At Folio.Insure Limited ("Folio.Insure,", “Folio”, "we," "our," or "us"), we are committed to protecting Your privacy and ensuring the security of Your personal information. This Privacy Statement explains how we collect, use, disclose and protect Your personal information in accordance with New Zealand law including the Privacy Act 2020, and the 13 privacy principles outlined therein.
We use Your Personal information to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
Interpretation
Interpretation: In this Privacy Statement, the following terms have the meanings specified:
"Folio.Insure," "we," "our," or "us" refers to Folio.Insure Limited, a licensed Financial Advice Provider (FAP) based in New Zealand.
“You” (and Your) also known as the “client” or the “individual” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
"Personal information" means any information relating to an identified or identifiable individual.
Definitions
Throughout this Privacy Statement, the following terms are defined as follows:
"Privacy Act 2020" refers to the privacy legislation enacted in New Zealand that governs the collection, use, and protection of personal information.
"Privacy principles" refers to the 13 principles outlined in the Privacy Act 2020 that set out the obligations and standards for handling personal information.
"Financial advisers" refers to individuals who are qualified and registered under relevant legislation to provide financial advice under Folio.Insure’s licence.
"Insurers" refers to insurance companies or underwriters.
"Reinsurers" refers to companies that provide insurance coverage to insurers.
"Service providers" refers to third-party entities or individuals engaged by Folio.Insure Limited to perform certain functions or services on our behalf.
"Regulatory bodies" refers to government agencies or authorities responsible for overseeing and enforcing regulations related to the financial services industry, including but not limited to the Financial Markets Agency and The Reserve Bank.
"Duty of disclosure of material fact" refers to the legal obligation of individuals and organizations to disclose all relevant information that could affect the insurance contract or financial advice provided.
"Service" refers to the systems, compliance, and technology provided by Folio.Insure Limited for the purpose of supporting authorised bodies and financial advisers in delivering financial advice on fire and general insurance. The service encompasses the collection, management, and processing of personal information necessary for providing financial advice and related services.
“Authorised Body” is an entity (e.g., company or partnership) named on Folio’s FAP licence conditions that can provide the licensed service without needing its own licence.
Please note that these interpretations and definitions are provided for clarification purposes. If there are any discrepancies between these interpretations and the applicable laws or regulations, the laws and regulations will prevail.
Personal Information Collection:
At Folio.Insure Limited, the types of personal information we collect and retain may vary depending on the services our Financial Advisers provide. Generally, the personal information we collect and retain can include:
Contact information: This includes your full name (first and last), email address, current postal address, delivery address (if different from postal address), and phone numbers.
Employment details: If applicable, we may collect information related to your current or previous employment.
Date of birth: We collect your date of birth for identification and verification purposes.
Insurance history: We collect information about your insurance history to assess risk and provide appropriate insurance recommendations.
Other information: We may collect other information specific to our products or services, including your assets, valuations, behaviour, situation, opinions, statements, endorsements, and feedback gathered through personal interactions, surveys, and questionnaires. This information helps us understand your views on the products and services offered by Folio.Insure and our Member Brokers.
Payment and billing information: If you are requesting products or services from us, we collect relevant payment or billing information. This may include bank account details, direct debit information, credit card details, billing address, premium funding, and instalment information.
In certain cases, we may also collect more sensitive information, which can include:
Criminal record: If necessary and permitted by law, we may collect information related to any criminal records.
Health information: We may collect health information if it is relevant to the insurance products or services being provided.
Membership of professional or trade associations: If applicable, we may collect information regarding your membership in a professional or trade association.
Please note that the collection and retention of sensitive information are subject to applicable privacy laws and regulations, and we handle such information with the utmost care and confidentiality.
Purpose of Collection
Folio.Insure Limited is committed to complying with Privacy Principle 1 of the Privacy Act 2020, which outlines the requirements for the purpose of collecting personal information. When collecting personal information, we adhere to the following guidelines:
Clearly defined purpose: We collect personal information for a specific and clearly defined purpose. We ensure that individuals are informed about the purpose for which their personal information is being collected. This purpose may include, but is not limited to:
Providing financial advice services: We collect personal information to provide accurate and relevant financial advice tailored to the individual's needs and circumstances. This includes assessing risks, recommending insurance coverage, and offering other related financial advice.
