Privacy Policy

+64 9 920 8660

[email protected]

+64 9 920 8660

[email protected]

Privacy Policy

Personal Information

Personal information is information about an identifiable individual and includes your name, date of birth, address, telephone number and email address.

Browsing our website and emailing an enquiry

We do not collect personal information about you if you simply browse our website or read information on it. When you visit our website we do collect general technical information about your visit so that we can get a better understanding of how people are using our site. However, this information does not include any identifiable information about you.

If you email an enquiry to us or register your details to receive further information we will use your information:

·         for the purposes for which you supplied it; and

·         for dealing with any legal or commercial conflicts.

Client information and “customer due diligence”

If you request legal and related services from us we will collect personal information from you.

We have legal obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML CFT Act), the Tax Administration Act 1994 (“TRA”), the Foreign Account Tax Compliance Act (“FATCA”) and the Common Reporting Standard (“CRS”) that may include carrying out “customer due diligence”. We will collect personal information from you, and may need to collect personal information about you from third parties to meet our obligations. We may also need to collect personal information about other individuals you are associated with either directly from the individual concerned or from third parties.

We may not be able to act or continue acting for you or complete trust account transactions for you, if any of the requested information is not provided.

Use and disclosure of personal information

We will use your personal information, as applicable:

·         to carry out due diligence in accordance with the AML CFT Act, TAA, FATCA and CRS;

·         for dealing with any legal or commercial conflicts;

·         to act on your behalf in relation to all matters necessary or incidental to your engagement of us;

·         for sending to you TGT Legal publications and invitations to seminars;

·         for any purpose specified in our terms of engagement; and

·         for any other purpose you may authorise.

We will only disclose personal information about you if:

·         we need to disclose personal information about you to government agencies or to banks with which we place your funds to meet our legal obligations under the AML CFT Act, the TAA, FATCA and CRS.

·         it is necessary to carry out due diligence;

·         it is required or authorised by law (including under the AML CFT Act, TAA, FATCA, CRS and the Privacy Act 2020, as applicable) or rules applicable to the legal profession by which we are bound;

·         disclosure is one of the purposes for which you gave us the information;

·         it is in accordance with our terms of engagement; or

·         you have expressly consented to the disclosure or your consent can be reasonably inferred from the circumstances.

Parties we may disclose your information to

Your personal information may be used by us for the purposes set out above and may also be used by agencies we use to provide services to you such as:

·         any outsourced service provider who assists in the services we are required to carry out such as Datacom (see also Cloud-based service providers, below);

·         debt collecting organisations.

If we don’t need to share your information with a third party to provide advice and services to you, we will not pass on your information to them without your consent.

Sending your information overseas

We may send your personal information outside New Zealand to persons identified above or to parties authorised by you.

Where we do this, we make sure that appropriate security and information handling arrangements are in place and the information remains subject to confidentiality obligations.

All countries have different privacy laws and information protection standards. If we need to send your personal information to a country that has lower standards of information protection than New Zealand, we will take appropriate measures to protect your personal information. Where it is not possible to ensure that appropriate security and information handling arrangements are in place, we will discuss this with you and obtain your prior consent.

Storage and protection of your personal information

We may electronically record and store personal information which we collect from you. When we do so, we will take all reasonable steps to keep it secure and prevent unauthorised disclosure.

Some information we hold about you will be stored in paper files, but most of your information will be stored electronically on the cloud by cloud service providers – see “Cloud-based service providers” below.

We use a range of physical and electronic security measures to protect the security of the information we hold, including:

·         Access to information systems through identity and access management;

·         Our offices are secured with a combination of locks, access controls and cameras to prevent unauthorised access;

·         Employees are bound by internal information security policies and are required to keep information secure;

·         Employees are required to complete training about information security and privacy;

·         When we send information overseas or use service providers to process or store information, we put arrangements in place to protect your information;

·         We regularly monitor and review our compliance with internal policies and industry best practice;

·         We only keep information for as long as we need it, or as long as the law requires us to.

Cloud based service providers

We use third party providers to store and process most of the information we collect. We use Datacom cloud servers located in New Zealand. We ensure that our cloud-based service providers are subject to appropriate security and information handling arrangements and the information stored or processed by them remains subject to confidentiality obligations.

Timeframes for keeping personal information

We are required by law to retain files for certain periods of time.

We take reasonable steps to destroy or permanently de-identify any personal information as soon as practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate business purpose with it.

If there is a privacy breach

We work hard to keep your personal information safe. However, there is still a possibility that our security could be breached. If we experience a privacy breach, where there is a loss or unauthorised access or disclosure of your personal information that is likely to cause you serious harm, we will, as soon as we become aware of the breach:

·         Seek to quickly identify and secure the breach to prevent any further breaches and reduce the harm caused;

·         Assess the nature and severity of the breach, including the type of personal information involved and the risk of harm to affected individuals;

·         Advise and involve the appropriate authorities where criminal activity is suspected;

·         Where appropriate, notify any individuals who are affected by the breach (where possible, directly); and

·         Notify the Privacy Commissioner.

Rights of Access and Correction

Under the Privacy Act 2020, individuals have rights to request access to,  correct, and in some circumstances, delete their personal information. You can make such a request by contacting the Firm’s Privacy Officer at [email protected] or 09 920 8689.

When you contact us with such a request, we will take steps to update or delete your personal information, provide you with access to your personal information and/or otherwise address your query within a reasonable timeframe.

We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory or similar requirements.

There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give you access or to correct or delete your personal information:

·         we will let you know our reasons, except if the law prevents us from doing so;

·         you have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy;

·         we will provide you with information on how you can complain about the refusal.

Changes to our privacy policy

We review this Privacy Policy periodically to keep it current. The latest version of our policy is available on our website or you can obtain a copy by calling us on 09 920 8679.

Privacy Policy queries and concerns

If you are concerned about how your personal information is being handled or if you feel that we have compromised your privacy in some way, please contact the Firm’s Privacy Officer at [email protected] or 09 920 8679.

We will acknowledge your complaint within three working days. We will let you know if we need any further information from you to investigate your complaint. We aim to resolve complaints as quickly as possible.

If you are not satisfied with our response to any privacy related concern you may lodge a complaint on the Privacy Office website (www.privacy.org.nz) or send a complaint form to the Privacy Commissioner at:

Office of the Privacy Commissioner

PO Box 10-094

Wellington 6143, New Zealand.

May 2021