Privacy policy

Scope

Wynn Williams (Wynn Williams, we, us or our) complies with its obligations under the Privacy Act.

This Privacy Policy applies to all Personal Information that we collect, store, use, and disclose in the course of our business.

We may amend this Privacy Policy at any time. We will notify you of changes by publishing the updated Privacy Policy on our website. Your continued use of our website or services constitutes your acceptance of the updated Privacy Policy.

In this Privacy Policy:

Biometric Information means any information that is generated from the measurement of an individual’s biological or behavioural characteristics and that is capable of uniquely identifying that individual.

Biometric Processing Code means the Biometric Processing Privacy Code 2025.

Personal Information means any information that relates to an identifiable person and includes Biometric Information.

Privacy Act means the Privacy Act 2020.

What personal information we collect

Depending on the nature of your relationship with Wynn Williams, the Personal Information we will collect from you may include:

  • name, date of birth, address and contact details;
  • occupation;
  • payment details;
  • employment history;
  • copies of photographic identity documents;
  • facial recognition images with passive liveness detection;
  • evidence of your residential address;
  • evidence of source of wealth and funds;
  • date, time, URL of pages visited, IP address, location, and browser software;
  • any information you provide, directly or indirectly, in the course of us providing our services to you; and
  • other information necessary to conduct our business, provide services, and comply with legal obligations.

If you choose not to provide your Personal Information when requested, we may be unable to provide our services to you.

Where Biometric Information is collected, please advise us if you prefer to provide it in another practicable alternative form (such as presenting photo ID in person instead of using our facial recognition application).

How we collect personal information

Collection from you

We generally collect Personal Information directly from you, where practicable, via email, phone, forms, in-person meetings, our website, and online identity verification and document authentication applications.

When you provide us with Personal Information about another individual, you confirm that you have obtained their consent or have the necessary authority to provide us with that Personal Information.

Collection from third parties

Wynn Williams has engaged third party agents to assist with aspects of its client due diligence requirements. Our third party agents may collect Personal Information directly from you in accordance with their privacy policies and then provide us with this Personal Information.

Wynn Williams also uses third party social media platforms, including LinkedIn and Facebook. These platforms may allow you to send messages directly to Wynn Williams or otherwise make Personal Information available to us (for example, through messages sent via the platform or information visible to us during a webinar). Your use of these third party services is entirely optional. Wynn Williams may use Personal Information you choose to share with us through these platforms, or Personal Information that is publicly available. However, your use of these services is subject to the privacy policies and practices of the relevant third party, for which Wynn Williams is not responsible. If you do not wish to provide Personal Information to these third parties, or make such Personal Information available to Wynn Williams, you should avoid using their services.

In addition, Wynn Williams may collect your Personal Information from any third party where you have provided consent, whether express or implied, for that third party to disclose it to us. This may include, without limitation, your authorised representatives, service providers, business partners, or other organisations lawfully entitled to share your Personal Information with us.

If you have any questions about how we collect Personal Information from third parties, please contact our Privacy Officer using the details provided below.

Automated collection

When you visit our website, our servers automatically record information via cookies. You can manage or disable cookies through your internet browser settings; however, this may impact your ability to use our website.

Why we collect and disclose personal information

We may collect and disclose your Personal Information for the following reasons:

  • verify your identity;
  • perform customer due diligence;
  • provide and improve our services;
  • manage and administer our relationship with you;
  • communicate with you;
  • respond to your queries;
  • identify and manage legal conflicts of interest;
  • comply with our professional and legal obligations, including under legislation relating to anti-money laundering and countering financing of terrorism;
  • help us improve and better market our services;
  • enable us to undertake our business processes, such as sending invoices;
  • conduct credit checks, manage credit processes, or otherwise assess your ability to pay for our services;
  • recover any outstanding amounts owed to us;
  • send you our newsletters, alerts and invitations to webinars, seminars and other events;
  • optimise your experience as a user of the website;
  • take any action required in the event of a dispute or legal proceeding between you and us, or between you and another party in connection with our business;
  • protect our property, legal rights, and interests (or those of others), including by detecting, investigating, preventing, or addressing fraud, security, or technical issues, or where we have reasonable grounds to believe there is an imminent risk of death, injury, or a serious threat to health and safety;
  • for any purpose authorised by you or the Privacy Act or the Biometric Processing Code; or
  • for any other purpose notified to you at the time your Personal Information is collected.

