When a client uses our services, they are trusting FINANCE CENTER NZ LIMITED T/A Finance Center with their personal and financial information. We understand that this is a big responsibility and work diligently to protect their information in accordance with the Privacy Act 2020 (the Act).

References in this Privacy Policy to “we", “us” and “our” means, Finance Center acting through a Financial Adviser.

A key aspect of our business is obtaining and storing client information and other types of data. If we use service providers who are based overseas (for example, cloud software where servers are based in another country) we need to ensure that the provider meets the New Zealand privacy laws at all times.

We must also ensure that personal client information is held in a safe and secure way and disposed of securely when we have finished with it and/or are no longer required to hold it.

We follow The Privacy Act’s thirteen principles when collecting, using and storing client’s personal information:

Clients providing us with personal information or engaging us to provide services, they must consent to the collection, use, storage and disclosure of personal information in accordance with this Privacy Policy.

We may change our Privacy Policy from time to time, by providing you with an updated version, to reflect changes in the law and also our business needs so long as the changes do not disadvantage you. By continuing to engage us you will be deemed to have accepted the updated Privacy Policy.

In New Zealand, under the Privacy Act 2020, "personal information" means information about an identifiable individual. We collect certain types of personal information about you, including:

(a) information in relation to the application for, provision and administration of insurance, such as your contact details, date of birth, employment details, health information, details of previous insurances and past insurance claims and criminal records;

(b) financial, billing and invoicing information;

(c) if you visit our website, we will collect personal information that you submit, such as via online forms; and

(d) any other personal information you otherwise provide to us.

If you do not provide us with the information that we need, we or any of our third party service providers may not be able to provide you with products or services.

Depending on your relationship with us (for example, as a consumer policyholder; non-policyholder insured or claimant; witness; commercial broker or appointed representative; or other person relating to our business), personal information collected about you and your dependants may in certain circumstances include:

• General identification and contact information: Name; address; e-mail and telephone details; gender; marital status; family status; date of birth; passwords; educational background; physical attributes; activity records, such as driving records; photos; employment history, skills and experience; professional licences and affiliations; relationship to the policyholder, insured or claimant; and date and cause of death, injury or disability.
• Identification numbers issued by government bodies or agencies: Passport number; tax identification number; or driver’s or other licence number.
• Financial information and account details: Payment card number; bank account number and account details; credit history and credit score; assets; income; and other relevant and required financial information.
• Medical condition and health status: Current or former physical, mental or medical conditions; health status; information on injury or disability; medical procedures; personal habits (for example, smoking or consumption of alcohol); prescription information and other relevant medical histories.
• Other sensitive information: In certain cases, we may receive sensitive information about the individual, and may also get access to an individual’s criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.
• Telephone recordings: Recordings of telephone calls to our representatives and call centres.
• Marketing preferences and customer feedback: We may also get access to information through an individual’s marketing preferences, contests, other sales promotion activities, voluntary customer satisfaction surveys etc.

We will only use your personal information for the purpose for which it is obtained, subject to certain exceptions set out in the Privacy Act 2020. Depending on the purpose for which the personal information was obtained and on the specific circumstances, we may use your personal information to:

(a) communicate with you and others as part of our business;

(b) send you important information regarding changes to our policies, other terms and conditions, the website and other administrative information;

(c) make decisions about whether to provide insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes;

(d) assess your eligibility for payment plans and process your premium and other payments;

(e) provide improved quality, training and security;

(f) prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks;

(g) carry out market research and analysis, including satisfaction surveys;

(h) provide marketing information (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed;

(i) personalise your experience on the website by presenting individually tailored information and advertisements;

(j) identify you to the recipient of your messages through the website;

(k) allow participation in and administer prize draws and similar promotions. Some of these activities have additional terms and conditions that you must read carefully;

(l) manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;

(m) resolve complaints, and handle requests for data access or correction;

(n) comply with applicable laws and regulatory obligations (including domestic and foreign), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence); and

(o) establish and defend legal rights; protect our own operations, insurance business partners, rights, privacy, safety or property and pursue available remedies or limit our damages.

For the purposes set out above, we may need to transfer personal information to parties located in other countries (including the countries that have a different data protection regime than is found in New Zealand). For example, in order to process international travel insurance claims and provide emergency medical assistance services when the insured party is travelling abroad.

Some of the third party service providers to whom we disclose personal information are located in countries outside New Zealand, such as India. In this regard, unless exempted by the Privacy Act 2020, we would have sought your express authorisation to do so prior to the transfer of your personal information overseas. Overseas disclosure of your personal information will only be made for one or more of the purposes specified in this Privacy Policy.

We may transfer information internationally to our service providers, business partners and governmental or public authorities. In all such cases, we will ensure that your personal information continues to be held, used and sufficiently protected by the overseas recipient in accordance with the requirements of the Privacy Act 2020 and any other applicable laws or regulations.

Generally, we will collect your personal information directly from you. For example, we collect your personal information if you submit information to us, make inquiries via email or provide personal information during conversations between you and us.

We may also collect your personal information from:

(a) Product Providers (e.g. insurance, in order to answer your queries or assist you with your financial arrangements as your circumstances change). If applicable, the Product Providers may also periodically disclose your loan balance or premium to us in connection with the payment of ongoing commission to us over the term of your loan or insurance; and

(b) any other person or entity authorised by you or the Privacy Act.

If you provide any personal information about anyone else to us, you confirm that you have collected that personal information in accordance with the Privacy Act and that the individual concerned has:

(a) authorised the disclosure to us and the collection, use and disclosure of their personal information by us in accordance with this Privacy Policy; and

(b) has been informed of their right to access and request correction of their personal information.

