Client privacy

Deloitte NZ Privacy Policy

What does this Privacy Statement cover?

This Statement explains how we collect, handle, store and protect personal information when:

  • We provide professional services to our clients (in conjunction with the engagement letter and master terms of business (together, the Terms) provided to you when you engaged us to provide services to you;
  • You use “this website”; or
  • Perform any other activities that form part of the operation of our business.

In the event of any inconsistency, the Terms take precedence over this Privacy Policy.

Personal information

Personal information is information about an identifiable individual or information which is capable of identifying an individual and includes a person’s name, address, email address, telephone numbers. We collect information about you whenever you interact with us such as when you visit our website or when you instruct us to represent and advise you or your organisation. By providing us with information, engaging us to provide you with services, or by using our website, you consent to the collection, use, storage and disclosure of personal information in accordance with this Privacy Policy, or as otherwise provided for in the Terms.

We can change our Privacy Policy from time to time to reflect changes in the law and also our business needs so long as the changes do not disadvantage you.

Who are we?

Deloitte New Zealand (Deloitte NZ) is the New Zealand partnership that is a network member firm of Deloitte Touche Tohmatsu Limited (DTTL) a UK private company, limited by guarantee, and each of the entities under the New Zealand partnership’s control. Together, Deloitte NZ, DTTL and its other member firms make up the “Deloitte Network”.

In this Privacy Policy, references to ‘we’, ‘us’ and ‘our’ refer to the Deloitte NZ entity or entities that have entered into an engagement letter with you to provide services (the Services).

Our commitment to protect your privacy

We understand how important it is to protect personal information. Our commitment in respect of personal information is to abide by the New Zealand Information Privacy Principles for the protection of personal information, as set out in the Privacy Act 1993 (the Privacy Act), as well as the European Union General Data Protection Regulation 2016/679 (the GDPR) (if and to the extent that the GDPR is applicable to our engagement with you).

This Privacy Policy explains how we collect, hold, use, disclose, process and protect personal information, in accordance with our obligations under the Privacy Act and, if applicable, the GDPR.

Why do we collect and use your personal information

We may collect personal information about you (if you are an individual), and your representatives, to enable us to provide services to you.  

We will only collect personal information about you that is necessary, relevant, and not excessive for the business purposes for which it is to be used.  We do not knowingly collect or maintain personal information about children under the age of 13.

The information that we collect may be used in accordance with the Privacy Act, the GDPR (where applicable) and other applicable law or for the following purposes connected with our business or the business of the Deloitte Network generally:

  • providing services to you, including responding to your requests or inquiries;
  • our business functions generally, including Deloitte Network quality and compliance reviews, sending you Deloitte publications and invitations to our seminars and functions and other direct marketing (whether through mail, email or telephone (including SMS/MMS)) (you can opt out of direct marketing by telling us that you wish to do so in writing);
  • for data analytical purposes;
  • seeking feedback on services provided to you;
  • for credit assessment purposes;
  • billing you and collecting any debt owed to us by you (which may involve disclosing your personal information to debt collectors); and
  • for specific purposes that we tell you about or that you authorise, including in the Terms.

How do we collect personal information?

Where possible we will collect your personal information directly from you or your representatives. We may also collect your personal information from entities within the Deloitte Network, and credit reporting agencies or other third parties for credit assessment purposes.

You are not required by law to provide any personal information to us but any failure to do so might affect our ability to provide the Services or any other services to you.

If you provide us with any personal information of a third party, you confirm that you have collected that personal information in accordance with the Privacy Act (or the GDPR, where applicable), you are entitled to provide such personal information to us and the individual concerned has:

(a)         authorised the disclosure to us and the use and disclosure of their personal information by us in accordance with this Privacy Policy; and

(b)         has been informed of their right to access and request correction of their personal information.

If you provide us with a copy of, or access to, personal information of a third party solely for the purpose of enabling us to provide services to you, we will only collect and/or access that information in our capacity as your agent, and will only use that information for the sole purpose of providing the services to you and not for our own purposes.  In some cases, this may involve us disclosing that information to other entities in the Deloitte Network or to our service providers and transferring that information outside New Zealand, in accordance with this Privacy Policy. We will only retain your personal information for the length of time necessary for the purpose for which it was collected.

We will ensure that there are reasonable safeguards against loss, misuse or unauthorised disclosure or destruction of your personal information.

Do we disclose your personal information?

We may disclose your personal information to the following third parties if we consider it necessary to do so for the purposes listed above:

  • entities within the Deloitte Network;
  • third party service providers;
  • your professional advisers, such as lawyers;
  • credit reporting agencies;
  • debt collection agencies;
  • regulators and government agencies and anyone else who we are legally required or authorised to share your information with, such as under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009; or
  • any other third parties we tell you about or that you authorise disclosure to, including in the Terms.

We may also use or disclose your information where that disclosure is permitted under the Privacy Act or any other applicable law, such as where the disclosure is:

  • of information that is from a publicly available publication and it would not be unfair or unreasonable to use or disclose the information; or
  • of information which is not in a form which identifies you.

We may also disclose your information to third parties for the purposes of processing your personal information on our behalf. Where we do so, we will ensure that the relevant third party processes your personal information in accordance with our instructions and in a manner consistent with the Privacy Act (or the GDPR, where applicable).

Do we disclose your personal information to anyone outside New Zealand?

We may disclose personal information to other entities within the Deloitte Network or to third party service providers located overseas for the purposes listed above.

Where we transfer personal information outside New Zealand we have arrangements in place to ensure that such personal information will be transferred and used in a manner that is consistent with the requirements of the Privacy Act and the GDPR (where applicable).

Where a third party is not part of the Deloitte Network, we will only disclose or transfer personal information to those third parties if they are located in a country which has a substantially similar privacy regime to New Zealand.

Updating your personal information

It is important to us that the personal information we hold about you is accurate, up to date, complete, relevant and not misleading.

If you wish to make any changes to your personal information, you may contact us. It is your responsibility to ensure the information we hold about you is accurate.

Contacting Deloitte

Under the Privacy Act, individuals have rights of access to, and to request correction of, their personal information.  Individuals may also have rights under the GDPR to erasure of personal data or restriction of processing of personal data or to object to processing as well as the right to data portability and the right to lodge a complaint with a supervisory authority.

If you have any questions about this Privacy Policy or requests relating to your personal information, please contact your client service partner or Selena Skilton, Deloitte NZ Privacy Officer by emailing or sending a letter to:

Deloitte NZ Privacy Officer,

Deloitte ,

Deloitte Centre,
80 Queen Street,

Private Bag 115033
Auckland 1140,

New Zealand

Attention: Selena Skilton


Changes to our Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in the law and also our business needs so long as the changes do not disadvantage you.

When we make changes to this Privacy Policy, we will amend the revision date at the bottom of this page, and such modified or amended Privacy Policy shall be effective as to you and your personal information as of that revision date.  We encourage you to periodically review this Privacy Policy.

This Privacy Policy was updated on the 24th May 2018.