King & Co Privacy Statement Policy
1. Collection and use of personal information
King & Co is committed to protecting the privacy of the personal information it collects and receives. We are required to comply with the Privacy Act 2020
1.1. Personal information we collect
Personal information (or personal data) is any information about an identifiable individual. Processing is how we sometimes refer to the handling, collecting, protecting or storing of personal information.
We collect, hold and process personal information from actual and prospective clients, suppliers, employees, job applicants, contractors and other individuals. We collect and hold this information for our necessary business purposes.
The type of personal information we collect, hold and process includes:
· Contact details (e.g. names, addresses, telephone numbers, email addresses and job titles).
· Professional details (e.g. job and career history, educational background and professional memberships, published articles, social media details).
· Identification documents (e.g. passport, driver’s licence, tax file number or other government-issued identification numbers) and additional information required to verify your identity.
· CCTV at our sites may collect images of visitors.
· General user information and location-based data such as internet protocol addresses, browser type and internet service provider details and other technical information when you visit our associated websites.
We generally do not intend to collect, and we ask you not to submit, any special categories of personal information. Special categories of personal information includes information about an individual’s race or ethnic origin, political opinions or affiliations, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data that uniquely identifies someone, sexual orientation and criminal records.
If you choose to provide special categories of personal information about yourself to us for any reason, the act of doing so constitutes your explicit consent (where such consent is necessary and where obtaining such consent in such manner is permitted under applicable law), for us to collect and use that information as necessary in the ways described in this privacy statement or as described at the point you choose to disclose this information.
Due to the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (e.g. when seeking client or staff feedback generally).
1.2. Lawful reasons for processing personal information
We may rely on the following lawful reasons when we collect and use personal information to operate our business and provide our products and services:
Contract – We may process your personal information in order to perform our contractual obligations to the relevant individuals.
Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These may include:
· Delivering services to you and our clients – To deliver HR and H&S services and advice to our clients have engaged us to provide including information on new technologies and services.
· Marketing – Where permitted by law, to conduct and analyse our marketing activities and conduct surveys. To deliver timely market insights and speciality knowledge including a tailor-made online experience we believe is welcomed by our clients, and individuals who have interacted with us.
· Maintaining the security of our and our client’s data, our IT systems and physical security – To prevent fraud, criminal or other unlawful activity, protect our and our client’s data, our IT systems and premises.
· Corporate responsibility – To comply with our social responsibility commitments, and managing our supply chain.
· Legal obligations – We may process personal information in order to meet our legal and regulatory obligations or mandates, as reasonably necessary, such as assisting a law enforcement agency or an agency responsible for national security in the performance of their functions, or to enforce or protect our legal rights, or those of our clients and others.
· Public Interest – Where permitted by law, we may process personal information in order to perform a specific task in the public interest.
· Vital Interests – We may process personal information to protect the vital interests of the individual or another natural person, such as to prevent or lessen a serious threat to the life or health of the person.
· Legal claims – We may process personal information where it is necessary for us to establish, exercise or defend a legal claim.
· Employment and social protection law – We may process data to carry out our obligations and exercise our or your rights in the field of employment and social protection law.
· Consent – Where no other processing condition is available or where specifically required by applicable law, if you have agreed to us processing your personal information for the relevant purpose.
1.3. Why we need personal information
We aspire to be transparent when we collect, hold and process personal information and tell you why we need it, which typically includes the following primary purposes:
· Providing HR and H&S services and advice and delivering reports related to our tax, advisory, audit and assurance and other professional services.
· Our services may include reviewing of files for quality assurance purposes, which may involve processing personal information for the relevant client.
· Promoting our professional services, products and capabilities to existing and prospective clients.
· Sending invitations and providing access to guests attending our events and webinars or our sponsored events.
· Security, quality and risk management activities – We have security measures in place to protect our information and information systems and our client’s information (including personal information), which involves detecting, investigating and resolving security threats.
· This may include:
o Automated scans to identify harmful emails.
o Monitoring the services provided to clients for risk and quality purposes, which may involve processing personal information stored.
o Carrying out conflict and risk searches to ensure there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions, conduct or other reputational issues).
o Authenticating registered users to certain areas of our sites.
o General management and reporting activities, such as invoicing and account management.
· In relation to the employment of our personnel, providing internal services to our employees, seeking qualified candidates, and forwarding candidate career inquiries to our HR team, which may be governed by different privacy terms and policies.
· Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
· Contacting media regarding corporate press releases and highlighting messages that may be of interest on specific industry topics.
· Helping support clients to run development programs for education and learning purposes to inform industry leaders.
· Complying with any requirements of law, regulation or a professional body of which we are a member.
· Compiling health and safety data (directly or indirectly) following an incident or accident. Indirect data can take many forms including an incident report, first aider report, witness statements and CCTV footage.
· Collecting health data to assess, monitor and control spread of infectious diseases and to provide a safe environment for our employees, clients and suppliers.
· For other purposes related to our business.
Your personal information will not be used for other purposes unless we obtain your consent to the secondary use, or the secondary use is required or permitted by law.
In some cases where you have registered for certain services, we may store your email address temporarily until we receive confirmation of the information you provided via an email (for example where we send an email to the email address provided as part of your registration to confirm a subscription request).
If you choose not to provide us with personal information which we have requested from you, we may be unable to fulfil any of the above purposes, including responding to your requests, paying your invoices or processing your application for employment.
We may collect, hold and use personal information about individuals to market our services, including by email. If you opt-in for particular services or communications, such as an e-newsletter, you can unsubscribe at any time by following the instructions included in each communication or by sending an email to info@kingandco.co.nz.
1.4. How we collect personal information
· Directly – We obtain personal information directly from individuals in a variety of ways, including from individuals who provide us with their business cards, complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, visit our offices or for recruitment purposes. We may also obtain personal information directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
· Indirectly – In some instances, we may obtain your personal information indirectly from a variety of sources, including publicly available sources, our clients, recruitment, third-parties or other King & Co related companies (see section 2.1):
· Public sources – Personal information may be obtained from public registers, government agency publications, news articles, sanctions lists, internet searches and social media sites.
· Our clients – Our clients may engage us to perform HR and H&S services and advice which involves sharing personal information they control as part of that engagement. Our services may also include processing personal information under our clients’ control on our hosted software applications, which may be governed by different privacy terms, policies and notices.
· Service providers and other third parties – We may obtain personal information from our service providers such as recruitment and credit reference agencies and other third parties such as previous employees, previous employers, law enforcement agencies, banks, and medical screening providers who assist us with our obligations for screening and regulatory checks.
· Third-party single sign-on service – You may register or login to our website using a third-party single sign-on service. Where you log in this way, the service authenticates your identity and connects your social media login information (e.g. LinkedIn, Google, Twitter or Facebook) with King & Co. We will collect any information or content needed for the registration or login that you have permitted the social media provider to share with us, such as your name and email address. Other information we collect will depend on the privacy settings you have set with your social media provider and their privacy statement.
· Personal information about others – Where you provide personal information to us about other people, you must ensure that you have a lawful basis to make such disclosure.
1.5. Cookies
Our websites may use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our Cookies Notice.
1.6. Children
King & Co understands the importance of protecting children's privacy, especially in an online environment.
Our websites are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.
2. Sharing and transfer of personal information
2.1 Sharing with third parties
The information you provide to us may be shared with third-parties to the extent necessary to carry out our professional and business needs, to complete your requests, where we are required to disclose that information by law or for safety reasons, with your consent or as otherwise stated in this privacy statement.
Examples of this might include:
· Sharing with our service providers – We work with reputable service partners and agencies to meet our business needs, as well as to assist in our delivery of services to you. We may share your personal information with these providers where, and to the extent that, it is required in the provision of the services you have asked that we provide. King & Co will only share personal information with providers who have met our standards on the processing of data and security.
· Sharing with professional advisers – We may share your personal information with our professional advisers, including accountants, lawyers and insurers.
· Sharing for internal and compliance purposes – The disclosure of your personal information might be necessary for crime prevention, anti-money laundering compliance, sanctions screening, data privacy or security audits, other audits required by local legislation, client conflicts and independence checks, or where we are required to investigate or respond to a complaint or a security threat.
· Sharing as required under applicable laws, regulations or professional standards – There may be occasions where courts, tribunals, regulatory or professional standards bodies or other third parties require King & Co to share information with them, or it may be prudent for King & Co to comply with such request, in accordance with applicable law, regulations, professional standards or national and international sanctions.
· Sharing in the event of sale or transfer – In the event King & Co or the business of the website is sold, transferred or assigned disclosure might be necessary for that sale, transfer, merger or assignment, or as a result of the sale, transfer, merger or assignment.
· Sharing with payment, marketing and recruitment service providers – We may share your personal information with payment, marketing and recruitment service providers.
· Sharing with health government bodies and external service providers – We may share your personal information with health government bodies and external service providers (health, facilities, estate management) to assess, monitor and control the spread of infectious diseases.
· In some cases, the third parties we share your personal information with may be located overseas, in particular, in the United States of America, the United Kingdom, the European Economic Area (including the Netherlands, Ireland and Germany), Australia, Singapore, Hong Kong, Japan, Argentina, Cook Islands, India. We require these third-parties to take appropriate measures to protect and restrict how they use that information, in accordance with our contractual obligations and applicable privacy laws.
We may also share non-personal, de-identified and aggregated information for research or promotional purposes. At no time will King & Co sell your personal information to any third parties or transfer your personal information to any third parties for their direct marketing use.
2.2 Security and retention of personal information
King & Co has security policies and procedures in place to protect our information and client information (including personal information) from loss, unauthorised access, use, modification, disclosure or misuse. Despite King & CO’S best efforts, security cannot be guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who need to know. Those individuals who have access to the data are required to maintain the confidentiality of the information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect your personal information.
We retain personal information to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. We retain personal information for as long as is necessary for the processing purposes for which the information was collected, and any other permissible, related purpose. The criteria we use to determine the retention periods also include:
· whether there are contractual or legal obligations that exist that require us to retain the personal information for a period of time;
· whether you have interacted with us recently; and
· whether any applicable law, statute, regulation or professional standard allows for a specific retention period.
Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal information in accordance with these purposes, we retain such personal information for six years.
3. Links to other sites
King & Co’s website may contain links to other sites, including sites maintained by other King & Co companies that are not governed by this privacy statement. These sites will be governed by a privacy statement that relates to that companies. We encourage users to review the privacy statement of each website before disclosing any personal information.
4. Your privacy rights
Where we hold personal information about you:
You have the right to access that information where it can be readily retrieved, except in the limited circumstances in which it is permitted for us to withhold this information; and if that information is incorrect, you may ask that we correct it.
You can make requests to access personal information by emailing info@kingandco.co.nz. In most instances, we will require you to provide some form of identification (such as a driver’s licence or passport) so we can verify that you are the person to whom the information relates.
Please visit the Office of the Privacy Commissioner’s website for further information about your rights.
5. How to contact us
If you have a query about this privacy statement or the privacy of your information, or if you would like to enforce your privacy rights, please contact King & Co as follows:
Privacy Liaison
King & Co
info@kingandco.co.nz
6. Changes to this privacy statement
King & Co may modify this privacy statement at any time by publishing an updated version on this webpage. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this statement. The newly amended privacy statement will apply from that revision date, and will apply to personal information previously received from you. We encourage you to review this privacy statement periodically to stay informed about how we are protecting your information.
Any amended privacy statement will apply between us whether or not we have given you specific notice of any change.
Legislation underpinning this Privacy Statement Policy
Privacy Act 2020 and any amendments