Last updated: 15 January 2026

RDY Accounting & Advisory (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 2020, including the 13 Information Privacy Principles (IPPs), and where applicable, the Anti‑Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you engage with us, visit our website, or use our services.

​

1. Information We Collect

 

We only collect personal information necessary to provide our services or meet legal obligations. This may include the following:

​

General personal information:

• Name and contact details

• Email address and phone number

• Billing information

• Documents or data you provide for accounting, tax, and advisory services

​

AML/CFT‑required information

​

Where legally required (e.g., forming an ongoing business relationship or completing certain transactions), we may collect:

• Date of birth

• Residential address

• Identity verification documents (passport, driver’s licence)

• Source of funds or wealth information (for enhanced due diligence)

• Risk assessment information

​

Website information

• IP address

• Browser type

• Pages viewed

• Basic analytics used to improve our website (no tracking beyond what is necessary)

​

We do not collect more information than is necessary.

​

2. How We Collect Information

​

We usually collect information directly from you.

We may also collect information from:

• Publicly available sources

• Government agencies (e.g., IRD) where permitted

• Third‑party verification services such as AML HUB for identity verification

• Your authorised representatives

• Our website (through standard analytics)

​

3. Why We Collect Your Information

​

We collect your personal information for purposes such as:

• Providing accounting, tax, and advisory services

• Meeting AML/CFT compliance obligations

• Managing our relationship with you

• Billing and administration

• Responding to enquiries

• Improving our website and services

• Meeting legal and regulatory requirements

​

We will not use your information for any purpose that is unrelated to the reasons it was collected unless authorised by you or required by law.

​

4. How We Use and Disclose Your Information

​

We may disclose your personal information to:

• AML verification providers (e.g., AML HUB)

• Government or regulatory authorities (e.g., IRD, DIA, FMA) where required

• Third‑party IT and cloud service providers who support our systems

• Law enforcement agencies, if required by law

• Your authorised representatives

​

We will not sell your personal information or disclose it for marketing purposes.

​

​

5. Overseas Storage and Cloud Services

​

We may store or process information using reputable cloud service providers located outside New Zealand (e.g., Microsoft 365).

When this happens, we ensure these providers:

• Have appropriate privacy and security safeguards

• Comply with IPPs 11–12 (cross‑border disclosure requirements)

• Process data under contractual protections consistent with NZ privacy standards

​

6. How We Protect Your Information

​

We take reasonable steps to protect your personal information from loss, unauthorised access, misuse, or disclosure.

Security measures include:

• Encrypted cloud storage

• Multi‑factor authentication

• Role‑based access controls

• Secure communication channels

• Physical security for paper records

• Approved data‑handling practices for staff

​

7. Retention of Information

​

We retain information only as long as necessary to fulfil the purposes it was collected for, or as required by law:

• AML/CFT records: at least 5 years after the business relationship ends

• Tax and financial records: 7 years (per IRD requirements)

• Other client information: only as long as needed for service delivery

​

When no longer required, information is securely destroyed.

​

8. Your Rights

​

You have the right to request:

• Access to the personal information we hold about you

• Correction of any inaccurate information​

​

To request access or correction, contact us.

We may need to verify your identity before releasing information.
 

9. Use of Artificial Intelligence (AI)

​

We do not use your personal or financial information in any external AI tools.

Any AI capabilities we use are limited to those already built into approved platforms such as:

• Microsoft 365

• Xero

​

These providers meet New Zealand privacy and security standards.

​

We do not disclose your personal information to unapproved AI systems.

​

10. Mandatory Privacy Breach Notification

​

If a privacy breach occurs that poses a risk of serious harm, we will notify you and the Office of the Privacy Commissioner as required under the Privacy Act 2020.

​

​

11. Contact Us (Privacy Officer)

​

If you have any questions, concerns, or requests relating to your personal information, please contact:

​

Privacy Officer:
Neeraj Reddy
Email: nreddy@rdyaa.co.nz
Phone: +64 021 0252 8633

​

12. Updates to This Privacy Policy

​

We may update this policy from time to time to reflect legal changes or improvements to our privacy practices.
The latest version will always be available on this website.