For the purposes of this policy, “personal information” means information relating to an individual which can be used to identify that individual.
Why do we collect personal information?
We collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations (“Services”).
How do we collect personal information?
Information you provide to us directly: Our usual practice is to collect personal information directly whenever an individual interacts with us for the purposes of providing our Services, such as when we are instructed to represent and advise a client, or when we are supplied with a product or service.
Personal information may be collected in a number of ways. For example:
- forms that are filled out, and documentation or communication that is provided to us;
- through an on-going employment relationship;
- face to face meetings and interviews; or
- telephone conversations.
Information we create in the performance of our Services: We may also create or obtain personal information, such as evaluative records about your interactions with us, and any interactions we have with third parties. Evaluative information may be confidential to us.
Information we get from third parties: Third parties may provide us with personal information about an individual, such as a background check, credit check, verification of your identity, a report provided by a medical practitioner or a reference from another person.
Information you make public: We may collect or obtain your personal information that you manifestly choose to make public, including via online channels.
What personal information do we collect?
In general, the types of personal information that we collect includes (but is not limited to): names, addresses, contact details, bank account and other financial information, identity verification such as your driver’s licence, passport and birth certificate and other information which assists us to conduct our business, provide and market our Services and meet our legal obligations under applicable privacy laws and the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
In many cases, if personal information is not provided as requested, we may not be able to carry out the instructions or provide our Services.
How is your personal information processed?
Where we collect personal information, we will only process it:
- to perform a contract with you; or
- where we have legitimate interests to process the personal information and these interests are not overridden by your rights; or
- in accordance with a legal obligation; or
- where we have your consent.
How do we use or disclose your personal information?
We may use and disclose personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose, and in other circumstances authorised by the Act.
We collect your personal information so that we can provide you with our Services and any related services you may request. In doing so, we may use the personal information we have collected from you for purposes related to the Services including:
- to provide legal services and client services;
- to carry out our responsibilities as an employer;
- to verify your identity details;
- to process your personal information for our own internal business purposes;
- to carry out firm and trust account transactions, such as client billing and payments, firm creditors, employee transactions and client trust account transactions;
- to undertake credit management activities;
- for debt recovery purposes, which may also include disclosing information to debt collectors;
- for dealing with commercial or legal conflicts;
- to provide promotional information and newsletters in hard copy or electronic form, or information that we believe may be of interest;
- to communicate with clients, potential clients, suppliers, staff, contractors and others;
- to purchase products and services; or
- to comply with our legal obligations, and to meet our reporting obligations as required by law.
We may be required to disclose personal information to third parties in the course of representing and advising our clients if it is required or authorised:
- by an individual;
- by law; or
- by the Law Society’s Rules of Professional Conduct.
From time to time, we may share personal information with certain service providers who provide services to us or perform administrative or marketing activities on our behalf. Further information is provided in our Standard Terms.
International data transfers
When we disclose personal information, it may be transferred to, and processed in, countries other than New Zealand. There may be differences with New Zealand’s privacy laws. However, rest assured, where we disclose personal information to a third party in another country we endeavour to place safeguards to ensure your personal information is protected.
For individuals in the European Economic Area (EEA), this means that your personal information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses).
Storage and security
Personal information may be stored in hard copy and/or electronic form, including with third party data storage facilities and in cloud storage located both inside and outside New Zealand. Electronic data that is stored in the cloud by third parties is usually encrypted.
Hard copy personnel files are stored in locked cupboards in the work pod of the HR Manager and may not be removed from this location. Access to personnel files is limited to HR, Finance (for payroll purposes), CEO, Managing Partner and supervising partner of the individual. At all times, access to a file must be for a work-related purpose and comply with the provisions of the Act.
As a firm, we take all reasonable steps to protect the personal information we hold from misuse and loss, and from unauthorised access, modification or disclosure. We do this by use of appropriate physical security, including third party data storage facilities, and restricted access to both electronic and hard copy records. All Anthony Harper personnel are required to access personal information for work-related purposes only, to respect the confidentiality of personal information and the underlying privacy of individuals.
The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal requirements such as anti-money laundering and financial reporting legislation).
We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our internal retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised. Otherwise, as a general rule, we only keep your personal information for as long as we require it for the purposes of providing you with our Services.
What about links to other websites?
Email, text and telephone communication
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.
By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.
You can unsubscribe from our email communications and/or text communications at any time by clicking the “Unsubscribe” link in any promotional or marketing email or text received or by emailing firstname.lastname@example.org.
Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.
How can you access or correct personal information
It is your responsibility to ensure that the personal information you provide is accurate, complete and up-to-date.
You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, or ask us to restrict or cease processing your personal information or even delete your personal information, by setting out your request in writing and sending it to us at email@example.com.
We will review your request as soon as reasonably practicable to comply with our legal obligations. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
We take your concerns seriously. If you have any concerns about privacy or the use or collection of your personal information by Anthony Harper please contact our Privacy Officer at firstname.lastname@example.org and include the words ‘ATT: THE PRIVACY OFFICER’ or call us on 09 920 6400.
We will respond as quickly as possible (our target response is 20 days) and handle all complaints in a way that is fair and consistent. However, if you remain dissatisfied, you can make a formal complaint with Office of the Privacy Commissioner.
Updates to this policy