Our Security and Privacy Policies

Our Security Policy

Ensuring your data protection and service availability


  • We have implemented strict safeguards to protect your privacy and keep confidential the information you provide about you and your staff, and we strive to make sure those practices meet and exceed industry standards.
  • We may use Cookies or similar technologies to enhance system functions.
  • Information sharing with any third-party is prohibited.
  • We protect you and your staff from junk-mail and spyware. 


  • Data encrypted while transferring between server and clients.
  • Secure fire-protection rated building keeps our hardware safe.
  • Secure mechanism for company payroll information.
  • Onsite and offsite backup implemented every day, 365 days a year.

Network Security

  • We use 128-bit encryption to provide secure connections to your payroll data.
  • All access to confidential data via the Internet is through secured connections to our Web Server.
  • All access to confidential information is password controlled.
  • Accesses are logged to an audit log file. The Log File is analysed and monitored for security violations.
  • Our Internet connections are via a firewall.
  • Network Security is remotely monitored 24 hours a day, 7 days a week.
  • All users are assigned a security role which controls their access permissions.
  • We have multiple, redundant, connections to the Internet.
  • We send eMail confirmations for security-critical processes.

Data Security

  • Our servers are in a physically secured location.
  • We have multiple, redundant, servers.
  • Confidential data is held in a separate database that is not directly accessible from the Internet.
  • RAID arrays (mirrored disks) are used to store all payroll data.
  • Data is regularly backed-up and stored in a secure location.


  • Our staff are bound by confidentiality agreements not to divulge sensitive information.
  • Our practices are governed by our Privacy Policy.

Financial Security

  • Direct Debits are guaranteed by a Payroll Letter of Credit with your bank.
  • Any funds held on your behalf are held in a separate Commercial Trust Bank Account.
  • We accept responsibility for all tax payments, including any late payment penalties. (If we manage your tax).

Service Availability

  • As Crystal Payroll is a Web service, authorised users can access Crystal Payroll from any Internet connected PC anywhere, at any time.
  • Our server is collocated in a primary ISP in New Zealand, which enables our web server to be one of the most reliable server, 24 hrs a day, 7 days a week.
  • Our hardware load-balancing also enhances accessibility.

Our Privacy Policy

The Internet offers the chance to collect information about site users. This information can be personally identifiable information or aggregated information. However your privacy is important to us at Crystal Payroll Limited and we want to be sure that you understand the terms and conditions relating to the way in which we collect information and the use of that information. This Privacy Policy tells you what information we collect, what we do with it and your rights to view, correct or change it. The Office of the Privacy Commissioner (www.privacy.org.nz/) provides  further details of the New Zealand Privacy Act and how it protects personal information in New Zealand.

The Information that we collect
Crystal Payroll operates the website www.crystalpayroll.co.nz/. As part of our operations we may gather certain types of information about the users of this site:

1. Personally Identifiable Information. This is provided by you when you register for services that we may offer. Examples of these services could include email newsletters. Providing this information will always be optional for you. However, some services may not be available to you if you chose not to provide it.

2. Aggregated Data. This information is generated by our systems as they track traffic through our site. This information does not identify you personally and is not linked to the personally identifiable information that you may have provided.

Who we share this information with
We will not share the information that we collect with any third parties apart from in the following circumstances:

1. The information may be hosted with a service provider. Our agreements with them protect the information that we collect from any use by them that we have not authorised.

2. Your personally identifiable information may be shared with third parties when we believe in good faith that we are required to do so by law.

What else we do with the personally identifiable information?
We have collected this information in order to provide the best possible service to you while you are visiting our site. To this end we may use the information that you provide for the following purposes:

1. To verify your identity if you need help with a forgotten password or you are having login problems with one of our site services.

2. To process any transactions that you might make on our site.

3. To help provide any other services that you have requested.

4. To offer the most relevant information suitable to you and your interests.

5. For any marketing, promotional, publicity, direct marketing or market research that we might undertake.

6. For any other purposes for which you have given permission.

What about cookies?
A cookie is a small file that resides on your computer and is recognised by our server when you visit our sites. A cookie does not provide us with any personally identifiable information. It does provide details of your IP address, the computer platform that you use (eg Mac or Windows), the browser that you use (eg Microsoft Explorer or Netscape) and what domain you are accessing our sites from. With this information we can do the following:

1. Track traffic patterns to our site.

2. Ensure that the most relevant content is being shown.

3. Allow you to enter certain site member services without having to log in each time you visit.

If you would rather we did not use cookies with you, you can refuse them by turning them off in your browser and/or deleting them from your hard drive. You will still be able to visit our site.

What about our business partners?
This Privacy Policy only relates to our site. You should be aware that we are not responsible for the practices of our business partners. Our site may contain links to other sites. You should check their privacy policies before providing personally identifiable information to them or any other third party.

Opting in and opting out
You will always have the option to opt in to certain services and to opt out of those services at any stage. This means you may change your mind at any stage about participating in any of our member services.

Can we change this policy?
In order to reflect the fact that our business is growing constantly, we reserve the right to change this policy at any time. We will notify site users of any changes to the Privacy Policy.

Your right to access your information
The New Zealand Privacy Act of 1993 gives you the right to access and correct this information. To find out more about how to do this, please contact us at info@crystalpayroll.co.nz

Payroll specific
Payroll involves the collection and management of confidential personal and financial information about you and your staff. CrystalPayroll will never disclose this information except as needed in order to complete the services that we have agreed to provide you with.

Employer Payroll Processing
We manage and store a range of organisational, financial and personal information on behalf of your organisation, for the purpose of processing your payroll. This information is used solely for the completion of this activity. This information is never made available to any other parties, except for the information transfer directly required to complete your payroll. (For example, transmitting direct credit files to our bank, sending your tax details to Inland Revenue, sending payroll deduction schedules to deduction agencies).

Employee Access
Employees may access their own payroll information but authorisation to do this is given by the employer. It is the employer’s full responsibility to monitor and control access by their staff.