Privacy Policy


Gresson Dorman & Co (referred to in this policy as “we”, “us”, “our”) are committed to complying with our obligations under the New Zealand Privacy Act 2020 (the “Privacy Act”) when dealing with a client’s (“you”, “your”) personal information.

The purpose of this policy is to provide clarity to you on what personal information we collect, how this is collected, and how we use, disclose, and protect your personal information.

Personal Information under the Privacy Act is information about an identifiable individual, such as a natural person. We collect this personal information in order to advise and act for and on your behalf in your matter before us and to meet the statutory obligations placed upon us by the Lawyers and Conveyancers Act (Lawyers: Conduct and Client Care) Rules 2008.

This policy sets out:

  • The date when this policy is deemed active;
  • Where we collect personal information from;
  • The personal information we may collect;
  • How this personal information is used;
  • Disclosure of personal information;
  • How we protect personal information;
  • How you may access or update your personal information that is held by us; and
  • How you can contact us in relation to this policy.

Revisions to this Policy

To ensure we are maintaining the best standards and practices with your personal information, this policy will be revised from time to time to reflect changes in legislation and privacy practices. This policy replaces any earlier policies and applies from:

09 May 2023.

How we collect Personal Information

We collect personal information about our clients from two sources:

  • You, the client, when you provide personal information to us either through the internet, your communications with us (such as emails and telephone calls), or when you engage our services.
  • Third parties, where you have authorised them to provide us with your information, or when the information is publicly available.

Personal information will be collected from you and verified where possible.

Types of Personal Information we collect

The information we collect from you will vary depending on the services you require us to undertake for you. We will provide clear information to you on what personal information we will require from you in your matter.
Some of the personal information we may request could include:

  • Full name;
  • Date of birth;
  • Postal/physical address;
  • Contact details (phone number, email address);
  • Employment information;
  • Account or invoicing information (such as bank account details and IRD numbers);
  • Legal identification (such as passports, driver license, birth certificate, firearms license);
  • Matter specific information (this may involve personal information relating to the matter for which you have engaged us to act on your behalf).

The methods by which we may request or collect your personal information may vary due to the varied nature of the matters and services we provide. We take steps to ensure that you are aware of when we are gathering personal information, and the purpose for which we are collecting it.

How we use Personal Information

Generally, we will only use your personal information for the purposes for which it was collected. However, there may be instances where the way we use your personal information may vary due to us providing a wide range of services to our clients.

The purposes for which we collect and use your personal information are:

  • Verification of your identity;
  • To contact you (through email or telephone call);
  • To provide personalised and professional legal services to you;
  • To invoice you and collect outstanding money owed to us;
  • To respond to communications from you, including a complaint;
  • To protect and/or enforce our legal rights or interests, including defending any claim;
  • For any other purpose authorised by you or the Act.

Personal information may also be used to protect our rights or to comply with professional or legal obligation by which we are bound.

We may, from time to time, use some of your personal information for the purposes of providing you with ongoing service after the matter for which you engaged our services has ended.

Disclosure of Personal Information

In order for us to provide legal services to you, we may, at any time, disclose your personal information:

  • Within Gresson Dorman & Co for the purposes of providing you with the best level of service in matters you bring to us for assistance;
  • To any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website, or other services and products;
  • To other third parties engaged to assist us, or provide specialist information to us in your matter, or to complete a transaction for you in a matter;
  • To comply with legal and regulatory requirements under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009;
  • Where there is a legal or professional right, obligation, or duty to do so (this may be to a regulatory authority, or a law enforcement agency);
  • With any other person you authorise us to share information with.

The disclosure of your personal information in the above recognised forms ensures that we can meet our statutory obligations of acting competently and in a timely manner that promotes your best interests, and ensures that we provide you with the most accurate information, advice, and guidance on your matter.

Businesses that support the provision of our services to you may be partially or wholly located outside of New Zealand. It is therefore possible that some of the processing or storage of your information may occur outside of New Zealand. If you would like to know more about where your information may be processed or stored, please contact us.

Protecting your Personal Information

We hold information in both electronic and hard copy formats, and employ a number of security measures to protect your information including:

  • Ongoing education and training of staff to ensure staff are aware of privacy obligations and employing best practices when handling a client’s personal data;
  • Internal restrictions on who can access client information, so that only those who may reasonably need access to the personal information can access it;
  • The use of security measures which include, but are not limited to, firewalls, anti-virus software, and encryption technology to protect stored personal information from third-party access;
  • Regularly reviewing our internal and external data security measures in terms of performance to ensure they are fit for purpose in protecting client personal data from unlawful access, loss, damage, or destruction.

Accessing and Correcting your Personal Information

If we hold your personal information, you have the right to access the readily retrievable personal information that we hold. You also have the right to request correction of your information where the correction is reasonable, and we can make the requested changes. There are grounds of refusal under the Privacy Act when it comes to providing requested personal information and we will communicate with you where we think these apply.

We are required, by law, to hold on to certain personal information for specified periods. If this is of concern to you and you wish to have us delete personal information that we hold, please contact us to discuss this further.

If you want to seek access to, alteration to, or the deletion of any personal information of yours that we may hold, please contact us. When making contact, it is vital you provide verifiable evidence of your identity, and you clearly communicate the purpose of the request you are making.

Notification of Breaches of Privacy

We take practical and proactive steps to prevent the breach of privacy in relation to client information. If we do sustain a breach of privacy including client’s personal information, we will endeavour to comply with all obligations outlined in the Privacy Act.

Contacting Us

If you have any questions about this privacy policy, our privacy practices, or if you would like to request access to or correct your personal information, please contact the staff member you have previously dealt with, or our offices, at:

Telephone: 03 687 8004

Cookie Policy for Website

Use of Cookies on Gresson Dorman & Co’s Website

Cookies are small text files that are placed in your browser by the websites you visit. They do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from Cookies.

Cookies are widely used to help users navigate websites efficiently, to perform certain functions on the sites, and/or to provide site owners with information about how their sites are used.
Our site uses the following Cookies:

  • ‘Session Cookies’ which are stored only temporarily during a browser session in order to
    allow normal use of the system. These are deleted from your device when your browser is
  • ‘Persistent Cookies’ which are read only by the Site and are saved on your computer for a
    fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits (e.g., to allow us to store your preferences for the next sign-in); and
  • ‘Third Party Cookies’ which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access.

You may remove the cookies by following the instructions of your device preferences (browser settings), which includes deleting them from your browser or disabling them altogether. If you choose to disable the Cookies, some features of our website may not operate properly and your online experience may be limited.

Web Analytics Cookies

We use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, or what pages they visit when they do so. We use the information from Google Analytics to improve our Site and services only. Google Analytics collects the IP address assigned to you on the date you visit the Site, rather than your name or any other identifying information. We do not combine the information collected through Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to our Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy, which can be found at