Prosper Asset Management Privacy Policy

1. What information we collect

We may collect and hold personal information including:

• identity and contact information (such as your name, address, phone number and email address)
• date of birth and identification documents
• tax residency and IRD details
• bank account and financial information
• investment objectives, risk profile and financial circumstances
• portfolio, transaction and account information
• communications, correspondence and meeting records
• trust, company, estate and beneficial ownership information
• source of wealth and source of funds information
• marketing preferences
• website, device and usage information
• information required to comply with legal and regulatory obligations, including AML/CFT requirements

We do not currently collect or process biometric information such as facial recognition, fingerprint recognition or voiceprint identification.

2. How we collect information

We may collect personal information:

• directly from you
• through your use of our website or services
• through communications, meetings and correspondence with us
• from people authorised to act on your behalf
• from custodians, brokers, banks, fund managers and platform providers
• from identity verification and AML/CFT providers
• from your professional advisers, trustees, lawyers or accountants
• from publicly available sources and government registers
• from regulators or other organisations where permitted by law

Where you provide us with personal information about another individual (including directors, trustees, shareholders, beneficial owners, authorised representatives or related parties), you confirm that:

• you are authorised to provide that information;
• the individual has been informed that their information may be collected, used, disclosed and stored in accordance with this Privacy Policy;
• the individual has been provided access to this Privacy Policy; and
• you have taken reasonable steps to ensure the individual is aware of their rights to access and request correction of their personal information.

We may also receive personal information indirectly from advisers, custodians, administrators, AML/CFT providers, professional advisers and other third parties connected with the provision of our services.

3. Why we collect and use information

We may collect, hold and use personal information for purposes including:

• providing investment management and related services
• establishing and administering client relationships
• processing transactions and managing accounts
• communicating with clients and authorised representatives
• verifying identity and complying with AML/CFT obligations
• conducting due diligence and regulatory compliance activities
• maintaining internal records and administration
• improving our services, systems and website functionality
• cybersecurity, fraud prevention and risk management
• marketing and promotional communications
• complying with legal and regulatory obligations
• resolving disputes and enforcing agreements

If you do not provide requested information, we may be unable to provide services, establish accounts, verify identity or comply with legal obligations.

4. Artificial intelligence and automated systems

We may use artificial intelligence (AI), machine learning, data analysis tools and other automated technologies to support administrative processes, communications, cybersecurity, fraud prevention, research, analytics, workflow efficiency and service delivery.

AI-assisted tools may be used to help prepare summaries, analyse information, draft communications or improve operational efficiency. Human oversight remains part of decision-making processes involving material client matters.

We do not use AI systems to make fully automated investment decisions or legally binding decisions affecting clients

We do not knowingly use client personal information to train public generative AI models.

Where third-party AI or cloud-based technology providers are used, we take reasonable steps to ensure appropriate privacy, confidentiality and security safeguards are maintained.

We may undertake privacy and security assessments when implementing new technologies, systems or service providers that involve personal information.

5. Cookies, analytics and website usage

Our website may use cookies, analytics tools, advertising pixels and similar technologies to improve website functionality, analyse website usage, personalise content, and measure advertising effectiveness.

These technologies may collect information such as:

• IP address
• browser type
• device identifiers
• operating system
• pages visited
• referring websites
• interactions with our website or communications

We may use third-party providers such as Google Analytics, Meta and other technology providers to assist with website analytics, advertising and communication services.

You can disable cookies through your browser settings, although some parts of the website may not function correctly.

6. Marketing communications

We may send marketing, newsletters, updates or promotional communications where permitted by law.

You can opt out of marketing communications at any time by using the unsubscribe function or by contacting us directly.

7. Recording of communications

Telephone calls, video meetings and other communications may be recorded or retained for compliance, verification, training, security, dispute resolution, service quality and record-keeping purposes.

8. Disclosure of information

We may disclose personal information to:

• custodians, brokers and platform providers
• banks and financial institutions
• fund managers and administrators
• registry, administration and transfer agencies
• identity verification and AML/CFT providers
• compliance consultants and regulatory service providers
• IT, cloud hosting, AI, cybersecurity and technology providers
• data analytics and communication providers
• professional advisers including lawyers, accountants and auditors
• insurers
• regulators, government agencies and law enforcement authorities
• third parties authorised by you
• other persons where required or permitted by law

We do not sell personal information.

9. Indirect collection and third-party service providers

In some circumstances, we collect personal information indirectly from third parties rather than directly from the individual concerned. This may occur where information is provided by:

• financial advisers or authorised representatives
• custodians and administrators
• employers or related entities
• trustees, attorneys or professional advisers
• AML/CFT and identity verification providers
• other persons authorised to act on an individual’s behalf

Personal information collected or disclosed in connection with our services may be passed on to third-party service providers including custodians, fund administrators, registry providers, compliance providers, cloud technology providers and professional advisers in order for us to provide the services to you.

These service providers may include:

We take reasonable steps to ensure third-party providers handling personal information maintain appropriate privacy, confidentiality and security safeguards.

10. Overseas disclosure and cloud services

We may use third-party cloud and technology providers, including providers located outside New Zealand, to host or process information.

Overseas recipients may store or process information in jurisdictions with privacy laws that differ from those in New Zealand.

Where personal information is disclosed or processed overseas, we take reasonable steps to ensure appropriate privacy protections and safeguards are maintained in accordance with applicable privacy laws.

Where required by law, we will take reasonable steps to ensure overseas recipients are subject to safeguards comparable to those under New Zealand privacy law.

11. Storage and security

We maintain policies, procedures and technical safeguards designed to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

These safeguards may include:

• secure cloud hosting
• encryption
• access controls
• multi-factor authentication
• cybersecurity monitoring
• staff confidentiality obligations

While we take reasonable steps to protect information, no system or transmission method can be guaranteed completely secure.

12. Privacy and cybersecurity incidents

If we become aware of a privacy or cybersecurity incident involving personal information that is likely to cause serious harm, we will take steps consistent with our legal obligations, including notifying affected individuals and relevant regulators where required.

13. Retention of information

We retain personal information only for as long as necessary to provide services, comply with legal and regulatory obligations, resolve disputes and enforce agreements.

Retention periods may be influenced by obligations under financial services, tax, AML/CFT and other applicable laws.

14. Access and correction

You may request access to personal information we hold about you and request correction of that information.

Requests may be made using the contact details below.

15. Third-party websites

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of external websites.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Any updated version will be published on our website. Where appropriate, we may take reasonable steps to notify clients of material changes.

17. Contact us

If you have questions about this Privacy Policy, wish to request access or correction of personal information, or wish to raise a privacy concern or complaint, please contact us here.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner.