Client Information and Privacy Policy

Why is this policy important?

Establishing and maintaining a trust-based relationship with our clients is central to our effectiveness as a broker. Maintaining confidentiality as regards client information is fundamental to that trust.

Client information includes all information about the client that is collected or held by a person who gives Financial Advice. That includes information in work papers and records, and the Financial Advice given to the client. This includes personal information under the Privacy Act (which is information about an identifiable individual) but is broader as it also includes information relating to entities.

Standard 5 of the Code of Professional Conduct for Financial Advice Services (the Code) sets out clear requirements regarding the handling of client information. Client information is broader than personal information under the Privacy Act to the extent that it relates to personal information, however the standard is intended to be applied consistently with obligations under the Privacy Act.

This policy sets out our approach to dealing with client information. The policy should be read in conjunction with the Information Security Policy.


Our policy

We do this:

  • Ensure that client information is only used, retained, or disclosed:
    – for the purpose of giving Financial Advice to the client.
    – for another purpose, that is directly related to giving the Financial Advice.
    – if the use, retention, or disclosure is required or permitted by law; and
    – for another purpose, if the client has agreed.
  • Inform clients how their information will be collected, used, retained, or disclosed by providing a privacy notice.
  • Ensure that client information is retained only for as long as it is required for one or more of the above reasons (consistent with our record-keeping policy).
  • Allow clients to access and correct their personal information unless an exception under the Privacy Act applies.
  • Ensure that when the client information is no longer needed, it is returned to the client or disposed of securely in accordance with our Data Retention schedule, Record Keeping Policy, and Information Security Policy.
  • Appoint a Privacy Officer who understands their responsibilities under the Privacy Act.
  • Regularly train our people so they understand what we need to do to ensure compliance with privacy laws, spot and report privacy breaches, and manage privacy requests and corrections.
  • Ensure that physical and electronic security measures and protocols are maintained so that only authorised personnel of our FAP have access to client information.
  • If a privacy breach occurs that is likely to cause harm, we inform the individual and the Office of the Privacy Commissioner as soon as reasonable. If this is a material information security breach, we also notify the FMA.
  • Obtain consent from clients for their information to be provided to regulatory bodies should it be required for supervisory purposes.
  • Obtain consent before sending any electronic marketing messages and provide an unsubscribe mechanism.
  • When outsourcing and personal information is transferred offshore, we have contractual protections in place to provide the same protections under the NZ Privacy Act.


We don’t do this:

  • Leave client documents in an unsecure environment.
  • Use client information for any purpose other than that for which it was provided to us.
  • Breach client confidentiality by disclosing, verbally or in writing, client information to third parties without client consent.
  • Breach the information security protocols we have in place restricting who has access to client information, be it in physical or electronic form.
  • Hold client information for longer than is required for the purposes of the relationship and/or meeting legal requirements.



  • All brokers and employees receive induction and annual retraining on the contents of this policy.
  • Formal client consent to provision and use of information on file.
  • IT security and information access protocols in place.
  • Secure document storage and destruction facilities in place.


Ensuring compliance

  • Ongoing monitoring of broker and employee activity and behaviour.
  • Annual broker and employee attestations to policy adherence.
  • Review and audit of client files on a six-monthly basis.
  • Quarterly review of IT access protocols.

We are committed to providing the highest quality service to our clients, which is why we want to know if you are not satisfied with our service or advice, to see if we can put it right for you.

Please let us know if you are not satisfied with anything we have done by writing or emailing us at;

Duncan Colebrook

Stamford Insurance Brokers Limited

3/106 Bush Road, Rosedale, Auckland 0632

PO Box 305228 Triton Plaza, Auckland 0757

[email protected]

View the Full Legal Document Here

Building Warranty Insurance

Discover More

Fire and General Insurance

Discover More