Privacy Policy for Customers

Download our Privacy Statement Here

Ingham Mora Ltd Privacy Policy for Customers
We know that how we collect, use, disclose and protect your information is important to you, and
we value your trust. That is why protecting your information and being clear about what we do with
it is a vital part of our relationship with you.

The purpose of this Privacy Policy is to inform our customers and any users of our digital platforms
(i.e. our website and social media pages) about how we comply with the requirements of the New
Zealand Privacy Act 2020 (“the Privacy Act”) in managing personal information.

Consent to Privacy Policy

Please note that when you contact us through our website, [social media pages or our app,] you are
agreeing to this Privacy Policy. If you do not agree with this Privacy Policy, please do not contact us
through any of our digital platforms but call us on 079271200.

Collection of personal information

Personal Information is defined in the Privacy Act as information about an identifiable individual (a
natural person as opposed to a company or other legal entity).

Types of personal information we collect

The types of personal information we collect will vary depending on the nature of your dealings with
us. We only collect personal information that is necessary. Where reasonable and practicable, we
will collect your personal information directly from you and inform you that we are collecting it.
We mainly collect personal information directly from you, for example:
Over the telephone or a video call (such as over Microsoft Teams, Zoom or Skype) e.g.
when you contact our staff;
Through one of our digital platforms like our website, [social media pages and app
(including through any online chat, virtual assistant or bots)]
When you email or write to us; or when you participate in a marketing campaign, competition, or
promotion (or a similar event) administered by us or our representatives.

If it is not obvious that we are collecting personal information from you, we will do our best to make
it clear to you so that you are always aware when information is being collected.

Generally, the types of personal information we collect and hold include your:
Date of birth
Contact details (such as your email address, postal address, phone number)
Details relating to your use of any product and/or service offered by us
Details of your enquiry
Details of any preferences you tell us about (such as subscription preferences).

We may also collect personal information about you from:
Publicly available sources e.g. via the internet
Your professional organization e.g. Masterbuilders
We collect your personal information from the above parties (other than publicly available sources)
where we have received your express consent to do so.
We are not responsible for the privacy or security practices of the above parties and the parties
described above are not covered by this Privacy Policy.

Online device information and cookies

If you are visiting us through our website, [social media pages or app], then we collect information
about your use and experience on these by using cookies. Cookies are small pieces of information
stored on your hard drive or on your mobile browser. They can record information about your visit
to the site, allowing it to remember you the next time you visit and provide a more meaningful
The cookies we send to your computer, mobile phone or other device cannot read your hard drive,
obtain any information from your browser or command your device to perform any action. They are
designed so that they cannot be sent to another site or be retrieved by any non-Ingham Mora Ltd
When you interact with us through our website, [social media pages or app,] the information collected through the cookies may include:
The date and time of visits
Website page (or pages) viewed
The website [or app] from which you accessed the internet and our website or other digital platform
How you navigate through the website and interact with pages, including any fields
completed in forms and applications completed (where applicable)
Information about your location
Information about the device used to visit our digital platform; and
IP address (or addresses), and the type of web browser used

We will not ask you to supply personal information publicly over Facebook, Twitter, or any other
social media platform that we use. Sometimes we may invite you to send your details to us through
a private message, for example, to answer a question. You may also be invited to share your
personal information through secure channels to participate in other activities, such as
competitions, but we would require your express consent prior to us including you in such activities.

Purpose of collection and use of personal information

Any personal information you provide to us may be used to:
Check whether you are eligible for the product or service offered by us
Facilitate those services
Provide information that you request; and / or
Provide you with further information about our other products and services.
We also have an obligation to maintain personal information to disclose to regulatory and similar
bodies - see “Disclosure of your personal information” below. These bodies have a legal right to such

Storage and protection of your personal information

We may electronically record and store personal information which we collect from you. When we
do so, we will take all reasonable steps to keep it secure and prevent unauthorised disclosure.
However, we cannot promise that your personal information will not be accessed by an
unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide
you with any passwords or other security devices, it is important that you keep these confidential
and do not allow them to be used by any other person. You should notify us immediately if the
security of your password or security device is breached, this will help prevent the unauthorised
disclosure of your personal information.
Some information we hold about you will be stored in paper files, but most of your information will
be stored electronically on physical hard drives and/or on the cloud, by cloud service providers – see
“Cloud-based service providers” below.

We use a range of physical and electronic security measures to protect the security of the personal
information we hold, including:
Access to information systems is controlled through identity and access management
Our buildings are secured with a combination of locks, monitored alarms and cameras to prevent unauthorised access
Employees are bound by internal information security policies and are required to keep information secure
Employees are required to complete training about information security and privacy
When we send information overseas or use service providers to process or store information, we putarrangements in place to protect your information;
We regularly monitor and review our compliance (and our service providers’ compliance) with internal policies and industry best practice.
We only keep information for as long as we need it, or as long as the law requires us to.
We have a records management policy that governs how we manage our information and records to make sure we destroy any information that is outdated, irrelevant or

Cloud-based service providers

We use third party service providers to store and process most of the information we collect. We
use Suite Files cloud provider. We ensure that our cloud-based service providers are subject to
appropriate security and information handling arrangements and that the information stored or
processed by them remains subject to confidentiality obligations.

Timeframes for keeping personal information

We take reasonable steps to destroy or permanently de-identify any personal information as soon as
practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate
business purpose with it.
In the case of information that relates to our products or services we have provided, we are required
by law to hold this information for seven years. After this time, provided that the personal
information is no longer relevant to any service we are providing you, we will take reasonable steps
to safely destroy or de-identify any personal information.
We have a records management policy that governs how we manage our information and records to
enable us to destroy any information that is outdated, irrelevant or no longer necessary.

