Client privacy policy

Privacy policy

1. INTRODUCTION 

1.1           Lyttelsoft (we, us, our) may collect and store personal information about you to allow us to provide you with our services.  Our collection of your personal information is subject to the New Zealand Privacy Act 2020 (Act). 
1.2This privacy policy forms part of our terms of business with you and sets out how we collect, use, disclose and protect your personal information in accordance with our obligations under the Act. Nothing in this policy alters your rights under the Act.
1.3In this policy ‘personal information’ means information relating to an individual which can be used to identify that individual.  

2. CONSENT 

2.1           We may not be able to properly advise you or offer you our services if you do not provide us with necessary personal information when requested to do so.  By engaging us and providing us with your personal information it will be deemed you have given your express consent for us to use and store that information for the purpose it has been collected. 
2.2If you give us personal information about any other person, please ensure you have their consent to do so first. 

3. INFORMATION WE COLLECT 

3.1           The type of personal information we collect and store, includes but is not limited to: NamePostal addressPhysical addressPhone numberEmail addressDate of birthWork information (such as job title, company, and location)Billing information (such as address for service and bank account details)IRD numberCopies of your identification (such as passport, birth certificate, or driver licence)Financial informationCOVID-19 vaccination status

4. HOW WE COLLECT INFORMATION 

4.1           We collect personal information by way of:  Forms filled out by clientsEmailFace-to-face meetingsTelephoneVideo e.g., Zoom, Microsoft Teams or SkypeSocial media pages e.g., Facebook and LinkedInThird parties e.g., Inland RevenueWe also collect information about your usage of our website through the use of cookies. You may disable cookies by changing the settings on your web browser, however, this may mean that you cannot use some or all of the features of our websiteMy Vaccine Pass, vaccination record or exemption card shown to us in person electronically or in hard copy, or emailed to us

5. WHAT WE MAY USE YOUR INFORMATION FOR 

5.1           We may use your personal information for, but not limited to, the following reasons: To verify your identityTo provide our services to youTo communicate with you (including for marketing purposes) and respond to communications from youTo improve the services we provide to you, including by tailoring your experience with our services by making assumptions about you based on your provided informationTo undertake credit checks of you (if necessary)To bill you and to collect money that you owe usTo protect and/or enforce our legal rights and interests, including defending any claim and/or registering your name for credit reporting purposesFor any other purposes authorised by you or the ActTo provide you with marketing materials and our newsletter where you have consented to us doing so. You can revoke your consent to receiving these materials at any time, by emailing accounts@lyttelsoft.co.nz To verify your COVID-19 vaccination status to comply with our COVID-19 Workplace Policy

6. DISCLOSURE OF YOUR INFORMTION 

6.1           In certain circumstances we may disclose your personal information to third parties where our services or functions are being outsourced. In that situation, the third party must comply with this policy or have their own privacy policy that has the same or greater protections in relation to your personal information. If we do not need to share your personal information with a third party in order to provide advice or services to you, we will not pass on your information to them without your prior consent.
6.2We may disclose your personal information to any person or entity authorised by law to request such information from us (such as a government authority or law enforcement agency).
6.3We may disclose your personal information to any person or entity that you authorise.
6.4While maintaining client confidentiality and legal privilege to the extent allowed by law, we may at times, without reference to you, be required to make certain disclosures to the New Zealand Police Financial Intelligence Unit under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 or other legislation.
6.5We will not disclose your COVID-19 vaccination status to anyone without your express consent, however your status may be logically implied as being fully vaccinated (unless we have been informed to the contrary) as we currently require all staff, partners, clients, contractors, and visitors to our offices to be fully vaccinated.

7. SECURITY OF YOUR INFORMATION 

7.1           We take all reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. These steps include: Adopting and regularly reviewing the performance and terms of our internal data security policies and systems to ensure that they are fit for purpose and protect your personal information from unlawful processing, accidental loss, destruction, and damage.Adopting technologies for our internal use that meet the standards required by the Act.Verifying the suitability of security systems in place with third parties that we work with to ensure that they meet the standards required by the Act.
7.2In some cases, the personal information that we collect from you may be processed outside of New Zealand. When this is the case, third parties that process your information are also obliged to comply with the Act when dealing with your personal information. We make all reasonable endeavours to ensure that all entities that we work with outside of New Zealand offer satisfactory protection for your personal information. 
7.3We have taken steps to ensure that our website is secure. We use the secure HTTPS data transfer protocol for the transmission of data and our site holds an SSL certificate from a trusted organisation. Despite this, the internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times.  Transmission of personal information over the internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
7.4Your personal information will be kept in electronic or hard copy, or both.
7.5Electronic copies of your personal information we collect and hold about you will be stored in our computer systems. We currently use Xero and Xero Practice manager software to store your personal information.
7.6Hard copies of your personal information we collect and hold about you will be stored at our premises in Lyttelton.    

8. NOTIFICATION IN THE EVENT OF A SECURITY BREACH 

8.1           We will advise you at the first reasonable opportunity upon discovering or being advised of any security breach in which your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised person or in any unauthorised manner.
8.2Should such a breach occur we are committed to taking all reasonable steps to remediate the issue that gave rise to the security breach to prevent further loss and subsequent security breaches.
8.3If the event is deemed to be notifiable, we will be required to report the breach to the Privacy Commissioner.  

9. YOUR RIGHTS TO ACCESS, CORRECT AND DELETE YOUR PERSONAL INFORMATION 

9.1           Under the Act you have the right to access, correct and on some occasions delete your personal information that is readily retrievable.  We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements.  This right is subject to certain grounds for our refusal as outlined in the Act.
9.2Before we provide you with your personal information, we will require you to provide evidence that you are in fact the individual to whom the personal information relates.
9.3If you would like to exercise the above rights, please email our Privacy Officer Penny Mercer at penny@lyttelsoft.co.nz
9.4We reserve the right to charge you our reasonable costs for providing copies of your personal information or correcting that information.
9.5Please note if we no longer hold your personal information, we will be unable to satisfy your request.

10. HOW LONG WE HOLD YOUR PERSONAL INFORMATION FOR

10.1           We will store your personal information on hard or electronic file for 10 years following the completion of the matter.  After that time, we may destroy files and documents except documents we have agreed with you to keep in safe custody.  
10.2You may request that we delete your personal information as mentioned in clause 9.1.

11. CHANGES TO THIS POLICY

11.1         We reserve the right to change this policy at any time by uploading a revised copy of the policy onto our website.
11.2This policy was last updated in 21/01/2022.

12. HOW YOU CAN CONTACT US ABOUT PRIVACY MATTERS

12.1            If you wish to contact us about matters concerning the privacy of your personal information please get in touch with our Privacy Officer, Penny Mercer at penny@lyttelsoft.co.nz