As an organisation that collects and holds personal information about our clients, we must comply with Code Standard 5 of the Code of Professional Conduct for Financial Advice Services and adhere to the Privacy Act 2020 and its principles.
We only use client information for the purposes that we collect it for, and we do not underestimate the importance of keeping personal information secure during the collection, use, or authorised disclosure when providing our services.
We understand how important it is to protect your personal information. This document sets out our privacy commitment in respect of personal information we hold about you and what we do with that information.
It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.
The Privacy Commission provides the following definition on their website:
Personal information is any piece of information that relates to a living, identifiable human being. People’s names, contact details, financial health, purchase records: anything that you can look at and say, “this is about an identifiable person.”
It does not need to include the client name, and does not need to be secret or sensitive in nature. It is any information that could be used to identify an individual.
When we refer to personal information we mean information that identifies, or is capable of identifying, you. This includes, for example, your name, date of birth, address, contact details, account details and occupation.
If you engage us to provide services to you, we may collect personal information about your financial situation or goals in order to recommend mortgage and insurance products that we are permitted to advise on (Products).
We collect your personal information for the purposes of our and relevant third parties’ services and relationship with you. For example:
If you do not wish to receive marketing information, you may ‘opt out’ at any time by notifying us.
Generally we will collect your personal information directly from you. For example, we collect your personal information directly from your use of our website and the information that you submit to the website. We also collect your personal information if you use the “contact us” functionality on our website and you provide the personal information during conversations between you and us.
We may also collect your personal information from:
If you provide any personal information about anyone else to us, you confirm that you have collected that personal information in accordance with the Privacy Act and that the individual concerned has:
All personal information will be handed back to the you and/or destroyed once it is no longer required and at your request. However, we require the information to be held on file for 7 years following the end of the our relationship with you.
We will generally rely on you to ensure the information we hold about you is accurate. If any of your details change, please let us know as soon as possible by contacting us.
We may disclose your personal information to the following people if we consider it necessary to do so for the purposes described above:
You acknowledge and agree that credit reporting agencies may hold your credit information (including default information) on their systems and use such information to provide their credit reporting services, which may include providing your credit information (including default information) to their customers.
Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that the person or organisation has a commitment to protecting your personal information at least equal to our commitment.
We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside New Zealand.
We may also disclose personal information to NZFSG and its related bodies corporate, and third party suppliers and service providers located overseas for some of the purposes listed above.
We take great care to protect your personal information located on site at any of our offices. Any time the office is unattended, it is locked with a monitored security system. Only authorised staff have access to the office.
All computers, laptops and electronic devices, as well as software programs, are password protected so that they can only be used by those that are permitted. We follow recommended practices when it comes to creating passwords and do not share or use the same passwords for multiple programs. We only respond to emails or share information once we are able to verify that we are speaking with the client requesting the information.
All electronic devices and software programs are password protected. We only use internet connectivity or emails where there is a secure WiFi network and an inability for others to access data. We only use trusted third party service providers that abide by the Privacy Act 2020 and include assurances in their business agreement or contract. Our business uses a Customer Relationship Management platform (CRM) provided by Loan Market Group. Details of how Loan Market Group fulfill their obligations under The Privacy Act 2020 can be provided on request.
Where laptops or electronic devices are unaccounted for, we update passwords for all applicable software programs to prevent the chance of unauthorised access. The CRM platform that we use only allows a user to be logged into a single device at any one time and all users are logged out after a period of inactivity.
Cookies and IP addresses
While our cookies do not collect personal information, if you submit your name and email address as part of your usage, then we will link that personal information with the cookies information that we have previously collected from you. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Links and third party advertisements
Our website may contain links to other websites operated by third parties. Our website may also display advertisements, which are hosted by third parties.
We make no representations or warranties in relation to the privacy practices of any third party website or advertisement providers and we are not responsible for other privacy policies or the content of any third party website or advertisements. Third party websites are responsible for informing you about their own privacy practices.
You are not required to provide any personal information to us but if you choose not to it might affect our ability to provide services to you and your ability to obtain finance, insurance and other Products from Product Providers.
In most circumstances it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.
You may choose to interact with our website anonymously, but we will not be able to contact you unless you provide your personal information.
You may access any of the personal information that we hold about you at any time by contacting us. We may charge a fee for our reasonable costs of retrieving and supplying the information to you.
Where a breach of privacy is suspected, it is raised with our Privacy Officer (Kerry Alcock) to review for potential harm and assess what immediate action needs to be taken to prevent any further breach.
If it is concluded that a breach of privacy has occurred, we notify the affected individuals of the breach and let them know how their privacy has been breached, what steps we are taking to limit the breach, and confirm that we will be reporting the breach to the Privacy Commissioner.
We then notify the Privacy Commissioner using the NotifyUs function on the website of the Privacy Commission: https://www.privacy.org.nz/privacy-for-agencies/privacy-breaches/notify-us/
Where it is determined that there has been a breach of privacy or there was the potential for a breach to have occurred, it is recorded in our Incident Register and treated in line with our Material Issues and Reporting Policy.
We have a nominated Privacy Officer in the office responsible for understanding our responsibilities under the Privacy Act, as well as providing guidance and updates, monitoring our practices, and raising awareness at team meetings. Our Privacy Officer is Kerry Alcock
All of our advice files are self-reviewed for accuracy and compliance with our obligations under this policy. We also have a third party review of our advice practices on an annual basis to ensure ongoing compliance.