PRIVACY POLICY

Last updated: 24/03/2021

Introduction

This Privacy Policy governs the use of your personal information by Maxim Financial Markets Limited (Maxim), Level 3, 44 Victoria Street, Wellington. Maxim must comply with its obligations under the Privacy Act 2020 when dealing with your personal information. Maxim is committed to protecting and respecting your privacy and your information.

Any personal information you provide Maxim will be stored, used and disclosed by Maxim in accordance with this Privacy Policy.

Collecting Personal Information

Maxim collects information you provide it with.

Examples of the type of personal information Maxim may collect from you are your name, birth date, email, phone number, address, photo identification, payment information, tax details, account preferences, and all of your correspondence with Maxim.

Using Personal Information

Maxim will never sell your personal information.

Employees or contractors of Maxim may have access to your personal information as part of their role. Their access to your personal information is limited to what is necessary.

Your personal information may be used:

  • for the provision of Maxim’s products and services;

  • to amend records to remove or update personal information;

  • for other everyday business purposes that involve use of personal information; and

  • to comply with Maxim’s contractual obligations with you or legal obligations (such as complying with anti-money laundering and countering financing of terrorism (AML/CFT) and Inland Revenue (IRD) regulations).

Third Party Use of Personal Information

In the provision of Maxim’s products and services to you Maxim may disclose and provide your personal information acquired by Maxim from you to third parties that are party to the provision of Maxim’s products and services. Maxim will not disclose or provide your personal information to third parties beyond that which is required for the provision of Maxim’s products and services, and not to any third parties that do not require it for any products and service provided.

Disclosure to third parties overseas shall be limited to countries with comparable privacy laws to New Zealand, or which expressly offer comparable legal protections. Otherwise, Maxim will request your express permission for the disclosure of personal information after notification that the recipient may not be required to protect the information in the same way as is required under the Privacy Act 2020.

Employees or contractors of third parties may have access to your personal information as part of their role. Their access to your personal information is limited to what is necessary.

Maxim Privacy Officer

Maxim has appointed a Privacy Officer on staff who is responsible for the Maxim Privacy Policy, managing any requests made under the Privacy Act 2020, working with the Office of the Privacy Commissioner in relation to any investigations in relation to business activities and ensuring Maxim complies with the provisions of this Privacy Policy and the Privacy Act 2020.

Requests for Personal Information

You have the right to access and correct your personal information in accordance with the Privacy Act 2020. If you want to access or correct your personal information or if you have any questions regarding Maxim’s Privacy Policy, please contact: The Maxim Privacy Officer, team@maximfms.co.nz.

Storage and Disclosure of Personal Information

Maxim will maintain all reasonable protections against the loss, misuse or inappropriate disclosure of your personal information Maxim will maintain processes to prevent unauthorised use or access to that information.

Maxim may store your personal information in different forms, including in hardcopy and electronic. Maxim will keep all physical documents secure, both inside and outside its premises. Maxim will keep electronic personal information secure by making sure its data storage is protected from external sources, maintaining a regular back up and applying good security practices.

Maxim will disclose your personal information to people other than you when you have authorised such disclosure or if such a disclosure is permitted under the Privacy Act 2020.

Maxim will not retain your personal information for longer than is necessary.

Third Party Storage and Disclosure of Personal Information

Maxim requires all third parties that may require your personal information, for the provision of products and services provided by Maxim, to meet the same storage and disclosure standards and rights of access and correction of personal information as personal information held directly by Maxim under this Privacy Policy.

Breach

Breaches of this policy include breaches of any of the information privacy principles under the Privacy Act 2020.

Where Maxim becomes aware of a privacy breach that has caused or is likely to cause serious harm it will notify the Office of the Privacy Commissioner as soon as practicable.

If you are concerned Maxim has not met its obligations to you as required by the Privacy Act 2020, you may contact Maxim and make a complaint at the address and/or email listed above.

More information about your rights and Maxim’s obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Privacy Commissioner at www.privacy.org.nz.

Changes to Maxim’s Privacy Policy

This document sets out Maxim’s current Privacy Policy. Maxim may review this policy from time to time and will notify you of any changes by posting an updated version on its Website.

Nothing in this Privacy Policy shall limit your rights under the Privacy Act 2020.

CYBER SECURITY POLICY

Last updated: 01/07/2022

Introduction

Maxim is responsible for ensuring IT systems used to deliver the licensed advice service are both effective and adequately protect client records and data. Maxim’s IT systems have measures in place to be resilient to cyber threats, with detection, prevention, response, and recovery capabilities to prevent the loss, misuse, and alteration of information under Maxim control.

Maintaining Cyber Security

To maintain the cyber security of Maxim’s internal systems, as well as those that are cloud operated by a third party, Maxim has engaged a reputable IT services provider for remote monitoring, system backups and auditing checks.

Data Security and Confidentiality

Maxim’s policy is to only capture data that is required by legislation and required for Maxim to provide the licensed advice service. Data recorded on physical hard copies are kept in a locked office.  If not required a paper document shredder is employed to destroy client data prior to disposal. Security for client data stored electronically is maintained via secure cloud-based platforms.

When sending emails Maxim has end-to-end encryption capability. Any paper records sent to third parties, such as clients, are hand collected by a Courier Driver and the progress of parcels sent by a Courier can be tracked online.

Third Party Disclosure and Cyber Security

Information and data disclosure to third parties by Maxim representatives will only be provided to the extent required so that Maxim can deliver the licensed services it has been engaged to perform by the client. In doing this Maxim will be sharing information with third parties that Maxim contracts to perform services on its behalf. The companies that Maxim has enlisted to perform these services are large in nature and, in engaging with these firms, Maxim has been able to assure itself that these firms have robust cyber security systems in place.

Breach

If Maxim becomes aware of any event that materially impacts the information security of the critical technology systems, Maxim will notify the Financial Markets Authority New Zealand (FMA) immediately (this will at least be within 10 working days of discovery as stipulated by New Zealand legislation) and provide details of the event, the impact on the financial advice service and clients, as well as the planned remediation activity. Maxim shall also undertake to immediately alert any customers that are directly affected by any Cyber Security threat to their personal information as well as the Privacy Commissioner (as required by the Privacy Act 2020).

Maxim’s Business Continuity Plan outlines predetermined procedures for responding to, and recovering from, events that impact on cybersecurity.

Changes to Maxim’s Cyber Security Policy

This document sets out Maxim’s current Cyber Security Policy. Maxim may review this policy from time to time and will notify you of any changes by posting an updated version on its Website.