Assessing eligibility and underwriting: We collect personal information to assess an individual's eligibility for insurance coverage, determine appropriate premium rates, and facilitate the underwriting process.
Administration of insurance policies: We collect personal information to administer insurance policies, including processing claims, handling policy changes, and managing policy renewals.
Lawful basis: We collect personal information only when there is a lawful basis for doing so. This includes obtaining the necessary consent from individuals, fulfilling contractual obligations, complying with legal requirements, or pursuing legitimate interests that are not overridden by an individual's privacy rights.
Limitation to relevant information: We collect only the personal information that is necessary and relevant for the intended purpose. We ensure that the information collected is adequate and appropriate to fulfil the specified purpose, and we avoid unnecessary or excessive collection of personal information.
Secondary use limitation: We do not use personal information for purposes other than those for which it was originally collected, unless there is a lawful basis for doing so or with the individual's consent. We respect the principle of purpose limitation and ensure that personal information is not used in a manner that is incompatible with the original purpose.
Informing individuals: We inform individuals about the purpose for which their personal information is being collected. This includes providing clear and concise explanations of how their information will be used to provide financial advice services, assess risks, administer insurance policies, and fulfil other related purposes.
By adhering to these principles, we strive to ensure that personal information is collected and used in a transparent, responsible, and privacy-conscious manner.
Source of information
When collecting personal information, we primarily source it directly from individuals and representatives from companies. However, in certain circumstances, we may also obtain personal information from records kept by trusted partners or approved entities, as permitted by law.
We collect personal information directly from individuals and representatives from companies when they provide it to us voluntarily. This can occur through various channels, including but not limited to:
Application forms: Personal information may be collected when individuals fill out application forms for insurance products or financial advice services.
Communications: Personal information may be obtained when individuals communicate with us via email, telephone, or other means.
Online interactions: Personal information may be collected when individuals interact with our website or online platforms, such as when submitting inquiries or completing online forms.
We strive to ensure that individuals are aware of the purposes for which their personal information is being collected and the consequences of not providing the requested information.
Sourcing from Trusted Partners: In some cases, we may also obtain personal information from trusted partners or approved entities. These trusted partners or approved entities may include:
Registered financial advisers: Personal information may be shared with us by registered financial advisers who are providing financial advice services in collaboration with Folio.Insure Limited.
Insurers and reinsurers: Personal information may be sourced from insurers or reinsurers to facilitate the underwriting process and provide insurance coverage.
Service providers: Personal information may be obtained from third-party service providers engaged by Folio.Insure Limited to assist in delivering financial advice and related services.
It is important to note that when sourcing personal information from trusted partners, we ensure that there is a lawful basis for such collection, use, and disclosure, as required by Privacy Principle 2.
We take appropriate steps to inform individuals, as required by Privacy Principle 3, about the collection of their personal information, including the fact that information may be obtained from trusted partners.
This information enables us to provide accurate risk assessments, insurance recommendations, and any other relevant financial advice referral.
What to tell the individual about collection
When collecting personal information from individuals, we take the following steps to ensure transparency and provide relevant information:
Purpose of collection: We inform individuals about the purpose for which their personal information is being collected. This includes explaining how the information will be used by Folio.Insure Limited to provide financial advice services, assess risks, administer insurance policies, and fulfil other related purposes. The purpose of collection is communicated clearly and concisely to individuals to ensure their understanding.
Consequences of not providing information: We inform individuals about their duty of disclosure, and the consequences of not providing certain personal information that may be necessary for us to provide the requested services. This includes explaining any potential limitations or impacts on the services that may result from incomplete or inaccurate information. It is important for individuals to understand the potential implications of not providing certain information.
Use and disclosure of information: We explain to individuals how their personal information may be used and disclosed within the scope of providing financial advice and related services. This includes describing the circumstances under which their information may be shared with financial advisers, insurers, reinsurers, service providers, or regulatory bodies. We emphasize the need for confidentiality and compliance with applicable privacy laws and regulations when disclosing personal information.
Access and correction: We inform individuals about their rights to access and request correction of their personal information held by Folio.Insure Limited. We provide instructions on how individuals can access their information and update or correct any inaccuracies. This ensures that individuals have control over the accuracy and completeness of their personal information.
