Privacy Policy

Our business is bound by the Privacy Act 2000 (the Act).

We collect and hold personal information (Personal Information) relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, tax file numbers, addresses, telephone numbers, social media details, email addresses, occupations, wage records, bank account details, asset and investment details, financial planning records, taxation records, medical records and relationship details.


Personal Information is collected from our clients in the following ways:


  • by providing it to us directly;
  • by authorising third parties to provide it to us;
  • by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf.

How is Personal Information received and held?

Personal Information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of Personal Information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email.


For what purpose is Personal Information collected, held, used and disclosed?


All data processed by the business is done on a lawful basis. The purposes for which we collect, hold, use and disclose Personal Information are:


  • to offer our services to our clients and other interested people (Services). In doing so we may disclose Personal Information to other people or entities involved in the provision of the service, such as government departments and individuals. Unless compelled by law, we will never disclose Personal Information without the client’s knowledge and consent;
  • to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
  • to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
  • to comply with applicable laws.

We take reasonable precautions to make sure that we keep your Personal Information secure.


We will disclose information when you authorise us to share it. Where you have authorised us to disclose your Personal Information to a third party, their use and maintenance of your Personal Information is outside our control and we accept no responsibility or liability for such third party use to the extent permitted by law.


Except as described in this Privacy Policy, we will not disclose or use your Personal Information without your permission, unless required or permitted by law. These may include:


  1. to the extent necessary for third parties to provide services to us in connection with the Service or the Website or to operate our business;
  2. when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request; or
  3. as required by any governmental agency, Minister of the Crown or parliamentary officer (including under the Official Information Act 1982 and Public Finance Act 1989).

We retain Personal Information for a minimum of 7 years. We store public records (which can include Personal information) in accordance with the Public Records Act 2005.


How can Personal Information be accessed or corrected?


Clients may access their Personal Information and seek correction of it at any time by applying to our office in person or in writing.


Clients will be formally identified before releasing or amending any Personal Information.


Is Personal Information disclosed outside New Zealand?


Where necessary we will disclose personal information to overseas recipients, including a related body corporate. The likely countries that information might be sent to include Australia.


Automatic Information and Cookies


We may also automatically collect, or use third party service providers to collect, certain information in relation to your use of any online Service or the Website (Automatic Information). This information may be aggregated to provide data related to how our website performs, and does not identify you or your individual browsing behaviour.


Automatic Information includes browsing characteristics, for example:


a. search terms;

b. pages viewed; and

c. date, time and duration.


This information also includes technical characteristics, for example:


a. screen resolution;

b. language settings;

c. operating system; and

d. the type of web browser.


To collect this information we use Google Analytics. You can read Google’s privacy statement, or opt-out, at the Google Privacy Centre.


Cookies are small files that are sent by a website and stored on your computer’s hard drive. Any Service or the Website may use Cookies to collect information about you and your use of the Service and/or Website. You may disable Cookies through your web browser, but doing so may mean that you cannot use the Service or the Website or that the functionality of the Service or the Website is reduced.


How we use Automatic Information


We may use Automatic Information to:


a. manage, monitor, improve and develop any Service and the Website;

b. improve functionality, improve security and measure the performance of the Website; and/or

c. prepare and use data about access to, and use of, the Service.


What is the complaints process relating to personal information?


If there is a breach of this privacy policy, a complaint may be made by the client to:


  • our customer services team; or
  • the Office of the New Zealand Privacy Commissioner.

Data breaches


All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.


If there is a suspicion of a breach


If we suspect that there has been a breach, a reasonable and expeditious assessment will be conducted within 30 days.


If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:


  • the business’s details;
  • a description of the breach;
  • the kind or kinds of information concerned; and
  • recommendations about the steps that we will take in response to it.

If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.


Exception to reporting


Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.


Email communication


From time to time we may send you, and you agree to receive, emails that relate to Services you have subscribed to.


You may opt out of receiving those emails and other promotions at any time by following the opt-out instructions provided in the relevant communication.


General

We may update this Privacy Policy from time to time. The current version posted on the Website will apply.


The Website may contain links to third party websites or applications. We are not responsible for the privacy practices or content of third party websites or applications.


Contacting us about privacy

If you wish to contact us about your privacy, including requesting corrections to your Personal Information, you can contact us at info@businessbuyers.co.nz