Privacy Policy

Overview

Our firm is required to obtain and collect personal information for Anti Money Laundering purposes and to enable us to provide legal services. In that process, we are committed to protecting your privacy.

This Privacy Policy explains how our firm collects, uses, stores and discloses the personal information that we hold concerning our clients, potential clients, suppliers, employees and others. As a firm, we are bound by the Privacy Act 2020 (Privacy Act) and the information privacy principles set out in the Privacy Act.

For the purposes of this policy, personal information means information about an identifiable individual.

Why we collect personal information

We collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations, including (but not limited to) our anti-money laundering and compliance obligations.

By using our services or providing your personal information to us, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and the provisions in the Privacy Act.

Who we collect personal information about

We collect and hold personal information about (but not limited to):

• • clients, business associates and potential clients and their employees, contractors, owners and directors;

• • individuals we deal with in the course of acting for clients and carrying out our Services;

• • suppliers;

• • prospective employees, employees and contractors; and

• • other people who come into contact with our firm.

The kind of personal information we collect

In general, the type of personal information that we collect and hold includes (but is not limited to): your:

• • name,

• • address,

• • contact details,

• • date of birth,

• • occupation,

• • bank account and other financial information,

• • identity verification such as your driver’s licence, passport and birth certificate,

• • employment history and/or details,

• • education and qualifications,

• • testimonials and feedback,

• • evidence of source of funds (in some cases), and

• • other information which assists us to provide and market our services and meet our legal obligations under applicable privacy laws, the Anti- Money Laundering and Countering Financing of Terrorism Act 2009 (AML and CFT Act) and any other statutes or regulations.

In some cases, if personal information is not provided as requested, we may not be able to carry out the instructions or provide our Services.

How we collect personal information

We collect personal information in the following ways:

• • directly from you or from third parties acting on your authority or who you authorise us to make contact with about you,

• • when you contact us seeking information about us, our services or anything on our website (including if you register on our website to receive our news updates),

• • in the course of conducting client due diligence,

• • while providing our services to you,

• • when you apply to work at our firm,

• • publicly available information searched as part of carrying out customer due diligence or as part of the provision of our Services to you,

• • indirectly through your use of our website and the services and functionality offered through it,

• • the agents and service providers that we may engage to assist us with fulfilling any of the purposes recorded in this Privacy Policy, and

• • third parties connected with the substance of the matter(s) or purpose(s) for which you have engaged us.

How we process your personal information

Where we collect personal information, we will only process it:

• • to perform a contract with you,

• • where we have legitimate interests to process the personal information and these interests are not overridden by your rights,

• • when we have your consent, or

• • in accordance with a legal obligation.

How we will use or disclose your personal information

We may use and disclose personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose, and in other circumstances authorised by the Privacy Act.

We collect your personal information so that we can provide you with our Services and any related services you may request. In doing so, we may use the personal information we have collected from you for purposes related to the Services, including:

• • to conduct our business,

• • to provide and market our Services to you,

• • to carry out our responsibilities as an employer,

• • to verify your identity, perform customer due diligence and for internal record keeping purposes,

• • to carry out firm and trust account transactions, such as client billing and payments, firm creditors, employee transactions and client trust account transactions,

• • to enforce our agreements with you (including to supply, and invoice for, Services, and to collect payment, which may also include disclosing information to debt collectors),

• • for dealing with legal or commercial disputes,

• • to provide promotional information and newsletters in hard copy or electronic form, or information that we believe may be of interest to you,

• • to communicate with you,

• • to comply with our legal obligations, including (but not limited to) our anti-money laundering and compliance obligations.

We may be required to disclose personal information to third parties in the course of representing and advising our clients if it is required or authorised:

• • by the individual in question,

• • by law, or

• • by the New Zealand Law Society’s Rules of Professional Conduct.

We will not disclose your personal information to any third party without your consent, unless required or permitted by law. We are committed to maintaining the confidentiality of your information in accordance with New Zealand’s privacy laws and ethical obligations.

Storage and security

Personal information may be stored in hard copy and/or electronic form, including with third party data storage facilities and in cloud storage located both inside and outside New Zealand. Electronic data that is stored in the cloud by third parties is usually encrypted.

Access to employee’s files is limited to the Practice Manager, Finance (for payroll purposes) and Partners of the firm. At all times, access to a file must be for a work-related purpose and comply with the provisions of the Privacy Act.

As a firm, we take all reasonable steps to protect your personal information from misuse and loss, and from unauthorised access, modification or disclosure. We do this by use of appropriate physical security and restricted access to both electronic and hard copy records. All employees are required to access personal information for work-related purposes only, to respect the confidentiality of personal information and the underlying privacy of individuals. The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal requirements such as anti-money laundering and financial reporting
legislation).

To protect the personal and sensitive information we collect, we implement best practice cybersecurity measures, including encryption, firewalls, and regular security audits. We are committed to safeguarding your data from unauthorised access, loss, or misuse, in compliance with New Zealand’s privacy and data protection laws.

If your personal information is no longer required by us, we will either destroy the information or de- identify it so it cannot be attributed to you personally.

Links to other websites

Our website, social media, news updates or other communications to you, may contain links to third party websites. Unless expressly stated otherwise, these websites have not been developed by and are not controlled by us. They are provided for your convenience only, and do not imply that we check, endorse, approve or agree with the privacy practices of these third party websites. We encourage you to be aware when you leave our website and to read the privacy statements of each website that you visit.

How you can access or correct your personal information

We try to ensure that the personal information we hold is accurate, complete and up-to-date; however, please contact us in order to update any personal information we hold about you.

You have the right to request access to any of your personal information we hold by emailing us at privacy@ehw.co.nz. Subject to any lawful grounds for withholding, we will on request provide you with a copy of the personal information we keep about you.

You may request that the personal information we hold about you be corrected by emailing us at privacy@ehw.co.nz. If we agree that your personal information is to be corrected, we will do so. If we do not correct your personal information, your correction request will be kept with the personal information held.

Privacy complaints

If you think that your privacy rights have been breached, you can make a written complaint to our Privacy Officer (our Practice Manager) at

• • Email: complaints@ehw.co.nz, or
  • Mail: PO Box 326, Marton 4741

Or you can contact the Office of the Privacy Commissioner directly at:

• • Phone: 0800 803 909
  • Web: https://privacy.org.nz/.

Updates to this policy

This policy will be reviewed periodically or to comply with new laws and technology, changes to our operations and practices and changes to the business environment.

Your continued use of our Services following notification of any changes to this Privacy Policy constitutes acceptance of those changes. If you do not agree with any aspect of the updated Privacy Policy, you must immediately cease all use of our Services.