Why we have this policy

 

At Aynsley and Associates Limited, we place a high priority on protecting the privacy and security of personal information provided to us by our clients. We recognise our obligations under the New Zealand Privacy Act 2020, the Code of Professional Conduct for Financial Advice Services, and the standard conditions of our Financial Advice Provider (FAP) licence. This policy sets out our approach to collecting, using, storing, and disclosing personal information in accordance with those obligations.

We are committed to upholding the 12 Information Privacy Principles of the Privacy Act 2020, ensuring that client data is handled lawfully, respectfully, and transparently.

 

What this policy covers

​

This policy sets out how we collect, use, and hold our clients' personal information.

 

What is considered 'personal information?

​

Personal information refers to any information about an identifiable individual, collected in any form, for the purpose of providing financial advice, insurance services, or fulfilling our legal obligations.

 

How we collect personal information

​

We collect personal information directly from clients when they:

​

• Submit information through our website enquiry form

• Engage with us via phone, email, or in-person

  • Phone calls may be recorded for training and compliance purposes​

• Complete insurance application forms

• Provide supporting documentation (e.g. financial statements, medical notes)

• Consent to access information from other insurance providers or advisers

• Participate in recorded virtual meetings (e.g. Microsoft Teams, Zoom)

 

We may also collect personal information indirectly from trusted third parties, including:

​

• Other financial advisers, brokers, or accountants

• Insurers

• Medical and health service providers (e.g. doctors and specialists)

 

How we use personal information

 

Aynsley and Associates Limited use client personal information to:

​

• Advising on, administering, and supporting insurance products and services

• Assisting with claims or complaints processes

• Managing internal complaints or reviews

• Promoting services relevant to your needs (with consent)

• Fulfilling our legal, regulatory, and record-keeping obligations

• Conducting research, data analysis, or business improvement functions

• Perform statistical and research analysis

​

How we store personal information

​

Client information is stored securely in physical and cloud-based systems, including but not limited to Microsoft 365, Salesforce, and Aircall. Some data may be stored in overseas data centres.

We take reasonable steps to protect personal information from loss, unauthorised access, disclosure, or misuse. These steps include:

• Controlled system access

• Data encryption and firewalls

• Regular security audits

• Staff training on data privacy

When we share data with third-party providers, we require them to implement reasonable safeguards. Where personal information is held offshore, we take reasonable steps to ensure those providers offer comparable protections to those required under New Zealand law, in accordance with the Privacy Act 2020.

​

Disclosing personal information

​

We only disclose personal information where necessary for the purposes for which it was collected, where the client has given permission, or where required by law. Disclosures may be made to:

• Any parties listed under "How We Collect Personal Information"

• Insurers, brokers, and administrators

• Government agencies, regulators, or dispute resolution schemes

• Any other party, as permitted or required by law

 

Data Retention

​

We retain client information only as long as necessary to fulfil the purposes for which it was collected, and to comply with legal and regulatory obligations. In most cases, this means retaining client records for at least seven years after the termination of our services.

​

Accessing Your Information

​

Under the Privacy Act 2020, clients have the right to access their personal information and request corrections. To ensure we meet our legal obligations, the following process applies:

​

• Requests may be made directly to Aynsley & Associates or via the Office of the Privacy Commissioner

• Acknowledgement of the request will be made within 3 working days

• Verification of identity and confirmation of scope will be carried out

• Requested data will be screened to ensure only the client’s information is released

• The final information will be provided in the agreed format within 20 working days

We take reasonable steps to ensure information is accurate, complete, and up to date.

 

How to Raise a Privacy Concern

If you have any concerns about how your personal information is handled, please contact us at hello@aynsley.co.nz. If your concern is not resolved to your satisfaction, you may contact the Office of the Privacy Commissioner:

• Website: www.privacy.org.nz

• Phone: 0800 803 909

​​

​

Breach of Privacy

If we believe that there has been a privacy breach, we will identify the issue and take steps to minimise harm to you.

​

If we believe the breach has caused, or is likely to cause serious harm, we will contact the Office of the Privacy Commissioner. We will also contact clients who may be affected by the breach.