Privacy Policy
Please read and scroll to the bottom to accept.
Updated on August 16 2024
This Policy is applicable to (hereinafter referred to as “the Organisation”):
(Achievement NZ Ltd, Activate Education Group Ltd, ACT Safety Ltd, Enform NZ Ltd, Instant Education Solutions Ltd, and Vision College Ltd.)
Purpose
The purpose of this Policy is to:
a) ensure that personal information collected and held by the Organisation is managed in accordance with the requirements of the Privacy Act 2020, the privacy principles, and all relevant legislation
b) ensure that individuals have trust and confidence in the organisation’s ability to manage and protect their personal information
c) educate people within the organisation on the collection, use, storage, sharing and disposal of personal information
d) promote a culture that protects and respects personal information.
Scope
This Policy applies to all the staff members, contractors, agents, clients, and students (if applicable).
Policy Statement
The organisation is committed to respecting, managing, and protecting personal information. To support this commitment, the organisation will comply with the provisions of the Privacy Act 2020 and all relevant legislation, and will put in place the required procedures, resources, and training.
Guidelines and Expectations
1. Breach of Security:
If the breach is notifiable, the organisation must inform the Office of the Privacy Commissioner. The online tool NotifyUs can help the organisation to check whether the privacy breach is serious and needs to be notified to the Office of the Privacy Commissioner.
2. Privacy Officers:
The Entity Leader/Campus Manager/Deputy Campus Manager will act as Privacy Officers and are responsible for ensuring that the organisation complies with the Privacy Act 2020.
3. Staff members, contractors, clients, and agents (if applicable):
a) comply with this Policy
b) treat any personal information disclosed by students, staff members, visitors, and stakeholders with a high degree of respect and confidentiality
c) complete any training on privacy required by the organisation
d) comply with the requirements of the Privacy Act 2020 and the privacy principles
4. Students (if applicable):
a. treat any personal information disclosed by fellow students, staff members and visitors with a high degree of respect and confidentiality.
b. be aware of your rights and responsibilities regarding personal information and know where to seek advice in relation to privacy breaches.
c. report any privacy concerns or breaches to the organisation Manager or nominee.
5. IT and Cyber Security Measures
a. All computers will have a firewall and antivirus software installed on them, and be kept up to date with the latest system updates.
b. All computers will be password protected, with a change of passwords done annually or as and when required.
c. All cloud storage systems and email accounts are password protected and access reviewed annually.
d. A review of user accounts and system access will occur annually, with all non-current users having access revoked, if not done previously.
e. All IT hardware and devices are to be kept on the premises or with the person in a secure manner.
f. Any IT hardware and devices that are to be disposed of will be done by an approved e-waste provider. Prior to this, all IT hardware and devices will undergo a complete system reset.
The Privacy Principles
The Privacy Act 2020 has thirteen (13) Privacy Principles that govern how we should collect, handle, and use personal information as follows:
Purpose for Collection
We only collect personal information for a lawful purpose and when the information is necessary for that purpose.
Our purpose includes but is not limited to (if applicable):
o our learning, teaching, research and other educational activities
o our administrative, enrolment, employment and management activities
o complying with our legal, regulatory and contractual obligations
o providing a safe, secure and healthy environment
o providing an appropriate level of student support and pastoral care
o recruitment and marketing activities that we undertake
o assessing whether we can reasonably make available our services or facilities to a person who has a disability for the purposes of the Human Rights Act 1993
o managing our business including internal reporting, administrative processes and selection of scholarship and prize winners.
Source of Information
We collect personal information directly from the person concerned. If this is not possible, we may collect it from other people in certain situations. For example, if:
o the person concerned gives us permission
o collecting it in another way would not prejudice the person’s interests
o collecting the information from the person directly would undermine the purpose of collection
o we are getting it from a publicly available source
What to Tell an Individual
When we collect personal information, we take reasonable steps to make sure that the individual knows:
o why it is being collected
o who will receive it
o whether giving it is compulsory or voluntary
o what will happen if they don’t give you the information.
Providing some personal information to us is optional. However, we may not be able to effectively provide you with services or carry out our role as an organisation if you do not provide us with the information we request.
Manner of Collection
We want your interaction with us to be a pleasant experience. We collect personal information in a manner that is fair and does not intrude to an unreasonable extent upon the individual concerned. We take particular care when collecting information from children (minors) ensuring we liaise with their parents/caregivers regarding their information.
Storage & Security
We hold all personal information in secure electronic systems to prevent its loss, misuse, or disclosure.
Paper-based copies of client records are kept in lockable storage such as a filing cabinet or cupboard, or in secured access areas when not in use. Most secure document storage facilities are equipped with CCTV systems to protect documents.
Access
You have the right to ask us for a copy of your personal information at any time. Wherever possible, we will provide you access to this information while ensuring we do not breach the privacy of others, or legal compliance. For example, if releasing the information could:
o endanger someone’s health or safety
o create a significant likelihood of serious harassment
o prevent the detection or investigation of a crime.
Correction
A person has a right to ask us to correct their information if it is wrong.
Accuracy
We take reasonable steps to ensure all personal information collected is accurate, complete, relevant, up to date and not misleading.