Contact information: We provide contact details or a designated point of contact within Folio.Insure Limited that individuals can reach out to for any questions, concerns, or requests related to their personal information and privacy. This helps individuals easily access the appropriate channels for inquiries or assistance.
By providing individuals with this information, we aim to promote transparency, empower individuals to make informed decisions, and ensure their privacy rights are respected.
Manner of Collection
Folio.Insure Limited is committed to complying with Privacy Principle 4 of the Privacy Act 2020, which outlines the requirements for the manner in which personal information is collected. When collecting personal information, we adhere to the following guidelines:
Lawful and fair collection: We collect personal information in a lawful and fair manner. This means we ensure that there is a proper legal basis for collecting the information and that individuals are aware of the collection taking place.
Direct collection: Wherever possible, we collect personal information directly from the individuals themselves. We strive to obtain information directly from the individuals to ensure accuracy and completeness.
Non-intrusive collection: We collect personal information in a manner that is not unreasonably intrusive. We use appropriate means to collect information, respecting the privacy and dignity of individuals.
Minimization of collection: We only collect personal information that is necessary for the purposes identified. We strive to collect the minimum amount of personal information required to fulfil the intended purpose.
Unsolicited collection: We do not collect personal information that is unsolicited, unless it is necessary for a lawful purpose. If we receive unsolicited personal information, we take reasonable steps to ensure its protection and, if necessary, dispose of it appropriately.
Deceptive collection: We do not use deceptive or misleading means to collect personal information. We are transparent in our collection practices and provide individuals with clear and accurate information about the purpose and consequences of the collection.
Collection from third parties: If we collect personal information from third parties, we ensure that there is a lawful basis for such collection and that individuals are appropriately informed about the collection and its purpose.
By adhering to these principles, we aim to ensure that personal information is collected in a responsible, respectful, and privacy-conscious manner.
Storage and Security of Information
Folio.Insure Limited takes the storage and security of personal information seriously and is committed to ensuring its protection. We adhere to the following guidelines to safeguard personal information:
Secure storage: We store personal information in secure systems, databases, and physical records to prevent unauthorised access, use, or disclosure. Access to personal information is restricted to authorised personnel who require it to perform their duties.
Data encryption: We use encryption technologies to secure personal information during transmission and storage. This helps protect the confidentiality and integrity of the information, reducing the risk of unauthorised interception or tampering.
Access controls: We implement access controls, such as unique user accounts, passwords, and role-based permissions, to ensure that personal information is accessible only to authorised individuals within our organization. These controls help prevent unauthorised viewing, modification, or deletion of personal information.
Employee training: We provide regular privacy and data protection training to our employees to raise awareness about the importance of maintaining the security and confidentiality of personal information. Our employees are bound by confidentiality obligations and are required to follow our privacy policies and procedures.
Incident response: In the event of a data breach or security incident, we have established procedures to promptly respond, investigate, and mitigate any potential harm. We will notify affected individuals and relevant authorities as required by law.
Retention and disposal: We retain personal information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Once the retention period expires, we securely dispose of or anonymize personal information to prevent unauthorised access or use.
Third-party vendors: When engaging third-party vendors or service providers, we ensure that they have appropriate data protection measures in place. We require them to adhere to strict confidentiality and security standards to protect the personal information they handle on our behalf.
While we take reasonable measures to protect personal information, it is important to note that no data transmission or storage can be guaranteed to be 100% secure. We continually review and enhance our security practices to adapt to evolving threats and technologies.
Providing people access to their information
Folio.Insure Limited recognizes the importance of individuals having the right to access their personal information. We are committed to facilitating individuals' access to their information and providing them with the opportunity to review, correct, and update it. We adhere to the following guidelines:
Access requests: Individuals have the right to request access to the personal information we hold about them. Access requests should be made in writing to our designated point of contact at support@folio.insure. We will respond to such requests within a reasonable timeframe as required by law.
Verification of identity: To protect the privacy and security of personal information, we may request verification of the individual's identity before providing access to their information. This is to ensure that only authorised individuals can access and make changes to their personal information.
Providing access: Upon receiving a valid access request and verifying the individual's identity, we will provide them with access to their personal information in a timely manner. We will strive to present the information in a clear and understandable format.
