In our article on Privacy for Organisations  we talk about how to stay safe as an organisation. But what about if you have shared your personal information with an agency? How do you stay safe as an individual? Let’s look at some frequently asked questions.

 FAQs

1.  Do agencies need to tell you if your information is involved in a privacy breach?

Agencies must report serious breaches to the Privacy Commissioner and the affected individuals. A serious breach is one that has or is likely to cause serious harm to those affected. Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

2. How can you check if your information has been leaked?

Check at haveibeenpwned.com

3. What happens if your privacy is breached?

Contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068.

4. How do you ask an agency for your information?

Use this form, or request the information by phone, email or letter. Agencies must reply within 20 working days, or 10 days for urgent requests, but can refuse for valid reasons.

5. How do you correct your information?

Contact the agency, explain the error, and ask for it to be corrected. If the correction is refused, you may complain to the Privacy Commissioner.

6. How do you make a complaint?

Try to resolve it with the agency first. If that doesn’t work, complain to the Privacy  Commissioner. They will not investigate situations from long ago or that didn’t cause you harm, or things like family disputes, someone else’s personal information, or vexatious matters.

7. Are there any special rules for sensitive personal information?

Codes of practice exist for some sensitive types of personal information, such as for health, credit and superannuation.

8. How do you keep your own information safe?

Your personal information is important to you and may be valuable to others who can benefit from it. Be thoughtful about giving out your personal information. Many agencies provide a discount when your join their ‘club’. Ask yourself if it is really worth it.

  • When asked for your details by email or phone, question why it is needed and confirm the collection is valid.
  • Monitor your email and bank accounts and be alert for any suspicious behaviour.
  • Use complex passwords and change them monthly—it’s worth the effort.
  • Report breaches.

9. What if you need to breach a privacy obligation?

Look at the guidance and contact the Privacy Commissioner’s Office for clarification.

This article is merely on overview of the Privacy Act. We recommend visiting the Privacy Commissioner’s website.

It is not a substitute for legal advice and you should contact a lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we strongly encourage you to get in touch with us. We’d love to help. Contact Steven Moe at stevenMoe@parryfield.com or Aislinn Molloy at aislinnMolloy@parryfield.com.

Privacy for organisations is important and should be taken seriously. In this article we show you how.

We all value our personal information. No one wants their personal details accessed or used inappropriately. It can lead to spam or more worryingly, identity theft or fraud. It can also exact an emotional toll.

The Privacy Act 2000 (Act) is all about helping to protect individuals and keeping the organisations who collect personal information accountable. The amended Act came into force on 1 December 2020, so you need to be following it now.

Top tips

  • Treat other people’s information as if it were your own—with care and respect.
  • Follow the rules. If unsure what to do, seek help.
  • Adopt or update your Privacy Policy and appoint a Privacy Officer.
  • Consider doing a Privacy Impact Assessment to inform projects or proposals. This may save time and money. Use the toolkit.
  • Make use of the resources available. Seek legal advice for more serious matters.

Who has responsibilities?

The Act refers to ‘agencies’. This is any organisation or person that collects and holds personal information about people, whether private or public sector. Some examples are companies, businesses (including small businesses), clubs, charities and community groups.

The Privacy Commissioner’s Compliance and Regulatory Action Framework says that its goal is to achieve high levels of voluntary compliance by seeking to make the regulatory approach as clear as possible.

If your organisation breaches privacy rules there can be consequences, such as a failure to report a notifiable breach will be punishable on prosecution with a fine of up to $10,000.

A word of caution – privacy covers all you do so includes emails and texts. Be careful what you say as those might need to be disclosed in a person asks for these records. Also, if a reporter is writing about your organisation, avoid using their real name in internal communications – use a pseudonym instead. Their name is an example of personal information and the journalist is therefore entitled to see the number of times they have been referred to in communication. Furthermore, they may be entitled to see what has been written about them, so our advice is to be scrupulously professional in all communication.

What do agencies need to do?

At the heart, this is about being respectful and careful. Imagine it is your personal information and treat it accordingly. Follow the links below to the Privacy Principles for more detail. What you need to consider falls into these categories.

