What does this Privacy Statement cover?
This Statement explains how we collect, handle, store and protect personal information when:
- We provide professional services to our clients (in conjunction with the engagement letter and master terms of business (together, the Terms) provided to you when you engaged us to provide services to you;
- You use “this website”; or
- Perform any other activities that form part of the operation of our business.
Who are we?
Deloitte New Zealand (Deloitte NZ) is the New Zealand partnership that is a network member firm of Deloitte Touche Tohmatsu Limited (DTTL) a UK private company, limited by guarantee, and each of the entities under the New Zealand partnership’s control. Together, Deloitte NZ, DTTL and its other member firms make up the “Deloitte Network”.
Our commitment to protect your privacy
We understand how important it is to protect personal information. Our commitment in respect of personal information is to abide by the New Zealand Information Privacy Principles for the protection of personal information, as set out in the Privacy Act 1993 (the Privacy Act), as well as the European Union General Data Protection Regulation 2016/679 (the GDPR) (if and to the extent that the GDPR is applicable to our engagement with you).
Why do we collect and use your personal information
We may collect personal information about you (if you are an individual), and your representatives, to enable us to provide services to you.
We will only collect personal information about you that is necessary, relevant, and not excessive for the business purposes for which it is to be used. We do not knowingly collect or maintain personal information about children under the age of 13.
The information that we collect may be used in accordance with the Privacy Act, the GDPR (where applicable) and other applicable law or for the following purposes connected with our business or the business of the Deloitte Network generally:
- providing services to you, including responding to your requests or inquiries;
- our business functions generally, including Deloitte Network quality and compliance reviews, sending you Deloitte publications and invitations to our seminars and functions and other direct marketing (whether through mail, email or telephone (including SMS/MMS)) (you can opt out of direct marketing by telling us that you wish to do so in writing);
- for data analytical purposes;
- seeking feedback on services provided to you;
- for credit assessment purposes;
- billing you and collecting any debt owed to us by you (which may involve disclosing your personal information to debt collectors); and
- for specific purposes that we tell you about or that you authorise, including in the Terms.
How do we collect personal information?
Where possible we will collect your personal information directly from you or your representatives. We may also collect your personal information from entities within the Deloitte Network, and credit reporting agencies or other third parties for credit assessment purposes.
You are not required by law to provide any personal information to us but any failure to do so might affect our ability to provide the Services or any other services to you.
If you provide us with any personal information of a third party, you confirm that you have collected that personal information in accordance with the Privacy Act (or the GDPR, where applicable), you are entitled to provide such personal information to us and the individual concerned has:
(b) has been informed of their right to access and request correction of their personal information.
We will ensure that there are reasonable safeguards against loss, misuse or unauthorised disclosure or destruction of your personal information.
Do we disclose your personal information?
We may disclose your personal information to the following third parties if we consider it necessary to do so for the purposes listed above:
- entities within the Deloitte Network;
- third party service providers;
- your professional advisers, such as lawyers;
- credit reporting agencies;
- debt collection agencies;
- regulators and government agencies and anyone else who we are legally required or authorised to share your information with, such as under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009; or
- any other third parties we tell you about or that you authorise disclosure to, including in the Terms.
We may also use or disclose your information where that disclosure is permitted under the Privacy Act or any other applicable law, such as where the disclosure is:
- of information that is from a publicly available publication and it would not be unfair or unreasonable to use or disclose the information; or
- of information which is not in a form which identifies you.
We may also disclose your information to third parties for the purposes of processing your personal information on our behalf. Where we do so, we will ensure that the relevant third party processes your personal information in accordance with our instructions and in a manner consistent with the Privacy Act (or the GDPR, where applicable).
Do we disclose your personal information to anyone outside New Zealand?
We may disclose personal information to other entities within the Deloitte Network or to third party service providers located overseas for the purposes listed above.
Where we transfer personal information outside New Zealand we have arrangements in place to ensure that such personal information will be transferred and used in a manner that is consistent with the requirements of the Privacy Act and the GDPR (where applicable).
Where a third party is not part of the Deloitte Network, we will only disclose or transfer personal information to those third parties if they are located in a country which has a substantially similar privacy regime to New Zealand.
Updating your personal information
It is important to us that the personal information we hold about you is accurate, up to date, complete, relevant and not misleading.
If you wish to make any changes to your personal information, you may contact us. It is your responsibility to ensure the information we hold about you is accurate.
Under the Privacy Act, individuals have rights of access to, and to request correction of, their personal information. Individuals may also have rights under the GDPR to erasure of personal data or restriction of processing of personal data or to object to processing as well as the right to data portability and the right to lodge a complaint with a supervisory authority.
Deloitte NZ Privacy Officer,
Private Bag 115033