Why we have this policy

 

At Aynsley and Associates Limited, we highly regard the importance and requirement of ensuring that the sensitive information we obtain about our clients is kept private and secure. As such, we ensure we are taking all the steps as required under our duties, code of conduct as well as adhering strictly to the New Zealand Privacy Act 2020.

 

What this policy covers

​

This policy sets out how we collect, use, and hold our clients' personal information.

 

What is considered 'personal information?

​

Personal information is any information (in any form) about the client that we collect in order to provide them with suitable financial advice and insurance products.

 

How we collect personal information

​

Information is collected when:

 

Clients provide information via:

• Our website enquiry form

• Direct engagement over phone or email. Phone calls may be recorded for training and compliance purposes

• Completing insurance application forms

• Collection of insurance application requirements (such as financial statements or medical notes)

• Providing access to information as held by other insurance companies or advisers (with consent)

• Audio and visual recordings from virtual meetings (e.g. Microsoft Teams or Zoom)

 

Client information is collected via third parties such as:

• Other financial advisers, insurance brokers, accountants or insurers

• Health treatment providers (medical practitioners, specialists, hospital clinics, counsellors, psychologists, therapists, dentists, alternative health practitioners)

 

How we use personal information

 

Aynsley and Associates Limited use client personal information to:

• Calculate and administer insurance policies or products

• Assist with any claims or complaints made with the insurer

• Manage internal complaints

• Promote insurance products that are relevant to the client

• Comply with our legal and record-keeping obligations

• Perform statistical and research analysis

​

How we store personal information

​

Personal information is held at a secure location and through cloud-based services that store information on our behalf (such as Microsoft 365 and Salesforce). Data may be held in overseas data centres. We have reasonable security safeguards to keep personal information safe from loss, as well as from unauthorised access, use, modification or disclosure. We have security measures in place to best protect personal information and we are committed to regular reviews and updates of our technology and processes to keep up to date with the latest security threats, viruses, and technologies.

​

When we share your data with a third party, we require them to have reasonable technical and organisational measures to protect data. Overseas providers may be subject to different privacy and data access laws and controls compared with New Zealand and the Privacy Act 2020. We will use our reasonable endeavours to work with those companies to protect your personal information.

​

Disclosing personal information

​

We will only disclose personal information to a third party if it is necessary for the purpose/s for which the information was collected, the client has asked us to disclose it or if required by law. Third parties may include but are not limited to:

• any third party listed above under 'How we collect personal information'

• any other person or organization where required by law.

 

 

Clients request for personal information

​

We will take all reasonable steps to ensure that the personal information held by us is accurate. Under the Privacy Act 2020, a client can request their personal information held by Aynsley and Associates Limited. A client is only entitled to access their own information unless they have written consent from a third party. When providing information, care must be taken in order to refrain from disclosing other private and sensitive information that may also be held on a client's file. A Privacy Act request can come directly from the client or a request can be made through the Privacy Commissioner. Our legal obligation is to acknowledge the request within 20 working days. Our current process is detailed as below:

 

• Privacy Request received from Client or Privacy Commissioner

• Contact made with the client within 3 working days to acknowledge the request, confirm the legitimacy and scope of the information requested, format information is to be presented to the client, and the estimated timeframe the information will be able to become available.

• Information is then reviewed and screened to ensure only the information about the client is being disclosed

• Information is then sent to the client via the requested or agreed-upon format

 

Client communication on their information with Aynsley and Associates

​

As part of our disclosure requirements to meet the requirements for our duties as set out by the FMA and code of conduct, a privacy statement is included in our formal disclosure document which is made available to clients as they engage Aynsley and Associates Limited.