About our policy
To give our clients the very best advice we need to collect personal information about their financial circumstances.
In the digital age that we live in, we take our responsibilities under the Privacy Act 2020 (the Act) very seriously.
The purpose of this policy is to set out how the business collects, uses, discloses and protects personal information in accordance with the Privacy Act 2020.
The business must comply with the Privacy Act (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
A person is not required to provide the personal information that we request but if that person chooses not to do so, in many cases we will not be able to provide our services.
The policy will provide assurance that the business is meeting its regulatory requirements and customer best practice commitments in regard to managing privacy obligations.
Ensure a robust framework around privacy requirements.
Identify what the business considers to be private information.
Set out how privacy complaints to the business will be recorded, responded to and reported.
This policy should be read in accordance with the Privacy Act 2020;
How we collect personal information
We collect personal information about an individual from that individual, through contact with us (for example, in a meeting, or via an email), or when we provide services to the individual.
We also collect information from third parties including from clients’ related businesses, accountants, current providers of financial products (potentially including insurers and lenders), medical service providers and employers. We may also collect personal information from the Accident Compensation Corporation and credit reporting agencies. Any information we collect from third parties is at the knowledge and approval of the client.
When a person visits Radical Investment Ltd’s website we may collect information including details of visits to our website such as traffic data, location data, cookies and website analytics.
How we use personal information
We collect personal information for the following purposes:
to provide and market our services (and to assist in improving our services);
to respond to communications from a client;
to make contact with a client in the future about matters we believe will be of interest;
in connection with defending, protecting and/or enforcing our legal rights and interests including defending a complaint, claim or other action;
to conduct research and statistical analysis (on an anonymised basis);
to undertake credit checks on clients (if necessary);
to comply with our obligations at law and to support us to engage with relevant regulators; and
for any other purpose authorised by our client or the Act.
Who we disclose personal information to
We may disclose a client’s personal information to:
any business that supports provision of our services (including related companies, information technology service providers, lawyers, accountants);
financial product providers in connection with assisting clients to apply for financial products and services, administer financial products and services, renew, vary, replace or exit/end financial products or services;
third parties noted above in order to obtain relevant required information;
regulatory bodies including the Financial Markets Authority (whether or not required by law);
lawyers and other professionals, and our insurers (and their advisers), in connection with defending, protecting and/or enforcing our legal rights & interests;
debt collection agencies;
any other person authorised by the Act or another law.
A business that supports provision of our services may be located outside New Zealand. This may mean that personal information is held and processed outside New Zealand.
How we protect personal information
We will take steps that are reasonable in the circumstances to keep personal information safe from loss and from unauthorised access, use, modification or disclosure.
Employees are not allowed to access or share client information unless it is in the course of standard business processes.
We will identify and delete all files seven years after the end of the customer’s relationship.
Accessing and correcting personal information
Subject to the certain grounds for refusal set out in the Act, an individual whose information we hold has the right to access their personal information and the right to request a correction to that personal information.
While we take reasonable steps to maintain secure internet connections, if a person provides us with personal information over the internet, the provision of that information is at that person’s own risk.
A privacy breach occurs when an organisation or individual either intentionally or accidentally:
Provides unauthorised or accidental access to someone's personal information.
Discloses, alters, loses or destroys someone's personal information.
A privacy breach also occurs when someone is unable to access their personal information due to, for example, their account being hacked.
Under the Privacy Act 2020, if an organisation or business has a privacy breach that either has caused or is likely to cause anyone serious harm, that business must notify the Privacy Commissioner and any affected people as soon as practically able.
Reporting of Privacy Breaches
Should one occur, the business will undertake an analysis of a privacy complaint to identify if it is serious and systemic in nature.
Where a privacy breach of this nature occurs (the business will, in accordance with their obligations under the Privacy Act notify the privacy commissioner and the individuals impacted by the breach.
The business will provide relevant details to the privacy commissioner, including the proposed handling of the complaint. Find out more about this at https://privacy.org.nz/privacy-for-agencies/privacy-breaches/
If required, the business will follow the Privacy Commission’s guidance on additional measures that may be required to be enacted.
Tracking of privacy complaints will align with the process set out by our complaints process (refer to our Complaints page for further detail).
Responding to Client Information Requests
When a client requests their information, we are obligated to provide that information to them. When a request is received, we will notify the director(s) of the business.
We will provide the information to them within 20 working days, we will also notify the client if we do not have any related information for the client.
The information could be held in:
digital or electronic files;
data held on the client CRM; or
Radical Investment maintains a privacy officer that will:
be familiar with the privacy principles in the Privacy Act;
work to make sure the organisation complies with the Privacy Act;
deal with any complaints from the organisation's clients about possible privacy breaches;
deal with requests for access to personal information, or correction of personal information; and
act as the organisation's liaison with the Office of the Privacy Commissioner.
train other staff at the organisation to deal with privacy matters;
advise their organisation on compliance with privacy requirements;
advise their organisation on the potential privacy impacts of changes to the organisation's business practices;
advise their organisation if improving privacy practices might improve the business; and
be familiar with any other legislation governing what the organisation can and cannot do with personal information.