NIOA’S COMMITMENT TO PRIVACY
NIOA is committed to respecting your privacy rights and complying with the Privacy Act 2020 (“Privacy Act”). The Privacy Act sets clear standards for the collection, access, storage, and use of personal information. With that in mind, NIOA has implemented policies and procedures to ensure all personal information that it collects, handles, holds, and shares is done so in accordance with the information privacy principles that are contained in the Privacy Act.
- the meaning of ‘personal information’;
- the kind of personal information NIOA collects and holds;
- how NIOA collects and holds personal information;
- how NIOA Uses personal information;
- accessing and Correcting Personal information;
- specific Information for EU and UK Residents; and
- privacy enquiries, complaints, and information.
THE MEANING OF PERSONAL INFORMATION
The Privacy Act broadly defines ‘personal information’ as information about an identifiable individual.
THE KIND OF PERSONAL INFORMATION NIOA COLLECTS AND HOLDS
The Privacy Act provides that NIOA may collect personal information about you only if it is reasonable and practical to do so. For example, NIOA only collects personal information if it is necessary for one or more of its business functions or activities.
When NIOA collects your personal information, it will ensure that it is done so in a fair manner. NIOA also provides you an avenue to make privacy enquiries and complaints (see relevant section below).
NIOA may ask for personal details such as your name, address, telephone number, or email address through the normal course of business. For example, NIOA may require personal information to establish a business account, enter a contract, deliver products or services, purchase goods or services, or process an enquiry. In certain circumstances, NIOA may require further personal information, such as your home address, employment information, or criminal history for example, when processing an employment application.
Where an individual chooses not to provide personal information, it may limit one or more of NIOA’s functions including its ability to communicate, send information, engage in business, or process an employment application.
HOW NIOA COLLECTS AND HOLDS PERSONAL INFORMATION
COLLECTING PERSONAL INFORMATION
NIOA collects personal information in numerous ways including by phone, email, and video communication, recruitment applications, interaction with the NIOA website, and through use of the NIOA Mobile Application.
More generally, personal information may be collected in contracts and other documents, when communicating or engaging with individuals during the normal course of business. Also, your image may be recorded when you enter our facility and stored on our network for security purposes.
PERSONAL INFORMATION SECURITY
NIOA has implemented policies and procedures to help protect personal information from unauthorised access, loss, misuse, disclosure or alteration. NIOA also destroys, deletes, and permanently de- identifies personal information when it is no longer required. The measures that we take vary with the type of information, and how it is collected and stored.
NIOA may hold personal information in hard copy or electronically. Whenever and wherever NIOA holds personal information, NIOA ensures that information is handled and stored securely to protect that information from damage, loss, theft, unauthorised access, disclosure, or alteration. For example, NIOA uses secure socket layer (SSL) encryption to secure information that is communicated through email, cloud storage servers, email marketing and CRM platforms, HR systems, and electronic signing platforms, and on the NIOA Mobile Application and website servers.
Additionally, NIOA uses leading security systems to ensure that its computer network is as secure as possible. Furthermore, NIOA’s internal electronic document management system can restrict access to personal and sensitive information of individuals to users within the organisation who ‘need to know’.
NIOA’s various premises are secure facilities that restrict individuals’ access. Within those premises, NIOA may store personal information in hard copy in offices, drawers, shelves, filing cabinets and cupboards.
In the event of a data breach, NIOA is committed to ensuring data breaches are adequately managed and complying with the Privacy Act with regards to its reporting obligations under that legislation.
HOW NIOA USES PERSONAL INFORMATION
We may use your personal information for the purposes for which it was collected and to contact you, provide you with services, send you information, arrange events, engage in business – for example, with suppliers, contractors, and retailers.
NIOA may also use personal information to:
- process employment applications;
- manage the business and its operations;
- identification and security purposes;
- comply with its legal obligations (tax, audits, workplace law, contracts, etc);
- maintain employment records (includes distribution lists, legal advice including through internal and external lawyers, sensitive information, such as IRD, health records, etc);
- engage in discussions with its suppliers, contractors, retailers;
- manage product returns, warranty claims and refunds;
- manage functions and events;
- perform sales and marketing activities;
- manage the use and access to its Mobile Application and website;
- conduct surveys to help improve its business;
- notify you about changes to our goods, services or updates to our policies;
- make recommendations about goods or services; and
- conduct and/or record meetings or interviews with you.
DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
NIOA only discloses personal information to third parties if it is necessary and reasonable to do so or is required to satisfy a contractual, compliance or legal obligation NIOA has and otherwise permissible under the Privacy Act. For example, NIOA may use third party technology service providers to store your personal information in web and email hosting, cloud storage, IT support, and analytical services. These third parties may need to access your personal information when providing services to NIOA.
Some of those third parties (and their data centres) are located outside of New Zealand. In such cases, NIOA ensures that it only engages with companies who are reputable and use cutting-edge technology that ensures personal information is stored securely to the highest industry standards. Examples of such third parties include but are not limited to Microsoft, Google, MailChimp, and DocuSign.