Restrictions on access: There may be situations where access to certain personal information is restricted or limited by law. If access is denied or restricted, we will provide reasons for the denial or restriction in accordance with the Privacy Act 2020.
Correction and updates: If individuals believe that their personal information held by Folio.Insure Limited is inaccurate, incomplete, or out-of-date, they have the right to request corrections or updates. We encourage individuals to promptly inform us of any changes to their personal information to ensure its accuracy and relevance.
Charges for access: In certain circumstances, a reasonable charge may be applied for providing access to personal information. If applicable, we will inform the individual of any associated charges before proceeding with the access request.
Confidentiality and security: We take appropriate measures to ensure the confidentiality and security of personal information during the access process. We may ask individuals to provide additional information or answer security questions to verify their identity and protect against unauthorised access to personal information.
We are committed to fulfilling our obligations under Privacy Principle 6 and enabling individuals to exercise their right to access their personal information. If individuals have any concerns or questions regarding their access rights, they can reach out to our designated point of contact at support@folio.insure.
Correction of personal information
Folio.Insure Limited recognizes the importance of ensuring the accuracy and completeness of personal information for both our financial advisers and clients. We are committed to promptly addressing any requests for the correction of personal information. We adhere to the following guidelines:
Proactive information review: Folio.Insure Limited acknowledges the need for accurate and up-to-date personal information, especially for our financial advisers. We regularly review the personal information we hold and actively seek updates from our financial advisers to ensure its accuracy.
Client's duty of disclosure: We remind our clients of their duty of disclosure as outlined in sections 431I to 431P of the Financial Markets Conduct Act 2013 (FMC Act). It is the client's responsibility to provide accurate and complete information relevant to their insurance policies and financial advice.
Correction requests: If individuals, including financial advisers or clients, believe that their personal information held by Folio.Insure Limited is inaccurate, incomplete, or outdated, they have the right to request corrections. Correction requests should be made in writing to our designated point of contact at support@folio.insure.
Verification of identity: To protect the privacy and security of personal information, we may request verification of the individual's identity before making any corrections. This is to ensure that only authorised individuals can make changes to their personal information.
Assessment of requests: Upon receiving a valid correction request and verifying the individual's identity, we will assess the request to determine if the personal information needs to be corrected or updated. We will review the information and compare it with reliable sources to ensure its accuracy.
Timely response: We recognize the importance of timely corrections and updates, especially for financial advisers who rely on accurate information for their services. We will endeavour to respond to correction requests within a reasonable timeframe as required by law. If we are unable to address the request within the specified time, we will provide an explanation for the delay and inform the individual of the expected timeframe for resolution.
Correction process: If it is determined that corrections or updates are necessary, we will make the appropriate changes to the personal information in our records. We will ensure that the corrected information is accurate, relevant, and up to date.
Notification of corrections: Upon making corrections, we will notify the individual of the changes made to their personal information, if requested or necessary. This will help individuals, including financial advisers, stay informed about the status and accuracy of their information.
Retention of original information: In certain circumstances, we may retain the original information alongside the corrected version, especially when there are legal or regulatory requirements to preserve the original record. However, the corrected information will be used for all future purposes.
We are committed to fulfilling our obligations under Privacy Principle 7, considering the specific requirements of financial advisers and the duty of disclosure for clients as per the Financial Markets Conduct Act 2013 (FMC Act). If financial advisers or clients have any concerns or questions regarding the correction of their personal information, they can reach out to our designated point of contact at support@folio.insure.
Ensure accuracy before using information
Folio.Insure Limited recognizes the importance of using accurate and reliable personal information in our business operations. We are committed to ensuring the accuracy of the personal information we collect and use. We adhere to the following guidelines:
Collection of accurate information: We take reasonable steps to ensure that the personal information we collect is accurate, complete, and up to date. We make efforts to verify the information provided to us and cross-reference it with reliable sources.
Ongoing data maintenance: We maintain processes to regularly review and update personal information in our records. This includes periodic checks and assessments to identify any inaccuracies or outdated information. When necessary, we take steps to correct or update the information to ensure its accuracy.
