For the purposes of applicable data protection laws, we are the controller.
- personal information means any information or an opinion about you (including information or an opinion forming part of a database), by which you may be identified directly or indirectly, whether on its own or in combination with other information, whether true or not, and which is submitted to and/or collected by us in an accessible form.
- sensitive information means personal information about things such as your personal and financial information, gender, any and all contact details.
2. Privacy guidelines for our staff, clients and other individuals
2.1. What kinds of personal information do we collect and hold?
We collect and hold:
(a) all of your contact details, such as office address, home address, telephone and mobile numbers, email addresses plus other relevant professional contacts such as lawyers and personal or business bankers;
(b) your personal and/or entity details, such as your gender, your current verified Identification, your family members, any of your related entity relationships and any background pertaining to how your entities and/or your personal business with us is structured and operated, to the extent that it is relevant to our functions and responsibilities as your chosen professional business advisory and accountancy firm;
(c) your personal and/or business financial details, as specifically authorised by you, including your bank account, IRD, NZBN or Company numbers, any and all types of personal, partnership, trust or company tax information, your bank account transactions and including any audits, investigations, decisions or other actions performed on your account/business, to the extent that it is relevant to our functions and responsibilities as your chosen business advisory and accountancy firm;
(d) any historical information, including your payment history, relevant recent paperwork and transactions carried out by your former accountancy firm, to the extent that it is relevant to you moving your business to our firm as a new client;
(e) access to your information, as authorised, via the New Zealand Companies Office, Inland Revenue Department, Accident Compensation Corporation and to the extent that it is relevant to our functions and responsibilities as your chosen professional business advisory and accountancy firm;
(f) records of your communications and other interactions with us, and;
(g) information you make available on the Sites;
2.2. How do we collect your personal information?
We collect personal information about you when it is reasonably necessary for one or more of our activities or functions. This personal information is collected in a number of ways, including:
Through the Sites: We may collect personal information from the Sites, such as when you visit, use or register on our Website, Apps or Social Media Pages, join (or request to join), post in or otherwise contribute to a RALP Social Media Page, or when you complete a survey;
From you: We may collect personal information from you when you contact, do business or interact with us by phone or email, apply for, enrol in or register for a program or activity, or enter into a competition;
From third parties: We may receive your personal information from other sources, such as public databases, events lists, regulators and government and statutory bodies.
2.3. What would happen if we did not collect your personal information?
The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal information we reasonably require, we may not be able to contact you or otherwise interact with you, process your returns as required by law, your registration, subscription renewal or request, perform our statutory functions, or provide you with some or all of our products and services.
2.4. How we use your personal information
We will not collect or use your personal information unless it is lawful for us to do so. We collect and use personal information for the following purposes:
(a) processing and assessing new client applications, client exits, RALP client communications, subscriptions and unsubscriptions;
(b) fulfilling requests for information, products or services (with your consent, if required);
(c) fulfilling our role as a professional service, including maintaining of confidential client records, providing information on RALP services, products and benefits, and conducting research relevant to our clients;
(d) sending technology subscription renewals and other information relevant to our functions, responsibilities and obligations under our policies, practices and guidelines;
(e) for promotional and marketing purposes, including communicating information about our products and services (with your consent, if required);
(f) communicating to clients on matters relevant to their business with us inlcuding any specialisation or any other programs, opportunities or transactions with us;
(g) monitoring, moderating and improving our Sites;
(h) assessing suitability for employment or the provision of services by independent contractors;
(i) fulfilling our contractual and other regulatory obligations, including dealing with external payment providers, such as FeeSmart;
(j) conducting, managing and reporting on quality assurance reviews and audits, including holding current and correct Identification for every client, under the Anti Money Laundering and Countering Financing of Terrorism Act 2009;
(k) managing complaints and staff conduct and disciplinary processes, including undertaking investigations, implementing disciplinary procedures associated with professional conduct; and providing information to New Zealand and overseas regulators, government and statutory bodies (such as the Securities Commission New Zealand);
(l) organising, hosting workshops, networking or informational events and/or competitions (included with third parties);
(m) managing trainee staff and any other local charitable assistance, including providing pro bono work or charitable donations;
(n) providing products and services, or information relating to such products and services (with your consent, if required);
(o) assessing or improving our products and services, as well as for training and quality purposes, including monitoring, recording and analysing online interactions and communications between you and us;
(p) providing information to third parties as authorised or required by law or a court or tribunal; and
We have a legitimate interest in using your information in these ways. It is also fundamental to the nature of the service we provide.