Who we may disclose personal information to

We may disclose your Personal Information to:

  • people within our organisation;
  • third party providers, including but not limited to data storage providers, consultants, barristers, expert witnesses, financial institutions, insurers, brokers, auditors and artificial intelligence platforms. All such providers are required to handle Personal Information under contractual confidentiality and security obligations;
  • people or organisations that provide us with office support services, including IT services;
  • other law firms;
  • credit monitoring and debt collection agencies;
  • referees that you provide to Wynn Williams to contact;
  • regulators, law enforcement bodies, government agencies, courts and other dispute resolution providers;
  • any person or organisation as required by law, court order and/or regulatory authority;
  • any person or organisation authorised by you; or
  • any person or organisation authorised by the Privacy Act, Biometric Processing Code and any other applicable legislation.

If you do not want us to share your Personal Information, please contact our Privacy Officer using the details provided below. Please be aware that if you ask us not to share your Personal Information with certain third parties, we may not be able to provide you with our services. Furthermore, notwithstanding any such request, there may be circumstances in which we are required by law (including, without limitation, pursuant to a court order or direction from a regulatory authority) to disclose your Personal Information, and in such circumstances, we will comply with our legal obligations irrespective of your request.

How we protect personal information

Wynn Williams takes all reasonable steps to ensure your Personal Information is safe from loss, unauthorised use, modification, disclosure, and any other misuse.

Personal Information is stored electronically (with logins and passwords) or physically (in secured premises). Only authorised persons may access your Personal Information.

In the event of a privacy breach, we have established procedures for notifying the Privacy Commissioner and affected individuals, detailing steps taken to mitigate effects, as required by law.

How to access and correct personal information

You have the right to access your readily retrievable Personal Information we hold, and to request that your Personal Information be updated or corrected.

You can contact our Privacy Officer using the details provided below, to update any Personal Information we hold. We may charge a fee for providing access and will advise you of the cost in advance.

If we refuse access to your Personal Information, we will provide you with a written notice stating our reasons for refusing access.

How long we retain personal information

We will retain your Personal Information for as long as necessary to:

  • provide our services to you, and for any period of time afterwards where we have an ongoing business need to retain it;
  • maintain secure backups in line with our security practices;
  • respond to any claims that may arise after our services have ended; and/or
  • meet our professional and legal obligations.

If you request that we delete your Personal Information, we will take reasonable steps to do so unless we are legally required, or otherwise have a legitimate reason, to retain it.

Overseas disclosure of personal information

Some of your Personal Information may be transferred to and used by third parties outside of New Zealand as part of our internal business processes. While some of these countries may not have privacy laws that provide the same level of protection as New Zealand, where we transfer your Personal Information overseas, we take reasonable steps to ensure it is protected in accordance with this Privacy Policy, the Privacy Act, the Biometric Processing Code, and any other relevant legislation. Furthermore, all such third party providers are required to handle Personal Information under contractual confidentiality and security obligations.

Biometric information

We will collect Biometric Information only for a lawful purpose as set out in this Privacy Policy, and where we have assessed that:

  • no less privacy-intrusive alternative is as effective;
  • the expected benefits to our clients, the public, or us substantially outweigh the privacy risks; and
  • the processing is proportionate, taking account of cultural considerations (including any impacts on Māori).

Biometric Information will be collected directly from you, where practicable.

We will not:

  • use Biometric Information for any type of biometric processing other than that expressly notified to you;
  • use Biometric Information for biometric categorisation; and
  • combine Biometric Information with other datasets for unrelated profiling.

Resolving personal information concerns

If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your Personal Information, please contact our Privacy Officer:

  • Address: Wynn Williams, 47 Hereford Street, Christchurch Central City, Christchurch 8013
  • Email: privacy@wynnwilliams.co.nz

If you have any complaints, you can also contact the Office of the Privacy Commissioner via their website by clicking here.

This Privacy Policy may be updated at any time.

Last updated: 29 October 2025

If you would like to view our Information Security Policy, please use the link.