Personal information is defined in the Privacy Act 2020 (“the Act”) as “information about an identifiable individual” (“Personal Information”).
Smith and Partners Lawyers (“us”, “we” and “our”) collects, holds, manages and discloses Personal Information as is reasonably necessary for the purposes of providing legal services, and in accordance with privacy laws in New Zealand (including the Act).
Our Privacy Statement on the management of Personal Information is set out below.
We collect and hold two categories of Personal Information:
- personal information that we collect from or about our clients in the course of providing legal services to our clients (Client Information);
- personal information we collect from or about visitors to our website, people who use services provided via conversations with software applications such as chatbots, and people who subscribe to our newsletter.
When you instruct us to provide legal services and related business activities, you authorise us to collect certain Client Information from you pursuant to the Act.
How we use Client Information
We will use your Client Information only for the purpose for which it was collected.
We will store your Client Information securely both electronically and physically in our office at 293 Lincoln Road, Henderson and/or at any secure storage facility that we use to store information, including third party internet and payment providers where relevant. We will take all reasonable steps to ensure that any Client Information held is protected from misuse, interference or loss and from unauthorised access, modification or disclosure. We will achieve this by having physical, electronic and procedural safeguards that protect all Personal Information held. Electronic databases are kept secure by ensuring Logins and Passwords are required to access them.
We will obtain your authority first before collecting Client Information about you from third parties, or providing Client Information to external agencies.
Your Client Information (including in relation to your affairs) will be held in confidence. Your Client Information will not be disclosed to anyone, except:
- with your authority, for the purposes of carrying out your instructions, and/or
- to the extent required by law (including the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (“AML”)), or
- by the Law Society’s Rules of Conduct and Client Care for Lawyers.
We may, on certain occasions, have to provide your Client Information to third parties who provide services on contract to us, such as IT, accounting and payment providers. In those circumstances we will ensure that such third parties comply with our privacy and confidentiality requirements.
The remainder of this statement sets out how we collect, use, disclose and protect Personal Information that is not Client Information.
We collect Personal Information about you directly from:
- you directly, when you provide that Personal Information to us, including via our website, through any registration or subscription process, through any contact with us (e.g. phone call or email), or when you use services provided via conversations with software applications on our website such as chatbots
- if you provide us with your LinkedIn (or other social media) details, from your LinkedIn (or other social media) account profile page, in accordance with any privacy settings you have set for that account
- third parties where you have authorised this or the information is publicly available.
How we use your Personal Information
We use your Personal Information:
- to verify your identity;
- to provide to you, and improve, our website, chatbots and newsletters;
- to market our services and products to you, including electronically (e.g. by text or email);
- to bill you and process payments from you, including authorising and processing credit card transactions;
- to protect and/or enforce our legal rights and interests, including defending any claim and verifying your compliance with any terms under which we have provided our website or chatbots to you;
- for any other purpose authorised by you or the Act.
How we disclose your Personal Information
Generally, we do not disclose Personal Information to third parties for them to use for their own purposes. However, we may disclose personal information to:
- any business that supports our website, chatbots and newsletters (including any person that hosts or maintains any underlying IT system or data centre that we use to provide our website, templates and newsletters) but only where necessary for that business to provide those services to us;
- a person who can require us to supply your Personal Information (e.g. a regulatory authority);
- any other person authorised by the Act or another law (e.g. a law enforcement agency);
- any other person authorised by you.
A business that supports our website, chatbots and newsletters may be located outside New Zealand. This may mean your Personal Information is held and processed on servers outside of New Zealand.
Protecting your Personal Information
We will take reasonable steps to keep your Personal Information safe from loss, unauthorised activity, or other misuse.
Accessing, correcting or deleting your Personal Information
Subject to certain grounds for refusal set out in the Act, where we hold readily retrievable Personal Information about you, you have the right:
- to obtain confirmation of whether or not we hold that information
- to access that information
- to request a correction to that information.
If you would like to exercise any of the above rights, email us at firstname.lastname@example.org. Before you exercise these rights, we will need evidence to confirm that you are the person to whom the Personal Information relates. Your email should provide that evidence and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
In relation to a request for correction, if we think the correction is reasonable and we are reasonably able to change the Personal Information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the Personal Information that you requested the correction.
We may charge you our reasonable costs of providing to you copies of your Personal Information or correcting that information.
In addition to your rights under the Act, upon request in writing to email@example.com, we will return to you and delete any record we have of your Personal Information once we have verified evidence of your identity as the person to whom the information relates. Your email should provide that evidence and set out the details of your request (e.g. the Personal Information and the deletion that you are requesting). We reserve the right to retain your request to return and delete the Personal Information.
If you do not wish to receive subscription-based messages delivered via our or partner chatbots, you can unsubscribe by using the ‘unsubscribe’ feature offered in every subscription-based message from these chatbots.
While we take reasonable steps to maintain secure internet connections, if you provide us with Personal Information over the internet, the provision of that information is at your own risk.
How we will deal with any breach
We are obliged to inform you of any breach of data relating to your Client Information, which we will do as soon as we have knowledge of the breach.
We are also obliged to notify the Privacy Commissioner of any serious data breaches. We are committed to doing so if and when such a breach occurs.
Any Client Information that is transmitted by you to us via the internet or through servers accessible via the internet is done at your own risk and we cannot guarantee security of Client Information in those circumstances.
You are entitled to request access to your Client Information and correction of it at any time. You can request access by contacting our Privacy Officer as follows:
Telephone: (09) 837 6887
Address: 293 Lincoln Road, Henderson, Auckland
We will take steps to verify your identity prior to giving you access to Client Information or correcting it. If we agree to provide the requested Client Information we will do so within 30 days of receiving your request. We may charge an administration fee for providing access. In the event we decide any Personal Information should not be provided, we will explain why.
If you have a complaint about a breach of the Privacy Act 2020, you should in the first instance submit your complaint to our Privacy Officer who will acknowledge your complaint within 7 days of receipt of the complaint, and make a decision within 30 days, unless a longer period is agreed with you.
If you are not satisfied with our decision, you may make a complaint to the Privacy Commissioner. The contact details for the Privacy Commissioner are:
Changes to this statement
We may update this Privacy Statement from time to time in order to keep it up to date with the law, any relevant rules, regulations and guidelines for our profession.
This statement does not limit or exclude any of your rights under the Act. If you would like further information on the Act, see www.privacy.org.nz.
We may change this statement by uploading a revised statement onto our website. The change will apply from the date that we upload the revised statement.
This statement was last updated on 1 May 2021.