Client Privacy Policy for The Loan Supply Company 

Our commitment to protect your privacy

We understand how important it is to protect your personal information. This document sets out our privacy commitment in respect of personal information we hold about you and what we do with that information.

It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.

Our commitment in respect of personal information is to abide by the Privacy Principles set out in the Privacy Act 2020 (or any successor legislation) (“the Privacy Act”) and all other applicable laws. This Privacy Policy applies in addition to, and does not limit, our rights and obligations under the Privacy Act and other applicable laws.

Policy purpose

The purpose of this Privacy Policy is to inform our clients and any users of our digital platforms (i.e. our website, [social media pages and app]) about how we comply with the requirements of the New Zealand Privacy Act in managing information.

Who are we?

References in this Privacy Policy to “we", “us” and “our” means CSFS Limited T/A The Loan Supply Company acting through a Financial Adviser.

Your authorisation

By providing us with personal information, engaging us to provide you with services, or by using our website, you consent to the collection, use, storage and disclosure of personal information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not contact us through any of our digital platforms, please call us on 0800 10 11 36 

Changes to our Privacy Policy

We may change our Privacy Policy from time to time, by publishing an updated version on this page, to reflect changes in the law and also our business needs so long as the changes do not disadvantage you. By continuing to engage us or use our website you will be deemed to have accepted the updated Privacy Policy. You may also obtain a copy of the latest version by calling us on 0800 10 11 36

Collection of personal information

Personal Information is defined in the Privacy Act as information about an identifiable individual (a natural person as opposed to a company or other legal entity).   

What personal information do we collect?

The types of personal information we collect will vary depending on the nature of your dealings with us. We only collect personal information that is necessary. Where reasonable and practicable, we will collect your personal information directly from you and inform you that we are collecting it. We will only collect personal information that is necessary. When we refer to personal information, we mean information that identifies, or is capable of identifying, you.

Generally, the types of personal information we collect and hold include your:

  • Name;

  • Date of birth;

  • Contact details (such as your email address, postal address, phone number);

  • Details relating to your use of any product and/or service offered by us;

  • Details of your enquiry;

  • Details of any preferences you tell us about (such as subscription preferences);

  • If you engage us to provide services to you, we may collect personal information about your financial situation, health information or goals in order to recommend mortgage and insurance products that we are permitted to advise on.

Why do we collect your personal information?

We collect your personal information for the purposes of our and relevant third parties’ services and relationship with you (refer to section 11 below: “Who do we disclose your personal information to?”). For example:

  • responding to your requests or inquiries;

  • providing services to you (e.g. to enable us to recommend Products to you);

  • sending communications and direct marketing to you about products and services we think may be of interest to you (whether through mail, telephone or electronic means (including email and SMS/MMS) (If you do not wish to receive marketing information, you may ‘opt out’ at any time by notifying us.);

  • market research; and

  • any other purpose authorised by you or the Privacy Act.

Product Providers will have their own Privacy Policy that applies to the information that we collect on their behalf.

We also have an obligation to maintain personal information to disclose to regulatory and similar bodies - (refer to section 11 below: “Who do we disclose your personal information to?”).  These bodies have a legal right to such information.

How do we collect your personal information?

Generally, we will collect your personal information directly from you. For example, we collect your personal information directly from your use of our website and the information that you submit to the website. We also collect your personal information if you use the “contact us” functionality on our website and you provide the personal information during conversations between you and us.

We may also collect your personal information from:

  • Over the telephone or a video call (such as over Google Meeting, Zoom) e.g. when you contact our staff;

  • communications through digital channels such as but not limited too: Gmail, Google Workspace, Zoom, Cal.com, Whatsapp, mailchimp, phone, txt, facebook, instagram and linkedIn;

  • When you participate in a marketing campaign, competition or promotion (or a similar event) administered by us or our representatives;

  • Publicly available sources e.g. via the internet;

  • Your professional advisers e.g. such as sharebroker, solicitor and/or accountant;

  • NZ Financial Services Group Limited (NZFSG) and its related bodies corporate;

  • credit reporting agencies;

  • with your authorisation, banks (e.g. through the use of illion Bank Statements) and employers;

  • with your authorisation, file invite (a document collection program allowing us to check off required documents as they are provided);

  • Product Providers (e.g. during the term of any loan or insurance we have arranged on your behalf, in order to answer your queries or assist you with your financial arrangements as your circumstances change). If applicable, the Product Providers may also periodically disclose your loan balance or premium to us in connection with the payment of ongoing commission to us over the term of your loan or insurance;

  • any other person authorised by you or the Privacy Act.

