We know that how we collect, use, disclose and protect your information is important to you, and we value your trust. That is why protecting your information and being clear about what we do with it is a vital part of our relationship with you.
Personal Information is defined in the Privacy Act as information about an identifiable individual (a natural person as opposed to a company or other legal entity).
The types of personal information we collect will vary depending on the nature of your dealings with us. We only collect personal information that is necessary. Where reasonable and practicable, we will collect your personal information directly from you and inform you that we are collecting it.
We mainly collect personal information directly from you, for example:
If it is not obvious that we are collecting personal information from you, we will do our best to make it clear to you so that you are always aware when information is being collected.
Generally, the types of personal information we collect and hold include your:
We may also collect personal information about you from:
If we change this process in the future, we will update this policy accordingly.
We will not ask you to supply personal information publicly over any other social media platform that we may use, unless we agree between us to such methods. Sometimes we may invite you to send your details to us through an email or text, or you may choose social media platforms such as iMessage or WhatsApp, depending upon what works for you and is agreed between us beforehand
Any personal information you provide to us may be used to:
We also have an obligation to maintain personal information to disclose to regulatory and similar bodies – see ‘Disclosure of your personal information’ below. These bodies have a legal right to such information.
We may electronically record and store personal information which we collect from you. When we do so, we will take all reasonable steps to keep it secure and prevent unauthorised disclosure.
However, we cannot promise that your personal information will not be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices, it is important that you keep these confidential and do not allow them to be used by any other person. You should notify us immediately if the security of your password or security device is breached, this will help prevent the unauthorised disclosure of your personal information.
Some information we hold about you will be stored in paper files, but most of your information will be stored electronically on the cloud, by cloud service providers – see ‘Cloud based service providers’ below.
We use a range of physical and electronic security measures to protect the security of the personal information we hold, including:
We use third party service providers to store and process most of the information we collect. We use Microsoft Azure cloud services, with servers located in Australia (via Microsoft Office). We ensure that our cloud-based service providers are subject to appropriate security and information handling arrangements and that the information stored or processed by them remains subject to confidentiality obligations.
We take reasonable steps to destroy or permanently de-identify any personal information as soon as practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate business purpose with it.
In the case of information that relates to our advice services or products or services we have provided, we are required by law to hold this information for seven years. After this time, provided that the personal information is no longer relevant to any service we are providing you, we will take reasonable steps to safely destroy or de-identify any personal information.
We work hard to keep your personal information safe. However, despite applying strict security measures and following industry standards to protect your personal information, there is still a possibility that our security could be breached. If we experience a privacy breach, where there is a loss or unauthorised access or disclosure of your personal information that is likely to cause you serious harm, we will, as soon as we become aware of the breach:
We may disclose your personal information to others outside Common Sense Financial Planning Ltd where:
Your personal information may be used by us for the purpose of providing advice and services to you and may also be used by agencies such as, but not limited to:
If we do not need to share your information with a third party in order to provide advice and services to you, we will not pass on your information to them without your consent. Under no circumstances will we sell or receive payment for disclosing your personal information.
We may send your personal information outside New Zealand, including to overseas service providers or other third parties who process or store our information, or provide certain services to us.
Where we do this, it does not change any of our commitments to you to safeguard your privacy.
We make sure that appropriate security and information handling arrangements are in place and the information remains subject to confidentiality obligations.
All countries have different privacy laws and information protection standards. If we need to send your personal information to a country that has lower standards of information protection than in New Zealand, we will take appropriate measures to protect your personal information. Where it is not possible to ensure that appropriate security and information handling arrangements are in place, we will let you know and gain your consent prior to sending your personal information overseas.
In addition, we have no knowledge of (or control over) the nature, content, and availability of those websites. We do not sponsor, recommend, or endorse anything contained on these linked websites. We do not accept any liability of any description for any loss suffered by you by relying on anything contained or not contained on these linked websites.
You have the right to request access to, correct and, in some circumstances, delete your personal information. You can do so by contacting us at:
Common Sense Financial Planning Limited
40 Cadbury Road,
Or via email at email@example.com
When you contact us with such a request, we will take steps to update or delete your personal information, provide you with access to your personal information and/or otherwise address your query within a reasonable period after we receive your request. To protect the security of your personal information, you may be required to provide identification before we update or provide you with access to your personal information.
We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements.
There is no fee for requesting that your personal information is corrected or deleted or for us to make corrections or deletions. In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.
There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give you access or to correct or delete your personal information, we will let you know our reasons, except if the law prevents us from doing so.
If we refuse your request to correct or delete your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access, correct or delete your personal information, we will also provide you with information on how you can complain about the refusal.
If you do not provide information we have requested, you may be unable to obtain or access our services for which the information is required. Please ask us if you are unsure what information is important and how this might affect you.
If you are concerned about how your personal information is being handled or if you feel that we have compromised your privacy in some way, please contact us at:
Common Sense Financial Planning Limited
40 Cadbury Road
Email at firstname.lastname@example.org
Phone at 027 266 7673
We will acknowledge your complaint within three working days of its receipt. We will let you know if we need any further information from you to investigate your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five working days, but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are not satisfied with our response to any privacy related concern you may lodge a complaint on the Privacy Office website (www.privacy.org.nz) or send a complaint form to the Privacy Commissioner at:
Office of the Privacy Commissioner
P O Box 10-094
Wellington 6143, New Zealand
Fax: 04- 474 7595
Telephone: 0800 803 909