Use of accurate information: We ensure that personal information is accurate and reliable before using it for any purpose. This includes providing financial advice, assessing risks, recommending insurance products, and complying with legal or regulatory obligations. Inaccurate or outdated information is not relied upon or used in our decision-making processes. Once the Nature and scope is known, the disclosure relevant to the advice and limitations is provided so that the client can decide if they want to proceed, per Duty 431O of the Financial Markets Conduct Act 2013 (FMC Act).
Timely updates: If we become aware of any inaccuracies or changes in personal information, we take prompt action to correct the information and update our records accordingly. We strive to minimize the impact of any inaccuracies and maintain the integrity of the information we hold. We disclose relevant information and any limitations that may affect the client's decision to proceed.
Retention of accurate information: While it is essential to ensure the accuracy of personal information before using it, we also recognize the importance of retaining accurate information over time. We implement appropriate measures to prevent unauthorised alterations or modifications to the personal information in our possession.
We are committed to upholding Privacy Principle 8 and ensuring the accuracy of personal information used in our operations. If individuals or entities have any concerns or questions regarding the accuracy of their personal information, or if they require the prescribed information as per Duty 431O of the Financial Markets Conduct Act 2013 (FMC Act), they can reach out to our designated point of contact at support@folio.insure.
Limits on retention of personal information
Folio.Insure Limited recognizes the importance of retaining personal information only for as long as necessary. We are committed to complying with Privacy Principle 9 and ensure that personal information is not kept longer than required for the purpose it was collected or as permitted by law. Here are the guidelines we follow:
Defined retention periods: We establish specific retention periods for different categories of personal information based on legal requirements, regulatory obligations, business needs, and industry standards. These retention periods may vary depending on the nature of the information and the services provided.
Regular data review: We conduct regular reviews to assess the ongoing need for retaining personal information. During these reviews, we evaluate the purpose for which the information was collected, whether it is still relevant and necessary, and whether there are any legal or regulatory requirements to retain the information.
De-identification or anonymization: Wherever possible and appropriate, we de-identify or anonymize personal information to remove any identifying elements. De-identified or anonymized information that no longer identifies individuals may be retained for longer periods or used for statistical or research purposes.
Secure destruction: When personal information is no longer required, and there are no legal or regulatory reasons for its retention, we ensure its secure destruction. We take appropriate measures to prevent unauthorised access or disclosure during the disposal process, including the use of secure data destruction methods.
Exceptions: There may be certain circumstances where we are required by law or regulatory obligations to retain personal information for an extended period. In such cases, we will ensure that the information is protected in accordance with applicable privacy laws and regulations.
Individual requests for deletion: Individuals have the right to request the deletion of their personal information, subject to any legal or regulatory requirements. We have processes in place to address such requests and will comply with them, provided there are no legal or regulatory reasons preventing us from doing so.
We are committed to complying with Privacy Principle 9 and ensuring that personal information is retained only for as long as necessary. If individuals have any questions or concerns regarding the retention of their personal information, they can contact our designated point of contact at support@folio.insure.
Use of personal information
Folio.Insure Limited is committed to using personal information in a responsible and lawful manner. We adhere to Privacy Principle 10 to ensure that personal information is used only for the purposes for which it was collected and in accordance with applicable privacy laws. Here's how we handle the use of personal information:
Purpose limitation: We use personal information only for the specific purposes for which it was collected, or for purposes directly related to those original purposes, unless otherwise required or permitted by law. We take steps to ensure that personal information is not used in a manner that is incompatible with these purposes.
Provision of financial advice and related services: We use personal information to provide financial advice and related services to the client. This includes assessing risks, recommending insurance products, facilitating insurance applications, managing policies, processing claims, and ensuring compliance with legal and regulatory obligations.
Communication and support: We may use personal information to communicate with individuals regarding their insurance policies, claims, inquiries, or any other relevant matters. This may include sending updates, notifications, reminders, or providing assistance and support when needed.
Improving our services: We may use personal information to analyse and improve our services, systems, and processes. This includes conducting internal research, data analytics, and quality assurance activities to enhance the overall customer experience and ensure the effectiveness of our operations.
Legal and regulatory compliance: We may use personal information as required to fulfil our legal and regulatory obligations. This includes complying with reporting requirements, responding to requests from regulatory authorities, conducting audits, and preventing fraud or other unlawful activities.
