PRIVACY POLICY

We understand how important it is to protect your personal information. This document sets out our privacy commitment in respect of personal information we hold about you and what we do with that information.

Arran Point.jpg

OUR COMMITMENT TO PROTECT YOUR PRIVACY

We understand how important it is to protect your personal information. This document sets out our privacy commitment in respect of personal information we hold about you and what we do with that information.

It is important to us that you are confident that any personal information we hold about you will be treated in a way which ensures protection of your personal information.

Our commitment in respect of personal information is to abide by the Privacy Principles set out in the Privacy Act 2020 (or any successor legislation) (the Privacy Act) and all other applicable laws.  This Privacy Policy applies in addition to, and does not limit, our rights and obligations under the Privacy Act and other applicable laws. 

Who are we References in this Privacy Policy to “we", “us” and “our” means ADVOCO Mortgages & Insurance Limited, acting through Steve McGowan a Licensed Financial Adviser under license of ADVOCO Mortgages & Insurance Limited issued by the Financial Markets Authority. 

YOUR AUTHORISATION  

By providing us with personal information, engaging us to provide you with services, or by using our website, you consent to the collection, use, storage and disclosure of personal information in accordance with this Privacy Policy.

CHANGES TO OUR PRIVACY POLICY 

We may change our Privacy Policy from time to time, by publishing an updated version on this page, to reflect changes in the law and also our business needs so long as the changes do not disadvantage you.  By continuing to engage us or use our website you will be deemed to have accepted the updated Privacy Policy.

WHAT PERSONAL INFORMATION DO WE COLLECT?

When we refer to personal information we mean information that identifies, or is capable of identifying, you.  This includes, for example, your name, date of birth, address, contact details, account details and occupation.

If you engage us to provide services to you, we may collect personal information about your financial situation or goals in order to recommend mortgage and insurance products that we are permitted to advise on (Products).  

WHY DO WE COLLECT YOUR PERSONAL?

We collect your personal information for the purposes of our and relevant third parties’ services and relationship with you (refer below: “Who do we disclose your personal information to?”).  For example: 

  • responding to your requests or inquiries; 

  • providing services to you (e.g. to enable us to recommend Products to you); 

  • sending communications and direct marketing to you about products and services we think may be of interest to you (whether through mail, telephone or electronic means (including email and SMS/MMS); 

  • market research; and 

  • any other purpose authorised by you or the Privacy Act.

If you do not wish to receive marketing information, you may ‘opt out’ at any time by notifying us.  

We may also collect personal information (including credit information and health information) on behalf of the lenders, insurers and other providers of Products that you choose to apply for (Product Providers).  Product Providers will have their own Privacy Policy that applies to the information that we collect on their behalf. 

HOW DO WE COLLECT YOUR PERSONAL INFORMATION??

Generally we will collect your personal information directly from you. For example, we collect your personal information directly from your use of our website or through our secure CRM (customer relationship management) system and the information that you submit to the website. We also collect your personal information if you use the “contact us” functionality on our website and you provide the personal information during conversations between you and us.

We may also collect your personal information from:

  • credit reporting agencies;

  • with your authorisation, banks and employers;

  • Product Providers (e.g. during the term of any loan or insurance we have arranged on your behalf, in order to answer your queries or assist you with your financial arrangements as your circumstances change).  If applicable, the Product Providers may also periodically disclose your loan balance or premium to us in connection with the payment of ongoing commission to us over the term of your loan or insurance; and 

  • any other person authorised by you or the Privacy Act. 

If you provide any personal information about anyone else to us, you confirm that you have collected that personal information in accordance with the Privacy Act and that the individual concerned has:

  • authorised the disclosure to us and the collection, use and disclosure of their personal information by us in accordance with this Privacy Policy; and

  • has been informed of their right to access and request correction of their personal information.

UPDATING YOUR PERSONAL INFORMATION

We will generally rely on you to ensure the information we hold about you is accurate. If any of your details change, please let us know as soon as possible by contacting us. You can login to your CRM portal anytime to update your personal details. 

WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?

We may disclose your personal information to the following people if we consider it necessary to do so for the purposes described in the section above:

  • Product Providers and other prospective lenders, third parties or other intermediaries in relation to your finance or insurance requirements (including a prospective lender’s mortgage insurer (if any), any person with whom a lender or insurer proposes to enter into contractual arrangements, any person who provides a guarantee or security and any trustee and any assignee or potential assignee of a lender’s or insurer’s rights);

  • our referral partners who can help you with other services;

  • contractors or service providers;

  • investors, or any entity that has an interest in our business or any entity to whom we consider assigning or transferring any of our rights or obligations or selling all or part of our business;

  • anyone who we are legally required or authorised to share your information with, including regulators and government agencies; 

  • to auditors to ensure we are providing services to you that are in your best interests, and in accordance with current regulations; 

  • your employer and referees, as well as credit reporting and identity verification agencies; and

  • any other person or entity authorised by you or the Privacy Act.

