Privacy Policy

Why is this policy important?

Agencies – that is almost everyone hold personal information about others – must comply with the Privacy Act. This Privacy Policy shows our customers how seriously we take the security of their personal information, and how we deal with collecting, using and disclosing personal information for anyone using our services. The Privacy Act defines principles we need to comply with, including the principle that we can only use information for the purpose for which we collected it. The systems we use to hold client information include: email, online services such as Gmail, third party providers such as MyCrm, Quote Monster, and Xero, and hard copy client files are turned in to soft copies and stored in One Drive, and on external Hard Disk. All hard copies are destroyed by document destruction services.

Our policy- the dos and don’ts

We ensure all information is kept securely.
We only share and use information as per the agreed purpose.
We only collect personal information necessary for the services being provided and ensure that the clients knows that their information is available anytime they wish to view it.
We ensure that client information is retained and stored in a secure environment.
When we collect client information, we explain the reasons why the information is collected and how it will be used.

We don’t give out any personal information, unless we know exactly who’s asking for it, why they want it and that they are authorised to have it.
We don’t breach client confidentiality.
We don’t collect information that isn’t required to complete the services we agreed with the client.
We don’t leave client information visible for others people to see.

Our processes

Step 1 Client Meetings	We explain to our customer the purpose of collecting personal information about them. We cover what we are trying to achieve and what personal information is needed to achieve it.
Step 2 Client information	We explain to our clients how we handle their personal information. For example: We only collect personal information directly from them or from a public source. We only use their information to provide our services to them. We are required to keep information for seven years after our client relationship ends. We will dispose of it appropriately at the end of the seven-year period.
Step 3 Client data	We will establish a process to periodically review the data that we hold in our business. We only keep client data or information that we are required hold. This helps reduce our risk if client information is accidentally made public.
Step 4 Systems	We check the terms and conditions or agreements with our systems providers to ensure that there are suitable arrangements in place to keep the data secure.
Step 5 Insurance	On an annual basis, we will review the terms of our Professional Indemnity Insurance to ensure that we are insured for a breach of privacy.
Step 6 Data breach	We will develop a response plan for what to do if our business is affected by a data breach.

How do we know we comply?

We are aware of our obligations under the Privacy Act and we have completed the online learning modules https://elearning.privacy.org.nz/
We maintain a Breach Register and we know how to record and manage a breach.
We periodically review the Privacy Commissioner’s website for guidance on managing client privacy.
We review the guidelines developed by the NZ Government to help prevent breaches of data. https://www.cert.govt.nz/businesses-and-individuals/
When we use a new provider we check their terms and conditions to understand how they store and use our client information and data

This Privacy Policy was last updated in October 2024.