Personal information is information about an identifiable individual (a natural person) or by which a person’s identity can be reasonably determined.  Cooney Lees Morgan (CLM, our, us, we) collects personal information about you for a number of reasons. The personal information we collect and how we use it differs depending on our relationship with you.

We do not and will not sell personal information to any other party and we will make sure that any personal information you give us is stored securely and used appropriately. Read on for details.


If you visit and browse our website, we will log some information about how you got to the website, where you go within the website and any features you might use. 


Our website uses cookies. These are small text files that are placed on your hard drive after visiting our site. Cookies collect data such as browsing information each time you access our site. 

CLM uses this information to understand how people are using our website and to improve it. You can change your browser settings to notify you when you receive a cookie or to disable cookies. If you disable cookies, our website may not work properly for you. 

We also use third party cookies and other technology to gather analytics and to advertise to you online. These allow vendors such as Google and Facebook to show ads from us to you on other internet sites and platforms. These activities use cookies to optimise and inform ads based on your visits to our website. Information collected may include your IP address, search terms you use, pages you access and links you click on, your operating system and browser type. You may opt out of these by following the instructions below:

Google opt out click here
Facebook opt out click here

Social Media 

If you interact with us on social media – if you comment, follow, like or mention us on LinkedIn, Instagram, or Facebook we will have access to your interactions and your profile information. We get this information from our interaction with you or from the social media platform. We use this information to communicate with you, for example by responding to your comments or to advertise to you in the way we have discussed above in our cookies section.

Newsletters and Articles

From time to time we may email newsletters or articles to our clients about legal developments or services that are relevant to you. 

We use Mailchimp for sending these emails. We share your name and email address with Mailchimp in order to provide you with our emails. By choosing to receive our email updates, you acknowledge and authorise that the information you provide will be transferred to Mailchimp and used in accordance with its privacy policy available here: 

If you decide you no longer wish to receive these emails you can click unsubscribe at the bottom of any of the emails or let us know.

What personal information do we collect? 

If a client is:

  • an individual, we may collect personal information such as your name, date and/or place of birth, address (email, physical and postal), contact phone numbers, identification and address verification; 

  • a company or incorporated society, we may collect personal information about the organisation’s (or a related company’s) officers, directors, shareholders or employees or about you personally if you are a sole trader or in a partnership. This may include names, addresses and contact numbers, identification and address verification;

  • a trust, we may collect personal information about the trust’s settlor(s), trustees and beneficiaries, including names, addresses and contact numbers, identification and address verification; 

  • depending on the nature of advice or services you request, we may require other specific personal information about you in order to provide you with that advice or service. 

We are required by law to collect information to enable us to comply with our obligations under anti-money laundering and countering financing of terrorism laws. This includes verifying our client’s identity, and the identity of relevant persons in a client’s organisation. To do this we may require you to provide identifying documents and information about yourself and individuals and/or entities associated with you (such as directors, shareholders and beneficial owners). From time to time we may ask you to provide updated versions of this information.. To meet our obligations, we may require a third-party data supplier to verify identity information you supply to us. 

If you supply goods or services to us, to our client(s) or to another party to a matter, we may collect personal information about your officers (such as directors), employees and subcontractors. This may include names, addresses (email, physical and postal) and contact numbers. We may also collect personal information that is related to specific work you are engaged to perform for us such as qualifications, experience and skills.

If you apply to work with us, we will collect your name, address, contact numbers and information about your qualifications, experience and skills.

Collection of personal information 

Whenever possible, we collect personal information directly from you. We may collect personal information during a telephone call or a face-to-face meeting or when exchanging emails with you. 

We may be required to collect personal information about a child, such as their name, date of birth and address. Whenever possible, this information should be provided by, or with the consent of, the child’s parent or guardian.

If you are an employee who interacts with us on behalf of a company, we may collect your personal information directly from you or  from your employer.

If you are a job applicant or potential supplier, we may collect personal information you directly or from referees you have authorised us to speak to.

If you are a client, we may collect personal information from other of your advisors, such as accountants, brokers and agents. 

We may also collect your personal information from publicly available sources, for example to carry out customer due diligence or as part of providing services to you. We will always collect your personal information in a way that is legal and reasonable.

Use of personal information 

We use your personal information for:

  • communicating with you;

  • responding to queries or requests from you;

  • providing you with updates and information that may impact you;

  • engaging with third parties on your behalf or at your request;

  • complying with our legal obligations to you;

  • enforcing our, or our clients, rights and interests; 

  • providing our clients with legal services;

  • processing payments from clients or third parties and/or to clients or third parties; 

  • responding to audit requests from third parties;

  • requesting additional goods or services from suppliers;

  • inviting you to functions;

  • undertaking quality control or auditing of suppliers;

  • considering a candidate’s suitability for a position with us;

  • other specific purposes if you consent to them from time to time.

