For the purposes of this policy, “personal information” means information about an identifiable individual.
Why do we collect personal information?
We collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations (“Services”).
How do we collect personal information?
Information you provide to us directly: Our usual practice is to collect personal information directly whenever an individual interacts with us for the purposes of providing our Services, such as when we are instructed to represent and advise a client, or when we are supplied with a product or service.
Personal information may be collected in a number of ways. For example:
- forms that are filled out, and documentation or communication that is provided to us
- through an on-going employment relationship
- face to face meetings and interviews
- telephone conversations.
Information we create in the performance of our Services: We may also create or obtain personal information, such as evaluative records about your interactions with us, and any interactions we have with third parties. Evaluative information may be confidential to us.
Information we get from third parties: Third parties may provide us with personal information about an individual, such as a background check, credit check, verification of your identity, a report provided by a medical practitioner or a reference from another person.
Information you make public: We may collect or obtain your personal information that you manifestly choose to make public, including via online channels.
What personal information do we collect?
We collect your personal information so that we can provide you with our Services and any related services you may request. In general, the type of personal information that we collect includes (but is not limited to): names, addresses, contact details, bank account and other financial information, identity verification such as your driver’s licence, passport and birth certificate and other information which assists us to conduct our business, provide and market our Services and meet our legal obligations under applicable privacy laws and the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
In many cases, if personal information is not provided as requested, we may not be able to carry out the instructions or provide our Services.
How do we use or disclose your personal information?
We may use and disclose personal information for the purpose for which it is collected, for directly related purposes, for other purposes authorised by you and in other circumstances authorised by the Act. We may use and disclose personal information:
- to provide legal services and client services
- to carry out our responsibilities as an employer;
- to verify your identity details;
- to process your personal information for our own internal business purposes;
- to carry out firm and trust account transactions, such as client billing and payments, firm creditors, employee transactions and client trust account transactions;
- to undertake credit management activities;
- for debt recovery purposes, which may also include disclosing information to debt collectors;
- for dealing with commercial or legal conflicts;
- to provide promotional information and newsletters in hard copy or electronic form, or information that we believe may be of interest;
- to communicate with clients, potential clients, suppliers, staff, contractors and others;
- to purchase products and services; and
- to comply with our legal obligations, and to meet our reporting obligations as required by law.
We may be required to disclose personal information to third parties in the course of representing and advising our clients if it is required or authorised:
- by an individual;
- by law; or
- by the Law Society’s Rules of Professional Conduct.
From time to time, we may share personal information with certain service providers who provide services to us or perform administrative or marketing activities on our behalf. Further information is provided in our Standard Terms.
Overseas disclosure of personal information
When we disclose personal information, it may be transferred to and used by third parties in countries other than New Zealand. Some third parties may be located in countries where they are not required to protect person information in the way that we are under the Act. However, rest assured, where we disclose personal information to a third party in another country we endeavour to put safeguards in place to ensure your personal information is protected.
For individuals in the European Economic Area (EEA), this means that your personal information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses).
Storage and security of personal information
Personal information may be stored in hard copy and/or electronic form, including with third party data storage facilities and in cloud storage located both inside and outside New Zealand. Electronic data that is stored in the cloud by third parties is usually encrypted.
Hard copy personnel files are stored in locked cupboards in the work pod of the HR Manager and may not be removed from this location. Access to personnel files is limited to HR, Finance (for payroll purposes), CEO, Managing Partner and supervising partner of the individual. At all times, access to a file must be for a work-related purpose and comply with the provisions of the Act.
As a firm, we take all reasonable steps to protect the personal information we hold. We do this by use of appropriate physical security, including third party data storage facilities, and restricted access to both electronic and hard copy records. All Anthony Harper personnel are required to access personal information for work-related purposes only, to respect the confidentiality of personal information and the underlying privacy of individuals.
If your personal information is subject to unauthorised or accidental access, disclosure, alteration, loss or destruction or actions which prevent us from accessing it on a temporary or permanent basis (each event being a “Privacy Breach”), and such Privacy Breach is likely to cause you serious harm, we will notify you and the Privacy Commissioner in accordance with our obligations under the Act.
We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our internal retention policies and practices (for example, to provide you with a service you’ve requested or to comply with applicable legal requirements such as anti-money laundering and financial reporting legislation). Following that period, we’ll make sure it’s deleted or anonymised. Otherwise, as a general rule, we only keep your personal information for as long as we require it for the purposes of providing you with our Services.
What about links to other websites?
Email, text and telephone communication
We are committed to complying with the Unsolicited Electronic Messages Act 2007.
By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.
You can unsubscribe from our email communications and/or text communications at any time by clicking the “Unsubscribe” link in any promotional or marketing email or text received or by emailing firstname.lastname@example.org.
Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.
How can you access or correct personal information?
It is your responsibility to ensure that the personal information you provide is accurate, complete and up-to-date.
You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, or ask us to restrict or cease using and disclosing your personal information by setting out your request in writing and sending it to us at email@example.com.
We will review your request as soon as reasonably practicable to comply with our legal obligations. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
We take your concerns seriously. If you have any concerns about privacy or the use or collection of your personal information by Anthony Harper please contact our Privacy Officer at firstname.lastname@example.org and include the words ‘ATT: THE PRIVACY OFFICER’ or call us on 09 920 6400.
We will respond as quickly as possible and handle all complaints in a way that is fair and consistent. However, if you remain dissatisfied, you can make a formal complaint with Office of the Privacy Commissioner.