The collection of personal information about individuals by organisations is governed by the Privacy Act 1993 (the Privacy Act) controls how 'agencies' collect, use, disclose, store and give access to 'personal information'.
The Policy explains our policies and practices with respect to the collection and management of personal information we collect from you.
The Privacy Act requires us to abide by twelve privacy principles when we handle your personal information. Those Principles and our approach to those Principles are set out below.
The Policy applies to IOOF Holdings Ltd and all of its wholly-owned subsidiaries, together referred to in this Policy as 'IOOF', 'us', 'our', or 'we'.
What information do we collect?
We will collect and hold your personal information for the purposes of:
- providing products and services to you
- managing and administering the products and services
- letting you know about our other products and services.
The type of information collected from you includes information that is necessary to operate your account or for us to provide advice to you. We ask you to provide personal information such as your:
- email address
- residential and/or postal address
- date of birth
- contact details
- bank account details
- financial details
- IRD number
Much of this information is collected through application forms, the use of our online facilities or through ongoing communications with you.
We will not collect any personal information about you except where you have knowingly provided that information to us or we believe you have authorised a third party to provide that information to us.
There are also specific circumstances in which we will ask for additional sensitive information such as:
- personal health information from medical practitioners when you are making a claim
- income information from employers in instances where you are applying for additional insurance protection or salary continuance insurance
- details of your dependents for the purposes of paying benefits in the event of your death.
We will always seek your consent before collecting this kind of sensitive information.
We may also need to collect information from third parties. For example, we may need to collect information from your financial adviser, another product issuer and employer.
We are also required to ask for certain information by law. Wherever there is a legal requirement for us to ask for information about you, we will inform you of the obligation and the consequences of not giving us the requested information. For example, in addition to obtaining personal information from you, whenever you acquire a new product or service from us, we will need to obtain certain documentary evidence from you as to your identity. Such evidence may include items such as a certified copy of your driver's licence, passport or birth certificate.
What if you don't give us the information we request?
You are not required to give us the information that we request. However, if you do not give us the information that we ask for, or the information you give is not complete or accurate, this may:
- prevent or delay the processing of your application or any claim
- affect your eligibility for specified insurance cover
- prevent us from contacting you
- impact on the taxation treatment of your account.
For example, we are required to ask for your IRD number when you become a member of the Integral Master Trust. If you choose not to give us your IRD number, you may be subject to higher tax on your investment.
3 Use of information
How do we use the information that we collect from you?
We use personal information about an individual for the purposes for which it has been obtained. We collect personal information so that we are able to complete one or more of the following activities:
- provide financial advice to you
- establish and manage your investments and accounts
- implement your investment instructions
- establish and maintain insurance protection
- process contributions, transfer monies or pay benefits
- report the investment performance of your account
- keep you up to date on other products and services offered by us.
Personal information will also be used where you have consented to such disclosure or where it is required or authorised under law, in circumstances relating to public health and safety or in connection with certain operations by or on behalf of an enforcement body.
Who do we give information to?
We may provide your information to other related companies within the IOOF group or external parties. Where personal information is disclosed there are strict controls in place to ensure information is held, used and disclosed in accordance with the privacy principles.
The types of external organisations to which we often disclose your personal information include:
- any organisations involved in providing, managing or administering our products or services such as actuaries, custodians, external dispute resolution services, insurers, investment managers or mailhouses
- your financial adviser
- medical practitioners and other relevant professionals, where you have applied for insurance cover or made a claim for disablement benefit
- your personal representative, or any other person who may be entitled to receive your death benefit or any person contacted to assist us to process that benefit
- any financial institution who holds an account for you
- any professional advisers appointed by us
- businesses that may have referred you to us (for example your credit union).
Like other financial services companies, there are situations where we may also disclose your personal information where it is:
- required by law (such as to Inland Revenue)
- authorised by law (such as where we are obliged to disclose information in the public interest or to protect our interests)
- necessary in discharging obligations (such as to foreign governments for the purposes of foreign taxation)
- required to assist in law enforcement (such as to the police).
We will also disclose your information if you give your consent.
5 Access and correction of information
Can I access my information and what if it is incorrect?
You may request access to the personal information we hold about you. We may charge a reasonable fee to cover our costs.
There may be circumstances where we are unable to give you access to the information that you have requested. If this is the case we will inform you and explain the reasons why.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You have a right to ask us to correct any information we hold about you if you believe it is not accurate, complete or up to date. If we do not agree with the corrections you have supplied, we are not required to alter the information.
If you wish to access your personal information, you should contact us through our offices or by writing to the Privacy Officer. Details of how to contact the Privacy Officer are set out in section 8 below.
If you have a concern about the privacy of your information, you may lodge a complaint with us by writing to the Privacy Officer. Refer to section 8 for contact details for our Privacy Officer.
If our Privacy Officer is unable to resolve your complaint, you may lodge a complaint with the Privacy Commissioner. You can contact the Privacy Commissioner by:
- 0800 803 909 (or 09 302 8655 if you are calling from Auckland) the Privacy Commissioner at firstname.lastname@example.org.
- submitting an online form: www.privacy.org.nz/your-privacy/how-to-complain/
- writing to the Privacy Commissioner at PO Box 10-094, The Terrace, Wellington 6143.t
7 Protection of personal and sensitive information
How do we protect your information?
We have security systems, practices and procedures in place to safeguard your privacy. The people who handle your personal information for us have the training, knowledge, skills and commitment to protect it from unauthorised access or misuse.
If you use the secure adviser, member or employer sections of our websites, we will verify your identity by your username and password. Once verified, you will have access to secured content.
Risks of using the internet
You should note that there are inherent security risks in transmitting information through the internet. You should assess these potential risks when deciding whether to use our online services. If you do not wish to transmit information through our website, there are other ways in which you can provide this information to us. You can, for example, contact our Customer Service team. Refer to section 8 for our Customer Service contact details.
All browsers allow you to be notified when you receive a cookie and you may elect to either accept it or not. If you wish not to accept a cookie, this may impact the effectiveness of the website. Your internet service provider or other IT service provider should be able to assist you with setting your preferences.
8 How do I contact the privacy officer or customer service?
Contact details will vary depending on which IOOF group entity you are dealing with and are set out below:
IOOF New Zealand Limited
Privacy Officer IOOF
General enquiries for investor and advisers 0800 377 333 or email email@example.com