ISO Privacy Policy


The ISO Scheme has adopted this Privacy Policy to ensure all personal information is managed in accordance with the Privacy Act 1993.

Collecting Personal Information

The ISO Scheme collects information for a lawful purpose connected with its function (the investigation of complaints) and the collection of this information is necessary for this function.

If you refer a complaint to the ISO, we will collect personal information on you in a variety of ways, such as:

  • from our pre-complaint forms;
  • from your financial service provider;
  • by telephone, e-mail or letter; and
  • from third parties.

Generally, we will collect personal information directly from you. We are only able to collect personal information from your insurer, your adviser or from third parties when you authorise us to do so. When you authorise us to collect personal information from any third party, we always exercise discretion and will not seek information which, having regard to the circumstances of the complaint, intrudes to an unreasonable extent upon your personal affairs.

We collect personal information so we can fully and fairly investigate your complaint and, at the conclusion of our investigation, for reference and research purposes within the ISO Scheme.

The ISO Scheme also collects information about you every time you visit any part of this site. We collect the time, date, duration and your use of this site. We use statistics about the use of our site, without identifying the individuals concerned, to continually improve it.

Storage and Security

The ISO Scheme is committed to keeping personal information secure. This includes physical security; computer security; and personnel security.

We take reasonable steps to ensure all personal information we collect is protected from loss; access; misuse; modification; and disclosure.

Access to, and Correction of, Personal Information

We take reasonable steps to ensure the personal information we collect is relevant, accurate and complete.

If you wish to access, or make a correction to, any personal information we have on you, please put your request in writing to the ISO Privacy Officer. We will respond to your request within 5 working days.

In some circumstances, we may refuse your request for access or correction if, at law, we are entitled to do so. If we refuse your request for access or correction, we will provide you with our reasons for doing so.

Disclosure of Personal Information

The ISO Scheme does not disclose personal information to any third party unless you authorise the disclosure or, alternatively, we are legally entitled to do so.

At the conclusion of our investigations, we use personal information for reference and research purposes within the ISO Scheme. We publish case notes on our website of all complaints considered on an annual basis; however, all identifying details are omitted so no individual can reasonably be identified.

Unique Identifiers

The ISO Scheme assigns a complaint number, unique to our Office, to all Complainants and most individuals who make an enquiry to our Office. This is to assist us to carry out our investigations more efficiently.

Links to Other Sites

Our site contains links to other sites. However, we are not responsible for these sites' (or their operators') privacy practices.

This Privacy Policy relates only to the ISO Scheme and our site.

Changes to the Privacy Policy

The ISO Scheme may, periodically, update this Privacy Policy. We recommend that you routinely review our Privacy Policy to understand how we manage personal information.

Contact Details

If you have any questions about our Privacy Policy, please write to the ISO Privacy Officer at P O Box 10-845, Wellington .