Sherson Willis Ltd adheres to the principles outlined in the Privacy Act 2020. We are committed to protecting all data and information of a personal and private nature. The 13 privacy principles set out in the Act 
are the basis of our Privacy Policy. These principles provide rules on the collection, storage, security, accuracy, use and disclosure of personal information.

1. Purpose of collection of personal information

Sherson Willis will only collect personal information if it is for a lawful purpose and the information is necessary for that purpose. We will not require identifying information if it is not necessary for our purpose.

2. Source of personal information

Personal information will be collected directly from the individual concerned. The exceptions to this are when we believe on reasonable grounds that:


  • the person concerned gives us permission

  • collecting it in another way would not prejudice the person’s interests

  • collecting the information from the person directly would undermine the purpose of collection

  • we are getting it from a publicly available source

3. Collection of information

When Sherson Willis collects personal information we will take all reasonable steps to make ensure the individual knows:


  • the fact that the information is being collected;

  • the purpose;

  • the intended recipients;

  • the names and addresses of who is collecting the information and who will hold it;

  • any specific law governing provision of the information and whether provision is voluntary or mandatory;

  • the consequences if all or any part of the requested information is not provided; and

  • the individual's rights of access to and correction of personal information.

  • These steps must be taken before the information is collected or, if this is not practical, as soon as possible after

  • the information is collected.

4. Manner of collection of personal information

Sherson Willis will only collect personal information in ways that are lawful, fair and not unreasonably intrusive. We will take particular care if we need to collect personal information from children or young people.

5. Storage and security of personal information

When collecting personal information, we will ensure that:

  • there are reasonable safeguards against loss, misuse or disclosure; and

  • if it is necessary to give information to another person, such as someone working on contract, everything reasonable is done to prevent unauthorised use or unauthorised disclosure of the information.

6. Access to personal information

Where personal information is held in a way that it can readily be retrieved, the individual concerned is entitled to:

  • obtain confirmation of whether the information is held; and

  • have access to information about them.


We may refuse to disclose personal information for a range of reasons, including that it would:


  • pose risks to New Zealand's security or defence;

  • breach confidences with another government;

  • prevent detection of criminal offences or the right to a fair trial;

  • endanger the safety of an individual;

  • disclose a trade secret or unreasonably prejudice someone's commercial position;

  • involve an unwarranted breach of another individual's privacy;

  • breach confidence where the information has been gained solely for reasons to do with the individual's

  • employment, or to decide whether to insure the individual;

  • be contrary to the interests of an individual under the age of 16;

  • breach legal professional privilege;

  • reveal the confidential source of information provided to a journalist; or

  • constitute contempt of court or the House of Representatives.

  • Requests can also be refused, for example, if Sherson Willis does not hold the information or if the request is frivolous or vexatious.

7. Correction of personal Information

Everyone is entitled to:


  • request correction of their personal information;

  • request that if it is not corrected, a statement is attached to the original information saying what correction was sought but not made.

  • If Sherson Willis has already passed on personal information that is then corrected, we will inform any recipients about the correction.

8. Accuracy of personal information to be checked before use

We will not use or disclose personal information without taking reasonable steps to check it is accurate, complete, relevant, up to date, and not misleading.

9. Personal information not to be kept for longer than necessary

Sherson Willis will not hold personal information longer than needed for the purpose for which it was collected.

10. Limits on use of personal information

We will only use personal information for the purpose that we collected it. The exceptions include situations when Sherson Willis believes on reasonable grounds that:

  • the use is one of the purposes for which the information was collected; or

  • the use is directly related to the purpose the information was obtained for; or

  • Sherson Willis got the information from a publicly available source; or

  • the individual concerned has authorised the use; or

  • the use is necessary for a public sector agency to collect the information to uphold or enforce the law, protect the
tax base, or assist court or tribunal proceedings; or

  • the use is necessary to prevent or lessen a serious and imminent threat to public health or safety, or the life or
health of any individual; or

  • the individual concerned is not identified; or

  • the use is authorised by the Privacy Commissioner under section 54.

11. Limits on disclosure of personal information

Personal information will not be disclosed unless Sherson Willis reasonably believes that:


  • the disclosure is in connection with, or directly related to, one of the purposes for which it was obtained; or

  • Sherson Willis got the information from a publicly available source; or

  • disclosure is to the individual concerned; or

  • disclosure is authorised by the individual concerned; or

  • it is necessary for a public sector agency to disclose the information to uphold or enforce the law, protect the tax base, or assist court or tribunal proceedings; or

  • disclosure is necessary to prevent or lessen a serious and imminent threat to public health or safety.

  • or the life or health of any individual; or

  • disclosure is necessary to facilitate the sale of a business as a going concern; or

  • the information is to be used in a form in which the individual concerned is not identified; or

  • disclosure has been authorised by the Privacy Commissioner under section 54.

12. Disclosure of personal information overseas

Personal information will not be disclosed to anyone overseas unless Sherson Willis reasonably believes that:

  • the receiving person is subject to the New Zealand Privacy Act because they do business in New Zealand

  • the information is going to a place with comparable privacy safeguards to New Zealand

  • the receiving person has agreed to adequately protect the information – through model contract clauses

If there aren’t adequate protections in place, we will only send personal information overseas if the individual concerned gives you express permission, unless the propose is to uphold or enforce the law or to avoid endangering someone’s health or safety.

13. Unique identifiers

Unique identifiers - such as IRD numbers, bank customer numbers, driver's licence and passport numbers-must not be assigned to individuals unless this is necessary for the organisation concerned to carry out its functions efficiently. The identifiers must be truly unique to each individual (except in some tax related circumstances), and the identity of individuals must be clearly established. No one is required to disclose their unique identifier unless it is for, or related to, one of the purposes for which the identifier was assigned.

The government is not allowed to give people one personal number to use in all their dealings with government agencies.

Privacy Officer

The Privacy Act requires that Sherson Willis Ltd appoints a Privacy Officer. The Directors fulfil this role. The Privacy Officer is required to:


  • Encourage compliance with the thirteen principles of the Act

  • Deal with access and correction requests

  • Work with the Privacy Commissioner in the event of any complaint or investigation

  • Coordinate any communications with the Privacy Commissioner

  • Ensure overall compliance with the Act


Any questions or concerns regarding the Privacy Act and its principles should be directed to the Privacy Officer.