Harmans Lawyers

Client Privacy Policy

(Current as at 16 December 2021)


1.1 Harmans (we, us, our) may collect and store personal information about you to allow us to provide you with our services.  Our collection of your personal information is subject to the New Zealand Privacy Act 2020 (Act).
1.2 This privacy policy forms part of our terms of business with you and sets out how we collect, use, disclose and protect your personal information in accordance with our obligations under the Act. Nothing in this policy alters your rights under the Act.
1.3 In this policy ‘personal information’ means information relating to an individual which can be used to identify that individual.


2.1 We may not be able to properly advise you or offer you our services if you do not provide us with necessary personal information when requested to do so.  By engaging us and providing us with your personal information it will be deemed you have given your express consent for us to use and store that information for the purpose it has been collected.
2.2 If you give us personal information about any other person, please ensure you have their consent to do so first.


3.1 The type of personal information we collect and store, includes but is not limited to:

  1. Name
  2. Postal address
  3. Physical address
  4. Phone number
  5. Email address
  6. Date of birth
  7. Work information (such as job title, company and location)
  8. Billing information (such as address for service and bank account details)
  9. IRD number
  10. Copies of your identification (such as passport, birth certificate, or driver licence)
  11. Financial information
  12. COVID-19 vaccination status


4.1 We collect personal information by way of:

  1. Forms filled out by clients
  2. Email
  3. Face-to-face meetings
  4. Telephone
  5. Video e.g. Zoom, Microsoft Teams or Skype
  6. Social media pages e.g. Facebook and LinkedIn
  7. Third parties e.g. a medical professional
  8. ‘Contact us’ portal on our website
  9. When you participate in a promotional event held by us or our representatives
  10. We also collect information about your usage of our website through the use of cookies. You may disable cookies by changing the settings on your web browser, however, this may mean that you cannot use some or all of the features of our website
  11. My Vaccine Pass, vaccination record or exemption card shown to us in person electronically or in hard copy, or emailed to us


5.1 We may use your personal information for, but not limited to, the following reasons:

  1. To verify your identity
  2. To provide our services to you
  3. To communicate with you (including for marketing purposes) and respond to communications from you
  4. To improve the services we provide to you, including by tailoring your experience with our services by making assumptions about you based on your provided information
  5. To undertake credit checks of you (if necessary)
  6. To bill you and to collect money that you owe us
  7. To protect and/or enforce our legal rights and interests, including defending any claim and/or registering your name for credit reporting purposes
  8. For any other purposes authorised by you or the Act
  9. To provide you with marketing materials and our newsletter where you have consented to us doing so. You can revoke your consent to receiving these materials at any time, by emailing legal@harmans.co.nz
  10. To verify your COVID-19 vaccination status to comply with our COVID-19 Workplace Policy


6.1 In certain circumstances we may disclose your personal information to third parties where our services or functions are being outsourced. In that situation, the third party must comply with this policy or have their own privacy policy that has the same or greater protections in relation to your personal information. If we do not need to share your personal information with a third party in order to provide advice or services to you, we will not pass on your information to them without your prior consent.
6.2 We may disclose your personal information to any person or entity authorised by law to request such information from us (such as a government authority or law enforcement agency).
6.3 We may disclose your personal information to any person or entity that you authorise.
6.4 While maintaining client confidentiality and legal privilege to the extent allowed by law, we may at times, without reference to you, be required to make certain disclosures to the New Zealand Police Financial Intelligence Unit under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 or other legislation.
6.5 We will not disclose your COVID-19 vaccination status to anyone without your express consent, however your status may be logically implied as being fully vaccinated (unless we have been informed to the contrary) as we currently require all staff, partners, clients, contractors and visitors to our offices to be fully vaccinated.


7.1 We take all reasonable steps to keep your personal information safe from loss, unauthorised activity or other misuse. These steps include:

  1. Adopting and regularly reviewing the performance and terms of our internal data security policies and systems to ensure that they are fit for purpose and protect your personal information from unlawful processing, accidental loss, destruction and damage.
  2. Adopting technologies for our internal use that meet the standards required by the Act.
  3. Verifying the suitability of security systems in place with third parties that we work with to ensure that they meet the standards required by the Act.
7.2 In some cases the personal information that we collect from you may be processed outside of New Zealand. When this is the case, third parties that process your information are also obliged to comply with the Act when dealing with your personal information. We make all reasonable endeavours to ensure that all entities that we work with outside of New Zealand offer satisfactory protection for your personal information.
7.3 We have taken steps to ensure that our website is secure. We use the secure HTTPS data transfer protocol for the transmission of data and our site holds an SSL certificate from a trusted organisation. Despite this, the internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times.  Transmission of personal information over the internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.
7.4 Your personal information will be kept in electronic or hard copy, or both.
7.5 Electronic copies of your personal information we collect and hold about you will be stored in our computer system on our hosted servers located at Datacom, Christchurch, a secure cloud storage facility and are backed up daily to a secure cloud based facility located in Culverden.
7.6 Hard copies of your personal information we collect and hold about you will be stored at our premises at the Iron Mountain storage facility in Christchurch.


8.1 We will advise you at the first reasonable opportunity upon discovering or being advised of any security breach in which your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised person or in any unauthorised manner.
8.2 Should such a breach occur we are committed to taking all reasonable steps to remediate the issue that gave rise to the security breach to prevent further loss and subsequent security breaches.

If the event is deemed to be notifiable we will be required to report the breach to the Privacy Commissioner.


9.1 Under the Act you have the right to access, correct and on some occasions delete your personal information that is readily retrievable.  We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements.  This right is subject to certain grounds for our refusal as outlined in the Act.
9.2 Before we provide you with your personal information we will require you to provide evidence that you are in fact the individual to whom the personal information relates.
9.3 If you would like to exercise the above rights, please email our Privacy Officer julie.knowles@harmans.co.nz
9.4 We reserve the right to charge you our reasonable costs for providing copies of your personal information or correcting that information.
9.5 Please note if we no longer hold your personal information we will be unable to satisfy your request.



We will store your personal information on hard or electronic file for 10 years following the completion of the matter.  After that time we may destroy files and documents except documents we have agreed with you to keep in safe custody.


You may request that we delete your personal information as mentioned in clause 9.1.


11.1 We reserve the right to change this policy at any time by uploading a revised copy of the policy onto our website.
11.2 This policy was last updated in 16/12/2021.


12.1 If you wish to contact us about matters concerning the privacy of your personal information please get in touch with our Privacy Officer, Julie Knowles at julie.knowles@harmans.co.nz