Our Privacy Policy

Our privacy policy is based on the 12 principles of the Privacy Act and is summarised below.

This statement applies to Aro Assitant LP “Us”. 

  • We have clients who pay us for our service.

  • Our clients in turn have customers.

  • These parties are collectively called “you”

  • We hold information from you in a cloud based service. 

  • This policy relates to the privacy aspects of that part of our relationship.


Principle 1 – Purpose of Collection:

We will only collect information that we need in order to carry out our services which the client has engaged us to do and as we are required to by law.

Information to be collected:

  • Full legal name of all entities involved

  • Company, partnership, Trust details or sole trader details

  • IRD number

  • Address

  • Phone number

  • Email address

  • Accounting records

  • Legal documents including Trust deeds, solicitor statements, sale and purchase agreements

  • Details of related parties, such a contact details of beneficiaries

Principle 2 – Source of Information:

We will get the information directly from the client, but they may send a link (called a survey) to their customers.  In all cases we always obtain the consent of the individual concerned.

Other sources:

  • Where appropriate, from a holder of the Power of attorney

  • Where appropriate, from Parents

  • Spouse

  • Solicitor

Principle 3 – Collection Statement:

We will tell you how the information will be used in a privacy statement which is included in clause 15 of our terms & conditions (prior to signing).

Privacy Act 1993

The Client authorises us or our agent to:

  • Access, collect, retain and use any information about the Client;

    • for the purpose of providing agreed financial services including compliance, accounting, tax, advisory services and related services; or

    • for the purpose of marketing products and services to the Client.

    • for the purposes of providing support when requested by you

  • Disclose information about the Client, whether collected by us from the Client directly or obtained by us from any other source, to any party as directed by the Client, including a disclaimer statement from us.

  • Where the Client is an individual the authorities under clause 15.1 are authorities or consents for the purposes of the Privacy Act 1993.

  • The Client shall have the right to request us for a copy of the information about the Client retained by us and the right to request us to correct any incorrect information about the Client held by us.

Providing the information is optional, but we may not be able to carry out the work for you, or it may be inaccurate, unless we have the full information.


Principle 4 – Manner of collection:

We will obtain the information in a fair manner.   We will only ask our client for the information unless our client directs us otherwise.  If there are deficiencies in the information provided, we will discuss with our client how these deficiencies can be resolved.

We will collect data automatically about your logins (IP address and activities on our site).


Principle 5 – Storage & Security:

We will keep the information secure.

Measures taken to ensure security:

  • When you sign up to our subscription, our system generates a password and we require you to change this to your own password on first sign in.

  • You create and manage your own users.

  • If you use the survey tool, your customer only has limited rights to deal with that survey.

  • If we become aware there has been a data breach, our principles are to contain the breach, then evaluate what has occurred, and if the client is at risk then they are to be informed.  Measures to prevent a repeat of the breach are to be put in place.

  • In case of data breach, take the Privacy Office self-assessment to determine if the breach is to be reported to the Privacy Office https://privacy.org.nz/privacy-for-agencies/privacy-breaches/notify-us/evaluateTo report a breach, use the Privacy Office’s online reporting portal https://privacy.org.nz/privacy-for-agencies/privacy-breaches/notify-us/report-a-breach/We hold no paper records about you 


Principle 6 – Right of Access:

Clients have a right to access the information we hold about them.

Follow the chart below:

privacy flowchart.png

Source: Privacy 101 Workbook participant 17Dec15.pdf, Privacy Commissioner

Reasons we may withhold information:

  • May prejudice maintenance of the law, for example, where we report a suspicious transaction for AML purposes

  • May endanger the safety of any individual

  • May involve the unwarranted disclosure of the affairs of another individual

  • Information is confidentially supplied evaluative material

  • May prejudice physical or mental health

  • Information is not readily retrievable or does not exist or cannot be found

Principle 7 – Right of Correction:

Clients have the right to correct information we hold about them.

We will correct that information in our records when requested by you.

Principle 8 – Accurate Information:


We are to take care that the information we’re using is accurate, complete, relevant and up to date.

Our service is holding information put in place by you.   Our information is entirely dependent on you entering accurate information.

Principle 9 – Retention of Information:

We will only keep the information as long as you are our client, or we are required to by law – when a client is no longer our customer, we will archive the information.  The archives are scheduled for destruction in seven years’ time.  

Principle 10 – Use of information:

We will only use the information for the purpose set out in our engagement, or as instructed by the client.

Principle 11 – Disclosure of information:

We will only disclose this information as per our collection statement or if we have good reason to do so.

Reasons such as:

  • Disclosure is necessary to uphold or enforce the law

  • Disclosure is necessary for court proceedings

  • The person concerned authorised the disclosure

  • The information is going to be used in a form that does not identify the person concerned

  • Disclosure is necessary to prevent or lessen a serious threat to public health or safety or the life or health of the individual concerned

Principle 12 – Unique Identifiers:

We will only use unique identifiers where this is clearly allowed.

The unique identifiers we require are:

  • IRD number

  • Company Number / NZBN

  • In cases of AML, driver licence number / passport number