If you do not provide us with this information, we may not be able to:

  • provide clients with the advice or services they require;

  • engage suppliers to provide goods or services to us, provide suppliers with access to our sites or pay them in a timely manner for goods and services supplied to us;

  • progress job applications.

Disclosure of personal information 

We will only disclose your personal information in a way that is consistent with the purpose we collected it for, to:

(a) our employees, agents or service providers to help us to provide services to clients and to monitor whether our suppliers are meeting their obligations to us; 

(b) any person or entity you have requested or authorised us to disclose your personal information to;

(c) if you are a supplier performing services at our premises, a third party, for example to another supplier operating as a Person Conducting a Business or Undertaking (as that term is defined in the Health and Safety at Work Act 2015) or to our building managers;

(d) an external party, such as a government entity, a regulator or law enforcement agency, if required or authorised by law; or

(e) a party, if we are required by law to do so.

We will make sure that anyone in (a) is contractually bound or will otherwise use best endeavours to ensure that recipients of the information will, only use your personal information only for the purpose we shared it with them. 

If you are a client, we may need to disclose personal information in order to provide you with advice or services you have engaged us to provide. Which personal information and who we need to disclose it to will depend on the nature of the advice or services we are providing. Some examples include:

  • if the matter relates to a sale or purchase of property or to a lease, we may need to disclose personal information including names, contact details, copies of identifying documents and financial information to financial institutions (such as banks), accountants, brokers, real estate agents, insurers and to the other party to the transaction (and their advisors); 

  • if the matter relates to a trust, we may need to disclose information including names, contact details, a copy of the trust deed, information about trustees and beneficiaries and financial information about the trust (which may be considered financial information about its settlor(s) and/or beneficiaries) to trustees and/or beneficiaries of the trust, the trust’s advisors or to other parties the trust is transacting with;

  • if the matter relates to an investment, we may need to disclose information such names, contact details, bank account details, Inland Revenue number and previous investment history to the entity offering the financial product;

  • if the matter involves unpaid debts, we may need to disclose information such as names, contact details and invoices to enforce our legal rights or to notify credit agencies;

  • if any transactions with you appear suspicious or unusual, we may be required by law to report these transactions to a governmental or regulatory authority.

When you instruct us to act for you on a matter we will be able to give you further details on what personal information we may need to disclose and who we may disclose the information to.

Accessing and correcting your personal information  

Subject to some exceptions, you have a right to access and correct personal information we hold about you. You can check or update the information we hold about you by emailing us at Please include evidence of who you are and the details of your request.

If we think a request for correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Protecting your personal information 

We understand that privacy is important. We also recognise that some of the personal information we hold about our clients may be sensitive information.

We use a mix of onsite and cloud-based systems and storage to keep your information safe from unauthorised access, modification, disclosure, loss and misuse. Some of the protection measures we use are:

  • role-based restrictions for access to personal information that we store on our systems and in hard copy form;
  • physical security controls for access to our storage area for paper documents and archives and on our onsite datacentre;
  • multi-factor authentications for access to information systems;
  • regular off-site backups;
  • network segregation using modern application aware firewalls;
  • anti-malware and spyware protection;
  • logging and monitoring of traffic to and from our network and access to our cloud environment;
  • engaging reputable, industry-leading cloud service providers; and
  • imposing confidentiality requirements on our employees.

How long we keep your personal information 

We keep your personal information for as long as necessary under the law or for the purpose we gathered the information. Once the information is no longer required, we dispose of such records upon the expiration of the periods recommended by the New Zealand Law Society for the retention of such records.


If you believe CLM has breached the Privacy Act 2020, please contact our Privacy Officer at:

Privacy Officer
Cooney Lees Morgan
PO Box 143,
Tauranga 3144
New Zealand 


We may ask you to put your complaint in writing or to supply further details about your complaint. We’ll try to resolve your complaint within a reasonable time. If you aren’t satisfied with how we’ve handled your complaint, you can lodge a complaint with the Privacy Commissioner at  

We may amend this policy from time to time. Our current policy will be displayed on our website. This policy was last updated in November 2022.

We use Cookies

Our website uses cookies. We do this to understand how people use our website and to enable you to use certain features of our website. You can find out more here. By continuing to use our website you consent to the use of cookies.