If it is not obvious that we are collecting personal information from you, we will do our best to make it clear to you so that you are always aware when information is being collected.

We collect your personal information from the above parties (other than publicly available sources) where we have received your express consent to do so. We are not responsible for the privacy or security practices of the above parties and the parties described above are not covered by this Privacy Policy.  

If you provide any personal information about anyone else to us, you confirm that you have collected that personal information in accordance with the Privacy Act and that the individual concerned has:

  • authorised the disclosure to us and the collection, use and disclosure of their personal information by us in accordance with this Privacy Policy; and

  • has been informed of their right to access and request correction of their personal information.

Updating your personal information

We will generally rely on you to ensure the information we hold about you is accurate. If any of your details change, please let us know as soon as possible by contacting us.

Who do we disclose your personal information to?

We may disclose your personal information to the following agencies (but not limited to) if we consider it necessary to do so for the purposes described in section 8 above:

  • NZFSG and its related bodies corporate;

  • Product Providers and other prospective lenders, third parties or other intermediaries in relation to your finance or insurance requirements (including a prospective lender’s mortgage insurer (if any), any person with whom a lender or insurer proposes to enter into contractual arrangements, any person who provides a guarantee or security and any trustee and any assignee or potential assignee of a lender’s or insurer’s rights);

  • our referral partners who can help you with other services;

  • contractors or service providers;

  • lenders, insurers and other providers of Products that you choose to apply for;

  • investors, or any entity that has an interest in our business or any entity to whom we consider assigning or transferring any of our rights or obligations or selling all or part of our business;

  • anyone who we are legally required or authorised to share your information with, including regulators and government agencies;

  • our external dispute resolution service;

  • your solicitor;

  • Credit reporting and debt collecting organsations;

  • Any outsourced service provider who assists in their services we are required to carry out such as auditor’s and external compliance reviewers, to ensure we are providing services to you that are in your best interests, and in accordance with current regulations;

  • your employer and referees, as well as credit reporting and identity verification agencies; and

  • any other person or entity authorised by you or the Privacy Act.

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that the person or organisation has a commitment to protecting your personal information at least equal to our commitment.

If we don’t need to share your information with a third party in order to provide advice and services to you, we will not pass on your information to them without your consent. Under no circumstances will we sell or receive payment for disclosing your personal information.

Storage and protection of your personal information

We may electronically record and store personal information which we collect from you. When we do so, we will take all reasonable steps to keep it secure and prevent unauthorised disclosure.

However, we cannot promise that your personal information will not be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices, it is important that you keep these confidential and do not allow them to be used by any other person. You should notify us immediately if the security of your password or security device is breached, this will help prevent the unauthorised disclosure of your personal information.

Some information we hold about you will be stored in paper files, but most of your information will be stored electronically on physical hard drives [and/or] on the cloud, by cloud service providers – see “Cloud-based service providers” below.

We use a range of physical and electronic security measures to protect the security of the personal information we hold, including:

  • Access to information systems is controlled through identity and access management;

  • Our buildings are secured with a combination of locks, monitored alarms and cameras to prevent unauthorised access;

  • Employees are bound by internal information security policies and are required to keep information secure;

  • Employees are required to complete training about information security and privacy; 

  • When we send information overseas or use service providers to process or store information, we put arrangements in place to protect your information;

  • We regularly monitor and review our compliance (and our service providers’ compliance) with internal policies and industry best practice.

  • We only keep information for as long as we need it, or as long as the law requires us to. We have a records management policy that governs how we manage our information and records to make sure we destroy any information that is outdated, irrelevant or unnecessary.

Cloud-based service providers

We use third party service providers to store and process most of the information we collect. We use;  

  • NZSFG with cloud servers located in Australia;  

  • Gmail with cloud servers located Worldwide;

  • Fileinvite with cloud severs based off Amazon AWS global backbone infrastructure;   

  • Bankstatements.com with cloud servers based in Australia.

We also use third party systems to gather and collate your information, these systems temporarily store information to CSFS Ltd devices. We use apps and programs such as but not limited to; Cal.com and Adobe PDF.

All submitted information in our website is automatically deleted every 30 days. 

Our social media accounts are regularly checked and conversations deleted once completed.

We ensure that our cloud-based service providers are subject to appropriate security and information handling arrangements and that the information stored or processed by them remains subject to confidentiality obligations.

Timeframes for keeping personal information

We take reasonable steps to destroy or permanently de-identify any personal information as soon as practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate business purpose with it. 

In the case of information that relates to our advice services or products or services we have provided, we are required by law to hold this information for seven years. After this time, provided that the personal information is no longer relevant to any service we are providing you, we will take reasonable steps to safely destroy or de-identify any personal information. 

We have a records keeping policy that governs how we manage our information and records to enable us to destroy any information that is outdated, irrelevant or no longer necessary.

If there is a privacy breach

We work hard to keep your personal information safe. However, despite applying strict security measures and following industry standards to protect your personal information, there is still a possibility that our security could be breached. If we experience a privacy breach, where there is a loss or unauthorised access or disclosure of your personal information that is likely to cause you serious harm, we will, as soon as we become aware of the breach.

  • Seek to quickly identify and secure the breach to prevent any further breaches and reduce the harm caused.

  • Assess the nature and severity of the breach, including the type of personal information involved and the risk of harm to affected individuals;

  • Advise and involve the appropriate authorities where criminal activity is suspected;

  • Where appropriate, notify any individuals who are affected by the breach (where possible, directly);

  • Where appropriate, put a notice on our website advising our clients of the breach; and

  • Where appropriate notify the Privacy Commissioner.

Do we disclose your personal information to anyone outside New Zealand?

We may send your personal information outside New Zealand, including to overseas members of NZFSG’s related companies and overseas service providers or other third parties who process or store our information, or provide certain services to us. 

Where we do this, it does not change any of our commitments to you to safeguard your privacy. We make sure that appropriate security and information handling arrangements are in place and the information remains subject to confidentiality obligations.

We use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside New Zealand.

All countries have different privacy laws and information protection standards. If we need to send your personal information to a country that has lower standards of information protection than in New Zealand, we will take appropriate measures to protect your personal information. Where it is not possible to ensure that appropriate security and information handling arrangements are in place, we will let you know and gain your consent prior to sending your personal information overseas.

Our Website

Cookies and IP addresses When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer each time you visit our website. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited, to measure transaction patterns, to analyse trends, administer the website, track users’ movements and gather broad demographic information. We use this to research our users’ habits so that we can improve our website and our service offering. Our cookies may record information such as your Internet Protocol (IP) address (that is, the electronic addresses of computers connected to the internet), your device and browser type, operating system, the pages or features of our site to which you have browsed and the time spent on those pages or features, the frequency with which you use the site, the search terms that you have used, the links on our site that a you have clicked on or used, and other usage statistics.

While our cookies do not collect personal information, if you submit your name and email address as part of your usage, then we will link that personal information with the cookies information that we have previously collected from you.

If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

Security

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

Links and third party advertisements

Our website may contain links to other websites operated by third parties. Our website may also display advertisements, which are hosted by third parties.

We make no representations or warranties in relation to the privacy practices of any third party website or advertisement providers and we are not responsible for other privacy policies or the content of any third party website or advertisements. 

Third party websites are responsible for informing you about their own privacy practices. In addition, we have no knowledge of (or control over) the nature, content, and availability of those websites. We do not sponsor, recommend, or endorse anything contained on these linked websites. We do not accept any liability of any description for any loss suffered by you by relying on anything contained or not contained on these linked websites.

Our online advertising network partner may use cookies, web beacons or other web tracking techniques to collect non-personally identifiable information about your activities on the website and other websites that you may visit to provide you targeted advertising based upon your interests.

Online device information and cookies

If you are visiting us through our website, facebook, Instagram or other online, app or social media means then we collect information about your use and experience on these by using cookies. Cookies are small pieces of information stored on your hard drive or on your mobile browser. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.

The cookies we send to your computer, mobile phone or other device cannot read your hard drive, obtain any information from your browser or command your device to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any non-CSFS Ltd website or app.

When you interact with us through our website and social media pages the information collected through the cookies may include:

  • The date and time of visits;

  • Website page (or pages) viewed;

  • The website from which you accessed the internet and our website or other digital platform;

  • How you navigate through the website and interact with pages, including any fields completed in forms and applications completed;

  • Information about your location;

  • Information about the device used to visit our digital platform; and

  • IP address (or addresses), and the type of web browser used.

We will not ask you to supply personal information publicly over Facebook or any other social media platform that we use]. Sometimes we may invite you to send your details to us through a private message, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions, but we would require your express consent prior to us including you in such activities.

Chat Bots

A bot is a piece of software that is programmed to do certain tasks, such as responding to certain phrases with programmed responses. A bot acts in accordance with its instructions, imitating a human user’s behaviours, but without a human behind it. When you talk to a bot from a third party platform such as our website and Facebook Messenger, our third party service provider will temporarily store and analyse your conversation so that the bot can talk back to you. You can read facebook’s privacy policy here. The third-party platform provider Facebook Messenger may also store your bot conversation. We recommend that you do not share sensitive personal information, such as bank account details, with a bot.

Are you required to provide personal information to us?

You are not required to provide any personal information to us but if you choose not to it might affect our ability to provide services to you and your ability to obtain finance, insurance and other Products from Product Providers.

In most circumstances it will be necessary for us to identify you in order to do business with you successfully. However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.

You may choose to interact with our website anonymously, but we will not be able to contact you unless you provide your personal information.

Access and correction to your personal information

You have the right to request access to, correct and, in some circumstances, delete your personal information. You can do so by contacting us at:

CSFS Ltd T/A The Loan Supply Company 
364 Dunns Crossing Road, Rolleston, 7614
email: hello@loansupply.nz
phone: 0800 10 11 36

When you contact us with such a request, we will take steps to update or delete your personal information, provide you with access to your personal information and/or otherwise address your query within a reasonable period after we receive your request. To protect the security of your personal information, you may be required to provide identification before we update or provide you with access to your personal information.

We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements.

There is no fee for requesting that your personal information is corrected or deleted or for us to make corrections or deletions. In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.

There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give you access or to correct or delete your personal information, we will let you know our reasons, except if the law prevents us from doing so.

If we refuse your request to correct or delete your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

If we refuse your request to access, correct or delete your personal information, we will also provide you with information on how you can complain about the refusal.

Privacy Policy queries and concerns

If you are concerned about how your personal information is being handled or if you feel that we have compromised your privacy in some way, please contact us at:

CSFS Ltd T/A The Loan Supply Company
364 Dunns Crossing Road, Rolleston, 7614
email: hello@loansupply.nz
phone: 0800 10 11 36  

We will acknowledge your complaint within three working days of its receipt. We will let you know if we need any further information from you to investigate your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five working days, but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

If you are not satisfied with our response to any privacy related concern you may lodge a complaint on the Privacy Office website (www.privacy.org.nz) or send a complaint to the Privacy Commissioner at: 

Office of the Privacy Commissioner
P O Box 10 094
Wellington 6143, New Zealand
Fax: 04 474 7595

Email: enquiries@privacy.org.nz 
Telephone: 0800 803 909
Website: www.privacy.org.nz