For those who are applying for employment with NIOA, we may require police and background checks to assess suitability for the position.
As NIOA is committed to protecting the privacy of individuals, NIOA will view unauthorised disclosure of, or access to, personal information by its employees, contractors, or agents, as a serious breach of this policy. Appropriate action (which may include disciplinary or legal action) may be taken in such cases.
ACCESSING AND CORRECTING PERSONAL INFORMATION
You have the right to tell NIOA that you do not want us to send information to you other than for the dominant purpose for which we have collected your personal details.
Pursuant to information privacy principle 6, NIOA will provide you with access to your personal information that we hold (except in the limited circumstances recognised by privacy law). Further, information privacy principle 7 provides you the right to correct inaccurate personal information – for example, if you change your address, phone number, email address, or any other personal information, subject to certain exceptions.
If you would like to obtain such access, please contact us using the contact information below.
If you receive marketing emails that are delivered through NIOA’s third-party email marketing system, you may update your personal information or unsubscribe from such communication by clicking the appropriate links in the footers of those emails.
RETAINING PERSONAL INFORMATION
NIOA will only retain your personal information for as long as reasonably necessary. In determining a ‘reasonable time’ to retain personal information, NIOA considers:
- whether there is a legal obligation or right for NIOA to retain such information;
- its relationship with you and whether that relationship is continuing; and
- whether retaining personal information is required for its recordkeeping.
Notwithstanding the above, NIOA may retain archival copies of your personal information if such copies are:
- retained as part of its archival backup system if such system stores the personal information automatically and provided that such copies of the personal information are not retrieved or used for any purpose other than for security, business continuity or disaster recovery procedures in accordance with relevant legislation; or
- required to be retained for legal, regulatory, or insurance purposes and are not retrieved or used for any other purpose.
SPECIFIC INFORMATION FOR EU AND UK RESIDENTS
In addition to the rights regarding personal information under the Privacy Act, NIOA also respects and observes the rights of citizens of the EU and UK regarding their ‘personal data’ when it collects, stores, tracks or monitors that data. In such circumstances, if you are from the European Union, you have additional rights under the General Data Protection Regulation (GDPR), which are also reflected in the Data Protection Act 2018 (DPA) for citizens of the United Kingdom.
The rights in respect of your personal data under the GDPR and the DPA include the right to:
- request access to your data to allow you to see what personal data we store about you and whether we are processing it lawfully;
- have your personal data corrected where it is inaccurate;
- have your data deleted where there is no lawful reason for NIOA to continue to store your personal data;
- object to your data being processed where you believe that such processing impacts on your fundamental rights and freedoms, including for marketing purposes;
- request restriction of processing your personal data;
- withdraw consent to having your data processed, in which case NIOA may not be able to provide certain products or services to you;
- have your data provided in a standard format so that it can be transferred to you or a third party; and
- not be subject to a decision based solely on automated processing.
EU DATA RIGHTS
NIOA has systems that facilitate your requests in relation to your EU Data Rights. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data in question. Depending on our role as either a controller or processor, the process for enabling EU Data Rights may differ, and are always subject to applicable law.
Please contact us using the contact details below if you would like to make an EU Data Rights request or if you require assistance in relation to your EU Data Rights.
Where you make any request in relation to the GDPR, DPA or Privacy Act, NIOA reserves its rights to verify your identity before assisting you with your request that is specific to personal data or personal information.
NIOA will take reasonable steps to comply with requests concerning EU Data Rights, subject to NIOA’s legal rights and obligations in relation to personal data. If NIOA cannot or will not comply with any such request, it will provide you with the basis of not doing so as soon as reasonably practicable.
Those who are not satisfied with the way we handle a request in relation to EU Data Rights have the right to make a complaint to the Data Protection Authority for EU residents, or the Information Commissioner’s Office for UK residents.
Furthermore, in the event of a data breach where reporting is required within 72 hours, NIOA will inform you of any incident that compromises your personal data.
PRIVACY ENQUIRIES, COMPLAINTS AND INFORMATION
ENQUIRIES AND COMPLAINTS
If you would like to make an enquiry, or make a complaint regarding your personal information, you should contact us first by using the email, post, or telephone contact details below.
Privacy Officer PO Box 191
Pinkenba, QLD 4008
Tel: 07 3621 9999
When making a complaint regarding privacy, correspondence should include the nature of the complaint and the proposed outcome that you are seeking.
NIOA will endeavour to process and address your privacy concern as soon as reasonably practicable. If NIOA is unable to address your complaint in the way you have proposed, NIOA will provide the reasons for denying such an outcome and may propose an alternate solution.
If you are not satisfied with NIOA’s response, you may contact the Office of the Privacy Commissioner (OPC) to escalate the complaint. The OPC’s contact details are below.
Office of the Privacy Commissioner
Tel: 0800 803 909
OPC’s website also contains helpful information about the Privacy Act and the information privacy principles.
Legal Notice Update
NIOA reserves the right to make any changes and corrections to this notice. Please refer to this page from time to time to review these and new additional information.
This Policy was last updated on 12 April 2023.
Group Chief Operating Officer