Privacy Statement 

Rothbury is committed to protecting your personal information at all times.

The purpose of this Privacy Statement is to describe how we collect, use, store and disclose your personal information in order to comply with our obligations under the Privacy Act 2020.

ABOUT US

Rothbury Group Limited and its subsidiaries including Rothbury Insurance Brokers Limited, Rothbury Instalment Services Limited, Rothbury Employee Benefits Limited NZ Underwriting Agencies Limited and related companies (“Rothbury”) is a nationally operated business that offers expert insurance advice, insurance solutions and related services to individuals and businesses nationwide. 

In this privacy statement ​‘we’, ​‘us’ and ​‘our’ means Rothbury, ​‘you’ and ​‘your’ refers to individuals we collect personal information about, to enable us to provide these services.

Our business is about protecting what is of value to our clients. We appreciate the trust placed in us as part of this process and respect your privacy. Because our relationships are based on trust and protecting things our clients value, we actively safeguard the personal information we deal with. This Privacy Statement describes how we collect, store, use and disclose personal information, which we do in accordance with New Zealand’s Privacy Act 2020 (“the Act”).

IN THIS PRIVACY POLICY ​‘WE’, ​‘US’ AND ​‘OUR’ MEANS ROTHBURY, ​‘YOU’ AND ​‘YOUR’ MEANS INDIVIDUALS WE COLLECT PERSONAL INFORMATION FROM 

Our business is about protecting what is of value to the individuals and clients who work with us. We value the trust placed in us as part of this process and respect the privacy of the personal information we deal with. Because our relationships are based on trust, as well as protecting what’s of value to our clients, we actively protect the personal information we collect. This Privacy Policy sets out how we collect, store, use and disclose personal information, which we do in accordance with New Zealand’s Privacy Act 2020 (“the Act”). 

WHAT IS PERSONAL INFORMATION AND WHY WE COLLECT IT

In the Act, ​“personal information” means information about a living identifiable individual. We collect certain types of personal information which may include:

• information required to explore options for and to provide, administer and maintain insurance. This information typically includes some or all of your: 
o name, address, date of birth and contact details;
o assets to be insured;
o employment details;
o certain professional qualifications (for liability insurance);
o industry association memberships (for certain schemes);
o criminal history; and 
o details of previous insurances; and 
o past insurance claims.

• financial, billing and invoicing information; 

• details about any loss or other risk event for which you are making a claim;
• information you provide in any application or enquiry via our Rothbury Careers webpage or related information we receive about candidates from referees you provide and other third parties notified to you , which includes information we require as part of our recruitment processes;
• information we create or receive during your employment by Rothbury or its subsidiaries; and

• any other personal information you provide us with that we may require over the course of our relationship.
  
  If you do not provide us with the information that we need about our products and services, we or any of our third-party service providers may be unable to provide you with products or services and insurers may decline to offer you insurance or reject your insurance claim. If we do not receive the information that we need in relation to our recruitment process then we may be unable to offer you employment.

  HOW WE COLLECT PERSONAL INFORMATION 
  
  We collect personal information in different ways which may include:

• Directly from you via our website (including online forms), in person, telephone, in writing or email, via the ​“My Rothbury” App; and/​or
• Indirectly from third parties where required (where it is unreasonable or impracticable to collect information directly from you). For example, employer, referees, insurers, premium funders, government departments and other third-party service providers or publicly from available sources. 

As part of our Terms of Business, you authorise us to collect personal information. When this requires collection from a third party, we will normally be doing so as your agent and not on our own behalf. If we collect information from a third party other than as your agent, we will inform you as required by the Act.

We work with a range of insurers, each of whom has their own privacy policies governing how they handle personal information. A list of the insurers we deal with, together with links to their websites and publicly available privacy policies, is available at: www​.roth​bury​.co​.nz/​r​e​s​o​u​r​c​e​s​-​s​u​p​p​o​r​t​/​i​n​s​u​r​e​r​-​p​a​r​t​ners/

When you provide information as part of our recruitment process, we will ask you to agree to the collection of certain information required from third parties.

OUR PURPOSES FOR COLLECTING, STORING, USING AND DISCLOSING PERSONAL INFORMATION 

We collect, store, use and disclose personal information for the primary purpose of providing insurance advice, solutions and services alongside other related purposes which may include:

• assessing and managing insurance applications and policies;
• providing and administering premium funding (via Rothbury Instalment Services Limited); • managing and processing payments;
• communicating about our products and services;
• conducting market or customer research;
• administering claims;
• informing individuals and clients of service offerings which we believe may be relevant;
• statutory or regulatory reporting;
• internal or external audit; 
• internal training; 
• recruitment processes where personal information is provided for the purpose of recruitment; and
• any other purpose notified at the time personal information is collected.

