Privacy Policy

Introduction

Cambridge Partners Limited (we, us, our) complies with the Privacy Act 2020 (“the Act”) and, where applicable, the European Union’s General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR). We take reasonable steps to ensure that overseas recipients are subject to privacy protections comparable to those required under the Privacy Act 2020. This may include contractual obligations or other safeguards as permitted by the Privacy Act 2020. More information on the Act is available at the Office of the Privacy Commissioner.

Personal information is information about an identifiable individual (a natural person). We collect personal information relevant to our business activities, including information required to provide services, meet legal and regulatory obligations, and manage our relationship with you.

This policy covers the basis on which we will collect, store, handle, use, disclose and protect your personal information. This policy does not limit or exclude any rights under the Act.

About Us

Cambridge Partners Limited (company number 899861) is incorporated in New Zealand. Our registered office is Croys Limited, Level 2, 161 Burnett Street, Ashburton 7700 and our office is located at Level 5, Anthony Harper Tower, 62 Worcester Street, Christchurch, New Zealand.

What Personal Information Do We Collect About You

We collect personal information to carry out the functions and activities necessary to provide our services or engage with you. If you choose not to provide some personal information we request, we may be unable to provide our services or engage with you.

Generally, information will be collected directly from you, and this information may include :

Your name and date of birth, email address, postal address, residential address, contact telephone numbers and, where relevant, vehicle registration details.
Financial information, such as your bank account number, tax details, financial goals and objectives, current and past personal financial circumstances, including information relating to assets, liabilities and investments, details of family members where relevant to your financial circumstances or advice, and details of your professional advisers. Additionally, we may collect legal documentation, tax returns or financial statements, and other information to obtain a full understanding of your personal financial circumstances and objectives, and to determine suitability for the services we offer.
Your identity verification information required to comply with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, including copies of photographic identity documents.

We may use for the purpose of electronic identity verification a third-party GPG Cloudcheck, which uses databases, including the Department of Internal Affairs, Land Information New Zealand, Centrix, Illion (NZ and Australia), Equifax, New Zealand Transport Agency, New Zealand Companies Office, GDC Australia or other entities for that purpose.

We may also use facial recognition images with passive liveness detection collected directly from you (via a Cloudcheck GPG Biometric link provided and completed by you). Biometric information is collected solely for identity verification purposes and captured in accordance with the Biometric Processing Privacy Code 2025. Biometric information is not used for marketing or profiling purposes and is retained only for as long as required to complete identity verification and meet our legal obligations.

Information required to satisfy our legal and regulatory obligations to comply with Code of Professional Conduct for Financial Advice Services, Discretionary Investment Management Service (DIMS) and Financial Advice Provider Licence Obligations.
Meeting file notes or transcripts of meetings using our recording tool, Contented (subject to your permission, which may be withdrawn at any time), to comply with our record-keeping obligations.
Any correspondence between you and us.
Information about which of our services you use and how you use those services, including the activities and transactions you undertake.
Preference information, such as your marketing and communication preferences, event invitations and newsletters. You may unsubscribe from marketing or informational emails at any time by using the unsubscribe link included in our communications.

For employees or prospective employees, we will collect HR employee information, including police and Equifax credit checks, Curriculum Vitae, reference checks, publicly available information, banking details, evidence of qualifications, employment contracts and records, and emergency contact details.

Who We Collect Your Personal Information From

Generally, we collect personal information directly from you, including via our website and related services, registration or subscription processes, communications through third‑party platforms (such as Eventbrite or social media services, including LinkedIn or Facebook), telephone calls, emails, in‑person meetings, or when you use our services.
We may collect your personal information from third parties where you have authorised this. That information may be verified or provided by third parties, such as regulatory bodies, government agencies, financial institutions, custodians, electronic verification providers or publicly available sources. Additionally, we collect police, credit and reference information for prospective employees (subject to your approval).
We may collect personal information about another individual from you when you choose and have the authority to provide it. If you provide us with personal information about others, or if others give us your personal information, we will only use that personal information for the specific purpose for which it was provided to us, or as otherwise permitted by the Act.

If we collect your personal information from someone other than you, we will take reasonable steps to make sure you are aware of:

The fact that your personal information has or will be collected.
What the information is and the purpose of collection, and the intended recipients of the information.
Our identity and contact details, and your rights to access and correct information.
Whether the collection is authorised or required by law (and which law).

Notification may be provided by direct communication, onboarding documentation, or other reasonable means, having regard to the circumstances.

Third-party service providers we collect information from and provide information to are governed by the privacy policies and/or practices of the relevant third party. While we take reasonable steps to select and monitor reputable providers, we are not responsible for their independent practices.

