top of page

Privacy Policy

Our Commitment to Protect your Privacy

We understand how important it is to protect your personal information. This sets out our privacy commitment in respect of personal information we hold about you and what we do with that information.

The purpose of this Privacy Policy is to outline how we collect, use, store and disclose your personal information to ensure we comply with our obligations under the Privacy Act 2020. This Privacy Policy applies in addition to, and does not limit, our rights and obligations under the Privacy Act and other applicable laws.

  • References in this Privacy Policy to “we“, “us” and “our” means Staircase Financial Management Limited and our Financial Adviser(s).

  • By providing us with personal information, engaging us to provide you with services, or by using our website, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, storage and disclosure of personal information in accordance with this Privacy Policy (as amended from time to time).

  • We may modify or amend this Privacy Policy from time to time for any reason by publishing an updated version on this page. If we make any material or significant changes, we will post a prominent notice in notifying users on our website or provide you with notice of such changes via email. By continuing to engage us or use our website, you will be deemed to have accepted the updated Privacy Policy.

  • When we refer to personal information, we mean any information that identifies, or is capable of identifying, a natural person. This includes, for example, your name, date of birth, address, contact details, occupation, insurance claims information, and lifestyle and health/medical information. 

    If you engage us to provide services to you, we may collect personal information about your financial situation in order to recommend or advise on our products that we are permitted to advise on. 

    If you can’t be identified (for example, where personal information has been aggregated and anonymised) then this Privacy Policy does not apply).

  • We collect information from you in a number of ways when you request or use our products or services.  For example, you might provide us with information:

    • at consultation

    • at application or claim time (including a digital form, for example);

    • when signing up to our services 

    • when you subscribe to any newsletter;

    • when you participate in, surveys, competitions or promotions; or

    • when you contact us (over the phone, through email, social media or letter), or visit our website; and 

    • when you provide personal information during conversations between you and us.

    Where possible and practical to do so, we will collect personal information directly from you.  We generally record inbound and outbound telephone calls for operational purposes such as complaint handling and reporting, quality assurance, and staff training.

    We may also collect your personal information from:

    • Product Providers (e.g. insurance or lenders we have arranged on your behalf, in order to answer your queries or assist you with your financial arrangements as your circumstances change). 

    • If applicable, the Product Providers may also periodically disclose your premium or lending information to us in connection with the payment of ongoing commission to us regarding your insurance and lending and

    • any other person authorised by you or the Privacy Act.

  • We collect your personal information for the purposes of our and relevant third parties’ services and relationship with you, such as:

    • responding to your requests or inquiries;

    • providing services to you (e.g. to enable us to recommend products to you);

    • sending communications and direct marketing to you about products and services we think may be of interest to you, in accordance with your marketing preferences (whether through mail, telephone or electronic means (including email and SMS/MMS);

    • market research; and

    • any other purpose authorised by you or the Privacy Act.

    If you do not wish to receive marketing information, you may ‘opt out’ at any time by notifying us.

    We may also collect personal information (including credit information and health information) on behalf of the insurers and lenders and other providers of Products that you choose to apply for. Product Providers will have their own Privacy Policy that applies to the information that we collect on their behalf. These may be different to that set out in this document. We recommend that you carefully read and familiarise yourself with such privacy terms of any third party with whom we are required to share your personal information. 

  • We may disclose your personal information to the following people if we consider it necessary to do so for the purpose described in section ‘Why we collect your personal information’:

    • Product Providers and other prospective third parties or other intermediaries in relation to your lending and insurance requirements (including any person with whom an insurer or lender proposes to enter into contractual arrangements, any person who provides a guarantee or security and any trustee and any assignee or potential assignee of insurer’s rights);

    • our referral partners who can help you with other services; contractors or service providers;

    • third party services providers who assist and enable us to use the personal information, for example, our payment providers and marketing partners;

    • any entity that has an interest in our business or any entity to whom we consider assigning or transferring any of our rights or obligations or selling all or part of our business;

    • anyone who we are legally required or authorised to share your information with, including regulators and government agencies;

    • to auditors to ensure we are providing services to you that are in your best interests, and in accordance with current regulations; and 

    • any other person or entity authorised by you or the Privacy Act.

