
Wellington 6140
Phone: +64 4 495 7200
Email: privacy@dia.govt.nz