Privacy Policy
Introduction
This privacy policy explains how Policywise Ltd (we, us, our) collects, uses, discloses and protects personal information. We comply with the Privacy Act (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
A person is not required to provide the personal information that we request but, if that person chooses not to do so, in many cases we will not be able to provide our services.
Privacy Officer
The business has appointed a privacy officer Calum MacLeod the officer.
A privacy officer will:
-
Be familiar with the privacy principles in the Privacy Act
-
Work to make sure the organisation complies with the Privacy Act
-
Deal with any complaints from the organisation's clients about possible privacy breaches
-
Deal with requests for access to personal information, or correction of personal information
-
Act as the organisation's liaison with the Office of the Privacy Commissioner.
They may also:
-
Train other staff at the organisation to deal with privacy matters
-
Advise their organisation on compliance with privacy requirements
-
Advise their organisation on the potential privacy impacts of changes to the organisation's business practices
-
Advise their organisation if improving privacy practices might improve the business
-
Be familiar with any other legislation governing what the organisation can and cannot do with personal information.
-
The Privacy officer will complete the required training through the Privacy Commission website: https://privacy.org.nz/privacy-for-agencies/your-obligations/privacy-officers/
How we collect personal information
We collect personal information about an individual from that individual, through contact with us (for example, in a meeting, or via an email, website), or when we provide services to the individual. We also collect information from third parties including from clients’ related businesses, accountants, current providers of financial products (including insurers and lenders), medical service providers and employers. We may also collect personal information from the Accident Compensation Corporation and credit reporting agencies.
When a person visits our website we may collect information including details of visits to our website such as traffic data, location data, and website analytics.
This information will be kept in accordance with our records keeping policy.
How we use personal information
We collect personal information for the following purposes:
-
To provide and market our services (and to assist in improving our services);
-
To respond to communications from a client;
-
To make contact with a client in the future about matters we believe will be of interest;
-
In connection with defending, protecting and/or enforcing our legal rights and interests including defending a complaint, claim or other action;
-
To conduct research and statistical analysis (on an anonymised basis);
-
To undertake credit checks on clients (if necessary);
-
To comply with our obligations at law and to support us to engage with relevant regulators;
-
For any other purpose authorised by our client or the Act.
Who we disclose personal information to
We may disclose a client’s personal information to:
-
Any business that supports provision of our services (including related companies, information technology service providers, lawyers, accountants);
-
Financial product providers in connection with assisting clients to apply for financial products and services, administer financial products and services, make claims under financial products, renew, vary, replace or exit/end financial products or services;
-
Third parties noted above in order to obtain relevant required information;
-
Regulatory bodies including the Financial Markets Authority (whether or not required by law);
-
Lawyers and other professionals, and our insurers (and their advisers), in connection with defending, protecting and/or enforcing our legal rights & interests;
-
Debt collection agencies;
-
Any other person authorised by the Act or another law.
A business that supports provision of our services may be located outside New Zealand. This may mean that personal information is held and processed outside New Zealand. We will do our best to ensure your personal data remains confidential when using an international service or contractor.
Cookies
We use cookies to record session information. Cookies are small data files that a website host computer sends to a website user’s computer. We may use cookies on this website to help us remember information you enter, by passing a unique identifier between your PC or device and this website. The information recorded includes information you input when getting quotes or filing forms, user-specific information about the pages you visit.
Cookies also provide us with information about how people have interacted with our site so that we can make improvements to it. They are not harmful to your computer, don’t access information on your hard drive, and are not used by us to store personally identifiable information like card details. We also use cookies to track users on the site and understand how they are using it. We can then improve the website by gathering information including where users go, where they leave the website, and which pages are causing problems.
How we protect personal information
We will take steps that are reasonable in the circumstances to keep personal information safe from loss and from unauthorised access, use, modification or disclosure.
We have the following polices in place to ensure information is kept securely:
-
Records Keeping
-
Information technology, data and security.
Accessing and correcting personal information
Subject to certain grounds for refusal set out in the Act, an individual whose information we hold has the right to access personal information that we hold and about that individual and to request a correction to that personal information. The Privacy Officer will be contacted.
Internet use
While we take reasonable steps to maintain secure internet connections, if a person provides us with personal information over the internet, the provision of that information is at the provider’s own risk.
If a person follows a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We recommend that the site’s privacy policy is reviewed before any personal information is provided.
Phone conversations
Our business does operate in a very digital environment. A large portion of our interactions with clients may be done via phone. Policywise records phone conversations with clients for compliance, audit, and training purposes. These conversations as per the Privacy Act 2020 will be stored securely and can be accessed by the client when requested as per principal Six of the Privacy Act.
Updates
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
Training
As a business we ensure all staff and the privacy officer are trained at least annually on the Privacy Act 2020 the principles and duties of a privacy officer.
Controls
-
External reviews are conducted to ensure the privacy policy is met, aligned policies (Records keeping and IT)
-
Training is conducted in the office.
-
Passive reviews by internal staff.
Reporting of privacy breaches
The Business, Privacy Officer, will undertake an analysis of a privacy complaint to identify if it is serious and systemic in nature.
Where a privacy breach of this nature occurs (The Business will, in accordance with their obligations under the Privacy Act) notify the privacy commissioner and the individuals impacted by the breach.
The Business will provide relevant details to the privacy commissioner, including the proposed handling of the complaint. https://privacy.org.nz/privacy-for-agencies/privacy-breaches/
If required, the Business will follow the Privacy Commission’s guidance on additional measures that maybe required to be enacted. Tracking of privacy complaints will align with the Business complaint management policy.