    We may also disclose information about someone whose activities could cause harm to themselves or others (e.g. fraud). Where possible and appropriate, we will notify you of this type of disclosure.

  • We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside New Zealand.

    With the exception of cloud storage, we may not disclose your personal information to overseas third parties unless the jurisdiction of that third party provides similar safeguard to those in the Privacy Act.

  • When you visit our websites, we may record general information about your visit and usage for statistical purposes, such as your IP address and what features you used.  Some of this information is collected using cookies. 

    Cookies are small text files that your browser stores when you visit websites. They enable us to provide Services to you, and help us understand how online visitors use our websites. Cookies do not identify you personally but do identify your computer. 

     

    While our cookies do not collect personal information, if you submit your name and email address as part of your usage, then we will link that personal information with the cookies information that we have previously collected from you.​

    Most web browsers are set to accept Cookies.

    Our websites also use cookies to promote products and services from us and our partners on third party websites (including Google) to visitors of our websites. No personally identifiable data is collected for this advertising.

    You can decide not to accept cookies through your browser settings however, this may affect your ability to use some of the products or services on our website.  

  • We use systems such as Google Analytics, Hotjar, Crazy Frog or similar on our website to measure anonymised site activity for the purposes of improving our services. We use other tools in order to promote Staircase Financial Management Limited and our services and optimise user experiences. Including but not limited to Google's Remarketing feature, Facebook's Remarketing feature, Survey Monkey, or similar.

  • We understand the importance of protecting the personal information we hold about our clients. Personal information is retained only for as long as necessary to achieve the purpose for which it was collected and as required by relevant legislation or regulations.

    We take comprehensive steps to keep your personal information safe from misuse, interference, loss, unauthorised access, or modification by:

    • Securing personal information in both physical and electronic form

    • Limiting access only to authorised personnel who require it to deliver our services

    • Protecting our systems with advanced encryption, secure VPNs, and regular penetration testing

     

    While no system can ever be completely immune from cyber threats, we use industry-leading technology and regular security reviews to minimise risk and maintain ongoing protection.

     

    In 2020, Staircase experienced an isolated cybersecurity incident involving an old, inactive server managed by a third-party IT provider. The incident was contained immediately, and the provider accepted full responsibility for the vulnerability. Importantly, no financial losses, identity theft, or client harm occurred as a result.

    Following the incident, we:

    • Engaged CERT NZ and fully cooperated with Interpol and the FBI

    • Supported international investigations that led to the hacker’s arrest and conviction

    • Upgraded our IT infrastructure, changed providers, and implemented stricter cybersecurity protocols

     

    We have reinforced our security and have undergone rigorous testing and continuous security monitoring. We have had no further incidents, and all client data is now stored within a fully encrypted, modern infrastructure.

    If an unauthorised privacy breach occurs and is likely to cause serious harm, we will promptly report it to the relevant authority and notify affected clients as soon as possible.

    We value the trust our clients place in us and remain committed to maintaining the highest standards of data protection, integrity, and transparency in everything we do.

  • You are not required to provide any personal information to us but if you choose not to it might affect our ability to provide services to you and your ability to obtain insurance, lending and other products from Product Providers.

    In most circumstances, it will be necessary for us to identify you in order to successfully do business with you. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about promotional offers.

    You may choose to interact with our website anonymously, but we will not be able to contact you unless you provide your personal information.

  • The Privacy Act gives you the right to access and correct personal information held by us. Please contact Staircase Financial Management Limited if you: 

    • would like to access or revise your personal information; or

    • believe that the information we currently have on record is incorrect or incomplete. 

    Generally, we will send you electronic copies of any information we provide to you. We may charge you reasonable expenses for costs incurred in accessing your personal information (including searching and copying costs). 

bottom of page