Purpose and Application
This policy applies to individuals and entities that share information with the firm including clients, suppliers, employees, and any other business contacts including users of our website www.heskethhenry.co.nz. The use of the term “you” in this policy refers to any or all of these individuals, entities or employees, contractors, owners and directors of entities as may be relevant.
The Privacy Act contains a set of privacy principles which broadly follows many international privacy and data protection laws including OECD Guidelines. The principles apply to any information about an identifiable living individual. There may be instances in which we process the personal data of individuals who are located within the European Union. Accordingly, there may be instances where the European Union’s General Data Protection Regulation applies.
This policy relates to Hesketh Henry’s collection and handling of personal information that is covered by the Privacy Act. It is not intended to cover categories of information or situations that are not covered by the Privacy Act.
Collection of Personal Information
Personal information is information about an identifiable individual.
Hesketh Henry collects and holds personal information from clients, potential clients, suppliers, employees and prospective employees, contractors and other individuals. We collect and hold this information when it is necessary for business purposes and/or to meet our legal obligations including (but not limited to) in relation to our Anti Money Laundering and Countering Financing of Terrorism obligations.
The main types of personal information Hesketh Henry collects and holds relate to the contact details and organisational roles of our clients, suppliers and other business contacts. Typically, this information includes names, addresses, telephone numbers, e-mail addresses and job titles. In the course of providing professional services to our clients, we may collect and hold more detailed personal information (for instance financial details if we are asked to handle client funds). In the case of employees or prospective employees, we may collect information such as qualifications, employment history, education, testimonials or references.
We collect most information directly from individuals when we deal with them. The personal information we collect may be provided in forms filled out by individuals, face to face meetings, email messages, telephone conversations, registration and attendance at seminars, business cards, and from publically available information.
We also collect information from third parties (for example, when seeking an employment reference from a previous employer) or when we use third parties to analyse website traffic.
Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (for example, when seeking staff or client feedback generally).
Use of Personal Information
- The main purposes for which we collect, hold, use and disclose personal information are:
to provide our services;
- to engage with courts, tribunals and regulatory authorities;
- to respond to an individual’s request;
- to communicate with you/maintain contact with clients;
- to keep clients and other contacts informed of the services we offer and industry developments that may be of interest to them, and to notify them of service offerings, seminars and other events we are holding;
- for general management and reporting purposes, such as invoicing and account management;
- to engage third parties on your behalf;
- for recruitment purposes;
- for purposes related to the employment of our personnel and providing internal services to our staff;
- to comply with our legal obligations (including meeting our Anti Money Laundering and Countering Financing of Terrorism obligations); and
- other purposes related to our business.
If you choose not to provide us with personal information, we may be unable to do such things.
We may collect, hold and use personal information about individuals to market our services, including by email. We may also share your information with third party email marketing providers to assist us in delivering email marketing material to you.
Individuals always have the opportunity to elect not to receive further marketing information from us by writing to the Privacy Officer at email@example.com. Alternatively, if we have contacted you by email, you may use the ‘unsubscribe’ function in that email to notify us that you do not want to receive further marketing information from us by email.
If we collect, hold, use or disclose personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.
Please note that our Terms of Engagement also apply when we provide our services to you. These may be found at the foot of each page of our website.
Disclosure of Personal Information
Hesketh Henry does not routinely disclose personal information to third parties unless:
- use or disclosure is permitted by this policy;
- we believe it is necessary to provide you with a product or service which you have requested (or, in the case of a partner, employee or contractor of Hesketh Henry, it is necessary for maintaining or related to your role at Hesketh Henry) for example with arbitrators, legal counsel, the Court, document management services and associated platforms, experts, insurers, process servers and regulators;
- to protect the rights, property or personal safety of any member of the public or a customer of Hesketh Henry or the interests of Hesketh Henry;
- some or all of the assets or operations of Hesketh Henry are or may be transferred to another party as part of the sale of some or all of Hesketh Henry’s business;
- you give your consent; or
- such disclosure is otherwise required or permitted by law, regulation, rule or professional standard.
We may also share non-personal, de-identified and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to or trade personal information with third parties.
Hesketh Henry uses a range of service providers to help maximise the quality and efficiency of services and our business operations (including internal business requirements, such as recruitment and human capital requirements). This means that individuals and organisations outside of Hesketh Henry will sometimes have access to personal information held by Hesketh Henry and may collect or use it from or on behalf of Hesketh Henry. This may include, but is not limited to, independent contractors and consultants, travel service providers, mail houses, off-site security storage providers, information technology providers, event managers, credit managers and debt collecting agencies. We require our service providers to adhere to our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorised purposes.
Storage of Information in Cloud Systems
Hesketh Henry may store personal information within services provided by offshore cloud service providers. Currently, Hesketh Henry only utilises the services of cloud service providers who are able to provide a guarantee that information remains within a specific geographic location within the cloud service provider’s infrastructure. Hesketh Henry utilises cloud services from a cloud service provider who has met the data sovereignty and data privacy framework stipulated by the New Zealand Government.
Privacy on our Websites and Applications
This policy also applies to any personal information we collect via our websites, including heskethhenry.co.nz, and applications. In addition to personal information you provide to us directly (such as where you make a request or complete a registration form), Hesketh Henry may also collect personal information from you via its applications and websites.
In order to properly manage our websites and applications, we may log certain statistics about the users of the facilities, for example the users’ domains and browser types. None of this information specifically identifies an individual and it is used solely to ensure that our websites and applications present the best possible navigational experience for users.
We may share your personal information with a variety of third party service providers to assist us with client insight analytics including through Google Analytics.
If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.
Retention of Information
In relation to visitors to our website, we will retain relevant personal information for at least 12 months from the date of our last interaction with you and in compliance with any other obligations under New Zealand privacy legislation and, where applicable, under the European Union General Data Protection Regulation. We may also keep your personal information longer if we are required to do so under our Professional Rules of Conduct or professional indemnity obligations.
In relation to personal information we have processed as part of providing our services to you as a client, we will retain that personal information for at least six years from the date of our last interaction with you as a client and otherwise in compliance with New Zealand privacy legislation or, if applicable, the European Union General Data Protection Regulations. We may also keep your personal information longer if we are required to do so under our Professional Rules of Conduct or professional indemnity obligations. Please refer also to our Terms of Engagement which are located at the foot of each page of our website.
Confidentiality and Security
We take keeping the personal information you have provided to us secure very seriously and will therefore take reasonable precautions to protect that information from loss, misuse or alteration. We have implemented security policies, rules and technical measures to protect the personal information that we have under our control from any such loss, misuse or alteration.
Access to Personal Information
We will provide access to personal information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information (for instance, where granting access would infringe another person’s privacy).
When you make a request to access personal information, we will require you to provide some form of identification (such as a driver’s licence or passport) so we can verify that you are the person to whom the information relates.
If at any time you want to know what personal information we hold about you, you may contact us via email; Privacy Officer at firstname.lastname@example.org.
Corrections and Concerns
We endeavour to ensure that the personal information we hold is accurate, complete and up to date. If your personal information is not correct, you have the right to correct it. If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve those concerns.
If you wish to have your personal information deleted or transferred to third party, please let us know and we will take reasonable steps to delete or transfer it (unless we need to keep it for legal, auditing or internal risk management reasons).
You may withdraw any consent that you may have granted to us previously in relation to any processing of your personal information in circumstances where your consent was necessary.
Effect of Policy