Consent-based uses: Where applicable, we will seek explicit consent from individuals before using their personal information for purposes beyond those for which it was originally collected. Individuals have the right to withdraw their consent at any time, subject to any legal or contractual obligations.
Minimization of data usage: We take measures to ensure that personal information is used in a manner that is necessary and relevant to achieve the intended purposes. We only collect and retain the minimum amount of personal information required for the specified purposes.
Data sharing within approved entities: We may share personal information with financial advisers, insurers, reinsurers, service providers, or regulatory bodies when necessary and in accordance with applicable privacy laws and regulations. Such sharing is conducted with the utmost care to protect the confidentiality and security of personal information.
Use of de-identified or aggregated information: Wherever possible and appropriate, we may use de-identified or aggregated information that does not personally identify individuals for statistical analysis, research, or business planning purposes.
We are committed to upholding Privacy Principle 10 and ensuring that personal information is used in a manner that respects individual privacy rights. If individuals have any questions or concerns regarding the use of their personal information, they can contact our designated point of contact at support@folio.insure.
Disclosing personal information
Folio.Insure Limited recognizes the importance of safeguarding personal information and respects the privacy of individuals. We adhere to Privacy Principle 11 to ensure that personal information is disclosed appropriately, responsibly, and in accordance with applicable privacy laws. Here's how we handle the disclosure of personal information:
Purpose-based disclosure: We disclose personal information only for the purposes for which it was collected or for purposes directly related to those original purposes, unless otherwise required or permitted by law. We take measures to ensure that the disclosure is necessary and appropriate in the context of the specific purpose.
Authorised recipients: We may disclose personal information to approved entities, including financial advisers, insurers, reinsurers, service providers, or regulatory bodies, when necessary and in accordance with applicable privacy laws and regulations. Such disclosure is conducted with the utmost care to protect the confidentiality and security of personal information.
Duty of disclosure: We understand the duty of disclosure placed on individuals as per sections 431I to 431P of the Financial Markets Conduct Act 2013 (FMC Act). To fulfil this duty, individuals are responsible for providing accurate and complete personal information necessary for the provision of financial advice and related services.
Consent-based disclosure: Where required by law or when sharing personal information beyond the scope of the original purpose, we seek explicit consent from individuals before disclosing their personal information to third parties. Individuals have the right to withdraw their consent at any time, subject to any legal or contractual obligations.
Legal and regulatory compliance: We may disclose personal information as required by applicable laws, regulations, or legal processes. This includes responding to requests from regulatory authorities, law enforcement agencies, or government entities within or outside New Zealand, as permitted or required by law.
Data sharing agreements: When disclosing personal information to third parties, we have in place data sharing agreements or contracts that require these parties to handle personal information in accordance with applicable privacy laws, maintain appropriate security measures, and use the information solely for the specified purposes.
Transborder data flows: If personal information is transferred outside of New Zealand, we take steps to ensure that the recipient provides an adequate level of protection for the information in accordance with the Privacy Act 2020. This may involve entering into data transfer agreements, implementing appropriate safeguards, or obtaining explicit consent from individuals, where necessary.
De-identified or aggregated information: Wherever possible and appropriate, we may disclose de-identified or aggregated information that does not personally identify individuals for statistical analysis, research, or business planning purposes.
We are committed to upholding Privacy Principle 11 and ensuring that personal information is disclosed responsibly and in compliance with applicable privacy laws. If individuals have any questions or concerns regarding the disclosure of their personal information, they can contact our designated point of contact at support@folio.insure.
Disclosure outside New Zealand
Folio.Insure Limited recognizes the importance of protecting personal information when it is disclosed outside of New Zealand. We adhere to Privacy Principle 12 to ensure that any such disclosures are done in compliance with applicable privacy laws. Here's how we handle the disclosure of personal information outside New Zealand:
We may share your personal information with third-party service providers and/or insurers who may handle your personal information on our behalf or for the purposes mentioned above. Some of these third-party service providers are located in countries outside of New Zealand, including but not limited to Australia, the United Kingdom, the United States of America, India, Singapore, Malaysia, the Philippines, and Vietnam. We will take appropriate measures to ensure that such transfers comply with applicable laws and are carefully managed to safeguard your privacy rights. This may include limiting disclosures to recipients who are subject to privacy laws that offer a similar level of legal protection as the Privacy Act 2020, or implementing alternative arrangements to protect your privacy rights.