 

You acknowledge and agree that credit reporting agencies may hold your credit information (including default information) on their systems and use such information to provide their credit reporting services, which may include providing your credit information (including default information) to their customers.

Prior to disclosing any of your personal information to another person or organisation, we will take all reasonable steps to satisfy ourselves that the person or organisation has a commitment to protecting your personal information at least equal to our commitment.

DO WE DISCLOSE YOUR PERSONAL INFORMATION TO ANYONE OUTSIDE NEW ZEALAND?

We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside New Zealand. The cloud storage is secure and protected using Microsoft Azure.

OUR WEB SITE

Cookies and IP addresses

When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer each time you visit our website. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited, to measure transaction patterns, to analyse trends, administer the website, track users’ movements and gather broad demographic information. We use this to research our users’ habits so that we can improve our website and our service offering. Our cookies may record information such as your Internet Protocol (IP) address (that is, the electronic addresses of computers connected to the internet), your device and browser type, operating system, the pages or features of our site to which you have browsed and the time spent on those pages or features, the frequency with which the site is used by you, the search terms that you have used, the links on our site that a you have clicked on or used, and other usage statistics.

While our cookies do not collect personal information, if you submit your name and email address as part of your usage, then we will link that personal information with the cookies information that we have previously collected from you. 

If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

SECURITY

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

 

Links and third party Online Application

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website we are not responsible for other privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

 

Security on our Online Application

Our Secure Online Application is provided by CRM Trail (Customer Relationship Management) which has the responsibility of storing very confidential information about your assets and finances. CRM Trail take great care to ensure that their security measures are sufficient for this sensitive task.

Compliance & certifications

  • CRM Trail is certified under the ISO 27001 cyber security standard. This certification shows that they maintain your Information Security Management System (ISMS) to an internationally recognised level.
    - ISO/IEC 27001:2013. 

  • CRM Trail is compliant with the Privacy Act 2020. They are committed to transparency of the security processes they use to protect your data.

  • CRM Trail understand the new requirements under the Financial Services Legislation Amendment Act 2019 (FSLAA). They retain your data for a minimum of 7 years for audit purposes.
     

Product infrastructure

CRM Trail use industry leading cloud infrastructure to keep the information you store in CRM Trail secure.

  • Microsoft hosts their products. Their software and your data is hosted through Microsoft Azure. Azure has a long list of data security certifications and extensive physical security.

  • Your data is stored in Australia. While Azure provides hosting all over the globe, their primary data centre is in Eastern Australia.

  • Your data is encrypted at rest and in transit. Their database is protected with encryption and their service does not allow non-HTTPS traffic.

  • CRM Trail infrastructure is protected by a firewall. They require special network access to administrate their servers and software in addition to other credentials.
     

Data security & loss prevention

Trail CRM is a cloud service and relies heavily on other cloud services. This means that the integrity of their data is outsourced to dependable companies like Microsoft and Google.

  • The data you store in CRM Trail is backed up regularly. They schedule automatic database backups to mitigate the unlikely event of loss or corruption. These backups are stored in a different part of Australia.

  • Ransomware attacks are mitigated through cloud storage. They don't rely on local storage for important information. All your data is backed up with version history.

  • DDoS attacks are mitigated through Azure. Microsoft has infrastructure capable of withstanding DDoS attacks.

  • CRM Trail encrypt their devices to secure the information on them. Information on their devices is unreadable without their decryption keys, even if they are stolen by a sophisticated party.

  • They only use websites that serve HTTPS. Their web browsers prevent them from visiting websites that don't meet web security standards.

ARE YOU REQUIRED TO PROVIDE PERSONAL INFORMATION TO US?

You are not required to provide any personal information to us but if you choose not to it might affect our ability to provide services to you and your ability to obtain finance, insurance and other Products from Product Providers.

In most circumstances it will be necessary for us to identify you in order to successfully do business with you.  However, where it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information, for example, if you make general inquiries about interest rates or current promotional offers.

You may choose to interact with our website anonymously, but we will not be able to contact you unless you provide your personal information.

ACCESS AND CORRECTION TO YOUR PERSONAL INFORMATION

You may access and request correction of any of the personal information that we hold about you at any time by contacting us. We may charge a fee for our reasonable costs of retrieving and supplying the information to you.

FURTHER INFORMATION 

If you have any questions on our Privacy Policy or your personal information please contact us.

This Privacy Policy was last updated on March 2022.