We will generally rely on you to ensure the information we hold about you is accurate. If any of your details change, please let us know as soon as possible by contacting us.

We will only use your personal information for the purpose for which it is obtained, subject to certain exceptions set out in the Privacy Act 2020. Depending on the purpose for which the personal information was obtained and on the specific circumstances, we may use your personal information to:

(a) communicate with you and others as part of our business;

(b) send you important information regarding changes to our policies, other terms and conditions, the website and other administrative information;

(c) make decisions about whether to provide insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes;

(d) assess your eligibility for payment plans and process your premium and other payments.

(e) provide improved quality, training and security;

(f) prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks;

(g) carry out market research and analysis, including satisfaction surveys;

(h) provide marketing information (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed;

(i) personalise your experience on the website by presenting individually tailored information and advertisements;

(j) identify you to the recipient of your messages through the website;

(k) allow participation in and administer prize draws and similar promotions. Some of these activities have additional terms and conditions that you must read carefully;

(l) manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;

(m) resolve complaints, and handle requests for data access or correction;

(n) comply with applicable laws and regulatory obligations (including domestic and foreign), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence); and

(o) establish and defend legal rights; protect our own operations or those of our group companies, insurance business partners, rights, privacy, safety or property and pursue available remedies or limit our damages.

We may disclose your personal information to the following people if we consider it necessary to do so for the purposes described in section 6 above:

(a) Product Providers and other prospective lenders, third parties or other intermediaries in relation to your finance, insurance requirements, KiwiSaver or any investments (including a prospective lender’s mortgage insurer (if any), any person with whom a lender or insurer proposes to enter into contractual arrangements, any person who provides a guarantee or security and any trustee and any assignee or potential assignee of a lender’s or insurer’s rights);

(b) our referral partners who can help you with other services;

(c) contractors or service providers;

(d) investors, or any entity that has an interest in our business or any entity to whom we consider assigning or transferring any of our rights or obligations or selling all or part of our business;

(e) anyone whom we are legally required or authorised to share your information with, including regulators and government agencies;

(f) to auditors to ensure we are providing services to you that are in your best interests, and in accordance with current regulations;

(g) your employer and referees and identity verification agencies; and

(h) any other person or entity authorised by you or the Privacy Act.

Prior to disclosing any of clients’ personal information to another person or organisation, we will take all reasonable steps to satisfy that the person or entity has a commitment to protecting their personal information at least equal to our commitment.

We may use cloud storage to store the personal information we hold about clients. The cloud storage and the IT servers may be located outside New Zealand.

In order to provide clients with our services, we may need to share their information with organisations outside New Zealand (for example information technology providers), these countries include, but not limited to, India, Philippines, Malaysia and Australia.

We may store clients’ information in the cloud or other types of networked or electronic storage. An electronic or networked storage can be accessed from various countries via an internet connection, its not always practicable to know in which country your information may be held. If clients’ information is stored in this way, disclosures may occur in countries other than those listed. Overseas organisations may be required to disclose information we share with them under foreign law.

The Compliance Officer is responsible for the management and security of jointly used personal information. Access to personal information within Finance Center is restricted on a need-to-know basis. Finance Center have a back office in India and have a dedicated team that reports to Finance Center and shares personal information for internal processing. Outsourcing contract binds the back office in India with strict privacy guidelines.

Clients are not required to provide any personal information to us but if they choose not to it might affect our ability to provide services to them and their ability to obtain finance, insurance and other Products from Product Providers.

In most circumstances, it will be necessary for us to identify clients in order to successfully do business with them. However, where it is lawful and practicable to do so, we will offer clients the opportunity of doing business with us without providing us with personal information, for example, if they make general inquiries about interest rates or current promotional offers.

Clients may access and request correction of any of the personal information that we hold about them at any time by contacting us. We may charge a fee for our reasonable costs of retrieving and supplying the information to clients.

Finance Center has appointed Compliance Officer as the company’s Privacy Officer. The Privacy Officer must have a general understanding of the Act and can deal with privacy issues when they arise. Any breaches or ‘near misses’ should be reported to the Privacy Officer as soon as possible.

Privacy breaches are a reality for any business that holds personal information. Businesses and organisations can inadvertently release personal information through employee complacency, inadequate security measures, poor procedures or by accident. If a privacy breach happens, it must be carefully managed and resolved.

Finance Center must report any serious privacy breaches to the Office of the Privacy Commissioner. A serious breach is one that poses a risk of harm (e.g. leaked personal information is published online or used to facilitate identity theft). Where a serious breach occurs, we must also notify the people whose information was affected.

Breach notifications to the office of the Privacy Commissioner can be made by email, telephone or by using their online enquiry form here.

• We will only collect information that is directly relevant to our business relationship with our clients.
• The primary source of information will be from the client directly. Where we use other sources, we must inform the client of those sources before proceeding.
• We will not sell or trade personal information with any other company or person. We may contact clients from time to time for relationship management purposes or to advise of other services.
• We will use all reasonable endeavours to ensure that personal information is kept secure and confidential.
• Only authorised staff will have access to personal information.
• Client information is safely disposed of.
• We ensure that our IT network is secure.
• If we are considering engaging an overseas-based service provider (e.g. cloud storage services), we must ensure that the provider meets all New Zealand privacy laws.

These are four key steps in dealing with a privacy breach:

• Contain
• Notify
• Assess
• Prevent

Further information can be found at here.

If you have any questions about our Privacy Policy or your personal information, please contact us.

Phone :- +64 22 074 6454
Email :- mitesh@financecenter.co.nz

Privacy Act 2020	http://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23223.html
Office of the Privacy Commissioner	https://www.privacy.org.nz/
Code of Professional Conduct - Standard 5	Protect Client Information