1. Collecting personal information

  • Only collect information that you really need. The more you collect, the more care is needed. (Privacy Principle 1). We do see clients collecting more than is necessary so ask yourself if it is needed.
  • Collect information from the person directly (or their authorised representative). (Privacy Principle 2)
  • Tell people why you are collecting the information. Having a Privacy Statement is a good idea. You can develop one using the Privacy Commissioner’s generator or we can draft a complete and bespoke version specifically for your circumstances. (Privacy Principle 3)
  • Collect information lawfully and fairly, or there may be consequences. (Privacy Principle 4)

2. Storing personal information

  • Keep information genuinely Lock it up or password protect it, and limit access. Ensure staff know what they can and cannot access. (Privacy Principle 5)
  • Ensure you can provide it promptly to a person on their request. Charges should generally not apply, and if they do they must be reasonable. (Privacy Principle 6)
  • Correct personal information if it is not correct. (Privacy Principle 7)
  • Keep personal information accurate. (Privacy Principle 8)
  • Keep information only as long as you need to and dispose of it carefully. (Privacy Principle 9)
  • Use the information only for the purpose it was collected. (Privacy Principle 10)
  • Disclose personal information only for a valid reason, for example, when required by law. (Privacy Principle 11)
  • Follow the rules for sending personal information out of New Zealand, including digitally. (Privacy Principle 12)
  • Only use a ‘unique identifier’ (something that is unique to a person such as a drivers licence), when necessary. (Privacy Principle 13)

FAQs

 How do you ask an agency for your information?

Use this form, or request the information by phone, email or letter. Agencies must reply within 20 working days, or 10 days for urgent requests, but can refuse for valid reasons.

 1. How do you correct your information?

Contact the agency, explain the error, and ask for it to be corrected. If the correction is refused, you may complain to the Privacy Commissioner.

 2. How do you make a complaint?

Try to resolve it with the agency first. If that doesn’t work, complain to the Privacy  Commissioner. They will not investigate situations from long ago or that didn’t cause you harm, or things like family disputes, someone else’s personal information, or vexatious matters.

 3. Are there any special rules for sensitive personal information?

Codes of practice exist for some sensitive types of personal information, such as for health, credit and superannuation.

4. How can you check if your information has been leaked?

Check at haveibeenpwned.com

5. What happens if your privacy is breached?

Contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068.

 6. How do you keep your own information safe?

Your personal information is important to you and may be valuable to others who can benefit from it. Be thoughtful about giving out your personal information. Many agencies provide a discount when your join their ‘club’. Ask yourself if it is really worth it.

  • When asked for your details by email or phone, question why it is needed and confirm the collection is valid.
  • Monitor your email and bank accounts and be alert for any suspicious behaviour.
  • Use complex passwords and change them monthly—it’s worth the effort.
  • Report breaches.

7. What if you need to breach a privacy obligation?

Look at the guidance and contact the Privacy Commissioner’s Office for clarification.

A key change – Reporting privacy breaches

Agencies must report serious breaches to the Privacy Commissioner and the affected individuals. A serious breach is one that has or is likely to cause serious harm to those affected. Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

Read more on your personal information rights here.

—-

This article is merely on overview of the Privacy Act. We recommend visiting the Privacy Commissioner’s website.

It is not a substitute for legal advice and you should contact a lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we strongly encourage you to get in touch with us. We’d love to help. Contact Steven Moe at stevenMoe@parryfield.com or Aislinn Molloy at aislinnMolloy@parryfield.com.

It can be confusing to know when to engage a lawyer and what the terms of engagement and prices will be. We have answered five questions below to help you and your startup ‘get the ball rolling’.

 

  1. When should you engage a lawyer and how do you find one that suits you best?

 It is a relatively straight forward process to set up a company and our view is it can be done without a lawyer. However, legal documents such as a company constitution, shareholder’s agreement, term sheets, though you may have questions such as how many shares to issue or who should be a director, subscription agreements, employment contracts, employee stock option plans (ESOPs) and vesting agreements will likely be needed along the way. While these are not compulsory, they are helpful to determine how the company will be governed, the rights and obligations of directors and shareholders and terms of agreement with investors. Without them the Companies Act 1993 applies which may not be suited to your specific circumstances.

Other legal considerations include how to protect your intellectual property (IP), employment matters or which governance structure will suit your start-up best. It is highly advisable to engage a lawyer when seeking to draft these documents as they can explain which parts of the law such as the Companies Act 1993, Privacy Act 2020, or the Employment Relations Act 2000 will be applicable or can be avoided. To read more about these issues see our Free Start Ups Legal Toolkit and Capital Raising Guides here.

