Personal information is any information or an opinion about an identified individual or an individual who is reasonably identifiable.
You may elect not to submit personal information to us but this may mean that we are unable to provide you with any information, products or services.
We take reasonable security measures to protect personal information in order to minimise the risk of unauthorised access to that information. Notwithstanding these precautions, data breaches may still occur. We have a data breach policy which sets out the details of our policy with respect to the handling of any actual or suspected data breach. Our data breach policy includes commitments to comply with the relevant privacy law requirements relating to notifiable data breaches (Australia) and mandatory data breach reporting (New Zealand). A copy of the current version of our data breach policy may be made available to you if we consider you have a reasonable need to review the policy.
Collection and use of submitted information
We may collect and retain personal and other information about you (“submitted information”) when (a) you provide us with personal information in an email, letter, by telephone, during a meeting or by other means; or (b) you complete and submit an online form or (c) you access and use our services; or (d) a third party submits information about you to us; or (e) information is submitted to us automatically as a result of the exchange of data between systems.
We will only collect information by lawful and fair means.
As long as it is reasonable and practical to do so, we will endeavour to collect personal information about you from you rather than from a third party.
If we receive unsolicited personal information that could have been lawfully collected by us as solicited information, we will treat that submitted information in the same way as we treat solicited information.
If we receive unsolicited personal information that could not have been lawfully collected by us as solicited information, we will destroy or de-identify that information as soon as practicable.
The submitted information which we retain may include your name, address, email address, employer or business name and address, employment position or work/business role, phone number(s), purchases, product and service enquiries and other information where it is reasonably necessary for our functions or activities.
If you submit personal information to us, you warrant that you have obtained all necessary consents from the relevant persons to allow our collection, use and disclosure of that information in accordance with this policy.
You consent to our disclosure of personal information as necessary in order to provide products and services to you.
We may use the submitted information for our normal internal business purposes and to communicate with you regarding our products and services or the products and services of third parties or for any other reasonable purpose connected with the operation of our business. You may elect not to receive such communications from us, either at the time you submit the information or at a later time. If you elect to opt out of any direct marketing, we will comply with that election. Opt out notifications can be sent to firstname.lastname@example.org including the contact media you’d like to opt out from (email address, phone number, postal address, etc). We will process your opt out request upon validation of your notification. Our use of submitted information may include disclosures to the extent necessary to fulfil State and Commonwealth Government reporting and statistical obligations.
We will not sell submitted information to third parties or intentionally disclose submitted information to third parties except as specified in this policy, as required by law or to the extent that you have consented to such disclosure. This provision does not apply to the extent that any submitted information has been de-identified before any such use, disclosure or sale.
We may use a third party to provide hosting or other services such as data integrations and as a result your submitted information may be collected and stored using physical infrastructure owned by third parties. In these circumstances (a) we will retain logical control of the submitted information that is stored and processed in our services; (b) the third party may be permitted to access, use or disclose the submitted information to provide the services (e.g. creating data back-ups, performing maintenance services or other business functions deemed necessary by the third party service provider); and (c) the privacy policies applying to any information collected and stored by the third parties are specified by the third parties and are outside our control. You consent to the collection and use of the submitted information by third party hosting or other services providers.
We will not disclose private or sensitive information to overseas countries except Australia and New Zealand. To the extent that personal information is collected.from New Zealand and disclosed by us to any other party in Australia, we will ensure that the recipient of that personal information is obliged to comply with data protection obligations comparable to those required by New Zealand law. To the extent that personal information is collected.from Australia and disclosed by us to any other party in New Zealand, we will ensure that the recipient of that personal information is obliged to comply with data protection obligations comparable to those required by Australian law.
It is not practicable for information submitted electronically to be provided to us anonymously or using a pseudonym and it is a requirement that you accurately complete any data fields that require insertion of your name and personal details. If you do not wish to provide any required personal information then you should not proceed with the completion of the relevant process.
We will take reasonable steps to implement and maintain security precautions and to protect personal information from misuse, interference, loss and unauthorised access, modification and disclosure. However, we are unable to guarantee that unauthorised access to submitted information will not occur, either during transmission of that information or after we receive that information.
If we no longer require your personal information, we will take reasonable steps to permanently destroy or de-identify that information. You acknowledge that our back-up procedures may make it impractical to locate and destroy or de-identify copies of your personal information which are stored off-line or in a form which does not readily permit location and modification of data and you consent to our continued retention of submitted information in these circumstances.
If you submit information to any other site accessed through a link from our sites, the privacy principles applying to any information you submit to that site are outside our control. You should check the privacy policies of any other site before submitting information to that site.
When you visit our sites, our servers may record a range of information relating to your access and use of the sites (collectively called “clickstream data”). We may examine clickstream data to determine the traffic through the server as well as access levels to specific pages. No attempt will be made to identify you or your browsing activities from clickstream data except in the circumstances specified below.
If we or any authority suspect that unauthorised access or use of the sites has occurred or may occur or be attempted, we may gather, use and disclose more extensive information than indicated above regarding access or attempted access to the sites for the purposes of prevention, detection, investigation or prosecution.
Correction of errors and access to personal information
We will take reasonable measures to ensure all personal information held about you is accurate, complete, relevant and up-to-date.
We will provide you with access to your personal information on reasonable request and subject to your agreement to pay our access charges and adequate proof of your identity if (a) it is practicable for us to do so and we have no other reasonable grounds for refusing access, (b) the request is not frivolous or vexatious, (c) access will not have an unreasonable impact on the privacy of others, (d) the information does not relate to existing or anticipated legal proceedings (other than information accessible through the discovery process), (e) access will not reveal our intentions in relation to any negotiations with you, (f) access is not unlawful (g) denying access is not required or authorised by law, and (h) access will not prejudice any prevention, detection, investigation or prosecution of possible unlawful or improper activity.
You have the right to require us to correct errors in your personal information by emailing your request to email@example.com. We will correct any errors in your personal information upon receipt of written evidence from you which satisfies us that a correction is required.
Privacy related complaints, concerns and questions
Document Registry and Version Control
|4.1||01/12/2020||Marc Brien||Introduce NZ Privacy Act obligations|
|4.2||01/03/2022||Marc Brien||Review and minor updates|
|Next Review Date: February 2023|