Terms & conditions, disclaimer and privacy
This website provides you with general information that is true and accurate to the best of Milestone Direct Limited’s knowledge. We advise you that:
General information only: The information on this website is general in nature and is not intended to be personalised financial advice. You should consult a professional financial adviser before making any financial decisions or taking any action based on the information on this website.
No liability: Milestone Direct Limited does not accept any liability for any loss or damage arising from the use of this website. This does not prejudice your statutory rights.
Accuracy of information: While Milestone Direct Limited has taken all reasonable care to ensure the information on this website is accurate, errors and omissions may occur. We do not accept any responsibility for any inaccuracy, error or omission in the website’s content, or for any loss caused to anyone from relying on that information. We may change, delete, add to or otherwise amend the information published on this website without notice.
Historical information: Any reference on this website to historical information and performance of a product or service may not necessarily be a good guide to future performance. You are solely responsible for any loss caused from relying on such information.
Third Party websites: This website may contain links to other websites which are not under our control. Milestone Direct Limited has no knowledge of or control over the content, and availability of those websites, or of their privacy practices. We do not sponsor, recommend, or endorse the content of other websites linked to, or referenced from, this website.
New Zealand law: The information on this website has been prepared to comply with, and is governed by, New Zealand law. It is only intended for use by persons within New Zealand’s jurisdiction. Milestone Direct Limited does not make any representation that the information on this website complies with the law in any other country.
Cybersecurity: Although we regularly update our cybersecurity and virus protection software, we do not guarantee that our website will be free from viruses or other malicious interference (such as spyware, malware, adware, ransomware and worms) that can damage your computer system and access your data.
Continuous access: We do our best to keep this website running smoothly. However, we do not guarantee that access to the website will be uninterrupted. We accept no liability for any loss caused by the website being temporarily unavailable either during its planned maintenance or due to technical or other issues beyond our control.
Copyright and IP: Unless otherwise indicated, all information on this website is the property of Milestone Direct Limited and is protected by copyright and intellectual property laws. Unless stated otherwise, you may access and download the materials located on this website only for personal, or agreed upon commercial use. The website may contain a number of trademarks which are owned by Milestone Direct Limited or used with the permission of the registered trademark owner. Before using any material on this website that is identified as being subject to copyright of a third party, you must obtain authorisation to use or reproduce the material from that third party.
By submitting your details on this website, you consent to the use of your personal information in accordance with this privacy statement.
What information do we collect?
We may collect personal information about you, either directly from you or from other parties and we may generate information about you when we carry out our business.
The types of personal information we collect about you may include your:
- Contact information: your name, phone number, email address, postal address, physical address
- Documents that verify your identity and other personal details: such as your passport or drivers’ licence number
- Subscriptions/preferences: when you subscribe to receive our newsletter or updates, as well as content preferences to help us identify which material you want to receive
- Technical information: information about the device used to access the website or other social media sites, such as IP address, browser type, time zone settings and mobile network information.
What do we do with it?
We collect and use your personal information to provide the information and services that you request from us, and to provide you with information about other services we consider appropriate.
When necessary, we may use your information to:
- Comply with our legal and regulatory obligations (including Anti Money Laundering/Counter Financing of Terrorism compliance and audit and reporting requirements).
- Defend or enforce our rights - For example, to collect money owed to us.
Who do we share it with?
Besides our staff we may share this information with third parties who enable us to provide you with our services. These include:
- Your other professional advisers
- Product providers
- Our service outsource providers such as IT consultants, custodians, etc.
We will only share your personal information with third parties where it is necessary to help us do what we collected your information for, where it is required by law or where you give us authority to.
We require these third parties to adhere to our strict confidentiality requirements for handling personal information and we seek to ensure that they comply with the Privacy Act 2020.
Where do we store it?
We use third party cloud service providers to store and process the information we collect. We use Microsoft Office and Azure cloud servers located internationally. We ensure that our cloud-based service providers are subject to appropriate security and information handling arrangements and that the information stored or processed by them remains subject to confidentiality obligations.
What are my rights?
You do not have to provide information to us. If you choose not to provide necessary personal information when requested, we maybe be unable to provide certain information or services to you.
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you have any questions about this privacy statement or you’d like to ask for a copy of the information we hold on you, or to have it corrected, please contact us.
We know that how we collect, use, disclose and protect your information is important to you, and we value your trust. That’s why protecting your information and being clear about what we do with it is a vital part of our relationship with you.
Personal Information is defined in the Privacy Act as information about an identifiable individual (a natural person as opposed to a company or other legal entity).
Types of personal information we collect
The types of personal information we collect will vary depending on the nature of your dealings with us. We only collect personal information that is necessary. Where reasonable and practicable, we will collect your personal information directly from you and inform you that we are collecting it.
We mainly collect personal information directly from you, for example:
- Over the telephone or a video call (such as over Microsoft Teams, Zoom or Skype) e.g. when you contact our staff;
- Through one of our digital platforms like our website, LinkedIn, Facebook, YouTube, Twitter, Etc.
- When you email or write to us; or
- When you participate in a marketing campaign, competition or promotion (or a similar event) administered by us or our representatives.
If it is not obvious that we are collecting personal information from you, we will do our best to make it clear to you so that you are always aware when information is being collected.
On social media pages where insufficient space exists to display the full social media and Privacy disclaimer, a link will be provided to the MDL website disclaimer page. This page includes the Privacy Statement.
Generally, the types of personal information we collect and hold include your:
- Date of birth
- Contact details (such as your email address, postal address, phone number)
- Details relating to your use of any product and/or service offered by us
- Details of your enquiry
- Details of any preferences you tell us about (such as subscription preferences).
We may also collect personal information about you from:
- Publicly available sources e.g. via the internet;
- Your professional advisers e.g. sharebroker, accountant, solicitor, previous financial adviser, Etc.
Online device information and cookies
If you are visiting us through our website, LinkedIn, Facebook, YouTube, Twitter, Etc., then we may collect information about your use and experience on these by using cookies. Cookies are small pieces of information stored on your hard drive or on your mobile browser. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.
The cookies we send to your computer, mobile phone or other device cannot read your hard drive, obtain any information from your browser or command your device to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any non-Milestone Direct Limited website.
When you interact with us through our website, LinkedIn, Facebook, YouTube, Twitter, Etc. the information collected through the cookies may include:
- The date and time of visits;
- Website page (or pages) viewed;
- The website from which you accessed the internet and our website or other digital platform;
- How you navigate through the website and interact with pages (including any fields completed in forms and applications completed (where applicable));
- Information about your location;
- Information about the device used to visit our digital platform; and
- IP address (or addresses), and the type of web browser used.
We will not ask you to supply personal information publicly over LinkedIn, Facebook, YouTube, Twitter, or any other social media platform that we use. Sometimes we may invite you to send your details to us through a private message, for example, to answer a question. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions, but we would require your express consent prior to us including you in such activities.
Any personal information you provide to us may be used to:
- Check whether you are eligible for the product or services offered by us;
- Facilitate those services;
- Provide information that you request; and / or
- Provide you with further information about our other products and services.
We also have an obligation to maintain personal information to disclose to regulatory and similar bodies - see the paragraph titled “Disclosure of your personal information” below. These bodies have a legal right to such information.
We may electronically record and store personal information which we collect from you. When we do so, we will take all reasonable steps to keep it secure and prevent unauthorised disclosure.
However, we cannot promise that your personal information will not be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices, it is important that you keep these confidential and do not allow them to be used by any other person. You should notify us immediately if the security of your password or security device is breached, this will help prevent the unauthorised disclosure of your personal information.
Some information we hold about you will be stored in paper files, but most of your information will be stored electronically on physical hard drives and on the cloud, by cloud service providers – see the paragraph titled “Cloud-based service providers” below.
We use a range of physical and electronic security measures to protect the security of the personal information we hold, including:
- Access to information systems is controlled through identity and access management;
- Our buildings are secured with a combination of locks, monitored alarms and cameras to prevent unauthorised access;
- Employees are bound by internal information security policies and are required to keep information secure;
- Employees are required to complete training about information security and privacy;
- When we send information overseas or use service providers to process or store information, we put arrangements in place to protect your information;
- We regularly monitor and review our compliance (and our service providers’ compliance) with internal policies and industry best practice.
- We only keep information for as long as we need it, or as long as the law requires us to. We have a records management policy that governs how we manage our information and records to make sure we destroy any information that is outdated, irrelevant or unnecessary.
Cloud-based service providers
We use third party service providers to store and process most of the information we collect. We use Microsoft Azure and Office Cloud servers. We ensure that our cloud-based service providers are subject to appropriate security and information handling arrangements and that the information stored or processed by them remains subject to confidentiality obligations.
Timeframes for keeping personal information
We take reasonable steps to destroy or permanently de-identify any personal information as soon as practicable after the date of which it has no legal or regulatory purpose, or we have no legitimate business purpose with it.