There are multiple ways to find the right lawyer for you:

  • Attend industry events or conferences;
  • Get a referral from other founders in your industry;
  • Law firms websites indicate whether they have experience with startups that are similar to you;
  • Ask questions such as whether they have experience in your industry or with other founders in your industry;
  • Ask for clarity on fees. While we do not charge for a first meeting we have heard of other law firms sending a large bill after a first meeting. Have clear communication to avoid surprises.

 

  1. What are normal terms of engagement?

 The terms of engagement set out lawyer-client responsibilities. The client is to provide accurate information and giving clear instructions. The lawyer must abide by confidentiality, conflict of interest and disclosure requirements. The terms outline the scope of the lawyer’s work and their role including their duties. They will state that you authorise credit checks and due diligence services to verify your identify if required. Engagement terms also set out how fees are calculated, including disbursements such as document service fees, when fees are to be paid and how the firm will hold the funds collected by you. It will also outline how to terminate the engagement, make complaints and indemnity clauses.

 

  1. What are normal prices and bill services for lawyers?

 Lawyers are under an obligation not to charge more than what is fair and reasonable for services. Fair and reasonable fee factors include the time and labour spent, the skill and specialised knowledge required, the importance, complexity and urgency of the matter, the degree of risk, the possibility it will preclude engagement of the lawyer by other clients, whether the fee is fixed or conditional, quote or estimate of fees, fee agreement, the reasonable cost of running a practice and the fee customarily charged in the market. Generally law firms have a hourly charge out rate for their lawyers. The more senior the lawyer, the higher the hourly charge-out rate. A partner might be between $400-$600, a senior lawyer $250-$400 and a junior lawyer $180-$280 per hour plus GST.

 

  1. What types of legal fees should you expect?

 The first consultation may be free and the legal fees will vary depending on the complexity of the documents or services you require. The more documents that require drafting, and the more back and forth communications with the lawyer, the higher the costs will be. A complex governance structure will also require more documents drafted. Firms like ours with more experience with startups will have templates to use. If they have worked with startups similar to yours it can reduce the complexity of drafting. Other costs include complying with anti-money-laundering requirements and disbursements.

 

  1. How can you control costs when raising capital?

 The best way to control costs is to plan ahead. Determine early on which documents your startup will need and which governance structure you want. When you engage a lawyer you can then outline exactly what you need and when you need it by. Identify issues regarding your IP, privacy, employment, insurance, health and safety, due diligence and fundraising. This means you will have considered the right things and can go in with questions. This will reduce the amount of communication needed with your lawyer and reduce costs. You should also ascertain the areas in which you do not need a lawyer, for example incorporating a company or reserving its name.

We have supported many startups to get going and have produced a helpful suite of free information to help startups succeed. Our Startups Legal Toolkit is a practical guide for entrepreneurs in Aotearoa New Zealand. It explains how to set up a company, discusses social enterprises and not-for-profits, fundraising, liability and ongoing duties, employment issues and other useful information.

 

If you would like to discuss further, please contact one of our team on stevenmoe@parryfield.com, or annemariemora@parryfield.com at Parry Field Lawyers

There are around 28,000 officially registered charities in New Zealand doing important work to make Aotearoa a better place. People donate around $1.5 billion annually to New Zealand charities to enable them to do their work.

When it comes to an organisation, the term ‘charity’ has special meaning. To call itself a registered charity, an organisation needs to go through a proper process, which is governed by the Charities Act 2005 (the Act).

This law exists to promote public trust and confidence in the charitable sector and to encourage and promote the effective use of charitable resources. In a nutshell, it is about ensuring good practice by charities, which is a great thing for everyone.

To obtain charitable status an entity must have legitimate charitable purposes, and these are set out in the Act as: relieving poverty; advancing education; advancing religion; or other purposes beneficial to the community.  In other words a cause may be good but it may not be capable of registering as a charitable entity.

This doesn’t mean that a cause that falls outside of these categories is not worthy; it simply means that by law that cause is unlikely to be able to become a registered charity – it may still be a charity which is incorporated with Companies Office though.

We realise this area of law can be confusing so have written a free guide about this for those who want to set up charities which is available here

 

Does charitable status matter?

There are some advantages for organisations to be registered charities. Funders and donors often feel more comfortable giving to a registered charity because they know that registered charities are required to adhere to good practice. There may also be tax advantages for the organisation, and for donors, who may qualify for tax rebates and be able to claim back 1/3 of what they give to the charity.

To help ensure charities are operating well, registered charities must submit annual reports to Charities Services. The reports are all publicly accessible on the Charities Register, so anyone can see how the charity is performing.

