HUNTER WITHERS

Privacy Policy

‍ ‍1. Introduction

1.1 Hunter Withers Limited (we, us, our) is a firm of chartered accountants and business advisers based in Pukekohe, providing accounting, tax, compliance and advisory services to individuals, businesses and other entities.

1.2 We are committed to protecting your privacy and managing your personal information in accordance with the Privacy Act 2020 (Privacy Act) and, where applicable, the Anti‑Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

1.3 This Privacy Policy explains how we collect, use, store, disclose and protect personal information in connection with our services, our website and related business activities, including when we collect information indirectly from third parties about you. 1.4 By engaging us, signing our Authority to Act or AML/CFT Request for Information, using our website, or otherwise providing personal information to us, you acknowledge that your personal information will be handled in accordance with this Privacy Policy and applicable law.

2. What personal information we collect‍ ‍

2.1 The personal information we collect depends on our relationship with you and the services you use, but may include:

  • Identification details: full name, date of birth, IRD number, company number, ACC number, occupation and similar identifiers.

  • Contact details: physical and postal address, email address, phone numbers and preferred contact channels.

  • Client and business information: information about your business or farming operation, ownership and governance structure, employees and contractors, trading activities and financial and strategic objectives.

  • Financial and tax information: bank account details, accounting records, invoices, payroll records, GST and income tax information, financial statements, budgeting and cashflow data, asset and liability schedules and related documentation.

  • AML/CFT information: identity documents (such as passport or driver licence details and copies), proof of address, information about source of funds and source of wealth, information about the nature and purpose of a business relationship or transaction and enhanced due diligence information where applicable.

  • Relationship information: details of directors, shareholders, trustees, beneficiaries, partners, authorised signatories, guarantors and other persons associated with our clients or counterparties.

  • Compliance and screening information: sanctions and politically exposed person (PEP) screening results, adverse media information and other compliance‑related data.

  • Engagement, marketing and events information: information about your service packages, communications preferences, attendance at any events or workshops, and responses to surveys or feedback requests.

  • Website and digital information: information automatically collected when you use our website (such as IP address, device information, browser type and pages visited), and information submitted via online forms or email. In some cases, we may collect more sensitive information (for example, health or family information relevant to your tax or business affairs) where this is reasonably necessary for the services we provide or required by law.

3. How we collect personal information‍ ‍

3.1 We usually collect personal information directly from you, for example when you:

  • engage us to provide accounting, tax or advisory services and sign our Terms and Conditions or Authority to Act;

  • complete our AML/CFT Client Request for Information;

  • provide us with documents and information in the course of an engagement;

  • contact us by phone, email, our website or in person;

  • or attend our office, meetings, events or workshops.

3.2 We also collect personal information about you from third parties where this is permitted by law and reasonably necessary for our functions, including to provide our services and meet our regulatory obligations. These third‑party sources may include:

  • Inland Revenue, ACC and the Companies Office, once you have signed an Authority to Act or otherwise authorised us to act as your agent;

  • other government agencies and regulators where we are authorised or required to obtain or provide information;

  • banks, financial institutions, insurers and brokers;

  • your previous accountants or advisers, where you authorise us to obtain information from them;

  • identity‑verification and screening providers (such as Realyou Limited trading as RealAML), which may in turn obtain information about you from other third‑party data sources and provide it to us for verification and screening purposes;

  • credit‑management and debt‑collection providers such as Credit Control on Call, in relation to overdue accounts and debtor management;

  • our professional indemnity insurer or tax audit insurer (currently FM Limited trading as FM Insure) in connection with our practice insurance and your tax audit insurance, including limited disclosure of client names and turnover bands where reasonably necessary in the event of Inland Revenue queries or audits;

  • our IT and systems support providers, who may have access to personal information stored in our systems (including our SharePoint environment) while providing support or maintenance services;

  • marketing and website service providers, who may have limited access to client contact details and website‑usage data to help us manage our website and communications; and

  • publicly available sources, such as public registers, websites, and media.

3.3 We treat personal information that is supplied to us by such third parties as information collected by us from a third party and handle it in accordance with this Privacy Policy and the Privacy Act.

