GTI PRIVACY & INFORMATION SECURITY POLICY

Introduction

General & Travel Investigations Limited (GTI) conducts factual investigations and related enquiries on behalf of its clients to assist them in carrying out their lawful business activities and meeting their legal and operational obligations.

To support these services, GTI collects, uses, stores, and discloses personal information and sensitive information in accordance with applicable privacy and information security requirements.

GTI is committed to protecting the confidentiality, integrity, and availability of the information it handles. This document provides a summary of GTI’s privacy and information security approach for public-facing and client assurance purposes and is supported by internal policies, procedures, and operational controls.

Application

This policy applies to:

  • personal information and sensitive information collected, used, stored, or disclosed by GTI

  • all investigations, enquiries, and related business activities carried out by GTI

  • information collected from clients, individuals, service providers, and other lawful sources

Why GTI Collects Personal Information

GTI collects personal information and sensitive information where necessary to carry out investigations, enquiries, and related services instructed by its clients.

This may include collecting information for the purpose of:

  • investigating claims, complaints, incidents, or suspected fraud

  • locating or interviewing relevant persons

  • preparing factual reports and evidential material

  • carrying out lawful enquiries on behalf of clients

  • meeting legal, regulatory, contractual, or professional obligations

GTI may also collect limited information relating to clients, suppliers, and service providers for business administration and operational purposes.

Types of Information GTI May Collect

Depending on the nature of the matter, GTI may collect and hold information such as:

  • name, date of birth, gender, address, and contact details

  • employment and background information relevant to an investigation

  • insurance, financial, claim, or complaint-related information

  • medical or other sensitive information where relevant and lawful

  • photographs, video footage, statements, and other evidential material

  • information relating to service providers, including contact and licensing details

How GTI Collects Information

GTI may collect information in a number of ways, including:

  • from instructing clients

  • directly from individuals by phone, email, interview, or statement

  • from publicly available sources, including online sources and social media

  • from third parties, including witnesses, complainants, representatives, or other involved persons

  • from overseas entities or individuals where relevant to the investigation

  • by lawful information requests to government agencies or other authorities

  • by lawful surveillance or other lawful investigative methods where relevant to the matter

Where reasonable and practicable, GTI will collect personal information directly from the individual concerned.

Where personal information is collected during an interview or statement, GTI will generally identify itself, explain whom it represents, and state the purpose of the enquiry.

Where GTI collects information from third parties or by indirect means, it will do so only by lawful and fair means.

GTI recognises that some investigative methods may be more intrusive than others. Any intrusive method used by GTI, including covert or indirect collection methods, must be lawful, necessary for the legitimate purpose of the investigation, and proportionate to the circumstances and privacy impact involved. Such methods must only be used where the information sought cannot reasonably be obtained by less intrusive means, and where the proposed activity is relevant to the client’s lawful instruction.

Where client authorisation is required by law, contract, or operational instruction, that authorisation must be obtained before the method is used. The decision to use an intrusive method must be documented, including the rationale, scope, purpose, and justification for why the method was considered lawful, necessary, and proportionate in the circumstances.

How GTI Uses and Discloses Personal Information

GTI uses personal information and sensitive information only for the purpose for which it was collected, for related lawful purposes, or where otherwise required or permitted by law.

GTI may disclose information to:

  • the instructing client

  • approved service providers or specialist consultants engaged for a lawful purpose

  • legal advisers

  • regulatory, statutory, enforcement, or government bodies where required or authorised by law

  • other persons or entities where the individual has authorised the disclosure or where disclosure is otherwise lawful

GTI does not disclose personal information to unauthorised parties.

How GTI Protects Information

GTI takes reasonable technical and organisational steps to protect personal information and sensitive information from unauthorised access, use, disclosure, alteration, loss, or misuse.

This includes the use of controlled access, secure systems, appropriate storage arrangements, and reasonable safeguards for the transmission and handling of information.

Access to information is restricted to authorised personnel who require it for legitimate business purposes.

Overseas Disclosure and Third-Party Providers

GTI may engage third-party providers to support investigations or business operations. In some cases, this may involve disclosure of personal information to overseas entities where necessary for the investigation of a claim, complaint, incident, or related matter.

Where this occurs, GTI takes reasonable steps to ensure that providers are selected on the basis of suitability and reliability and that they are expected to handle information securely and in accordance with applicable privacy requirements.

Privacy Incidents

GTI maintains processes for identifying, assessing, and responding to privacy and information security incidents.

Where required by law or contractual obligation, GTI may notify affected clients, individuals, or relevant regulatory bodies of a privacy or information security incident.

Data Retention

GTI retains personal information only for as long as necessary for the relevant investigation, enquiry, lawful business purpose, or as otherwise required by law or contractual obligation.

Once information is no longer required, GTI will take reasonable steps to securely delete, destroy, or de-identify it.

Access to Personal Information

Individuals may request access to their personal information, or request correction of that information where appropriate, by contacting GTI at: Privacy@GTI.co.nz

GTI will consider and respond to requests in accordance with applicable privacy laws and principles.

Access to Motor Vehicle Register (MVR) Information

In certain circumstances, GTI may obtain a registered person’s name and address from the New Zealand Motor Vehicle Register where authorised by law.

GTI may only obtain this information where necessary for an authorised purpose, including the detection and investigation of suspected fraud, preparation of evidence relating to offences, enforcement of court orders or judgments, or where acting lawfully on behalf of an authorised agency.

Any person may notify the Registrar of Motor Vehicles that they do not wish to have their name and address made available under an authorisation.

Complaints

If you believe GTI has handled your personal information inconsistently with applicable privacy principles or obligations, you may submit a written complaint to:

Privacy@GTI.co.nz

Please include your contact details, a description of the issue, and any supporting information.

GTI will acknowledge receipt of the complaint, investigate the matter, and provide a response.

If you are not satisfied with GTI’s response, you may escalate your complaint to the Office of the Privacy Commissioner in New Zealand or the Office of the Australian Information Commissioner, where applicable.

Contact

For privacy-related enquiries, requests, or complaints, please contact:

Privacy Officer
General & Travel Investigations Limited (GTI)
Email: Privacy@GTI.co.nz

Approved by: Brook Ballantyne
Published: 1st Feb 2025