It is an offence to even imply that you are a registered charitable entity if you are not registered, because it is misleading. Being a ‘charitable trust’ does not mean an entity is a registered charity. The term ‘charitable trust’ is simply the legal structure. A charitable trust still needs to be registered to have genuine legal charitable status which is done by applying to Charities Services.

 

Registered charity or not?

It’s easy to check if an organisation is a registered charity by doing a quick search using the Charities Register.

 

Dealing with bogus ‘charities’

If you discover that an entity is wrongfully describing themselves as a charity to seek an advantage, you can email compliance@dia.govt.nz. Find out more about making a complaint on the Charities Services website.

 

We deal with charities and those who want to set them up a lot and have many free resources on our website here. Should you require assistance, please feel free to contact Steven Moe stevenmoe@parryfield.com, or Yang Su yangsu@parryfield.com or any of the team at Parry Field Lawyers.

Establishing a Corporate Foundation can improve the impact and focus of a business’s philanthropic activities.  We have helped companies set up foundations which advance charitable purposes which are aligned with their business initiatives.  In fact, here at Parry Field, we have set up our own charitable foundation as well.

In this article we will be going over some of the key things which we think it is important for you to know about this topic.  The easiest way is of course just to have a conversation and we do that on a no charge basis, just to answer questions and work out if we could help or not.

So what is a Corporate Foundation?

  • A corporate foundation is a Charities Services registered charity (typically in the form of a charitable trust) established by a business to further the business’s charitable activities. For more on charities see our legal book here
  • Although the business and the foundation are separate legal entities, and there are considerations to ensure there are no conflicts of interest, they usually have close ties and the business typically provides financial support and other resources to the foundation
  • The business typically benefits from an enhanced reputation from its close ties with a registered charity as well as tax-credits for its donations to the foundation. Its customers or others in its ecosystem may also provide donations to the Foundation and possibly receive tax credits for them
  • An example in New Zealand would be the Vodafone Foundation

So why might you consider setting up a Foundation?

  • Increases credibility of business’s charitable activities
  • May increase employee engagement in business’s philanthropic efforts
  • Foundation’s registration with Charities Services provides public reassurance that its activities are for public good
  • May provide significant tax advantages for the business, such as:
    • Business can tax-effectively fund other organisations that may not be registered charities, but are doing charitable work
    • Business can use the foundation to store charitable funds during good profit years without the need to distribute it all immediately
    • Foundation can make its grants repayable but the business can’t do that tax-effectively
  • Drawbacks of a Corporate Foundation
    • Increased burden of administration from managing two separate entities – note that they are separate – there will be conflicts if you treat them as the same.
    • Risk of fracture in relationship between the foundation and the business, for the reason that they are different entities and the business does not ‘control’ the foundation.
  • Alternatives
    • Business can set-up an account with a donor advised fund but this comes with fees and less legal and practical control
    • Business can set-up an internal CSR division to manage philanthropic efforts, but possibly less credibility and reputational benefit
    • Business can partner directly with the charities it would like to support, but less flexibility for tax-advantageous donations
  • Conflict of Interests
    • Although a business and its corporate foundation may work closely in practice, it is imperative that the corporate foundation have an effective strategy for managing conflict of interests. This is particularly true if the business has the right to appoint and remove the corporate foundation’s trustees
    • Trustees of the corporate foundation have a legal duty to act in the best interest of their charitable trust, and Charities Services has provided some guidance on how trustees can manage conflicts of interests here
  • Key Points to Consider in setting up a Corporate Foundation
    • What is the charitable purpose of the foundation? Should it have a broad purpose for future flexibility? Or should it have a more narrow purpose to focus the charitable efforts?
    • Legal structure of the corporate foundation – we typically see charitable trust as the legal vehicle of choice, but other options such as an incorporated society or a limited liability company are also viable alternatives, each with its own advantages and disadvantages
    • Relationship between the business and the foundation, such as funding obligations, rights to appoint and remove officers/trustees and access to the business’s resources
    • Terms of the licence of the business’s brand to the foundation
    • Registration of the foundation with Charities Services followed by granting of tax-donee status by the IRD
    • As a registered charity the foundation will need to file annual returns
    • The foundation’s policies – including investment, grant distribution, conflict of interests, privacy/data protection, etc…

We know there is a lot to consider and are happy to have a conversation at no charge with you on the options.

Recent changes will affect many larger entities in New Zealand from next year who will need to make new disclosures about climate related issues.  This impacts everyone because it is an indication of where disclosure trends are heading.

