Privacy Policy and Client Information

In this Privacy Policy, ‘we’, ‘us’ and ‘our’ means Matt Jensen Insurance Brokers Limited (MJIB)

Why is this policy important?

Establishing and maintaining a trust-based relationship with our clients is central to our effectiveness as a broker. Maintaining confidentiality as regards client information is fundamental to that trust.

Client information includes all information about the client that is collected or held by a person who gives Financial Advice. That includes information in work papers and records, and the Financial Advice given to the client. This includes personal information under the Privacy Act (which is information about an identifiable individual) but is broader as it also includes information relating to entities. 

Standard 5 of the Code of Professional Conduct for Financial Advice Services (the Code) sets out clear requirements regarding the handling of client information. Client information is broader than personal information under the Privacy Act to the extent that it relates to personal information, however the standard is intended to be applied consistently with obligations under the Privacy Act.

This policy sets out our approach to dealing with client information. The policy should be read in conjunction with the Information Security Policy.

MJIB Privacy Statement

We collect personal information from you, including information about your name, contact information, location, computer or network, billing, or purchase information. We collect your personal information to carry out our business as Insurance Brokers. Besides our staff, we share this information with Insurance companies and premium funders to provide insurance policies and payment options to customers. Providing some information is optional; if you choose not to enter a certain type of information, we may be unable to provide our services. We keep your information safe by storing in secure files and only allowing certain staff access. We keep your information for 7 years from when we last used this information at which point we securely destroy and/or delete it. You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you would like to ask for a copy of your information, or to have it corrected, please contact us at admin@mjib.co.nz, or 07-376-9444, or 114 Horomatangi Street Taupo.

What personal information we collect

In New Zealand, under the Privacy Act 2020, “personal information” means information about an identifiable individual.  We collect certain types of personal information about you, including:

  • information in relation to the application for, provision and administration of insurance, such as your contact details, date of birth, employment details, health information, details of previous insurances and past insurance claims and criminal records.
  • financial, billing and invoicing information.
  • any other personal information you otherwise provide to us.

If you do not provide us with the information that we need, we or any of our third-party service providers may not be able to provide you with products or services.

How we collect your personal information

We may collect personal information in several ways, including:

  • directly from you via our website, telephone, in writing or email; and/or
  • indirectly from third parties, if necessary. For example, your employer, referees, insurers, premium funders and other third-party service providers or publicly from available sources.

You authorise us to contact such third parties for the purposes of providing you with the information or services that you have requested.

Our purposes for using and disclosing your personal information

We use and disclose your personal information for the purposes of providing our services to you and related purposes. Such purposes include:

  • assessing and managing your insurance application and policy.
  • managing and processing payments.
  • communicating with you about our products and services.
  • conducting market or customer research.
  • administering claims.
  • developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our services.
  • telling you about our other service offerings which we believe may be relevant (if you have requested to receive this).
  • statutory or regulatory reporting.
  • internal or external audit; and
  • any other purpose notified to you at the time your personal information is collected.

Disclosure of your personal information

We will disclose your personal information to:

  • insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies.
  • assessors appointed by insurers to assess or investigate your claims.
  • others named on your policy as co-insureds.
  • service providers engaged to provide services to you in relation to your insurance (such as providing repairs).
  • third parties who help manage our business and provide our services, including our third-party service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions.
  • any other entities notified to you at the time of collection; and
  • courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules.

Other than when required or permitted by law, as specified in this Privacy Policy or where you have provided your consent, we will not disclose your personal information.

Nothing in this Privacy Policy prevents us from using and disclosing to others de-personalised aggregated data.

Transfer of personal information overseas

We may disclose your personal information to third party service providers and/or insurers who may process your personal information either on our behalf or otherwise for one or more of the above-stated purposes.

Some of the third-party service providers to whom we disclose personal information are in countries outside New Zealand, such as Australia. In this regard, unless exempted by the Privacy Act 2020, we would have sought your express authorisation to do so prior to the transfer of your personal information overseas.  Overseas disclosure of your personal information will only be made for one or more of the purposes specified in this Privacy Policy.

