Privacy Policy

 1.  Introduction

The purpose of this Privacy Policy is to outline our processes for collecting, using, handling and disclosing personal information that we collect in the course of our business activities, in accordance with the New Zealand Privacy Act 2020 (“Act”).

2.  Consent to Privacy Policy

Please note that when you contact us through our website, social media or Messenger app, you are agreeing to this Privacy Policy. If you do not agree with this Privacy Policy, please contact us through any of our digital platforms or by calling our office.

3.  Collection of Personal Information

Personal Information is defined in the Privacy Act as information about an identifiable individual (a natural person as opposed to a company or other legal entity).

We collect personal information in the course of our business, to enable us to provide our services, and to meet our legal obligations.

We collect and hold personal information about a number of individuals (including but not limited to):

• Clients, prospective clients, their representatives, and other relevant persons such as beneficial owners and controlling persons;

• Employees and prospective employees; and

• Suppliers and their employees.

The type of personal information we collect may include (but not be limited to):

• Names and dates of birth;

• Contact information such as phone numbers and home and email addresses;

• Photo identification;

• Citizenship and residency details;

• Employment details;

• Financial information;

• Information to enable us to comply with our legal obligations, in particular those under the

Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (“AML/CFT Act”); and

• Any other information that may be required to carry out your engagement with us.

We collect your personal information when you, or persons authorised by you provide information to us.

We may also collect your personal information from publicly available sources and in some circumstances, from third parties. We are not responsible for the privacy or security practices of any third parties and such third parties are not covered by this Privacy Policy.

Online device information and cookies

If you are visiting us through our website, social media or Messenger app, then we collect information about your use and experience on these by using cookies. Cookies are small pieces of  information stored on your hard drive or on your mobile browser. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.

The cookies we send to your computer, mobile phone or other device cannot read your hard drive, obtain any information from your browser or command your device to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any non Legacy Accountant Limited website or Messenger app.

When you interact with us through our website, Facebook social media or Messenger app, the information collected through the cookies may include:

• The date and time of visits;

• Website page (or pages) viewed;

• The website or Messenger app from which you accessed the internet and our website or other digital platform;

• How you navigate through the website and interact with pages (including any fields completed in forms and applications completed (where applicable));

• Information about your location;

• Information about the device used to visit our digital platform; and

• IP address (or addresses), and the type of web browser used.

We will not ask you to supply personal information publicly over any social media platform that we use. Sometimes we may invite you to send your details to us through a private message, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, but we would require your express consent prior to us including you in such activities.

Third party websites

Through our website or our other social media pages, you may be able to link to other websites which are not under our control. We are not responsible for the privacy or security practices of those third-party websites and the sites are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies and we encourage you to read them.

In addition, we have no knowledge of (or control over) the nature, content, and availability of those websites. We do not sponsor, recommend, or endorse anything contained on these linked websites.

We do not accept any liability of any description for any loss suffered by you by relying on anything contained or not contained on these linked websites.

4.  What happens if you do not provide us your information?

If you do not provide information we have requested, you may be unable to obtain or access our services for which the information is required. Please ask us if you are unsure what information is important and how this might affect you.

5.  Use of Personal Information

The personal information that we collect may be used by us:

• To verify your identity and perform customer due diligence;

• To provide services to you as a client or a representative of a client;

• To invoice you for services provided, make payments to you or on your behalf and to collect money that you owe us;

• To comply with our legal and professional obligations;

• For recruitment and employment purposes;

• To check for and manage conflicts of interest;

• For communication regarding our services; and

• For any other purpose authorised by you or the Act.

6.  Disclosure of Personal Information

We may disclose your personal information to third parties to undertake any of the purposes set out

above. Recipients of your personal information may include (but not be limited to):

• Government or regulatory authorities;

• Professional indemnity or other relevant insurers;

• Our bank;

• Third parties who provide services to us such as, IT software providers and document destruction providers;

• Third parties who assist in providing services to you such as barristers, mediators, accountants;

• Organisations who carry out checks on our behalf to ensure that we are complying with the AML/CFT Act. This includes organisations who maintain databases that allow your identity to be verified by checking your information against relevant data sources, which can include government agencies such as the Department of Internal Affairs and the Australian document verification service. This also includes organisations who maintain international databases, which allow us to check if you are a politically exposed person (as defined in the AML/CFT Act) or subject to sanctions;

• Trust account and AML/CFT Act auditors; and

• Any other person authorised by you.

Some of the parties that we may disclose your personal information to may be located overseas. We will take steps to ensure that such parties will protect your information to the same standard as required in New Zealand. If this is not possible, we will obtain your consent prior to disclosure.

7.  Storage of Personal Information

We will hold your personal information in hard copy or electronic form at our offices or external facilities, including database storage operated by third party providers that might be overseas. We will take reasonable steps to keep your personal information safe from loss, unauthorised disclosure or other misuse.

However, we cannot promise that your personal information will not be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices, it is important that you keep these confidential and do not allow them to be used by any other person. You should notify us immediately if the security of your password or security device is breached, this will help prevent the unauthorised disclosure of your personal information.

We use a range of physical and electronic security measures to protect the security of the personal information we hold, including:

• Access to information systems is controlled through identity and access management;

• Our buildings are secured with a combination of locks, monitored alarms and cameras to prevent unauthorised access;

• Employees are bound by internal information security policies and are required to keep information secure;

• Employees are required to complete training about information security and privacy;

• When we send information overseas or use service providers to process or store information, we put arrangements in place to protect your information;

• We regularly monitor and review our compliance (and our service providers’ compliance) with internal policies and industry best practice.

We take reasonable steps to destroy or permanently de-identify any personal information as soon as practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate business purpose with it. We only keep information for as long as we need it, or as long as the law requires us to.

8.  Access to Personal Information

If you would like to access the information held about you, please contact us at the details below. Under the Act you are entitled to make a request for the information we hold about you to be updated or corrected, subject to the exceptions under the Act. A fee may be charged to access your personal information which we will advise you of at the time. We will also need to verify your identity before providing you with the relevant personal information.

9.  Updates

This policy will be reviewed and updated from time to time. The most recent version of this policy will be published on our website.  

10.  Enquiries

If you have any questions about this Privacy Policy, or in relation to your privacy, please contact our office at inbox@sabs2022.co.nz.

We aim to acknowledge your queries as quickly as possible. If you have a complaint, we strive to resolve them within five working days, but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

If you are not satisfied with our response to any privacy related concern you may lodge a complaint on the Privacy Office website (www.privacy.org.nz) or send a complaint form to the Privacy Commissioner at:

Office of the Privacy Commissioner

P O Box 10-094

Wellington 6143, New Zealand

Website: www.privacy.org.nz

Email: enquiries@privacy.org.nz

Telephone: 0800 803 909

Fax: 04- 474 7595