In some circumstances, we may not be required to notify you where an exception under the Privacy Act 2020 applies, including where you have already been made aware of the collection or notification would be impracticable, unlawful, or would prejudice lawful purposes.

How We Use Your Personal Information

We may use your personal information to:

Conduct business, provide our services and information, and communicate with you
Verify your identity and comply with our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 and other relevant legislation
Market our services, provide newsletters and event invitations to you (you may opt out of marketing communications at any time without affecting our ability to provide services to you)
Invoice you and collect payment for amounts owed to us
Meet employment/pre-employment requirements
Comply with our legal and regulatory obligations
Conduct research and statistical analysis (on an anonymised basis)
Protect and/or enforce our legal rights and interests, including defending any claim
Undertake any other purpose authorised by you or the Act

Disclosing Your Personal Information

We may disclose your personal information to:

Relevant people within our organisation, for the purposes of providing our services to you
Any other person authorised by you (such as your lawyer or accountant)
External and professional service providers that provide services to us and/or you
Financial institutions that we engage with for the purposes of providing our services to you, such as FNZ, IBKR, and NZXWT, KiwiSaver providers, including Consilium NZ Limited (KiwiWRAP KiwiSaver Scheme) and Kernel or other custodians or platform providers we may engage with
Verify your identity via our third-party electronic verification provider, GPG Cloudcheck (subject to your approval)
Third parties to meet our regulatory or legal obligations and for the purposes of carrying out checks to satisfy our obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, such as auditors or the Financial Intelligence Unit
Other third parties such as our insurance broker, or disputes resolution provider, Financial Disputes Resolution Service
Parties who can require us to supply your personal information (e.g., a regulatory authority such as the Financial Markets Authority, Department of Internal Affairs or the IRD)
IT and systems providers (including CRM, cloud, HR platform and managed service providers)
Providers of our car parking facilities
Entities that acquire an interest in us
Providers of pre-employment police, credit or reference checks (subject to your approval) where you are a prospective employee
Our accountant, for business payments, and invoicing for employees or suppliers
Other third-parties (for anonymised statistical information)
Any other person authorised by the Act or another law (e.g. a law enforcement agency)

Some parties we disclose your personal information to may be located overseas. We take reasonable steps to ensure overseas recipients are subject to privacy safeguards comparable to those under the Privacy Act 2020.

Protection and Retention of Your Personal Information

While we take reasonable steps to protect your personal information, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of information transmitted online. We will take all reasonable steps to ensure your personal information is safe from loss or unauthorised use or misuse.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

We maintain established procedures for notifying the Privacy Commissioner and affected individuals of any privacy breach, including measures taken to mitigate its impact, as required by law.

We will not retain personal information for longer than is necessary to meet our legal, regulatory and record-keeping obligations.

Accessing and Correcting Your Personal Information

You may request a copy of the personal information that we hold about you. You may also require that we correct personal information that we hold about you if that information is misleading, inaccurate, incomplete or irrelevant. These requests can be made by contacting us:

Privacy Officer
Cambridge Partners Limited
Level 5, Anthony Harper Tower
62 Worcester Street
Christchurch
New Zealand
Email info@cambridgepartners.co.nz

We will respond to access and correction requests within the timeframes required under the Privacy Act 2020. We may refuse your request for a copy of your personal information for permitted reasons as set out in the Act.

When you make a request to access personal information, we may require you to provide some form of identification (such as a driver licence or passport) so we can verify that you are the person to whom the information relates. We don’t generally charge a fee, but in some cases, we may request an administrative fee to cover the cost of access. If we intend to charge a fee, we will notify you of the amount and obtain your approval before proceeding with the request.

Cookies Policy

We use cookies and similar technologies to help our website function properly, understand how the website is used, and support our advertising (including remarketing).

This website uses Google Tag Manager, Google Analytics 4 (GA4), Hotjar, and Google Ads remarketing. These tools may collect information about your device and activity on the site (for example, pages visited, time spent, clicks, and general interaction patterns) to help us improve the website, measure performance, and show ads that may be more relevant to you on other platforms.

When you first visit our website, you will see a cookie notice with an option to view our Cookie Policy. Continuing to use the website after reviewing our cookie policy means cookies may be used as described in this policy. You can manage cookies at any time through your browser settings (see below).

Third-party providers we use

Google Tag Manager (GTM): Used to manage and deploy website tags.
Google Analytics 4 (GA4): Used to measure website traffic and usage patterns.
Hotjar: Used to understand user experience through analytics tools such as heatmaps and session insights.
Google Ads: Used for advertising measurement and remarketing.

Managing cookies

You can control cookies through your browser settings. You can delete existing cookies and set your browser to block cookies or notify you when cookies are being set. Please note that blocking some cookies may affect the functionality and features available on our website.

Opting out of analytics