Privacy Policy
ABOUT US
Rothbury Group Limited and its subsidiaries including Rothbury Insurance Brokers Limited (“Rothbury”) is a majority New Zealand owned and nationally operated business that offers expert insurance advice and solutions to individuals and businesses nationwide.
IN THIS PRIVACY POLICY ‘WE’, ‘US’ AND ‘OUR’ MEANS ROTHBURY, ‘YOU’ AND ‘YOUR’ MEANS INDIVIDUALS WE COLLECT PERSONAL INFORMATION FROM
Our business is about protecting what is of value to the individuals and clients who work with us. We value the trust placed in us as part of this process and respect the privacy of the personal information we deal with. Because our relationships are based on trust, as well as protecting what’s of value to our clients, we actively protect the personal information we collect. This Privacy Policy sets out how we collect, store, use and disclose personal information, which we do in accordance with New Zealand’s Privacy Act 2020 (“the Act”).
WHAT IS PERSONAL INFORMATION AND WHY WE COLLECT IT
In the Act, “personal information” means information about a living and identifiable individual. We collect certain types of personal information which may include:
• information required to explore options for and to provide, administer and maintain insurance. This information typically includes:
o your contact details;
o date of birth;
o employment details;
o health information;
o criminal history;
o details of previous insurances; and
o past insurance claims.
• financial, billing and invoicing information;
• information you provide in any application or enquiry via our Rothbury Careers webpage, which includes information we require as part of our recruitment processes; and
• any other personal information you provide us with that we may require over the course of our relationship.
If you do not provide us with the information that we need, we or any of our third-party service providers may be unable to provide you with products or services.
HOW WE COLLECT PERSONAL INFORMATION
We collect personal information in different ways which may include:
• Directly from you via our website (including online forms), telephone, in writing or email, via the “My Rothbury” App; and/or
• Indirectly from third parties where required (where it is unreasonable or impracticable to collect information directly from you). For example, employer, referees, insurers, premium funders, government departments and other third-party service providers or publicly from available sources.
We are authorised to contact such third parties for the purposes of providing the information or services that have been requested.
OUR PURPOSES FOR COLLECTING, STORING, USING AND DISCLOSING PERSONAL INFORMATION
We collect, store, use and disclose personal information for the primary purpose of providing insurance advice, solutions and services alongside other related purposes which may include:
• assessing and managing insurance applications and policies;
• managing and processing payments;
• communicating about our products and services;
• conducting market or customer research;
• administering claims;
• informing individuals and clients of service offerings which we believe may be relevant;
• statutory or regulatory reporting;
• internal or external audit;
• internal training;
• recruitment processes where personal information is provided for the purpose of recruitment; and
• any other purpose notified at the time personal information is collected.
DISCLOSURE OF PERSONAL INFORMATION
We will only disclose personal information in accordance with this Privacy Policy and as permitted by law, or where we have client or individual instruction or consent to do so. We may disclose personal information we collect to:
• insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies;
• assessors appointed by insurers to assess or investigate claims;
• others named on a policy as co-insureds, joint insureds or interested parties (whether financially interested or equitably);
• service providers engaged to provide services in relation to insurance (such as providing repairs);
• third parties who help manage our business and provide our services, including our third party service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions;
• any other entities notified at the time of collection; and
• courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules.
Nothing in this Privacy Policy prevents us from using and disclosing to others de-personalised aggregated data.
TRANSFER OF PERSONAL INFORMATION OVERSEAS
From time to time, we may disclose your personal information to our staff, third party service providers and/or insurers located overseas, to store and process personal information either on our behalf or otherwise, for one or more of the above-mentioned purposes.
Where overseas disclosure is necessary, we will take steps to ensure that the transfer of your personal information complies with the Act and your privacy is protected. We do this by ensuring disclosure is limited to recipients subject to privacy laws that are recognised as providing a comparable level of legal protection to the Act, or where we are satisfied that alternative arrangements are in place to protect your privacy rights.
If we have to release your personal information to an overseas provider in a location without comparable privacy laws in place, we will obtain your express authorisation prior to the transfer of your information.
PROVIDING PERSONAL INFORMATION OF OTHERS
Clients and individuals who deal with us should not provide personal information for another individual unless they have the express authorisation of that individual to do so. Before providing us with personal information about another individual or a client the provider should:
• inform the individual whose information they are providing and notify them that we will handle their information in accordance with this Privacy Policy;
• provide the individual with a copy of (or refer them to) this Privacy Policy; and
• confirm that the individual has provided express consent for their personal information to be provide to us.
WHERE WE PROVIDE PERSONAL INFORMATION
If we give or provide you access to the personal information of another person, it must only be used:
• for the purposes we have agreed to; and
• in compliance with applicable privacy laws (including the Act) and this Privacy Policy.
Applicable agents, advisers, employees, and contractors are also required to adhere to the above.
ACCURACY, ACCESS, AND CORRECTION OF YOUR PERSONAL INFORMATION
We take reasonable steps to ensure that the personal information we hold is accurate, complete and up to date when we collect, use or disclose it. However, we also rely on individuals and our clients advising us of any changes to their personal information.
Individuals and clients are to contact us promptly via their broker, or by using our contact details below if there are any changes to personal information or if the information we hold is inaccurate, incomplete or outdated.
Individuals and clients can request access to their personal information or have it corrected or erased (in certain circumstances) by contacting us at the contact details below. If an access request is made, we will provide the requester with access to the personal information we hold about them (unless otherwise required or permitted by law). If we refuse or deny access or amendment to personal information, we will provide reasons for this. We may charge a fee where necessary in certain circumstances.
SECURITY OF PERSONAL INFORMATION
We will take reasonable steps to protect any personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure. However, data protection measures are never completely secure and despite measures we have in place, we cannot guarantee the security of the personal information we hold. Clients and individuals must also take care to ensure they protect their own personal information. We should be notified as soon as possible in the event of a security breach. Where required by law, we will notify individuals and clients of any notifiable privacy breach in relation to their personal information.
PRIVACY POLICY UPDATES
We reserve the right to amend our Privacy Policy from time to time to ensure we properly manage and process personal data. We recommend reviewing our Privacy Policy regularly as it may be amended or updated periodically.
HOW TO MAKE A COMPLAINT
If you wish to make a complaint about a breach of this Privacy Policy or a breach of applicable privacy laws, you can contact us using the details below. Please provide sufficient details regarding your complaint together with any supporting evidence and information. You can also complain to the Privacy Commissioner (see www.privacy.org.nz).
HOW TO CONTACT US
If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy, or any other query relating to our Privacy Policy, please contact us at privacy@rothbury.co.nz
This privacy policy was last updated in September 2023