Reach Aotearoa is committed to ensuring personal information is managed according to the principles of the Privacy Act 2020 (“the Act”) and the Health Information Privacy Code 2020 (“the Code”). This policy does not limit or exclude any rights under the Act.
This privacy statement explains how Reach Aotearoa collects, stores, uses, and shares your personal information.
Personal Information may be collected, for example, via websites, through any survey and registration processes, inbound/outbound calling or by any contact with Reach Aotearoa (including phone, text, email, or web chat).
Why we collect and how we use personal information:
Reach Aotearoa primarily collects and uses personal information to meet business objectives, fulfil contractual obligations and otherwise for a reason authorised under the Act.
Disclosing and using personal information
An Individual will ordinarily be advised at the outset of any interaction with Reach Aotearoa of the instances where their personal information may be disclosed.
Personal information will not be disclosed to overseas organisations without the express consent of the individual, authorising agent, or research funder (if applicable). The receiving organisation must comply with the protection controls stipulated in the Act.
Reach Aotearoa will only use and/or disclose personal information in accordance with the Act.
Protection, storage and integrity of personal information
Reach Aotearoa have in place the appropriate security measures to protect an individual’s personal information from accidental loss, un-authorised activity, modification, disclosure, or other misuse.
An individual’s personal information will only be accessed by authorised staff.
Reach Aotearoa keeps personal information only as long as necessary to fulfil the purpose for which it was collected, except where we are required by law or contractual obligations to keep the information for a specified period.
When we no longer need to retain the personal information, Reach Aotearoa will safely dispose of it or ensure that the information is de-identified (i.e. it will no longer be possible to connect the information to the individual).
If personal information is provided to Reach Aotearoa via the Internet, reasonable steps are taken to maintain a secure internet connection. The provision of that information will be at the individual’s own risk.
If an individual chooses to post personal information on any Reach Aotearoa forum, for example, a message board or chat room function, they acknowledge and agree that the information posted is publicly available.
Reach Aotearoa are committed to continuously improving processes and monitoring performance to ensure we are offering the best possible services. To achieve this staff responsible for investigation and complaints handling, training, auditing, and quality improvement may access an individual’s personal information.
In most instances, Reach Aotearoa record phone conversations for the purposes outlined above. An individual will always be notified at the outset of the phone conversation as to whether the conversation is recorded.
Accuracy, accessing and correcting personal information
Reach Aotearoa shall take reasonable steps to ensure that the personal information it holds is accurate, up-to-date, complete, relevant, and not misleading.
In accordance with the Act, an individual is entitled to ask for:
In exercising their rights above, the individual is required to provide evidence of their identity to confirm they are the individual to whom the request relates or are entitled to act on the individual’s behalf. All requests should be directed to the Reach Aotearoa Privacy Officer via email at firstname.lastname@example.org.
- access to their own personal information held by Reach Aotearoa; or
- a correction to their personal information if they believe it to be incorrect.
With respect to a request for correction, Reach Aotearoa will respond in accordance with the timeframes and procedures specified in the Act.
If the individual makes a request for personal information Reach Aotearoa will communicate to the individual concerned the reason(s) for withholding all or part of the information (if applicable).
Responding to suspected or actual privacy breaches
Reach Aotearoa has extensive procedures to manage suspected or actual breaches.
Updates to our information practices
Reach Aotearoa reserve the right to update this policy. The policy will be updated in accordance with legislative changes and industry best practice.
Where there has been a notifiable breach in privacy, Reach Aotearoa will carry out all necessary processes required and will notify the individual concerned and the applicable statutory authority of the breach.
Reach Aotearoa will act on recommendations made by the governing statutory authorities concerning the investigation and reporting of privacy breaches.
When investigating a breach, Reach Aotearoa will follow the processes recommended on the Privacy Commissioner’s website. The Privacy Officer will be responsible for conducting the investigation.
Reach Aotearoa will respond to breaches promptly to minimise any harm caused to the affected person or persons. Response to breaches will ordinarily have the following components:
- Breach containment and preliminary assessment;
- Evaluation of the risks associated with the breach;
- Notification if required; and
By continuing to use any Reach Aotearoa website, the individual agrees to be bound by the date of the amended policy. The individual should check from time to time to see if the policy has changed.