This Privacy Policy sets out how Kan & Company (“we”, “us” and “our”) collects, uses, stores and discloses personal information about our clients, potential clients, persons associated with our clients, employees, suppliers and others. As a firm, we are bound by the Privacy Act 2020 (“the Act”) and the privacy principles set out in the Act.
For the purposes of this policy, “personal information” means information about an identifiable individual.
Why do we collect personal information?
We collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations (“Services”).
By using our Services or providing your personal information to us, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy.
How do we collect personal information?
Information you provide to us directly: Our usual practice is to collect personal information directly whenever an individual interacts with us for the purposes of providing our Services, such as when we are instructed to represent and advise a client, or when we are supplied with a product or service.
Personal information may be collected in a number of ways. For example:
- forms that are filled out, and documentation or communication that is provided to us
- through an on-going employment relationship
- face to face meetings and interviews
- telephone conversations.
Information we create in the performance of our Services: We may also create or obtain personal information, such as evaluative records about your interactions with us, and any interactions we have with third parties. Evaluative information may be confidential to us.
Information we get from third parties: Third parties may provide us with personal information about an individual, such as a background check, credit check, verification of your identity, a report provided by a medical practitioner or a reference from another person.
Information you make public: We may collect or obtain your personal information that you manifestly choose to make public, including via online channels.
Information we collect automatically: We also collect information from our website (“Website”). When the Website is visited, we collect general user information such as user internet protocol addresses, browser type, internet service provider details and other technical information. We use this information to analyse web traffic, which may involve the use of cookies. The information does not include any personal information. Personal information may be collected if it is provided via a Website contact message, and this will be used for the purpose for which it has been supplied. Further information is available on our Website.
What personal information do we collect?
We collect your personal information so that we can provide you with our Services and any related services you may request. In general, the type of personal information that we collect includes (but is not limited to): names, addresses, contact details, bank account and other financial information, identity verification such as your driver’s licence, passport and birth certificate and other information which assists us to conduct our business, provide and market our Services and meet our legal obligations under applicable privacy laws and the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
In many cases, if personal information is not provided as requested, we may not be able to carry out the instructions or provide our Services.
How do we use or disclose your personal information?
We may use and disclose personal information for the purpose for which it is collected, for directly related purposes, for other purposes authorised by you and in other circumstances authorised by the Act. We may use and disclose personal information:
- to provide client services
- to carry out our responsibilities as an employer;
- to verify your identity details;
- to process your personal information for our own internal business purposes;
- to carry out firm account transactions, such as client billing and payments, firm creditors, and employee transactions;
- to undertake credit management activities;
- for debt recovery purposes, which may also include disclosing information to debt collectors;
- for dealing with commercial or legal conflicts;
- to provide promotional information and newsletters in hard copy or electronic form, or information that we believe may be of interest;
- to communicate with clients, potential clients, suppliers, staff, contractors and others;
- to purchase products and services; and
- to comply with our legal obligations, and to meet our reporting obligations as required by law.
We may be required to disclose personal information to third parties in the course of representing and advising our clients if it is required or authorised:
- by an individual; or
- by law.
From time to time, we may share personal information with certain service providers who provide services to us or perform administrative or marketing activities on our behalf. Further information is provided in our Standard Terms.
Overseas disclosure of personal information
When we disclose personal information, it may be transferred to and used by third parties in countries other than New Zealand. Some third parties may be located in countries where they are not required to protect person information in the way that we are under the Act. However, rest assured, where we disclose personal information to a third party in another country, we endeavour to put safeguards in place to ensure your personal information is protected.
For individuals in the European Economic Area (EEA), this means that your personal information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses).
Storage and security of personal information
Personal information may be stored in hard copy and/or electronic form, including with third party data storage facilities and in cloud storage located both inside and outside New Zealand. Electronic data that is stored in the cloud by third parties is usually encrypted.
Hard copy personnel files are stored in locked cupboards and may not be removed from this location. Access to personnel files is limited to the managing director, or the supervisor of the individual. At all times, access to a file must be for a work-related purpose and comply with the provisions of the Act.
As a firm, we take all reasonable steps to protect the personal information we hold. We do this by use of appropriate physical security, including third party data storage facilities, and restricted access to both electronic and hard copy records. All Kan & Company personnel are required to access personal information for work-related purposes only, to respect the confidentiality of personal information and the underlying privacy of individuals.
If your personal information is subject to unauthorised or accidental access, disclosure, alteration, loss or destruction or actions which prevent us from accessing it on a temporary or permanent basis (each event being a “Privacy Breach”), and such Privacy Breach is likely to cause you serious harm, we will notify you and the Privacy Commissioner in accordance with our obligations under the Act.
We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our internal retention policies and practices (for example, to provide you with a service you’ve requested or to comply with applicable legal requirements such as anti-money laundering and financial reporting legislation). Following that period, we’ll make sure it’s deleted or anonymised. Otherwise, as a general rule, we only keep your personal information for as long as we require it for the purposes of providing you with our Services.
What about links to other websites?
Our Website may contain links to other websites that are not under our control. These websites may use cookies. It is the responsibility of those third parties to collect appropriate consents from you in order to permit their own cookies (to the extent this is required by law) and to inform you about the cookies they use. You should check the privacy policy on all third-party websites to ensure you are comfortable with third party cookies.
We have no responsibility for linked websites, and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.
Email, text and telephone communication
We are committed to complying with the Unsolicited Electronic Messages Act 2007.
By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.
You can unsubscribe from our email communications and/or text communications at any time by clicking the “Unsubscribe” link in any promotional or marketing email or text received or by emailing contact@kan-and-company.com.
Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.
How can you access or correct personal information?
It is your responsibility to ensure that the personal information you provide is accurate, complete and up to date.
You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you or ask us to restrict or cease using and disclosing your personal information by setting out your request in writing and sending it to us at contact@kan-and-company.com.
We will review your request as soon as reasonably practicable to comply with our legal obligations. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
We take your concerns seriously. If you have any concerns about privacy or the use or collection of your personal information by Kan & Company, please contact us at contact@kan-and-company.com or call us on 027 433 9745.
We will respond as quickly as possible and handle all complaints in a way that is fair and consistent. However, if you remain dissatisfied, you can make a formal complaint with Office of the Privacy Commissioner.
Updates to this Privacy Policy
This Privacy Policy will be reviewed from time to time to take account of new legislation and technology, changes to our operations and practises, and the changing business environment. Changes to this Privacy Policy will be notified by posting an updated version on our Website. It is your responsibility to check our Website periodically for changes to this Privacy Policy and to keep your contact information current.
Your continued use of our Services following notification of any changes to this Privacy Policy constitutes acceptance of those changes. If you do not agree with any aspect of the updated Privacy Policy, you must immediately cease all use of our Services.
This represents our Privacy Policy as at 11 March 2021.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
www. kan-and-company.com
Box 37-363
Christchurch, 8245
New Zealand
contact@kan-and~company.com
+64 (27) 433 9745
Last Edited on 11 March 2021