Your privacy is important to us at Tirohanga. This policy’s purpose is to help you understand what information we collect, as well as how we use and safeguard that information. The Privacy Act 2020 regulates us on how we collect, use, hold, disclose, access, correct, manage and dispose of your personal information.
This policy pertains to all services provided by Tirohanga, part of the Wise Group. It does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see the website: www.privacy.org.nz
In short, here are a few key privacy messages:
- We only collect personal information where this is necessary to carry out our functions
- We may collect personal information directly from a person or other people or agencies, and we may generate personal information when we carry out our functions
- If we collect any data, we store it (including your personal information) on a secure Microsoft Azure cloud platform and we use Microsoft Office 365 applications. We protect our data with all reasonable technical and process controls
- We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law.
To access, amend, or enquire about your data, please contact our Privacy Officer:
Tirohanga Privacy Officer
Attn: Brogan Lomax
What we collect
Effectively engaging with people and providing our services requires us to collect and use some personal information.
Personal information is necessary to carry out our services effectively. For example, we will collect your contact details so that we can communicate with you easily when we need to.
We collect information about you from:
- you, when you provide personal information about yourself to us, including via our website and any related service, through any contact with us, or when you use our services or products
- third parties authorised by you to provide personal information or who provide publicly available information
- a third party where this is allowed by law, for example a Royal Commission enquiry
If possible, we will collect personal information directly from you.
Depending on the service we are providing to you, the information we might collect from you, should we need it to deliver that service to you, might include:
- your name, age, gender, ethnicity and iwi
- your contact details, including your home address, email address and/or phone number
- professional information such as qualifications, position, professional registration and your employer
- the content of your enquiry
- any questions or comments you submit via our blog, chat or feedback functions
- details for any services, programmes, and events you have registered for, including dietary, accessibility or other specific requirements
- information that is required for a specific service or programme area (e.g. Māmā & Pēpi Space)
- information about your use of our website (explained further below).
Wherever possible, we’ll offer you choices if the information is useful to us, but not absolutely necessary to deliver the service. This might include, for example, your ethnicity. Please let us know if you’re concerned about providing specific information, and we will try, if we can, to offer you choices that work for you.
You can opt-out of our communications activities, such as receiving our email newsletter, at any time.
Storage and retention
We use third-party providers to store and process our data. We store most of the personal information we collect and generate electronically on Microsoft Azure cloud servers located in Australia, Digital Ocean servers in Singapore and Amazon Web Services servers. We also use Microsoft Office 365 for our email and other office productivity applications. While your information may be stored overseas, we only use providers that have comparable privacy safeguards to New Zealand.
We only retain personal information when there is a legitimate reason to, in compliance with the requirements of the Public Records Act 2005. Once there is no longer a legitimate reason to retain the data, the data is deleted.
We take all reasonable steps to ensure any personal information we collect is protected against loss, unauthorised access and disclosure, or any other misuse, including meeting the requirements prescribed by the New Zealand Government.
We take reasonable steps to ensure that our technology providers can meet our privacy and security requirements.
We use some third-party providers to manage some of our engagement processes and services, such as newsletters, applications for services, bookings, evaluations, and feedback.
Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use protect any personal information they process for us.
We use the following third-party providers:
- Cornerstone (by Cornerstone OnDemand Inc) – for recruitment purposes
- Google Analytics (by Google LLC) – to collect web analytics
- Gravity Forms (by Rocketgenious Inc) – to collect information via our website
- MailChimp (by Intuit Inc) – to deliver our newsletters
Links to social networking services
We use social networking sites such as Facebook, Instagram, LinkedIn, Twitter, Vimeo and YouTube to communicate with the public about our work. When you communicate with us using these sites, the social networking service may collect your personal information for its own purposes.
These services may track your use of our website on those pages where their links are displayed. If you are logged into those services (including Facebook and any Google service) while using our site, their tracking will be associated with your profile with them.
These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.
What we do with your personal information
We will only use the personal information you provide to us for the purposes of delivering the services you have requested (such as applying for a place on one of our services, registering for a learning programme or event, booking a wellbeing service) or carrying out our lawful functions. People will only see/use your information for the purposes of providing the services you are accessing.
Non-personal, non-identifiable information may be used for reports which allow Tirohanga and the Wise Group to measure collective impact and may be assessed by third parties, including researchers, government departments, and funders to evaluate the effectiveness of how we work.
