Privacy Policy

Maurice Trapp Group Privacy Policy

Revised on 12th May 2025

Introduction

Maurice Trapp Group and its subsidiaries (including but not limited to Mortgage Lab, Employee Lab, and Cooney Insurance) ("we", "us", "our") comply with the New Zealand Privacy Act 2020 (the "Act") when dealing with personal information.
Personal information is information about an identifiable individual (a natural person). This policy sets out how we collect, use, disclose, and protect your personal information.

This policy also applies to personal information collected from employees, contractors, and job applicants, in connection with employment or engagement with Maurice Trapp Group and its subsidiaries.

This policy does not limit or exclude any of your rights under the Act. For more information, you can contact our Privacy Officer at info@mauricetrapp.com, or visit the Office of the Privacy Commissioner at www.privacy.org.nz.

Changes to This Policy

We may change this policy by uploading a revised version onto our website. The change will apply from the date the revised policy is uploaded.

What is Personal Information?

Personal information includes, but is not limited to:

  • Name, address, and contact details

  • Date of birth and occupation

  • Payment information and financial details

  • Employment history and/or current employment details

  • Education and qualifications

  • Source of funds or source of wealth (where required)

  • Testimonials and feedback

  • Any other information that can identify you as an individual

How We Use Your Personal Information

We will only collect and use personal information where permitted by law or with your consent. We use your personal information to:

  • Verify your identity

  • Provide services and products to you

  • Market our services and products, including contacting you electronically (e.g. by call, text, or email)

  • Improve our services and products

  • Respond to communications, including complaints

  • Protect and enforce our legal rights and interests

  • Meet legal and regulatory requirements

  • Any other purpose authorised by you or by the Act

Disclosing Your Personal Information

We may disclose your personal information to:

Service and Operational Providers:

  • Companies or individuals assisting us with services (e.g. mailing houses, IT and data storage providers, specialist consultants, legal advisers)

Financial Services Parties:

  • Product providers (e.g. lenders, insurance companies)

  • Financial advisers and financial advice providers who may use our services

Verification and Compliance Agencies:

  • Identity verification services (e.g. NZ Department of Internal Affairs, NZ Transport Agency)

  • Organisations conducting compliance audits or reviews

Government and Regulatory Agencies:

  • Financial Markets Authority (FMA)

  • Ministry of Justice

  • Office of the Ombudsman

  • Office of the New Zealand Privacy Commissioner

  • Human Rights Commission

  • CERT NZ (in the case of a data breach)

  • Overseas privacy regulators (where applicable)

Others:

  • Any person or agency who can assist with responding to a serious privacy breach

  • Anyone else you authorise us to disclose it to

Social Media and Online Advertising

We do not share your personal information directly with social media platforms. However, we may use anonymised or hashed information (such as email addresses) to create targeted advertising audiences on platforms such as Facebook or LinkedIn. These platforms do not receive any personally identifiable data from us unless you have expressly authorised it or have interacted directly with our social media pages.

If you contact us through social media (e.g. by messaging or commenting on a post), the information you provide may be processed by that platform under its own privacy policy. We recommend reviewing the privacy settings and terms of use of any platform you use to interact with us.

We will never disclose private client information publicly on social media without your explicit, informed consent.

Except as described above, we will not disclose your personal information without your written or oral consent, unless we are required to do so by law.

Protecting Your Personal Information

We take reasonable steps to protect your personal information from loss, misuse, and unauthorised access. This includes:

  • Encrypting data in transit and at rest

  • Limiting access to secure network connections

  • Regular audits and software reviews

Where data is received outside of our software (e.g. provided directly to an adviser), it may be held on-premise at the adviser’s local office and managed according to our data security standards.

Overseas Data Storage and Transfers

Some of our data is processed or stored using offshore cloud providers (e.g. Microsoft, Google, AWS). These providers may be located outside New Zealand. We take reasonable steps to ensure any overseas recipients comply with New Zealand privacy standards.

Storing Your Personal Information

We retain personal information only as long as is necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory obligations. For example, advice records may be retained for seven years to meet Financial Markets Conduct Act requirements.

All cloud-based data is backed up and can be restored in the event of data loss or corruption.

Accessing and Correcting Your Personal Information

You have the right to request access to your readily retrievable personal information and to request correction of that information, subject to grounds for refusal under the Act.

To do this, please email info@mauricetrapp.com with:

  • Proof of your identity

  • The information you want to access or correct

If we agree that your correction request is reasonable, we will make the change. If we do not, we will make a note on your file that a correction was requested.

Data Breaches

Our Privacy Officer has systems and procedures in place for managing data breaches. If a notifiable privacy breach occurs (i.e. one that causes or is likely to cause serious harm), we will notify the Privacy Commissioner and affected individuals as required by the Privacy Act 2020.

Internet Use

We take reasonable steps to protect information sent over the internet. However, transmission is at your own risk. If you follow a link to another website, that site will have its own privacy policy, which we encourage you to read.

We use cookies to monitor site usage. You may disable cookies via your browser settings, but this may limit website functionality.

We may also monitor access and activity on our websites and IT systems to detect unauthorised access or attacks. We use third-party providers to support this monitoring. These providers may access log data and processing activity.