The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021 (the “Amendment Act”) received Royal assent on 27 October 2021.  The Amendment Act makes climate-related disclosures (“CRDs”) mandatory for some organisations by amending the Financial Markets Conduct Act 2013, the Financial Reporting Act 2013 and the Public Audit Act 2001. The External Reporting Board (“XRB”) has recently finished its consultation process on CRDs and expects to issue Aotearoa New Zealand Climate Standards in December of 2022 (see here).

Who has to make these climate disclosures?

Approximately 200 entities in Aotearoa New Zealand will be required to produce CRDs, which include:

  • All registered banks, credit unions and building societies with total assets of more than $1 billion;
  • All managers of registered investment schemes (other than restricted schemes) with greater than $1 billion in total assets under management;
  • All licensed insurers with greater than $1 billion in total assets or annual premium income greater than $250 million;
  • Listed issuers of quoted equity securities with a combined market price exceeding $60 million; and
  • Listed issuers of quoted debt securities with a combined face value of quoted debt exceeding $60 million.

For now, the current statutory regime only requires large enterprise value entities to produce CRDs.  However we can anticipate that smaller entities that obtain or apply for funding from such entities or obtain insurance from such entities may in future be required to report on their own climate change risks in order to secure funding or insurance.

Purpose of requiring disclosures and some comments

Although the XRB has not yet issued the standard for CRDs, there are a few key observations to note:

  1. Currently, the CRDs are designed to help publicise the risks that climate change may pose to a reporting entity’s enterprise value.
  2. Given the above, the primary users of the CRDs are expected to be investors, lenders and creditors – people who are most concerned about the financial health of the reporting entity.
  3. The XRB’s the proposed standards for the CRDs have a ‘single materiality’ lens (e.g. the focus is on climate change’s financial risk to the reporting entity) but considers that this approach is a foundation that can be built upon to possibly include ‘double materiality’ in the future (e.g. disclosing on the reporting entity’s environmental impact).
  4. In our view requiring these entities to also be talking about the impact they will have on climate would be a positive step (only reporting on the impact on the entity means this regime remains wrapped in a ‘shareholder primacy’ lens ultimately focused on impact on the shareholder – rather than the broader impact the entity will have on stakeholders).

We will update this article as the XRB releases its standard for CRDs.  If you would like to know more about the statutory requirements for climate-related disclosures, please do feel free to reach out to us at stevenmoe@parryfield.com or yangsu@parryfield.com.

 

 

The Limited Partnership regime was introduced fairly recently in New Zealand through the Limited Partnership Act 2008.  As such, limited partnerships may not be as familiar to Kiwi entrepreneurs and founders.  In this article, we highlight a few of the advantages and disadvantages of choosing a limited partnership for your business structure.  In our view, they represent a relatively simple structure which can really be useful in the right situation.

 

What is a Limited Partnership?

Limited partnerships are a corporate structure that combine some key features of companies (such as separate legal personality) and partnerships (such as tax pass-through treatment).  In a limited partnership, on entity is the general partner(s) who manage(s) the limited partnership (day to day running) while other investors are limited partners who act as silent partners (see diagram below).

This structure is often used by venture capitalists or fund managers as the corporate vehicle for investor partners to invest their funds.  For more information on the basic requirements of a limited partnership, along with a comparison of other structures, please see here.

Why choose a Limited Partnership?

Positive Comment
Liability is ring-fenced A limited partnership is a separate legal entity, and limited partners’ liability is restricted to contributed capital
Effective practical and legal control Only general partners may manage the affairs of the limited partnership
Tax pass-through treatment Tax consequences of the limited partnership pass directly to the partners
Privacy Identity of limited partners and contents of partnership agreement do not have to be publicised

 

Why wouldn’t I choose a Limited Partnership?

Drawback Comment
General partner is jointly liable with the limited partnership for the liabilities of the limited partnership Often addressed by choosing a limited liability company to act as general partner, providing liability ring-fencing
More involved set-up All limited partnerships require a written partnership agreement
Investors negotiate their rights and obligations E.g. Right to remove/appoint general partner(s), exit rights, pre-emptive rights
Financial Markets and Conducts Act 2013 A partnership interest in a limited partnership may be a financial product requiring FMCA compliance

We have helped many founders and companies structure their business and each situation is unique.  If you think a limited partnership may be a suitable option for your business, feel free to reach out if you would like specific input on your context.

If you enjoyed this content then we also have a guide for people doing business in New Zealand which you can download for free here.