4. Notification when we collect information indirectly ‍ ‍

4.1 Where we collect your personal information from a third party rather than directly from you, we will take reasonable steps to ensure you are aware that we have collected that information and of the matters set out in this Privacy Policy (including why we collected it and how to contact us), unless an exception under the Privacy Act applies.

4.2 In many cases, you will already be aware of the indirect collection because you have:

  • signed our Authority to Act authorising us to obtain information from Inland Revenue, other government agencies, financial institutions and the Companies Office on your behalf;

  • signed our AML/CFT Request for Information and Privacy Statement, which explains that we may use RealAML to verify identity and conduct screening; or

  • agreed in our Terms and Conditions that we may approach third parties as appropriate for information necessary to deal with your affairs.

4.3 We may also notify you directly (for example by email or in engagement documentation) or via the intermediary that supplied your information, where appropriate.

4.4 We may rely on an exception to the IPP 3A notification requirement where, for example, providing notice would:

  • prejudice the purposes of collection or the maintenance of the law (for example, in the context of AML/CFT monitoring or law‑enforcement inquiries);

  • involve a breach of another person’s privacy, legal professional privilege or confidentiality;

  • be contrary to another legal obligation; or

  • be impossible or impracticable in the circumstances.

5. Purposes for which we collect and use personal information‍ ‍

5.1 We collect, use and disclose personal information only for purposes that are lawful, fair and reasonably necessary for our business and legal obligations. In particular, we may use your personal information to:

  • provide accounting, tax, compliance and business advisory services to you and other related/associated or group clients, including preparing financial statements, tax returns, GST returns, management accounts, cashflow and budgeting, and related services;

  • understand your business and financial position so that we can tailor our services and advice;

  • comply with our obligations under the AML/CFT Act, including customer due diligence, ongoing monitoring, enhanced due diligence and record‑keeping;

  • conduct identity verification, sanctions and PEP checks and other compliance checks using RealAML and similar providers;

  • act as your authorised agent with Inland Revenue, ACC, the Companies Office and other government agencies, in accordance with any Authority to Act or instructions you provide;

  • manage our client relationships, including onboarding, setting up service packages, billing, credit management (which may involve sharing debtor information with Credit Control on Call), and responding to queries or complaints;

  • manage our practice operations, systems, security and risk (including IT and SharePoint support, internal training, quality assurance, and use of marketing providers to maintain our website and communications);

  • meet requirements of our professional indemnity insurance or your tax audit insurance, including limited disclosure of client names and turnover bands to FM Insure where reasonably necessary in connection with Inland Revenue queries, audits or potential claims;

  • organise and run events or workshops and communicate with you about them; and

  • comply with our legal, regulatory and professional obligations, and respond to or defend against investigations, regulatory inquiries or legal proceedings.

5.2 We will not use your personal information for purposes that are materially different from those for which it was collected unless:

  • you have authorised the further use; or

  • the further use is permitted or required by law.

6. Disclosing personal information‍ ‍

6.1 We may disclose personal information to:

  • Inland Revenue, ACC, the Companies Office and other government agencies, in accordance with your Authority to Act and our legal obligations;

  • service providers who support our business, including RealAML (identity verification and screening), IT and SharePoint support providers, specialist compliance, business advisory, taxation and legal advisers, practice‑management and document‑management providers, cloud‑storage providers, marketing and website providers, Artificial Intelligence service providers, and secure document‑destruction services;

  • utilise outsourcing services, including Connect Outsourcing in India, Kiwi Connect in Philippines and other third parties from time to time to complete client compliance work.  In utilising these services, we provide these third parties with access to your data to the extent it is required for them to perform the services;

  • obtain specialist taxation and legal advice, for example in more complex circumstances we may instruct Carl Brandt Taxation Specialist in Hamilton, or Turner Legal in Auckland to assist us and we them with access to your data to the extent it is required for them to provide their advice;

  • credit‑management and debt‑collection providers such as Credit Control on Call, in relation to overdue accounts and debtor management;

  • our professional advisers and insurers, including FM Insure, where reasonably necessary to obtain or maintain insurance cover, manage risk, or respond to Inland Revenue queries or audits;

  • banks, financial institutions and payment‑service providers in connection with payments and banking arrangements;

  • other professional advisers or parties involved in your affairs (such as lawyers, bankers or other accountants), where reasonably necessary to carry out your instructions or the purpose of our engagement;

  • courts, tribunals, dispute‑resolution schemes, regulators and law‑enforcement agencies where disclosure is required or authorised by law, court order or our professional obligations; and

  • any other person where you have authorised us to do so.