Retention
We will not keep personal information for longer than is necessary. All personal information whether kept digitally or physically will be deleted when it is no longer required.
Use
We only use personal information for the purpose we have collected it. We may use it in ways that are directly related to the original purpose, or we may use it another way if the person gives us permission, or in other limited circumstances in accordance with the Privacy Act 2020.
Disclosure
We may disclose personal information in limited circumstances. For example, if:
o disclosure is one of the purposes for which you gave the information
o the person concerned authorised the disclosure
o the information will be used in an anonymous way
o disclosure is necessary to avoid endangering someone’s health or safety
o disclosure is necessary to avoid a prejudice to the maintenance of the law.
Cross-Border Disclosure
We may send personal information to someone overseas if the information will be adequately protected. For example:
o the receiving person is subject to the New Zealand Privacy Act 2020 because they do business in New Zealand
o the information is going to a place with comparable privacy safeguards to New Zealand
o the receiving person has agreed to adequately protect the information through an agreement with privacy clauses on information sharing.
If there are no adequate protections in place, we may send personal information overseas if the individual concerned gives us express permission, unless the purpose is to uphold or enforce the law or to avoid endangering someone’s health or safety.
Unique Identifiers
A unique identifier is a number or code that identifies a person. For example, an IRD or driver’s licence number. We will not use these identifiers. However, we may assign our own specific unique identifier to individuals where it is necessary.
Personal Health Information (if applicable)
As part of our services, we may collect personal health information (such as your medical conditions or information relating to disability) to determine your eligibility to participate in our programmes. We will obtain consent to such collection and directly from the person/s concerned and explain to them how the information will be used and disclosed. Parents and caregivers will be contacted directly for personal health information regarding minors.
We will not use personal health information beyond the consent provided unless further consent is obtained or in accordance with one of the exceptions under the Privacy Act 2020 and the Health Information Privacy Code 2020 or in accordance with any applicable law. If we use personal health information for research or statistical purposes, it will be anonymised if practicable to do so.
Cookies
Visits to our websites are recorded and logged. The following data is collected anonymously and supplied by the Service User’s browser:
o Your IP address and/or domain name
o Your operating system (e.g., Windows 10)
o The type of web browser you use (e.g., Google Chrome, Internet Explorer)
o The date, time, and length of the visit to the website
o The resources and pages you accessed, and the documents downloaded
o The search terms you used
o The referring site (if any) through which you clicked to our website
This information is used to compile statistical information about the use of our website and not for any other purpose. If you do not want cookies to be used, please adjust your browser settings to disable them.
Photography & Video (if applicable)
During activities and events, our team may take still photographs and video footage of various aspects, including shots where individuals and groups are identifiable. These shots may be used in social media and for promotional purposes and this purpose alone. As an organisation we take into consideration the general obligations around collection of personal information in Principles 1-4 of the Privacy Act 2020.
Social Media (if applicable)
We use social media networking services to share content and promote our activities in a public space. When you engage with us using these services, the social network may collect your personal information for its own purposes. These networks have their own privacy statements which are independent of ours. They do not have any access to your personal information that we hold.
Security (if applicable)
We have CCTV devices installed across our locations. CCTV footage is recorded and retained for security purposes (e.g. if there was a theft or a break-in) and is only viewed by authorised staff. The footage will not be made public unless authorised by the individual(s) shown in the footage or in consultation with the New Zealand Police. The footage will be deleted after it is no longer required by us for security or operational reasons. There is signage at our locations advising of the presence of CCTV devices.
Confidentiality
All information collected will be treated with appropriate care to maintain confidentiality. The collection, use and storage of personal information will comply with the Privacy Act 2020. Information will only be shared where there is good reason to do so.
References
· Privacy Act 2020
· Education and Training Act 2020
· Public Records Act 2005
· Health Information Privacy Code 2020
· Official Information Act 1982
· Education (Pastoral Care of Tertiary and International Learners) Code of Practice 2021
· Privacy Statement – the organisation Limited.
What do we do if there is a breach of your privacy?
If we believe that there has been a privacy breach, then we will identify the breach and take reasonable steps to minimise any harm caused by the breach. Where we believe any breach of privacy poses a risk of serious harm or is likely to cause serious harm then we are required to notify the Privacy Commissioner and affected parties.
Where you believe that there has been a breach in relation to your privacy, then please contact us as soon as possible.
If you are not satisfied with the way we have dealt with or resolved your complaint then you can escalate this by contacting the Privacy Commissioner at any time:
Office of the New Zealand Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909
Email: enquiries@privacy.org.nz
What is your right to access your personal information?
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us by email at info@instant.org.nz, or by phone 0800 864 863.
Changes to our Privacy Policy
We reserve the right to change this Policy from time to time as we see appropriate. In the event we do amend this Policy, we will post the revised version on our website and use reasonable endeavours to draw your attention to the amended Policy. The most recent version of this Policy will apply.
How to get in touch with us
Your privacy is important to us, if you have a general privacy enquiry or complaint about a privacy breach then please contact our Privacy Officer at: info@instant.org.nz
This privacy statement was created with the help of the privacy statement generator from the Office of the Privacy Commissioner at https://www.privacy.org.nz/tools/privacy-statement-generator/