Data transfer agreements: If we ever need to transfer personal information outside New Zealand, we will ensure that appropriate safeguards are in place to protect the privacy and security of the information. This may include entering into data transfer agreements with the recipient organizations that provide an adequate level of protection for the personal information, as required by the Privacy Act 2020.
Consent for international disclosure: If we ever need to disclose personal information to a recipient outside New Zealand for purposes beyond the scope of the original collection, we will obtain explicit consent from the individuals before proceeding with such disclosure. Individuals will have the right to withdraw their consent at any time, subject to any legal or contractual obligations.
Compliance with privacy laws: When disclosing personal information outside New Zealand, we will comply with all applicable privacy laws and regulations, ensuring that the recipient organizations handle the information in a manner consistent with the Privacy Act 2020.
We are committed to upholding Privacy Principle 12 and ensuring that any disclosure of personal information outside New Zealand is done in compliance with applicable privacy laws and with appropriate safeguards in place. If individuals have any questions or concerns regarding the disclosure of their personal information outside New Zealand, they can contact our designated point of contact at support@folio.insure.
Unique identifiers
Folio.Insure Limited recognizes the significance of unique identifiers in managing and protecting personal information. We adhere to Privacy Principle 13 to ensure that the use of unique identifiers is handled appropriately and in compliance with applicable privacy laws. Here's how we address the use of unique identifiers:
Definition of unique identifiers: Unique identifiers refer to any assigned numbers, codes, or symbols that are specifically attributed to individuals for identification purposes. These may include, but are not limited to, client numbers, policy numbers, account numbers, or any other identifier that is unique to an individual.
Purpose limitation: We use unique identifiers only for lawful and legitimate purposes related to the provision of financial advice and related services. Unique identifiers enable us to accurately identify and track individuals' information, ensuring efficient and effective service delivery.
Data minimization: We limit the collection and use of unique identifiers to what is necessary for the identified purposes. We do not assign or use unnecessary or excessive unique identifiers that are not directly relevant to the services we provide.
Protection and security: We take appropriate measures to safeguard unique identifiers from unauthorised access, loss, or misuse. These measures include robust security protocols, access controls, encryption, and regular monitoring to ensure the integrity and confidentiality of the unique identifiers.
Access and disclosure: We restrict access to unique identifiers only to authorised personnel who require access to fulfil their designated responsibilities. We do not disclose unique identifiers to unauthorised third parties unless required or permitted by law or with the explicit consent of the individuals involved.
Accuracy and updates: We make reasonable efforts to ensure the accuracy and currency of unique identifiers within our systems. Individuals have the right to request updates or corrections to their unique identifiers if they believe the information is inaccurate, incomplete, or outdated.
Data retention: We retain unique identifiers only for as long as necessary to fulfil the purposes for which they were collected or as required by law. Once the purpose for which the unique identifier was collected has been fulfilled, we securely dispose of or de-identify the identifier in accordance with our data retention policies.
Education and awareness: We promote awareness and understanding among our staff regarding the proper handling and use of unique identifiers. Our employees receive regular training to ensure compliance with privacy laws and regulations.
By adhering to Privacy Principle 13, we ensure that unique identifiers are used responsibly and in a manner that respects individuals' privacy rights. If individuals have any questions or concerns regarding the use of unique identifiers, they can contact our designated point of contact at support@folio.insure.
Updates to this Privacy Statement:
At Folio.Insure Limited, we recognize the importance of regularly reviewing and updating our privacy practices to ensure ongoing compliance with privacy laws and regulations. This Privacy Statement may be subject to periodic updates or revisions. We are committed to keeping individuals informed about any changes that may affect the collection, use, or disclosure of their personal information.
Changes to the Privacy Statement: We may update or modify this Privacy Statement from time to time without providing individual notice of the changes. However, we will date this copy of the Privacy Statement to indicate the most recent revision.
Reviewing the Privacy Statement: We encourage individuals to review this Privacy Statement periodically to stay informed about how we collect, use, and protect their personal information. The updated Privacy Statement will be available on our website https://www.folio.insure/ or by contacting us directly.
