SIGN UP TO OUR EZINE
Privacy Policy
Why we have this policy
At Henry Hughes, privacy is fundamental to our professional integrity. This policy outlines how we collect, use, store and protect personal information, in accordance with the New Zealand Privacy Act 2020 (the Act) and, where applicable, privacy laws of other jurisdictions.
Parties
Henry Hughes (“us” or “we” or “our”);
And
You (“you” or “your”);
1. Who We Are
Henry Hughes includes Henry Hughes IP Ltd, a privately owned, limited liability, patent attorney firm regulated by the Trans Tasman IP Attorneys Board and our associated law firm and Henry Hughes Law Ltd, a firm of barristers and solicitors specialising in intellectual property law regulated by the New Zealand Law Society.
2. Aim of the Policy
In accordance with the Act, we aim to give you better control over the personal information you share with us.
3. What is Personal Information?
Under the Act, “personal information” is any information about a living person who can be identified, whether directly or indirectly.
If the information directly identifies someone (such as their name, contact details, address, financial details, purchase records, etc.) or could reasonably be used to identify them indirectly (such as their job title, location, or unique identifiers) it constitutes as personal information under the Act.
The Act applies broadly to “all personal information” and is not limited to “private” or “secret” or “sensitive” information.
4. What is Sensitive personal information?
Sensitive personal information refers to information about the individual that is of some real significance to the individual,is revealing of the individual, or relates to matters that one might wish to keep private.
Some examples of such information are:
- Information about a person’s race, ethnicity, gender or sexual orientation, sex life,
- Health, disability, age,
- Religious, cultural or political beliefs
The Privacy Commissioner has emphasised that agencies who handle sensitive personal information need to take extra care to ensure the information is handled properly.
5. What we collect
We may collect the following types of personal information:
5.1 Identity details & contact information: Full name, email address, phone number, physical and postal address.
5.2 Professional details: Business name, job title, and industry affiliation.
5.3 Legal matter information: Details relevant to your enquiry or case, including documents and correspondence.
5.4 Website usage data: Number of page views, click-through rates, basic session information (to distinguish one user session from another during a single visit), web browser type (and location for aggregated traffic trends).
We do not collect sensitive personal information unless legally required.
6. How we collect information
We collect personal information through the following methods:
6.1 Direct interactions: When you contact us via phone, email, or submit a form on our website.
6.2 Service engagement: When you instruct us to act on your behalf or you request legal advice.
6.3 Events and networking: When we meet at seminars, webinars, or other professional events.
6.4 Automated technologies: When you visit our website, cookies may collect technical data to improve performance (see Section 13).
6.5 Public databases: We may also collect information from publicly available sources or third parties, but only where permitted by law or when necessary.
7. Why we collect information
We collect personal information for the following purposes:
7.1 To provide legal services: Including advice, representation, and communication related to your matter.
7.2 To manage client relationships: Ensuring smooth communication, billing, and service delivery.
7.3 To meet legal obligations: Such as verifying identity under anti-money laundering laws.
7.4 To improve our services: Including website functionality, security, and user experience.
7.5 To maintain internal records: For compliance, auditing, and administrative purposes.
We do not use personal information for unsolicited marketing or automated profiling and decision making.
You understand that for the above purposes we may need to provide your personal information to government agencies and/or to transfer your personal information internationally. Such information may be made available publicly by those government agencies. Your instructions to us mean you consent to us providing your personal information to government agencies and to transferring the information internationally.
8. What happens if you do not provide information
If you choose not to provide personal information:
8.1 We may be unable to respond to your enquiry.
8.2 We may be unable to provide legal services, obtain you certain rights or proceed with representation.
8.3 We may be unable to meet our legal obligations (e.g. identity verification).
We are happy to explain why information is needed and whether it is optional or mandatory.
9. Who will see your information
Your personal information may be accessed or disclosed to:
9.1 Our Directors and staff.
9.2 Service providers: Such as secure email platforms, cloud storage providers, and IT support, on a confidential basis.
9.3 Regulatory bodies and authorities: When required by law or court order.
9.4 International partners: Where necessary for cross-border legal matters, with appropriate safeguards in place.
We do not sell, rent, or trade personal information.
10. International Considerations
We are mindful of privacy laws in other jurisdictions including but not limited to the European Union, Australia and the United Kingdom privacy laws.
Where personal data is transferred internationally, we use trusted partners. Transfer of personal data will be done for the purposes as mentioned above in section 7.
11. Data Security – how we store your information
We implement technical and organisational measures to protect personal information from unauthorised access, alteration, or loss.
We have appropriate measures in place such as encryption of data, secure access controls and authentication processes, regular security audits and updates and staff training on privacy and data protection from time to time.
Despite our best efforts, no system is entirely immune to risk. We will act swiftly in the event of any suspected breach.
12. Data Retention
We retain personal information only as long as necessary for the purpose for which it was collected or as required by
law. We regularly review retention practices.
13. Cookies
Our website uses cookies that fall into the category of essential and performance cookies. We collect information such as:
- Number of page views.
- Click-through rates
- Basic session information (to distinguish one user session from another during a single visit).
- Web browser type and location for reporting aggregated traffic trends.
You may disable cookies via your browser settings. We do not use cookies and website analytics to collect, store, or process any personal information.
14. Your Rights
You have rights to:
- Access and correct your personal information.
- Request deletion or restrict processing of your personal information.
- Object to certain uses of your personal information.
- Lodge a complaint with our privacy officer. If you are unhappy with the outcome of our assessment of the complaint, you can complain to Privacy Commissioner.
We respond to all privacy requests in accordance with applicable law.
15. Vulnerability Disclosure
If you come across a security issue with our online systems, please let us know so that we can get it fixed. Privacy is fundamental to our professional integrity and that means getting vulnerabilities fixed as soon as practicable.
16. Relationship between the Act and other New Zealand law
In the event the obligations under the Act conflict with other New Zealand legislative requirements, the other legislation overrides the Act.
17. Contact Us
For privacy-related enquiries or to exercise your rights, please contact:
The Privacy Officer, Henry Hughes IP
Address: Level 7, 158 Victoria Street, Te Aro, Wellington 6011, New Zealand
Email: hh@henryhughes.co.nz
Tel: (+644) 381 6050
Visit our website:
HHIP PRIVACY POLICY V1 03 NOVEMBER 2025
