DODD CIVIL CONSULTANTS LTD
PRIVACY POLICY
CLIENTS’ AND OTHERS’ PERSONAL INFORMATION (May 2021)
Introduction
- This policy sets out how Dodd Civil Consultants Limited (“Dodd”) stores, collects, uses and discloses personal information and other data about Dodd’s clients and any other individuals we may deal with from time to time.
- Dodd is committed to creating an environment of trust, care, and respect for legal requirements (under the Privacy Act 2020) when it comes to the collection, use and management of personal information. This Policy outlines the processes for managing the personal information of clients and other people so that their rights to privacy are always respected and protected.
- Personal information means information about an identifiable individual. As such it does not include information about a company or other incorporated legal person. For this reason, Dodd will inevitably also collect personal information from client representatives and others related to the client (i.e. where the client itself is a company that does not have any privacy rights).
- This policy does not limit or exclude anyone’s rights under the Privacy Act 2020. Further information on the Act can be found at www.privacy.org.nz.
How do we Collect Personal Information about Clients and others?
5. When Dodd is engaged by a client, we will need to collect a range of personal information from:
a) Them directly, from the information supplied.
b) Third parties, for example, any credit check or related searches.
Information collected directly
6. Personal information we collect from clients and others directly includes:
a) Contact information (e.g. name, address, email, phone number and similar information)
b) Work related information (e.g. their employer and job title and information regarding their relevant work-related experience, expertise and like information).
c) Payment, insurance and like information that is reasonably required for billing purposes.
d) Email and other correspondence (including any file notes made in respect of phone calls and meetings).
e) Any survey or feedback information that we may collect from time to time, including any information relating to a complaint or dispute.
f) Any other information that we reasonably require to deliver wholesale, retail and related services.
Information collected from others
7. Personal information we collect from others will include:
a) Information related to anti-money laundering and/or credit check where this is relevant.
b) Publicly available information (e.g. available on LinkedIn and other forums including google and other websites) relating to the professional background and expertise of a person whom Dodd may work with on a given client engagement.
c) Any other information that we reasonably require to deliver services.
How we may use personal information about clients and others
8. We will only use the personal information collect from clients and others to the extent that is reasonably required:
a) To enable the proper provision of services.
b) To determine, process and administer invoicing and other account related matters.
c) To communicate with clients and others and deal with any other inquiries associated with the delivery of our services.
d) To ensure the health and safety under the Health and Safety at Work Act 2015.
e) To comply with legislative reporting and recordkeeping requirements.
f) To conduct benchmarking, analyses and planning activities, including statistical and management reporting, and
g) To protect and/or enforce our legal rights and interests, including defending any claim.
h) In any other way that is reasonably required as a responsible service provider and permitted by law.
How we may share the personal information of clients and others
9. As a business and service, we will often need to share the personal information of clients and others with those who have a legitimate reason or need for accessing this information.
10. People who may have access to the personal information of clients and others include:
a) Dodd’s employees who are allocated to work directly with clients for service or correspondence.
b) Dodd’s support staff who require the information for any ancillary business purpose (e.g. accounts receivable).
c) Executive Directors and Senior Leadership Team when deemed necessary.
d) Contracted service providers that we use to perform services on our behalf (such banking, mailing house services, logistics and IT service providers), within and outside New Zealand (see more below)
e) Legal advisers or other professional advisers and consultants engaged by Dodd.
f) Sub-consultants engaged by Dodd.
How we store and protect personal information
11. Wherever personal information is stored, we will take reasonable steps to ensure that it is protected against loss or unauthorised access, modification, use or disclosure. All access and use of personal information will be strictly in accordance with the privacy principles noted at the beginning of this Policy and the legal obligations set out in the Privacy Act 2020
Privacy breach – notification by Dodd’s employee or contractor
12. If any Dodd employee or contractor becomes aware of an actual or potential privacy breach, they will report this to the Privacy Officer (General Manager) or Managing Director as soon as possible so that Dodd can respond without delay. This will help minimise any harm caused to the affected people.
13. The Privacy Act 2020 makes it compulsory to report any privacy breaches “that have caused serious harm, or are likely to do so”. In the event that a breach of this nature does occur Dodd will notify the Privacy Commissioner of the privacy breach. If we are unsure as to whether the breach is a serious one, we will contact the Privacy Commissioner and seek guidance.
Privacy breach – external notification
14. If a client or other person becomes aware of an actual or potential privacy breach, we would appreciate being made aware of the situation as soon as possible so we can act to remedy it as soon as possible. Breaches can be reported to the Dodd’s Privacy Officer (Administration Director, email: admin@doddcivil.co.nz).
15. If external parties are unhappy with Dodd’s remedial actions, or assess the complaint as serious, they can also notify the Privacy Commissioner by completing the online Complaint Form https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-form/
Accessing and controlling personal information
16. Everyone has an important range of privacy rights. The rights of clients and others include the following:
a) The right to request a copy of their personal information and/or know what personal information we hold.
Please note that on some limited occasions we may need to withhold some personal information, for example, where it is legally privileged, concerns information provided to us by another person in confidence or includes personal information about other people. If we need to withhold information, we will tell the relevant person why. We will take careful steps to verify the identity of the person requesting personal information before making any disclosure.
b) The right to correct any of the personal information we hold about a client or other person
If a client or other person thinks any of the personal information, we hold about them is wrong, they can ask us to correct it. If we cannot correct your information - for example, where we don’t agree that it’s wrong – we will explain why if this is the case. The requesting person can ask us to attach their correction request to the relevant personal information as a statement of correction.
c) Right to make a complaint
If a client or other person has any concerns about the way that we have collected, processed, or used their personal information we will seek to resolve the matter to their satisfaction. If we are unable to resolve the matter with the person concerned we should always advise them of their right to file a complaint to the Office of the New Zealand Privacy Commissioner by calling the commission or making a complaint via their website: www.privacy.org.nz
