You can find out all you need to know about the personal information we collect, use and share about you, as well as your rights in relation to that information in this document. This policy applies to Public Trust and all its subsidiaries. (Note: it does not apply to information that we hold about other organisations and companies).
This policy will be reviewed regularly, and we might make some changes from time to time. You will always find the current version on our websites at www.publictrust.co.nz and www.publictrustonline.co.nz .
Who are the people affected by this policy?
This policy applies to the personal information we hold about ‘living individuals’ who include:
Public Trust customers and potential customers
beneficiaries of estates or trusts that we administer
other ‘associated people’ (such as shareholders and company directors) of Public Trust customers
persons who voluntarily provide Public Trust personal information, for example as part of an online survey.
How do we collect your personal information?
Public Trust does not have any law enforcement responsibilities, and does not gather any information for these purposes.
In most cases we will collect your personal information directly from you, such as when:
you apply for a product or service, for example on an application form
you register with us online
you use our online services
you ask us for information
you make an appointment to visit us
you contact or connect with us on social media.
Under the Privacy Act we may also collect information about you from other people. For example, you might have appointed an agent or attorney to act on your behalf, or authorised someone else to supply your information.
From time to time Public Trust may also collect personal information through searching publicly available information (media reports, social media, etc.) or by engaging third-parties to undertake such investigation on our behalf. This type of collection is subject to standard legal limits relating to privacy, access to private property, and the privacy/security of communications by individuals, among other things occurs, but primarily occurs to assist with:
performing our fiduciary obligations (for example, to locate a beneficiary of an estate); or
detecting or investigating potential threats to the physical security of our staff.
We take care that any information gathering, including by third parties, is undertaken appropriately and in a way that meets our obligations under the Privacy Act 2020, the Bill of Rights Act 1990, the State Sector Code of Conduct, and Information Gathering Model Standards at all times. We may also continue to collect your personal information for as long as you have a relationship with us.
What personal information do we collect?
The personal information that we collect will depend on the Public Trust products and services that you use or that interest you. For example, we might collect:
your name, postal address, telephone number, email address and date of birth
information about your personal, family and financial circumstances, including the assets you own.
The personal information we specifically ask for is necessary to enable us to provide you with services. If you do not provide the personal information requested, we may not be able to provide you with the service or continue with an existing service.
How do we use your personal information?
We collect, use and store your personal information mainly to provide you with products, services and information that you have asked for or to otherwise meet our fiduciary obligations.
For example, we may use your personal information:
to administer, monitor and manage your Public Trust products and services
to process your requests for information
to develop new products and services (using feedback and other information that we have received from you)
to identify and contact you about events and other products and services that might interest you (these could include events, products and services offered by other organisations in conjunction with Public Trust)
as part of ‘data matching’ activities, in which we compare your information with information that is public and/or held by someone else (for example, using a service provider to confirm your postal address details)
to meet our legal obligations, as well as obligations imposed by governmental, judicial or regulatory entities or authorities in other jurisdictions, and entities that supervise or regulate Public Trust
to locate beneficiaries or other third parties required to perform our business.
We may also use your personal information to communicate with you about:
your current Public Trust products and services
other products or services (including those of other organisations) that we believe may interest you
general marketing or promotional activities.
Who would we provide your information to?
There may be times when we may need to share some of your information to help us provide you with the services requested, or meet our legal obligations – such as:
with your agent, attorney or authorised signatory
with other entities or companies within the Public Trust group
with people or organisations that undertake services for us (such as where we ask a market research provider to get your feedback on our products and services or carry out ‘data matching’ for us)
when we need legal or other professional advice
to help meet obligations imposed by governmental, judicial or regulatory entities or authorities in other jurisdictions, and entities that supervise or regulate Public Trust.
For example, we may disclose some of your personal information to selected third parties to help us comply with the Anti-Money Laundering and Financing of Terrorism Act 2009, and to ensure that we act according to the Terrorism Suppression Act 2002; if we have reasonable grounds to believe that a transaction or proposed transaction may be relevant to an investigation or prosecution of someone for a money laundering offense; and to help us comply with the United States Foreign Account Tax Compliance Act and/or any agreements between the New Zealand Government and other countries’ governments.
Where we disclose your information to a service provider we make sure they are aware of the importance we place on protecting your privacy. They are required to keep your information confidential, and only use it for the purpose for which we have supplied it.
In all other cases we will only disclose your personal information if it is permitted under the Privacy Act.
How do we store your personal information?
We will take reasonable care, or require any third-party as the case may be, to keep your personal information safe from loss, misuse and unauthorised disclosure.
Public Trust stores your hard-copy personal information within our Customer Centres or in outsourced secure, off-site storage. We store your electronic-copy personal information within New Zealand hosted data centres.
The law requires us to destroy your personal information if we no longer require it for the purpose for which we collected it, or if it is no longer required to meet our legal requirements. If we have to keep it to meet our legal requirements, we will continue holding it for the legally required timeframe.
How can you check and correct your personal information?
We will not use or disclose your personal information without taking reasonable steps to check that it is accurate and complete.
You are welcome to ask for, have access to, and check the personal information that we hold about you – and if you believe that any of it is incorrect, you can ask us to correct it. (Note: if we choose not to make the correction, you can ask us to attach to the information a statement of the correction you wanted).
We can only refuse you access to your information in very limited circumstances, such as when disclosure would involve an unjustified breach of someone else’s privacy.
What happens in the event of a breach of privacy?
In the unlikely event of a privacy breach, we will take the following steps in dealing with it.
Contain: we will contain the breach to minimise its impact – for example, we will contact the inadvertent recipient of the personal information and request they return or destroy the information.
Assess: we will assess the breach by gathering the facts and evaluating the risks, and where possible, take action to remediate any risk of harm.
Notify: we will notify you and report to the Privacy Commissioner any privacy breaches that have caused serious harm, or are likely to do so, in accordance with the Privacy Act 2020.
Prevent: review the incident and consider what actions can be taken to prevent future breaches.
How to contact us
If you would like more information, have any questions or would like to provide us with feedback about this policy, please feel free to:
Phone us on 0800 371 471
Your call may be recorded. We use these recordings...
to improve our service
to ensure that we have accurate records of our calls
for employee training purposes.
Email us at email@example.com or
Visit your nearest Public Trust Customer Centre or
Write to us at:
The Privacy Officer
PO Box 1598
If you make a privacy complaint, we will follow it up through our internal complaints process. If you are not satisfied with the outcome, you can contact the Privacy Commissioner on 0800 803 909 or visit www.privacy.org.nz.