In some cases it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party's statutory or public function or because the law permits or requires us to.
In addition to the specific circumstances above, we will only use your personal information with your consent (if required under applicable data protection laws) when we process your personal information in order to send you carefully selected marketing materials about our products and services (or those of our third party partners) by email, phone call, text or post, depending on your preferred contact method. You have the right to opt out of receiving such direct marketing at any time.
If at any time you wish to stop receiving direct marketing messages from us, the easiest way to do so (for electronic messages) is to use the unsubscribe feature in the marketing message you have received. You can also let us know by contacting us using the contact details set out in the "Contact Us" section. In your request, please indicate that you wish to stop receiving marketing communications from us.
Our Sites may contain hyperlinks to websites operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites handle any personal information you provide. We have no control over, and are not responsible for, this third party's use or disclosure of your personal information.
2.5 Use and disclosure of personal information
We do not use your personal information or disclose it to another organisation unless:
(a) it is reasonably necessary for one of the purposes described above;
(b) having regard to the nature of the information or the circumstances of collection we believe you would expect us to use the information or make the disclosure;
(c) required or authorised by law or court or tribunal;
(d) it is necessary to protect the rights, property, health or personal safety of a client, the public or our interests, and it is unreasonable or impracticable to obtain your consent;
(e) the disclosure is necessary to assist any entity, body or person to locate a person who has been reported missing;
(f) we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and we believe that the collection, use or disclosure is necessary in order for us to take appropriate action;
(g) the assets and operations of our business are transferred to another party as a going concern;
(h) it is necessary to obtain third party services, for example to carry out data analysis or provide information processing services (where use of your information by third parties is strictly controlled);
(i) it is for one of the purposes expressly permitted under applicable data protection and privacy laws; or
(j) you have provided your consent.
For avoidance of doubt, we may disclose your personal information to:
(k) any of our related or associated companies, affiliates and subsidiaries, including those established in the future;
(l) any data processors processing your information on our behalf;
(m) where applicable, third parties who provide related services or products in connection with our business such as any business partners, and any party assisting us in carrying out the purposes described above;
(n) parties who may participate in joint marketing schemes with us;
(o) any agent, contractor or service provider who provides administrative, informational processing, payment clearing, credit reference, debt collecting or other services necessary to the operation of our business;
(p) any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any applicable law;
(q) government agencies, statutory authorities and industry regulators;
(r) our auditors, consultants, accountants, lawyers or other financial or professional advisers; and / or
(s) our sub-contractors or third party service or product providers as may be determined to be necessary or appropriate.
To suppress or limit our use of your personal information that has been previously provided to us, please email, call or write to us using the contact information listed below in the "Contact Us" section.
We will not sell your personal information to third parties.
If you are a client and reside in a country outside of New Zealand (or apply to do so) we may send your personal information overseas in response to an inquiry from the relevant authority in that foreign country. As a result, your personal information may be disclosed to recipients in those foreign countries.
The recipients of such information may be located in New Zealand, Australia, Japan, the United Kingdom, Ireland, United States of America, Hong Kong, China, Singapore, Canada, South Africa, India, Indonesia, Malaysia and The Netherlands.
2.6 Access and correction of personal information
Individuals may request access to their personal information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate. Any requests for access or correction of your personal information should be made in writing to our Privacy Officer / Data Protection Officer.
We will in most cases provide an individual with access to their personal information. To the extent permitted by law, there are some exceptions where this access may be denied, namely where:
(a) providing access may have an unreasonable impact on the privacy of other individuals;
(b) providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted in relation to local law by, or on behalf of, us or an enforcement body;
(c) providing access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
(d) we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
(e) giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process;
(f) we reasonably believe that giving access would pose a serious threat to the life, physical or mental health or safety of any individual, or to public health or public safety;
(g) the request for access is frivolous or vexatious; or
(h) where we are otherwise permitted by applicable data protection and privacy laws to do so.
To request access and seek the correction of personal information held by us, please email, call or write to us using the contact information listed below in the "How to contact us" section.
We will endeavour to respond to any access or correction request within 20 working days of receipt.