We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights, such as by ensuring disclosures are limited to recipients who are subject to privacy laws which are recognised as providing a comparable level of legal protection as the Privacy Act 2020 or where we can be satisfied that alternative arrangement are in place to protect your privacy rights, such as by ensuring disclosures are limited to recipients who are subject to privacy laws which are recognised as providing a comparable level of legal protection as the Privacy Act 2020 or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.

Your obligations when you provide personal information of others

You must not provide us with personal information of any other individual unless you have the express authorisation of that individual to do so.  If you do provide us with such information about another individual, before doing so you:

  • must tell that individual that you will be providing their information to us and that we will handle their information in accordance with this Privacy Policy.
  • must provide that individual with a copy of (or refer them to) this Privacy Policy; and
  • warrant that you have that individual’s consent to provide their information to us.

If you have not done this, you must tell us before you provide any third-party information.

Your obligations when we provide you with personal information

If we give you, or provide you access to, the personal information of any other person, you must only use it:

  • for the purposes we have agreed to; and
  • in compliance with applicable privacy laws (including the Privacy Act 2020) and this Privacy Policy.

You must also ensure that your agents, advisers, employees and contractors meet the above requirements.

Accuracy, access and correction of your personal information

We take reasonable steps to ensure that your personal information is accurate, complete and up to date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information.

Please contact us using our contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up to date.

You can make a request to access your personal information or to have it corrected by contacting us below.  If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information.  We may charge a fee where permitted by law

Security of your personal information

We take reasonable steps to protect any personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure.  However, data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to ensure you protect your personal information. You should notify us as soon as possible if you become aware of any security breaches. Where required by law, we will notify you of any notifiable privacy breach concerning your personal information.

Updates of Privacy Policy

We reserve the right to amend our Privacy Policy from time to time to ensure we properly manage and process your personal data.

How to make a complaint
If you wish to make a complaint about a breach of this Privacy Policy or any breach of applicable privacy laws, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence and information.  You can also complain to the Privacy Commissioner (see www.privacy.org.nz)

How to contact us

If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy or any other query relating to our Privacy Policy, please contact us at 114 Horomatangi Street, Taupo admin@mjib.co.nz (07) 376 9444

Our policy

We do this:

  • Ensure that client information is only used, retained or disclosed:
    • for the purpose of giving Financial Advice to the client;
    • for another purpose that is directly related to giving the Financial Advice;
    • if the use, retention or disclosure is required or permitted by law; and
    • for another purpose if the client has agreed.
  • Inform clients how their information will be collected, used, retained or disclosed by providing a privacy notice.
  • Ensure that when the client information is no longer needed, it is returned to the client or disposed of securely.
  • The Business Manager is the company’s Privacy Officer and has a requirement to understand their responsibilities under the Privacy Act.
  • Regularly train our people so they understand what we need to do to ensure compliance with privacy laws, spot and report privacy breaches, and manage privacy requests and corrections. 
  • Ensure that physical and electronic security measures and protocols are maintained so that only authorised personnel of our FAP have access to client information.
  • Obtain consent from clients for their information to be provided to regulatory bodies should it be required for supervisory purposes.
  • Obtain consent before sending any electronic marketing messages and provide an unsubscribe mechanism.
  • When outsourcing and personal information is transferred offshore, we have contractual protections in place to provide the same protections under the NZ Privacy Act.

We don’t do this:

  • Leave client documents in an unsecure environment.
  • Use client information for any purpose other than that for which is was provided to us.
  • Breach client confidentiality by disclosing, verbally or in writing, client information to third parties without client consent.
  • Breach the information security protocols we have in place restricting who has access to client information, be it in physical or electronic form.
  • Hold client information for longer than is required for the purposes of the relationship and/or meeting legal requirements.

Implementation

  • All brokers and employees receive induction and annual retraining on the contents of this policy.
  • Formal client consent to provision and use of information on file.
  • IT security and information access protocols in place.
  • Secure document storage and destruction facilities in place.

Ensuring compliance

  • Ongoing monitoring of broker and employee activity and behaviour.
  • Annual broker and employee attestations to policy adherence
  • Review and audit of client files annually.
  • Annual review of IT access protocols.

Date

11 November 2020