Privacy Policy
Introduction
This privacy policy explains how DecisionMakers (we, us, our) collects, uses, discloses and protects personal information. We comply with the Privacy Act (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
A person is not required to provide the personal information that we request but, if that person chooses not to do so, in many cases we will not be able to provide our services.
Privacy Officer
Each DecisionMakers business has appointed a privacy officer, the officer.
A privacy officer will:
- be familiar with the privacy principles in the Privacy Act
- work to make sure the organisation complies with the Privacy Act
- deal with any complaints from the organisation's clients about possible privacy breaches
- deal with requests for access to personal information, or correction of personal information
- act as the organisation's liaison with the Office of the Privacy Commissioner.
They may also:
- train other staff at the organisation to deal with privacy matters
- advise their organisation on compliance with privacy requirements
- advise their organisation on the potential privacy impacts of changes to the organisation's business practices
- advise their organisation if improving privacy practices might improve the business
- be familiar with any other legislation governing what the organisation can and cannot do with personal information.
The Privacy officer will complete the required training through the Privacy Commission website: visit website >
How we collect personal information
We collect personal information about an individual from that individual, through contact with us (for example, in a meeting, or via an email, website), or when we provide services to the individual. We also collect information from third parties including from clients’ related businesses, accountants, current providers of financial products (including insurers and lenders), medical service providers and employers. We may also collect personal information from the Accident Compensation Corporation and credit reporting agencies.
When a person visits our website we may collect information including details of visits to our website such as traffic data, location data, and website analytics.
This information will be kept in accordance with our records keeping policy.
How we use personal information
- to provide and market our services (and to assist in improving our services);
- to respond to communications from a client;
- to make contact with a client in the future about matters we believe will be of interest;
- in connection with defending, protecting and/or enforcing our legal rights and interests including defending a complaint, claim or other action;
- to conduct research and statistical analysis (on an anonymised basis);
- to undertake credit checks on clients (if necessary);
- to comply with our obligations at law and to support us to engage with relevant regulators;
- for any other purpose authorised by our client or the Act
Who we disclose personal information to
We may disclose a client’s personal information to:
- any business that supports provision of our services (including related companies, information technology service providers, lawyers, accountants);
- financial product providers in connection with assisting clients to apply for financial products and services, administer financial products and services, make claims under financial products, renew, vary, replace or exit/end financial products or services;
- third parties noted above in order to obtain relevant required information;
- regulatory bodies including the Financial Markets Authority (whether or not required by law);
- lawyers and other professionals, and our insurers (and their advisers), in connection with defending, protecting and/or enforcing our legal rights & interests;
- debt collection agencies;
- Electronic Identification Services and Database Providers, including Centrix, Dow Jones Watchlist, Equifax, LINZ, NZTA (Drivers licence and/or Registration), NZ Companies Office, New Zealand Birth Certificate, New Zealand Citizenship, New Zealand Passport.
- any other person authorised by the Act or another law.
A business that supports provision of our services may be located outside New Zealand. This may mean that personal information is held and processed outside New Zealand.
How we protect personal information
We will take steps that are reasonable in the circumstances to keep personal information safe from loss and from unauthorised access, use, modification or disclosure.
We have the following polices in place to ensure information is kept securely:
- Records Keeping
- Information technology, data and security.
Accessing and correcting personal information
Subject to certain grounds for refusal set out in the Act, an individual whose information we hold has the right to access personal information that we hold and about that individual and to request a correction to that personal information. The Privacy Officer will be contacted.
Internet use
While we take reasonable steps to maintain secure internet connections, if a person provides us with personal information over the internet, the provision of that information is at the provider’s own risk.
If a person follows a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We recommend that the site’s privacy policy is reviewed before any personal information is provided.
Updates
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
Training
As a business we ensure all staff and the privacy officer are trained at least annually on the Privacy Act 2020 the principles and duties of a privacy officer.
Controls
- External reviews are conducted to ensure the privacy policy is met, aligned policies (Records keeping and IT)
- Training is conducted in the office.
- Passive reviews by internal staff.
Reporting of privacy breaches:
The Business, Privacy Officer, will undertake an analysis of a privacy complaint to identify if it is serious and systemic in nature.
Where a privacy breach of this nature occurs The Business will, (in accordance with their obligations under the Privacy Act) notify the privacy commissioner and the individuals impacted by the breach. The Business will provide relevant details to the privacy commissioner, including the proposed handling of the complaint: visit website >
If required, the Business will follow the Privacy Commission’s guidance on additional measures that maybe required to be enacted.
Tracking of privacy complaints will align with the Business complaints management policy.