3. Residents in the European Economic Area
If you are a resident in the European Economic Area, you have the following rights in relation to your personal information (where applicable):
(a) Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
(b) Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
(c) Deletion. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
(d) Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
(e) Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
(f) Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
(g) Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
To make a request to exercise any of these rights in relation to your personal information, please email, call or write to us using the contact information listed below in the "Contact Us" section.
4. How long do we keep your personal information?
We will only retain your personal information for as long as is necessary for the purpose for which that personal information was collected and to the extent permitted by applicable laws. When we no longer need to use personal information, we will remove it from our systems and records and/or take steps to anonymise it so you can no longer be identified from it.
5. Security of Personal Information
We use reasonable organisational, technical and administrative measures and security safeguards to protect, as is reasonable in the circumstances, the personal information we hold from misuse, loss, interference and/or unauthorised access, use, disclosure or alteration of information under our control. Where practicable, we implement measures to require organisations to whom disclosure is made to comply with applicable data protection and privacy laws. If a third party is given access to personal information we take reasonable steps to ensure that the information is held securely and used only for the purpose of providing the relevant service or activity.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem using the contact information listed below in the "Contact Us" section.
6. Other information
6.1. What other information do we collect?
The Sites collect other information that may or may not be personal information. Other information includes information that does not reveal your identity, such as:
(a) browser and device information;
(b) server log file information;
(c) App usage data;
(d) demographic information;
(e) location information;
(f) aggregated information.
6.2 How do we collect other information?
Through your use of an App: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
6.3 How do we use other information?
Please note that we may use and disclose such other information which is not personal information for any purpose, except where we are required to do otherwise under applicable law; for example, if we are required to treat that information as personal information under applicable law.
In some instances, we may combine other information with personal information. If other information can be combined with personal information or can be used to build a profile of an individual (in a way which could be reasonably used to identify that individual), such other information will be treated by us as personal information.
7. Privacy concerns
If you would like any further information about our handling of personal information or to make a complaint about our handling of your personal information, please lodge a written complaint addressed to our Privacy Officer using the contact details below. Once we receive your complaint, we will respond to you within a reasonable period of time, usually within 20 working days.
If you are unsatisfied with the outcome of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the local data protection authority.
9. How to contact us
Privacy & Data Protection
P: 0800 308 5015
10. Cookies Policy
10.1 What is a cookie?
A cookie is a small text file that is placed on your device (such as your computer, smartphone or other internet-enabled device) when you visit a site or page to collect data about the usage of our Websites at a later date. The cookie will help the website, or another website, to recognise your device the next time you visit the site. Most web browsers are set by default to accept cookies.
In addition to cookies, we also use web beacons and other storage technologies to collect information from our Websites. Like cookies, web beacons and similar storage technologies collect data about the usage of our Websites and can recognise your device the next time you visit.
10.3 The types of cookies we use
Specifically, we use the following cookies:
- Strictly necessary cookies that are required for the operation of our Websites, such as cookies that enable you to log into secure areas of our Websites (for example, members only areas) or to comply with the law (for example, to keep your information safe). If a user opts to disable these cookies, the user may find that certain sections of our Websites do not work properly for them (for example, the user may not be able to access all of the content that membership entitles them to access).
- Performance cookies which recognise and count the number of users to our Websites and help us see how users move around our Websites. These cookies do not collect information that identifies a visitor. We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.
- Functionality cookies which are used to recognise you when you return to our Websites and assist us to personalise your content and Website experience by remembering your preferences. These cookies are also used to provide services you have asked for. Information collected by functionality cookies may or may not be anonymised, but they cannot track your browsing activity on other websites.
- Targeting cookies which are used to record your visit to our Websites, the pages you have visited and the links you have followed. These cookies are used to advertise relevant products to you on other websites, based on the products and categories you looked at on www.charteredaccountantsanz.com.
10.4 Third party cookies and technologies
Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.
To try and bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Adobe Analytics, Facebook, LinkedIn and other providers (Third Party Providers) that allow them to place cookies on our Websites.
These Third Party Providers may:
- use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
- compare de-identified information from us with information collected elsewhere on the internet; and
- use that information to provide measurement services and target ads to you.
10.5 How long cookies will be stored on your device
Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user's device for the period of time specified in the cookie.
10.6 How you can manage your cookies
Some of the websites that let you control what information is collected about you are: