Privacy Policy

The purpose of this Privacy Policy is to inform:

• The clients of Super-Advice New Zealand Ltd (the Company, ‘we’, ‘us’, ‘our’), and
• Users of our web site how we comply, in New Zealand, with the requirements of the Privacy Act 2020, when we manage their personal information.

When you are contacting us through our website you are agreeing to this Privacy Policy. If you do not agree, then please do not use our website.

‘Personal Information’ is defined in the Privacy Act 2020 as information about an identifiable individual, i.e. information:

• About a natural person as opposed to information about a company or other legal entity; and
• Which is in a form which enables that person to be identified.

The types of personal information we collect will vary and will depend on the nature of your dealings with us. At all times we try to only collect the personal information that we require for the particular business activity and/or function we are carrying out. The main way we collect personal information about you is when you give it to us. This is generally:

• Over the telephone, or video calling (for example, when you contact our financial advisers);
• Via our website;
• When you write to us (via an email, or a letter, or our website);
• When you register for or attend an event organised by us; and
• When you participate in a marketing campaign or promotion (or a similar event) administered by us or our representatives.

Generally, the types of personal information we collect and hold may include your name, email address, postal address, physical address, date of birth, telephone number, details relating to your use of any product and/or service offered by us, and details of your enquiry notified to us and any other preferences you tell us about.

Where reasonable and practicable, we will collect your personal information directly from you and inform you that this is being done.

We may also collect personal information about you from:

• Publicly available sources (such as white pages);
• Your professional advisers (e.g. your solicitor, your accountant etc.);
• Your employer;
• Other organisations, who jointly with us, provide products or services to you;
• Commercial information service providers, such as credit rating agencies; and
• Insurers (or re-insurers).

In collecting your personal information from the above parties (other than publicly available sources), we will assume you have given them permission to release your information to us. We are not responsible for the privacy or security practices of the above parties and the parties described above are not covered by this Privacy Policy.

Where your personal information is collected from a third party, we will take reasonable steps to ensure you are aware that this has been done.

If you are visiting us through our website, then we collect information about your use of the website. Our website uses cookies to enhance user experience and collect analytics. Individuals can manage or disable cookies through browser settings. Disabling cookies may affect site functionality.

Cookies are small pieces of information stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.

One of the reasons for using cookies is to offer you increased security. The cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent to another site, or be retrieved by any non-Super-Advice Corporate Services Pty Ltd site.

When you interact with us via our website, the information collected from the use of cookies may include:

• The date and time of visits;
• Web site page (or pages) viewed;
• The site from which you accessed the internet (and our website);
• How you navigate through the website and interact with pages (including fields completed in forms and applications completed (where applicable));
• Information about your location;
• Information about the device used to visit our website; and
• IP address (or addresses), and the type of web browser used.

We will not ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions.

We may electronically record and store personal information which we collect from you. When we do so we will take all reasonable steps to keep your personal information secure and prevent unauthorised disclosure; and to keep your personal information accurate and up-to-date.

However, we do not promise that your personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. You should notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.

We use a range of physical and electronic security measures to protect the security of the personal information we hold. For example:

• Access to information systems is controlled through identity and access management;
• Employees are bound by internal information security policies and are required to keep information secure;
• All employees are required to complete training about information security; and
• We regularly monitor and review our compliance with internal policies and industry best practice.
• We take reasonable steps to destroy or permanently de-identify any personal information after it can no longer be used.

Super-Advice NZ Ltd will retain personal data only for as long as necessary to fulfill its business purposes and regulatory obligations. Personal data will be securely disposed of when no longer required, in line with the following guidelines:

• Client data related to financial services – retained for at least 7 years (FMA requirement).
• Marketing data – deleted upon request or after 12 months of inactivity.
• Personal data no longer needed – permanently deleted or securely shredded.

Information provided by you or your authorised person (e.g. your solicitor, attorney, accountant, etc.) may be used by us for the purpose of providing advice and service to you and, may also be used by agencies such as, but not limited to:

• The Regulator or service provider when implementing any of our recommendations or variations thereof;
• Assessors or by any claims investigators who may need access to such information;
• Other professionals such as solicitors, accountants, finance brokers, financial planners, health service providers when such services are required to complement this advice and as requested by you;
• Our IT service providers; and external compliance assurance service providers;
• Providers of external dispute resolution service; and
• Government agencies and law enforcement bodies in any jurisdiction.

We may also disclose your personal information to others outside the Company where:

• We are required or authorised by law or where we have a public duty to do so;
• You may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
• We are otherwise permitted to disclose the information under the Privacy Act 2020.

Super-Advice NZ Ltd may need to transfer personal information outside of New Zealand, particularly to Australia, as part of our business operations. This may include sharing data with insurers, investment providers, or regulatory bodies.

To ensure your information remains protected, we will:

• Comply with the Australian Privacy Act 1988, which offers similar privacy protections to New Zealand’s Privacy Act 2020.
• Use secure encryption methods when sending sensitive information.
• Restrict access to personal data, ensuring only authorized personnel can view it.

By using our services, you agree that your personal information may be shared with our Australian partners under these security safeguards."

However, any such transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.

Through our website you may be able to link to other websites which are not under our control. We are not responsible for the privacy or security practices of those third party websites and the sites are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies and we encourage you to read them.

In addition, we have no knowledge of (or control over) the nature, content, and availability of those websites. We do not sponsor, recommend, or endorse anything contained on these linked websites. We do not accept any liability of any description for any loss suffered by you by relying on anything contained or not contained on these linked websites.

On occasion as required, Super-Advice may disclose client information to third parties, including:

• Regulators such as the Financial Markets Authority (FMA) and Privacy Commissioner (if required by law).
• Insurers, fund managers, and investment providers to facilitate financial product applications.
• External compliance auditors for regulatory oversight and assurance.
• IT service providers (including cloud storage providers) to maintain secure digital infrastructure.

All third parties handling personal data must comply with Privacy Act 2020 obligations and confidentiality agreements."

Super-Advice NZ Ltd may send marketing communications related to our products and services. Individuals can opt out at any time by:

• Clicking the ‘unsubscribe’ link in our emails.
• Updating your preferences in your account settings.
• Contacting our support team.

The Privacy Act 2020 gives you the right to request access to, and correction of, your personal information. You can do so by contacting us at:

• calling 0800 89 4688
• emailing service@super-advice.co.nz
• visiting www.super-advice.co.nz
• writing to us at PO Box 1120, Pukekohe, 2340 – ATTN Anna Gibbs

When you contact us with such a request, we will take steps to update your personal information, provide you with access to your personal information and/or otherwise address your query within a reasonable period after we receive your request. To protect the security of your personal information, you may be required to provide identification before we update, or provide you with access to your personal information.

There is no fee for requesting that your personal information is corrected or for us to make corrections.

In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.

There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give you access to or to correct your personal information we will give you a notice explaining our reasons except where it would be unreasonable to do so.

If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.

If you are concerned about how your personal information is being handled or if you have a complaint about a breach of the New Zealand Privacy Principles by us, please contact us at:

PO Box 1120, Pukekohe, 2340

We will acknowledge your complaint within five days of its receipt. We will let you know if we need any further information from you to investigate your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within ten business days but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response. If you are not satisfied with our response to any privacy-related concern you may have, you may contact the Privacy Commissioner at:

Office of the Privacy Commissioner
P O Box 10-094
Wellington, New Zealand
Telephone: 04-474 7590 (Wellington)
Telephone: 09-302 8680 (Auckland)

Email: enquiries@privacy.org.nz

Fax: 04- 474 7595

Web site: www.privacy.org.nz

Super-Advice New Zealand Ltd (NZBN 9429030906815)

If a privacy breach occurs, Super-Advice NZ Ltd will:

• Assess the severity of the breach.
• Take immediate steps to contain and mitigate any risks.
• Notify affected individuals if the breach is likely to cause serious harm.
• Report the breach to the Privacy Commissioner if required under the Privacy Act 2020.
• Conduct a post-incident review to prevent future breaches.

All employees must report suspected privacy breaches immediately to the Operations Manager.

This document has been reviewed and approved as following:

Document Version: V1 — Date:01/12/2020 — Signed off by Anna Gibbs
Document Version: V2 — Date: 01/12/2022 — Signed off by Anna Gibbs