If there is a privacy breach

We work hard to keep your personal information safe. However, despite applying strict security
measures and following industry standards to protect your personal information, there is still a
possibility that our security could be breached.
If we experience a privacy breach, where there is a loss or unauthorised access or disclosure of your
personal information that is likely to cause you serious harm, we will, as soon as we become aware
of the breach:
Seek to quickly identify and secure the breach to prevent any further breaches and
reduce the harm caused;
Assess the nature and severity of the breach, including the type of personal information
involved and the risk of harm to affected individuals;
Advise and involve the appropriate authorities where criminal activity is suspected;
Where appropriate, notify any individuals who are affected by the breach (where
possible, directly);
Where appropriate, put a notice on our website advising our customers of the breach;
and Notify the Privacy Commissioner.

Disclosure of your personal information

We may disclose your personal information to others outside Ingham Mora Ltd where:
It is necessary to enable us to achieve the purpose that we collected the information
We are required or authorised by law or where we have a public duty to do so;
You have expressly consented to the disclosure or your consent can be reasonably
inferred from the circumstances; or
We are permitted to disclose the information under the Privacy Act 2020.

Parties we may disclose your information to

Your personal information may be used by us for the purpose of providing advice and services to you
and may also be used by agencies such as, but not limited to:
Any out-sourced service provider who assists in the services we are required to carry
out such as auditors and external compliance reviewers
Our external dispute resolution service
The Regulator
Credit reporting and debt collecting organisations
If we do not need to share your information with a third party in order to provide advice and
services to you, we will not pass on your information to them without your consent. Under no
circumstances will we sell or receive payment for disclosing your personal information.

Sending your information overseas

We may send your personal information outside New Zealand, including to overseas members of
Ingham Mora Ltd related companies and overseas service providers or other third parties who
process or store our information, or provide certain services to us.
Where we do this, it does not change any of our commitments to you to safeguard your privacy.
We make sure that appropriate security and information handling arrangements are in place and the
information remains subject to confidentiality obligations.
All countries have different privacy laws and information protection standards. If we need to send
your personal information to a country that has lower standards of information protection than in
New Zealand, we will take appropriate measures to protect your personal information. Where it is
not possible to ensure that appropriate security and information handling arrangements are in
place, we will let you know and gain your consent prior to sending your personal information

Third party websites

Through our website or our other social media pages, you may be able to link to other websites
which are not under our control. We are not responsible for the privacy or security practices of
those third-party websites and the sites are not covered by this Privacy Policy. Third party websites
should have their own privacy and security policies and we encourage you to read them.
In addition, we have no knowledge of (or control over) the nature, content, and availability of those
websites. We do not sponsor, recommend, or endorse anything contained on these linked websites.
We do not accept any liability of any description for any loss suffered by you by relying on anything
contained or not contained on these linked websites.

Right to access, correct and delete personal information.

You have the right to request access to, correct and, in some circumstances, delete your personal

You can do so by contacting us at:
Privacy Officer
Ingham Mora Ltd
PO Box 222
Tauranga 3140
Or via email at

When you contact us with such a request, we will take steps to update or delete your personal
information, provide you with access to your personal information and/or otherwise address your
query within a reasonable period after we receive your request. To protect the security of your
personal information, you may be required to provide identification before we update or provide
you with access to your personal information.
We are only able to delete your personal information to the extent that it is not required to be held
by us to satisfy any legal, regulatory, or similar requirements.
There is no fee for requesting that your personal information is corrected or deleted or for us to
make corrections or deletions. In processing your request for access to your personal information, a
reasonable cost may be charged. This charge covers such things as locating the information and
supplying it to you.
There are some circumstances in which we are not required to give you access to your personal
information. If we refuse to give you access or to correct or delete your personal information, we
will let you know our reasons, except if the law prevents us from doing so.
If we refuse your request to correct or delete your personal information, you also have the right to
request that a statement be associated with your personal information noting that you disagree with
its accuracy.
If we refuse your request to access, correct or delete your personal information, we will also provide
you with information on how you can complain about the refusal.

What happens if you do not provide us your information?

If you do not provide information we have requested, you may be unable to obtain or access our
services for which the information is required. Please ask us if you are unsure what information is
important and how this might affect you.

Changes to this Privacy Policy

We review this Privacy Policy periodically to keep it current a link is available on our website. If the
changes are significant, we may advise you directly. You may also obtain a copy of the latest version
by calling us on 079271200

Privacy Policy queries and concerns

If you are concerned about how your personal information is being handled or if you feel that we
have compromised your privacy in some way, please contact us at:
Ingham Mora Ltd
PO Box 222
Tauranga 3140
Privacy Officer
Phone: 079271200

We will acknowledge your complaint within three working days of its receipt.
We will let you know if we need any further information from you to investigate your complaint.
We aim to resolve complaints as quickly as possible.
We strive to resolve complaints within five working days, but some complaints take longer to
If your complaint is taking longer, we will let you know what is happening and a date by which you
can reasonably expect a response.

If you are not satisfied with our response to any privacy related concern you may lodge a complaint
on the Privacy Office website ( or send a complaint form to the Privacy
Commissioner at:
Office of the Privacy Commissioner
P O Box 10-094
Wellington 6143, New Zealand
Fax: 04- 474 7595
Telephone: 0800 803 909