Lindsay & Associates Chartered Accountants

Privacy Policy

INTRODUCTION

Lindsay & Associates (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

This policy sets out how we will collect, use, disclose and protect your personal information.

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

TYPES OF PERSONAL INFORMATION

For the purposes of our engagement and the requirements to satisfy various regulatory requirements we will collect certain personal information, such as:

  • Full Legal name
  • Date of Birth
  • Contact details (residential, postal address), telephone numbers, e-mail addresses
  • Financial information & source of funds
  • Any other information as may be required by legislation

WHO DO WE COLLECT YOUR PERSONAL INFORMATION FROM?

We collect personal information about you from:

  • you, when you provide that personal information to us, including via the telephone, e-mail, face to face meeting
  • third parties where you have authorised this or the information is publicly available.

If possible, we will collect personal information from you directly.

HOW AND WHERE DO WE STORE YOUR PERSONAL INFORMATION?

We utilize a secure hybrid infrastructure consisting of an on-premise domain server and certified third-party cloud platforms to manage, store, and process your personal information:

  • Master Records & Legacy Databases: Your structural account setups, baseline metadata, and historical client profiles are retained on our physical, on-site domain server. This server is housed securely within our offices and is subject to automated daily backup routines.
  • Email & Document Management: We utilize FYI (FYI Software Pty Ltd) as our central cloud  document management workspace. All client correspondence, electronic emails, file notes, and  administrative attachments are systematically filed here.
  • Cloud Accounting Services: Live commercial transactional data, bookkeeping ledger records, and active business accounts are processed through our cloud accounting partner, Xero.
  • Cloud Tax Return Management: Preparation materials, statutory computations, and finalized annual tax return lodgements are compiled and held inside the cloud compliance platform, MYOB.
  • Cross-Border Cloud Hosting Arrangements (IPP 12): To run these cloud environments, your data is securely stored on offshore servers. Data routed through FYI is hosted inside Amazon Web Services (AWS) data centres in Sydney, Australia. Data managed through Xero is hosted via secure cloud infrastructure in the United States, while MYOB distributes operational files securely across infrastructure in Australia and New Zealand. Under Information Privacy Principle 12, each provider processes this personal information strictly as our direct agent, ensuring data protection benchmarks that align with New Zealand privacy thresholds

HOW WE USE YOUR PERSONAL INFORMATION

We believe in protecting your privacy and security of your personal information. We do not rent or sell our customer details to third parties. We will use your personal information mainly for following reasons:

  • to provide services to you
  • to respond to individual requests and communications from you
  • to maintain contact with you
  • to verify your identity as is required under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009
  • to improve the services that we provide to clients
  • to keep our clients informed of services we offer
  • to keep our clients informed of any developments or changes in legislation that may be of interest
    to communicate with Inland Revenue Department and ACC on your behalf
  • for general administration and management purposes such as raising invoices
  • for any other purpose authorised by you or the Act
  • for purposes related to our business and providing services to you

If you chose not to provide us with personal information, we may be unable to provide services to you.

DISCLOSING YOUR PERSONAL INFORMATION

We will only disclose your personal information to the extent permitted by you, or when required and authorised by law. In delivering our accounting, business advisory, and tax compliance services, we securely transmit your data to the following entities:

  • Inland Revenue Department (IRD): Your personal details, identifiers, and financial metrics are disclosed directly to Inland Revenue via secure cloud API interfaces within MYOB and Xero for the purposes of managing your tax profile, processing filings, and lodging returns on your behalf.
  • Accident Compensation Corporation (ACC): We disclose relevant earner and business details to ACC through connected digital channels to manage your levies and verify account compliance.
  • Cloudcheck (Verifi Identity Services Limited): Our designated third-party electronic identity verification provider. We securely share your identification documents (such as passports or driver licences) with Cloudcheck to match your details against official government registries and biometric databases, satisfying our legal obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
  • Cloud Sub-Processors & Strategic Systems: Your data is disclosed to and processed by our primary operational platforms, including FYI Software, Xero, and MYOB, who act strictly as our data processing agents under strict confidentiality clauses.
  • Statutory Authorities & Law Enforcement: Any regulatory body, court, or person who holds a legal right to demand your personal information under New Zealand law.
  • Authorized Persons: Any other specific individual, business, or representative authorized directly by you

PROTECTING YOUR PERSONAL INFORMATION

We take proactive structural and digital safeguards to insulate your private information against loss, unauthorized access, or regulatory exposure:

  • In-House Server Controls: Access to local infrastructure is limited strictly to internal employees and authorised IT professional protected by physical site security and firewalls.
  • Cloud Provider Verification: All third-party systems utilize mandatory transport encryption (TLS) for data moving across the web and AES-256 data-at-rest encryption. Our provider network complies with global structural protocols, including ISO 27001 Information Security Management standards (FYI and Xero) and independent SOC 2 assurance audits.
  • Mandatory Breach Protocols: In accordance with the Privacy Act 2020, if any segment of our server or cloud framework experiences a data compromise likely to cause serious harm, we will prioritize reporting the event directly to the Office of the Privacy Commissioner and notifying the individuals impacted.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, email us at admin@lindsay.co.nz
Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

USE OF INTERNET AND EMAIL COMMUNICATION

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

CHANGES TO OUR PRIVACY POLICY

Due to the dynamic nature of the market we operate we may update our Privacy Policy at any time. The latest version of the Privacy Policy is always available on our website and will apply automatically from the date any changes are made.

PRIVACY CONCERNS, QUESTIONS OR COMPLAINTS

If you have any questions about this Privacy Policy and/or our handling of personal information or you believe that we have at any time failed to keep one of our commitments to you to handle your personal information in the manner required by the Act, please write to us using the contact details below:

Email: admin@lindsay.co.nz

Phone 09 273 7377

Address: Unit H, 12 Amera Place, East Tamaki, Auckland