In the case of information that relates to our advice services or products or services we have provided, we are required by law to hold this information for seven years. After this time, provided that the personal information is no longer relevant to any service we are providing you, we will take reasonable steps to safely destroy or de-identify any personal information.
We have a records management policy that governs how we manage our information and records to enable us to destroy any information that is outdated, irrelevant or no longer necessary.
If there is a privacy breach
We work hard to keep your personal information safe. However, despite applying strict security measures and following industry standards to protect your personal information, there is still a possibility that our security could be breached. If we experience a privacy breach, where there is a loss or unauthorised access or disclosure of your personal information that is likely to cause you serious harm, we will, as soon as we become aware of the breach:
- Seek to quickly identify and secure the breach to prevent any further breaches and reduce the harm caused;
- Assess the nature and severity of the breach, including the type of personal information involved and the risk of harm to affected individuals;
- Advise and involve the appropriate authorities where criminal activity is suspected;
- Where appropriate, notify any individuals who are affected by the breach (where possible, directly);
- Where appropriate, put a notice on our website advising our clients of the breach; and
- Notify the Privacy Commissioner.
Disclosure of your personal information
We may disclose your personal information to others outside Milestone Direct Limited where:
- It is necessary to enable us to achieve the purpose that we collected the information for;
- We are required or authorised by law or where we have a public duty to do so;
- You have expressly consented to the disclosure or your consent can be reasonably inferred from the circumstances; or
- We are permitted to disclose the information under the Privacy Act 2020.
Parties we may disclose your information to
Your personal information may be used by us for the purpose of providing advice and services to you and may also be used by agencies such as, but not limited to:
- Any out-sourced service provider who assists in the services we are required to carry out such as auditors and external compliance reviewers;
- Our external dispute resolution service;
- The Regulator;
- Credit reporting and debt collecting organisations;
If we don’t need to share your information with a third party in order to provide advice and services to you, we will not pass on your information to them without your consent. Under no circumstances will we sell or receive payment for disclosing your personal information.
Sending your information overseas
We may send your personal information outside New Zealand, including to overseas members of Milestone Direct Limited’s related companies and overseas service providers or other third parties who process or store our information, or provide certain services to us.
Where we do this, it does not change any of our commitments to you to safeguard your privacy. We make sure that appropriate security and information handling arrangements are in place and the information remains subject to confidentiality obligations.
All countries have different privacy laws and information protection standards. If we need to send your personal information to a country that has lower standards of information protection than in New Zealand, we will take appropriate measures to protect your personal information. Where it is not possible to ensure that appropriate security and information handling arrangements are in place, we will let you know and gain your consent prior to sending your personal information overseas.
Third party websites
In addition, we have no knowledge of (or control over) the nature, content, and availability of those websites. We do not sponsor, recommend, or endorse anything contained on these linked websites. We do not accept any liability of any description for any loss suffered by you by relying on anything contained or not contained on these linked websites.
You have the right to request access to, correct and, in some circumstances, delete your personal information. You can do so by contacting us at:
Private Bag 93504
Or via email at firstname.lastname@example.org
When you contact us with such a request, we will take steps to update or delete your personal information, provide you with access to your personal information and/or otherwise address your query within a reasonable period after we receive your request. To protect the security of your personal information, you may be required to provide identification before we update or provide you with access to your personal information.
We are only able to delete your personal information to the extent that it is not required to be held by us to satisfy any legal, regulatory, or similar requirements.
There is no fee for requesting that your personal information is corrected or deleted or for us to make corrections or deletions. In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.
There are some circumstances in which we are not required to give you access to your personal information. If we refuse to give you access or to correct or delete your personal information, we will let you know our reasons, except if the law prevents us from doing so.
If we refuse your request to correct or delete your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.
If we refuse your request to access, correct or delete your personal information, we will also provide you with information on how you can complain about the refusal.
If you do not provide information we have requested, you may be unable to obtain or access our services for which the information is required. Please ask us if you are unsure what information is important and how this might affect you.
If you are concerned about how your personal information is being handled or if you feel that we have compromised your privacy in some way, please contact us at:
Private Bag 93504
Via email at email@example.com
Or via phone at 0508 645 378
We will acknowledge your complaint within three working days of its receipt. We will let you know if we need any further information from you to investigate your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five working days, but some complaints take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are not satisfied with our response to any privacy related concern you may lodge a complaint on the Privacy Office website (www.privacy.org.nz) or send a complaint form to the Privacy Commissioner at:
Office of the Privacy Commissioner
P O Box 10-094
Wellington 6143, New Zealand
Fax: 04- 474 7595
Telephone: 0800 803 909