Privacy Policy

This Privacy Policy sets out how Alchemy Law Limited (“we”, “us” and “our”) collects, uses, stores and discloses personal information about our clients, potential clients, persons associated with our clients, employees, suppliers and others. As a firm, we are bound by the Privacy Act 2020 (“the Act”) and the privacy principles set out in the Act. For the purposes of this policy, “personal information” means information about an identifiable individual.

Why do we collect personal information?

We collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations (“Services”).

By using our Services or providing your personal information to us, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy.

How do we collect personal information?

Information you provide to us directly: Our usual practice is to collect personal information directly whenever an individual interacts with us for the purposes of providing our Services, such as when we are instructed to represent and advise a client, or when we are supplied with a product or service.

Information we get from third parties: Third parties may provide us with personal information about an individual, such as a background check, credit check, verification of your identity, a report provided by a medical practitioner or a reference from another person.

Information we collect automatically: We also may collect information from our website (“Website”). When the Website is visited, we collect general user information such as user internet protocol addresses, browser type, internet service provider details and other technical information. We use this information to analyse web traffic, which may involve the use of cookies. The information does not include any personal information. Personal information may be collected if it is provided via a Website contact message, and this will be used for the purpose for which it has been supplied.

What personal information do we collect?

We collect your personal information so that we can provide you with our Services and any related services you may request. In general, the type of personal information that we collect includes, but is not limited to:

  • names, addresses, contact details,
  • bank account and other financial information,
  • identity verification such as your driver’s licence, passport and birth certificate; and
  • other information which assists us to conduct our business, provide and market our Services and meet our legal obligations under applicable privacy laws and the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 “AML”.

In many cases, if personal information is not provided as requested, we may not be able to carry out the instructions or provide our Services due to our AML obligations.

How do we use or disclose your personal information?

We may use and disclose personal information for the purpose for which it is collected, for directly related purposes, for other purposes authorised by you and in other circumstances authorised by the Act.


We may use and disclose personal information:

  • to provide legal services and client services;
  • to carry out our responsibilities as an employer;
  • to verify your identity details;
  • to process your personal information for our own internal business purposes;
  • to carry out firm and trust account transactions, such as client billing and payments, firm creditors, employee transactions and client trust account transactions;
  • to undertake credit management activities;
  • for debt recovery purposes, which may also include disclosing information to debt collectors;
  • for dealing with commercial or legal conflicts;
  • to provide promotional information and newsletters in hard copy or electronic form, or information that we believe may be of interest;
  • to communicate with clients, potential clients, suppliers, staff, contractors and others;
  • to purchase products and services; and
  • to comply with our legal obligations, and to meet our reporting obligations as required by law.

We may be required to disclose personal information to third parties in the course of representing and advising our clients if it is required or authorised:

  • by an individual;
  • by law; or
  • by the Law Society’s Rules of Professional Conduct.

AML/CFT disclosures

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 and associated regulations (AML/CFT) require us to collect personal information from you to verify your identity and to complete other identity-related checks for the purposes of complying with our legal obligations under the AML/CFT (AML Information). We may use AML Information collected from you to:

  • check that your AML Information matches information held in the relevant government databases (this includes accessing document verification services); and
  • check that we are not prohibited from acting for you under the AML/CFT.

We may use third parties to undertake AML Information matching processes and to facilitate access to databases (such databases may or may not include databases outside of New Zealand). These third parties whom we may enter into arrangements with include APLYiD. We provide an information match request and receive a report with match data from the service. All use of AML Information when accessing those databases is limited to compliance with our obligations under the AML/CFT and any other applicable law. We will only undertake these checks with your consent. You may withdraw your consent at any time prior to us undertaking the identity verification process for you.

Storage and security of personal information

Personal information may be stored in electronic and/or hard copy form, including with third party data storage facilities and in cloud storage located both inside and outside New Zealand. Electronic data that is stored in the cloud by third parties is usually encrypted. As a firm, we take all reasonable steps to protect the personal information we hold. If your personal information is subject to unauthorised or accidental access, disclosure, alteration, loss or destruction or actions which prevent us from accessing it on a temporary or permanent basis (each event being a “Privacy Breach”), and such Privacy Breach is likely to cause you serious harm, we will notify you. We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it. Otherwise, as a general rule, we only keep your personal information for as long as we require it for the purposes of providing you with our Services.

Accessing third party content

Please note that our website includes links to external websites. We do not assume responsibility for the content of these websites or the methods by which they collect, store, utilize, and distribute your personal information. It is advisable to review the privacy policies of these websites when accessing them via our hyperlinks in order to comprehend the procedures involving the collection, storage, usage, and distribution of your personal information.

How can you access or correct personal information?

Ensuring the accuracy, completeness, and currency of the personal information you provide is your responsibility. If you want to access, update, correct, restrict, or withdraw the use and disclosure of your personal information, you can submit a written request to us at We will promptly review your request in compliance with our legal obligations. If we are unable to grant your request for access to the requested information, we will provide you with an explanation for our decision.

Privacy Officer

If you have any concerns regarding the privacy of your personal information or its use and collection by us, please feel assured that we take your concerns seriously. To address these concerns, kindly reach out to our Privacy Officer at

Updates to this Privacy Policy

This policy may be subject to periodic review to incorporate new laws and technology, modifications in our operations and practices, and the evolving business landscape. Any revisions to this policy will be published on our website.

This represents our Privacy Policy as of 24 July 2024.