01 What information do we collect?

We collect personal information that is necessary and relevant to providing financial advice services. We generally collect this directly from you, although in some cases we may receive information from third parties — see section 04 below.

• The types of personal information we may collect include:

• Your name and contact details — address, phone numbers, email address

• Personal details — date of birth, residency status, employment details

• Financial information — bank accounts, IRD number, source of funds, KiwiSaver details, investment holdings, trust or business documentation

• Records of our communications, meeting notes and file records

• Documents to verify your identity, as required under the AML/CFT Act 2009

02 What do we do with it?

We use your personal information to provide the financial advice services you have requested and to keep you informed about matters relevant to your financial affairs. When necessary, we may also use it to:

• Comply with our legal and regulatory obligations, including AML/CFT requirements, FMA reporting, and the Financial Markets Conduct Act 2013

• Verify your identity as required by law

• Maintain accurate client records in accordance with our FAP licence conditions

 Providing your personal information is voluntary. However, if certain information is not provided, we may be unable to deliver some or all of our services.

03 Who do we share it with?

Besides our staff, we may share your information with third parties who enable us to provide our services, including:

• Your other professional advisers, such as accountants or solicitors, where relevant and authorised by you

• Product providers, including KiwiSaver managers and investment funds

• Service providers we engage such as our investment platform, identity verification provider, AI-assisted meeting file note service, and managed IT provider, and other service providers from time to time.

• Government agencies, as required by law, including the IRD and DIA

•  We only share your information where it is necessary to deliver our services, required by law, or where you have authorised us to do so. We require all third parties to handle your information in accordance with the Privacy Act 2020.

04 Collection from third parties

Where we collect personal information about you from a third party, such as investment platforms, product providers, your other professional advisers, government agencies, or our technology service providers — we will notify you as soon as practicable, confirming what was collected, the purpose, who it may be shared with, and your rights, unless an exception under the Privacy Act 2020 applies.

05 Where do we store it?

We store client information electronically using secure cloud-based platforms, including Microsoft 365 and Marloo (for meeting file notes, stored on encrypted AWS Sydney servers). Device and cloud backups are managed by Norrcom Limited, who also continually monitor our systems for unauthorised access.

 Any hard copy documents containing personal information are stored securely at our office and destroyed by a professional document service when no longer required. 

We ensure all cloud-based providers are subject to appropriate security arrangements and confidentiality obligations. Where information is processed offshore, for example, Marloo’s AI providers process recordings in the United States, this is done under zero data retention agreements, meaning data is not stored by those providers after processing.

06 Your rights

Under the Privacy Act 2020, you have the right to:

• Ask whether PIC holds personal information about you

• Request access to the personal information we hold

• Request correction of any information that is inaccurate or out of date

• Be informed of the source of any information collected about you from a third party

 If there is ever a privacy breach likely to cause you serious harm, PIC will notify you and the Privacy Commissioner as soon as practicable.

To exercise any of these rights or if you have questions, please contact us:

07 Updates to this statement

We will update this statement when there are material changes to how we collect, use or share personal information. The current version is always available on our website. We will notify existing clients of significant changes by email.