Continuing use of our services: By continuing to use our services or providing personal information to us after the effective date of any updated Privacy Statement, individuals signify their acceptance and agreement to the revised terms and practices described therein. If individuals do not agree with the Privacy Statement, they should refrain from using our services and contact us to address any concerns.
Please note that it is the responsibility of individuals to regularly check for updates to this Privacy Statement. We recommend reviewing the Privacy Statement periodically to ensure understanding and compliance with our current privacy practices.
We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.
Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.
For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
Consent:
You have given Your consent for processing Personal Data for one or more specific purposes.
Performance of a contract:
Provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
Legal obligations:
Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
Vital interests:
Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
Public interests:
Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
Legitimate interests:
Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
Request access to Your Personal Data.
The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
Request correction of the Personal Data that We hold about You.
You have the right to to have any incomplete or inaccurate information We hold about You corrected.
Object to processing of Your Personal Data.
This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
Request erasure of Your Personal Data.
You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Request the transfer of Your Personal Data.
We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
Withdraw Your consent.
You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
Exercising of Your GDPR Data Protection Rights
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
Facebook Fan Page:
Data Controller for the Facebook Fan Page
The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page https://www.facebook.com/folio.insure/, the Company and the operator of the social network Facebook are Joint Controllers.
The Company has entered into agreements with Facebook that define the terms for use of the Facebook Fan Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php
Visit the Facebook Privacy Policy https://www.facebook.com/policy.php for more information about how Facebook manages Personal data or contact Facebook online, or by mail: Facebook, Inc. ATTN, Privacy Operations, 1601 Willow Road, Menlo Park, CA 94025, United States.
Facebook Insights
We use the Facebook Insights function in connection with the operation of the Fan Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.
For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Fan Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period.
Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Fan Page and services by other companies that use Facebook services.
For more information on the privacy practices of Facebook, please visit Facebook Privacy Policy here: https://www.facebook.com/full_data_use_policy
Your California Privacy Rights (California's Shine the Light law)
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.
If you'd like to request more information under the California Shine the Light law, and if you are a California resident, You can contact Us using the contact information provided below.
California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.
To request removal of such data, and if you are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.
Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Complaints:
At Folio.Insure Limited, we value your feedback and take privacy concerns seriously. If you have any complaints or concerns regarding the handling of your personal information, we encourage you to contact us first. We are committed to addressing and resolving privacy-related issues promptly and fairly.
To make a complaint:
Contact our office: Please reach out to our Privacy Officer by email at support@folio.insure. Kindly provide a detailed description of your complaint, including the nature of the issue and any relevant information.
Resolution process: Once we receive your complaint, we will acknowledge its receipt and work diligently to resolve the matter. Our Privacy Officer will liaise with you to understand the nature and cause of the complaint. In some instances, we may request that you provide the details of the complaint in writing for clarity and documentation purposes.
Communication and updates: We will keep you informed throughout the complaint resolution process, providing you with an estimated timeframe for our response. After thoroughly investigating the matter, we will communicate our decision to you, along with the reason for our resolution.
Complaint record: We maintain a Register of Complaints to document and track all complaints received, as well as the actions taken to address them. This allows us to monitor trends and continuously improve our privacy practices.
If we can’t resolve your complaint within 20 working days, or if you aren’t satisfied with the way we propose to do so, you can contact the Insurance & Financial Services Ombudsmen Scheme of which we are registered members of. The Insurance & Financial Services Ombudsmen Scheme provides a free, independent dispute resolution service that may help investigate or resolve your complaint, if we haven’t been able to resolve your complaint to your satisfaction.
You can contact Insurance & Financial Services Ombudsmen Scheme by completing this form https://www.ifso.nz/make-a-complaint, emailing info@ifso.nz, or by calling: 0800 888 202.
You can also obtain information on privacy issues in New Zealand on the Privacy Commissioner website at /www.privacy.org.nz or by contacting them by email at enquiries@privacy.org.nz or by calling on +64 4 474 7590.
We recommend that you retain this information for future reference. If you are not satisfied with the outcome or our response to your complaint, you may have additional rights and remedies available to you under applicable privacy laws.
Please note that the above process is specific to privacy-related complaints. If you have any other concerns or inquiries unrelated to privacy, please refer to the appropriate channels for resolution.