6.2 Some of the third parties listed above may be located, or may store personal information, outside New Zealand (for example, RealAML’s encrypted storage on AWS in Sydney, Connect Outsourcing in India, Kiwi Connect in Philippines).

6.3 Where we disclose personal information to third parties, we will take reasonable steps to ensure that those third parties protect the information in a manner that is consistent with the Privacy Act and this Privacy Policy.

7. Storage, security and retention‍ ‍

7.1 We take reasonable steps to protect personal information against loss, unauthorised access, use, modification or disclosure and other misuse. These steps include physical security, access controls, secure passwords, encryption for certain data, and staff training on privacy and information security.

7.2 Personal information may be stored in paper files and in electronic form in our practice‑management systems, document‑management systems, cloud‑based platforms and RealAML’s dashboard and related infrastructure.

7.3 We retain personal information only for as long as it is reasonably required for the purposes for which it was collected, for our legitimate business purposes, or as required by law. This includes AML/CFT records (which must generally be kept for at least five years) and accounting records (which we typically retain for seven years from the relevant balance date).

7.4 After the applicable retention period, we will take reasonable steps to securely destroy or anonymise personal information, for example using a secure document‑destruction service and secure deletion of electronic records. ‍ ‍

8. Access to and correction of personal information‍ ‍

8.1 You have the right to request access to personal information we hold about you, and to request correction of that information if you believe it is inaccurate, incomplete or not up to date.

8.2 We may refuse access or correction in certain circumstances permitted by the Privacy Act (for example, where providing access would unreasonably impact the privacy of others, disclose legally privileged or confidential information, or prejudice the maintenance of the law). If we refuse your request, we will tell you why (unless it would be unlawful to do so) and inform you about your options.

8.3 If we cannot or do not agree to correct information you believe is wrong, you may ask us to attach a statement of correction to the information noting your view.

8.4 To request access or correction, please contact us using the details in section 12. We may need to verify your identity before responding and may charge a reasonable fee for providing access where permitted by law.

9. Consequences of not providing personal information‍ ‍

9.1 You are not required to provide us with personal information that we request. However, if you do not provide information that we reasonably need:

  • we may be unable to establish or continue a business relationship with you;

  • we may be unable to provide some or all of our services; and

  • we may be unable to meet our legal obligations (for example, under the AML/CFT Act), which may result in us being unable to act or continue to act for you.

10. Cookies and website analytics‍ ‍

10.1 Our website may use cookies and similar technologies to improve functionality and help us understand how visitors use the site. This may involve collecting information such as your IP address, device information and pages visited.

10.2 You can usually choose to disable cookies through your browser settings, although this may affect some website functionality.

11. Complaints and privacy queries‍ ‍

11.1 If you have any concerns about how we have handled your personal information, or believe we have breached our privacy obligations, please contact us in the first instance. We will work with you to resolve your concerns in a timely and fair manner.

11.2 If you are not satisfied with our response, you can lodge a complaint with the Office of the Privacy Commissioner at www.privacy.org.nz.

12. Contact us‍ ‍

If you have any questions about this Privacy Policy, our privacy practices, or if you wish to exercise your rights of access or correction, please contact:

Privacy Officer Hunter Withers Limited – Chartered Accountants & Business Advisors
Address: 3 Harris Street, Pukekohe 2120, New Zealand
Email: info@hunterwithers.co.nz‍ ‍
Phone: 09 238 5396 ‍ ‍

13. Changes to this Privacy Policy‍ ‍

13.1 We may update this Privacy Policy from time to time to reflect changes in our services, third‑party arrangements, legal requirements, or guidance.

13.2 The current version will be available on request and may be published on our website. Changes will take effect from the date they are made available. When we onboard you as a client, we will also take reasonable steps to ensure that you are provided with a copy of this Privacy Policy.