Privacy Policy

Read our full Privacy Policy here or see below.


We value the privacy of our Clients and other people whose Personal Information we hold. The purpose of this document is to help you understand what you can expect from us when we hold Personal Information about you.

This policy sets out how Govett Quilliam will comply with the Act and any other relevant privacy law with regard to the Personal Information we collect.

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see


This policy applies to Personal Information collected by Govett Quilliam. Part 6 of this policy applies to information we collect under the AML/CFT Act.


“Act” means the Privacy Act 2020.

“AML/CFT Act” means the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

‘“Clients” means persons who have engaged the services of Govett Quilliam and includes Potential Clients as defined below.

“Personal Information” means information about an identifiable individual (being a natural person, not a corporate body); as defined in the Act.

“Potential Clients” means persons who have inquired about Govett Quilliam’s services and/or have communicated with staff of Govett Quilliam in the context of potentially engaging our services in the future.


Information collection

We will only collect Personal Information where it is needed for a lawful purpose connected with a function or activity of Govett Quilliam.

Personal Information should be collected directly from the individual where possible, unless an exception listed in principle 2 of the Privacy Act 2020 applies and allows collection from a third party.

We collect personal information from the Govett Quilliam website;, through subscription or registration, any contact with us or when you use our services. We may also use third parties where you have authorised us to do so or if the information is publicly available. This may involve the use of cookies.

Personal Information shall not be collected by unlawful means or by means that are unfair or intrude to an unreasonable extent upon the personal affairs of the individual (except as required by other legislation such as the AML/CFT Act).

Once we have the information

We will ensure reasonable security safeguards protect the Personal Information we hold from loss, unauthorised use, and misuse.

We will not use Personal Information without taking reasonable steps (if any) to ensure it is accurate, up to date, complete, relevant, and not misleading.

Accessing and correcting the information

Where we hold Personal Information, the individual concerned shall be entitled to request a correction of the information and request that a statement of correction be attached to the Personal Information. Before the exercise of this right, we will need evidence to ensure that the individual making the request is the individual the Personal Information relates to.

Where we receive a request for correction of Personal Information, we will inform you of the action taken as a result of the request.

We are not required to correct the Personal Information if we disagree with the correction and will only do so if we think the correction is reasonable and we are reasonably able to change the Personal Information.

If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, email our Privacy Officer on the contact information provided below.

Retaining the information

We will not keep Personal Information for longer than reasonably required in accordance with the applicable law.

Disclosing information

Personal Information will only be used for the purpose for which it was collected, unless an exception listed in principle 10 of the Act applies and allows use for other purposes.

We will not disclose Personal Information to another person or agency unless we believe on reasonable grounds:

  • The disclosure is directly related to the purposes in connection with which the Personal Information was obtained;
  • The Personal Information is publicly available and disclosure is not unfair or unreasonable;
  • The disclosure is authorised by the individual concerned;
  • The Personal Information is to be used in a form where the individual concerned is not identifiable; or
  • Non-compliance is necessary for one or more of the reasons stated in principle 11 of the Act.

Disclosing information overseas

In accordance with principal 12 of the Act, we will only disclose Personal Information to third parties that are overseas where that country has privacy laws which are comparable to privacy laws in New Zealand.

Other applicable law 

These principles are subject to requirements in other Codes of Compliance or Acts of Parliament which may override or modify the principles, in which case we are not bound by them.


We hold all information relating to legal matters in strictest confidence in accordance with the Lawyers and Conveyancers Act (Lawyers: Conduct and Client Care) Rules 2008. Disclosure of certain information may be permitted or required in select circumstances.


This part of the policy applies to Personal Information we collect from Clients (including Potential Clients) under the AMT/CFT Act.

Information we are required to collect

Under the AML/CFT Act, we are required by law to properly identify Clients and collect certain information before we can act for them.

For individual Clients, we must obtain verification of identity and residential address. Different documentation may be required to provide verification. In some circumstances we will need to obtain additional information from you.

For companies, we must obtain verification of the company, the directors, verifying officers and agents, and beneficial owners. Different documentation may be required to provide verification. In some circumstances we will need to obtain additional information from you.

For public companies and/or government bodies, we must obtain verification of the company or government body and verification of verifying officers and agents. Different documentation may be required to provide verification. In some circumstances we will need to obtain additional information from you.

For partnerships, we must obtain verification of the partnership, verification of individual partners, any corporate partners, and verification officers and agents. Different documentation may be required to provide verification. In some circumstances we will need to obtain additional information from you.

For trusts, we must obtain verification of the trust, the identity and residential address of settlors, trustees, and beneficial owners, the source of wealth and source of funds for the trust, identification of the beneficiaries, and verification of verifying officers and agents. Different documentation may be required to provide verification. In some circumstances we will need to obtain additional information from you.

Privacy principles

With regard to the Personal Information we collect under the AML/CFT Act, we will comply with the privacy principles set out in this policy so far as we are reasonably able and are not required to do otherwise by law.

Our information process 

We hold information collected from Clients under the AML/CFT Act securely in our law practice software, Infinity Law, on our servers.

Fully encrypted back-ups of our servers are carried out at regular intervals throughout the day and all back-ups are securely replicated offsite on a daily basis. The information is protected by a professional anti-virus solution, a Unified Threat Management appliance, and strong password control for those with access to our systems.


We have a Privacy Officer who is responsible for:

  • Maintaining this Privacy Policy and relevant processes;
  • Supporting staff with complying with the Privacy Policy;
  • Liaising with third parties in respect of privacy matters, including the Privacy Commissioner or other relevant regulators;
  • Mandatory reporting to the Privacy Commissioner and any affected individuals where privacy breaches have or may cause serious harm;
  • Dealing with any requests we receive under the Act; and
  • Managing any privacy complaints received

For requests or complaints, please contact the Privacy Officer:

Peter Rothwell
Finance and Technology Manager
06 768 3726


We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.


This policy will be administered by Govett Quilliam's Finance Manager.

Policy Date:                             21 December 2020

Policy Review Date:                31 October 2021