DISCLOSURE OF PERSONAL INFORMATION

We will only disclose your personal information in accordance with this Privacy Statement and as permitted by law, authorised under our Terms of Business or where we have your instruction or consent to do so. We may disclose personal information we collect to: We will only disclose personal information in accordance with this Privacy Policy and as permitted by law, or where we have client or individual instruction or consent to do so. We may disclose personal information we collect to:

• insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies;
• • assessors appointed by insurers to assess or investigate claims and any witnesses to the relevant incident or loss;
• others named on a policy as co-insureds, joint insureds or interested parties (whether financially interested or equitably);
• service providers engaged to provide services in relation to insurance (such as providing repairs);
• third parties who help manage our business and provide our services, including our third party service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions;
• any other entities notified at the time of collection; and
• courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules.

We may use and disclose aggregated information that does not identify, and cannot reasonably be used to identify, any individual. Nothing in this Privacy Policy prevents us from using and disclosing to others de-personalised aggregated data.

TRANSFER OF PERSONAL INFORMATION OVERSEAS 

Rothbury makes use of disaster recovery and other offsite data storage facilities in New Zealand and Australia. No personal information is stored in any other overseas country. 

From time to time, our staff may be located overseas at the time they access your personal information to process your insurance requests. This access is only performed using a secure device and on Rothbury information systems.

Some third party service providers and insurers referred to above may be located overseas. They may store and process personal information either on our behalf for one or more of the above-mentioned purposes.

Where overseas disclosure is necessary, we take steps to ensure that the transfer of your personal information complies with the Act and your privacy is protected. We do this by ensuring the overseas party is subject to privacy laws that are comparable to the Act, and/​or where we are satisfied that alternative arrangements are in place to protect your privacy rights.

If we to release your personal information to an overseas provider in a location without comparable privacy laws in place, we will obtain your express authorisation prior to the transfer of your personal information.

PROVIDING PERSONAL INFORMATION OF OTHERS 

Clients and individuals who deal with us should not provide personal information for another individual unless they have the express authorisation of that individual to do so. Before providing us with personal information about another individual or a client the provider should:

• inform the individual whose information they are providing and notify them that we will handle their information in accordance with this Privacy statement;
• provide the individual with a copy of (or refer them to) this Privacy statement; and
• confirm that the individual has provided express consent for their personal information to be provide to us.

WHERE WE PROVIDE PERSONAL INFORMATION

If we give or provide you access to the personal information of another person, it must only be used:

• for the purposes we have agreed to; and
• in compliance with applicable privacy laws (including the Act) and this Privacy statement.

Applicable agents, advisers, employees, and contractors are also required to adhere to the above.

ACCURACY, ACCESS, AND CORRECTION OF YOUR PERSONAL INFORMATION 

We take reasonable steps to ensure that the personal information we hold is accurate, complete and up to date when we collect, use or disclose it. We depend on our clients, employees and suppliers ensuring that personal information they provide to us meets this standard.

We rely on our clients and individuals who deal with us, advising us of any changes to their personal information. Please contact us promptly via your broker or by using our contact details below if any of the information we hold is inaccurate, incomplete or has changed.

You can request access to your personal information or have it corrected or erased (in certain circumstances) by contacting us at the contact details below. If you request this, we will provide you with access to the personal information we hold about you as required and permitted by law. If we refuse or deny access or amendment to your personal information, we will give you our reasons for this. We may charge a fee in certain circumstances where this is appropriate.

Please note: we will retain information about you and your insurances for a certain period after you cease to be our client or employee, as this is required to meet our legal obligations, respond to historic issues and preserve your rights under previous insurance cover held through us. 

SECURITY OF PERSONAL INFORMATION 

We have a dedicated Data Security Team who ensure we take reasonable steps to protect all personal information and other client information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure. However, it is not possible to guarantee our data protection measures will prevent every potential breach of security both now and in the future, so we continuously monitor our systems and data protection controls. 

You must also take care to ensure they protect their own personal information including using secure methods to provide it to us or receive it from us. Please notify us as soon as possible in the event of a security breach. Where required by the Act, we will notify you of any notifiable privacy breach in relation to your personal information.

PRIVACY STATEMENT UPDATES

We reserve the right to amend our Privacy Statement from time to time to ensure we accurately describe how we properly manage and process personal data. We recommend reviewing our Privacy Statement regularly as it may be amended or updated periodically.

HOW TO MAKE A COMPLAINT 
If you wish to make a complaint about a breach of this Privacy Statement or the Act, you can contact us using the details below. Please include the details of your complaint together with any supporting evidence and information. You can also complain to the Privacy Commissioner (see www​.pri​va​cy​.org​.nz).

HOW TO CONTACT US 
 

If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy, or any other query relating to our Privacy Statement, please contact the Privacy Officer using the contact details below:

Rothbury Privacy Officer

Email: privacy@rothbury.co.nz

Post: PO Box 1596, Shortland Street
Auckland 1140

This privacy policy was last updated in April 2026