How we will use your personal information
Depending on the service we are providing to you, the information we collect from you may be used to:
- verify your identity
- assess your application and eligibility for a place in a programme or service we offer
- contact you about your request, query, registration or possible research or evaluation related to a pilot programme, service we offer, workshop or event you participated in
- ensure the clinical safety and wellbeing of our participants
- provide additional support to ensure a positive end-user experience
- follow up for research or evaluation you have already participated in
- inform research, evaluation, and quality improvement
- send you electronic or hard copy newsletters, resources, or information you have requested
- consider and respond to your enquiry
- make a decision regarding your eligibility for funding
- improve our website and the delivery of our online services
- conduct internal statistical analysis within the Wise Group and meet our reporting requirements
- to protect and/or enforce our legal rights and interests, including defending any claim.
Personal information pertaining to your clinical safety and wellbeing may be used to follow up with you. This information may be shared with third parties if there are concerns about your immediate safety. Wherever possible, this will be communicated before we share information with third parties.
When we share it
We do not generally share your personal information with third parties, other than third parties which are providing services to us.
However, we may share your personal information, if necessary, to appropriately respond to your enquiry. We may share your personal information with a third party where the disclosure is authorised by you.
We may share personal information if required or permitted by law (for example to assist with the investigation of a criminal offence), to prevent or lessen a serious threat to the health and safety of a person or the public, or for statistical purposes where you will not be identified. If our staff are threatened or abused, we may refer this to the Police.
Your privacy rights and how to contact us
You have the right to request a copy of the personal information we hold about you (whether we have collected it from you directly or from a third party). You also have the right to ask us to correct your information if you think it is wrong.
We will process your request as soon as possible, and no later than 20 working days after we receive it. We will be as open as we can with you, but please note that your right to request personal information may be limited if it breaches another person’s right to privacy or is subject to overriding national security legislation.
We may occasionally need to withhold personal information, for example where the information requested is legally privileged. However, we will only ever withhold information where necessary.
You may request a correction of personal information that you consider is inaccurate. Where the correction requested is not able to be made or we dispute the accuracy of the correction, we will make a note on your personal information.
If we cannot resolve your concerns, then you have the right to complain to the Privacy Commissioner about our actions. In the first instance, please email or write to us at email@example.com or PO Box 7443, Wellington South 6242 marking it for the attention of the Tirohanga Privacy Officer.
All staff receive relevant information privacy training to minimise the risk of a privacy breach.
Personal information is only used for the purposes we have declared it will be used for. If it is disclosed outside of the purpose, any potential impact on individuals affected is assessed once the incident is discovered. If the impact is likely to cause serious harm, our Privacy Officer is notified so an internal investigation can be carried out and an action plan implemented.
If a breach of privacy occurs, we will advise our Privacy Officer who will assess what actions might sensibly be taken, and the likelihood of harm arising, and the Privacy Officer will notify the Privacy Commissioner and any affected individuals, unless an exemption under the Privacy Act 2020 applies.
Complaining about our privacy practices
We want to know if you have concerns about our privacy practices, whether these relate to the way we collect or share information about you or our decision on your access request. This allows us to try and put things right for you and helps us to identify and fix any problems with our systems or processes.
In the first instance, let us know about your concern(s) and we will try our best to resolve them. This could include escalating your concern(s) to a senior staff member to ensure we have made the right decision and fully considered your concern(s).
Our website also collects information
We use a range of technologies to deliver our website and online services, such as Google Analytics and online survey tools. We ensure that those technologies meet suitable security standards, and where they collect information from you, such as the type of computer/device being used to access the website, that this information is only used to improve our website and the services we offer.
Opting out of certain uses of your information (cookies)
When you visit the Tirohanga website it will attempt to set cookies on your browser. A cookie is a text file that a website transfers to your browser to remember specific information about your visit or visits. Some of these cookies may remain on your computer after you close your browser. Some of these cookies are from organisations we use to monitor website usage.
You can configure your internet browser not to store cookies and set your browser to ask for your permission before it accepts a cookie.
Non-personal information that cannot be used to personally identify you includes anonymous usage data, surveys, general demographic information, referring pages, entry and exit pages, and platform types.
We collect the following information about your use of our website, which we use to improve the quality and reliability of our website:
- your IP address
- the search terms you used
- the pages, resources, and files you accessed on our website and the links you clicked on
- the date and time you visited the site
- the referring site (if any) through which you clicked to our website
- your operating system (such as Windows 10)
- the type of web browser you use (such as Mozilla Firefox)
- the type of device you use.
New policy published: April 2023