(Current as at 8 July 2021)
Harmans (we, us, our) may collect and store personal information about you to allow us to provide you with our services. Our collection of your personal information is subject to the New Zealand Privacy Act 2020 (Act).
In this policy ‘personal information’ means information relating to an individual which can be used to identify that individual.
We may not be able to properly advise you or offer you our services if you do not provide us with necessary personal information when requested to do so. By engaging us and providing us with your personal information it will be deemed you have given your express consent for us to use and store that information for the purpose it has been collected.
If you give us personal information about any other person, please ensure you have their consent to do so first.
3. INFORMATION WE COLLECT
The type of personal information we collect and store, includes but is not limited to:
4. HOW WE COLLECT INFORMATION
We collect personal information by way of:
5. WHAT WE MAY USE YOUR INFORMATION FOR
We may use your personal information for, but not limited to, the following reasons:
6. DISCLOSURE OF YOUR INFORMTION
We may disclose your personal information to any person or entity authorised by law to request such information from us (such as government authority or law enforcement agency).
We may disclose your personal information to any person or entity that you authorise.
While maintaining client confidentiality and legal privilege to the extent allowed by law, we may at times, without reference to you, be required to make certain disclosures to the New Zealand Police Financial Intelligence Unit under the Anti -Money Laundering and Countering Financing of Terrorism Act 2009 or other legislation.
7. SECURITY OF YOUR INFORMATION
We take all reasonable steps to keep your personal information safe from loss, unauthorised activity or other misuse. These steps include:
In some cases the personal information that we collect from you may be processed outside of New Zealand. When this is the case, third parties that process your information are also obliged to comply with the Act when dealing with your personal information. We make all reasonable endeavours to ensure that all entities that we work with outside of New Zealand offer satisfactory protection for your personal information.
We have taken steps to ensure that our website is secure. We use the secure HTTPS data transfer protocol for the transmission of data and our site holds an SSL certificate from a trusted organisation. Despite this, the internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
Your personal information will be kept in electronic or hard copy, or both.
Electronic copies of your personal information we collect and hold about you will be stored in our computer system on our hosted servers located at Datacom, Christchurch, a secure cloud storage facility and are backed up daily to a secure cloud based facility located in Culverden.
Hard copies of your personal information we collect and hold about you will be stored at our premises at the Iron Mountain storage facility in Christchurch.
8. NOTIFICATION IN THE EVENT OF A SECURITY BREACH
We will advise you at the first reasonable opportunity upon discovering or being advised of any security breach in which your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised person or in any unauthorised manner.
Should such a breach occur we are committed to taking all reasonable steps to remediate the issue that gave rise to the security breach to prevent further loss and subsequent security breaches.
If the event is deemed to be notifiable we will be required to report the breach to the Privacy Commissioner.
9. YOUR RIGHTS TO ACCESS, CORRECT AND DELETE YOUR PERSONAL INFORMATION
Under the Act you have the right to access, correct and on some occasions delete your personal information that is readily retrievable. We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements. This right is subject to certain grounds for our refusal as outlined in the Act.
Before we provide you with your personal information we will require you to provide evidence that you are in fact the individual to whom the personal information relates.
If you would like to exercise the above rights, please email our Privacy Officer email@example.com
We reserve the right to charge you our reasonable costs for providing copies of your personal information or correcting that information.
Please note if we no longer hold your personal information we will be unable to satisfy your request.
10. HOW LONG WE HOLD YOUR PERSONAL INFORMATION FOR
We will store your personal information on hard or electronic file for 10 years following the completion of the matter. After that time we may destroy files and documents except documents we have agreed with you to keep in safe custody.
You may request that we delete your personal information as mentioned in clause 9.1.
11. CHANGES TO THIS POLICY
We reserve the right to change this policy at any time by uploading a revised copy of the policy onto our website.
This policy was last updated in 08/07/2021.
12. HOW YOU CAN CONTACT US ABOUT PRIVACY MATTERS
If you wish to contact us about matters concerning the privacy of your personal information please get in touch with our Privacy Officer, Julie Knowles at firstname.lastname@example.org