Privacy Policy
Collection of Personal Information Policy
Purpose for collection of personal information
Personal information will not be collected by us unless:
(a) the information is collected for a lawful purpose connected with a function or activity of us; and
(b) the collection of the information is necessary for that purpose.
Storage and security of personal information (principle five)
We will ensure that any personal information that we hold will be treated by us so –
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:
(i) loss; and
(ii) access, use, modification, or disclosure, except with the authority of us; and
(iii) other misuse; and
(b) that if it is necessary for the information to be given to a person in connection with the provision of a service, everything reasonably within our power is done to prevent unauthorised use or unauthorised disclosure of the information.
Access to personal information
(1) Where we hold personal information in such a way that it can readily be retrieved, the individual concerned shall be entitled:
(a) to obtain from us confirmation of whether or not we hold such personal information; and
(b) to have access to that information.
(2) Where, in accordance with subclause (1)(b), an individual is given access to personal information, the individual shall be advised that, the individual may request the correction of that information.
Correction of personal information
(1) Where we hold personal information, the individual concerned shall be entitled –
(a) to request correction of the information; and
(b) to request that there be attached to the information a statement of the correction sought but not made.
(2) When we hold personal information we shall, if so requested by the individual concerned or on our own initiative, take such steps (if any) to correct that information as are, in the circumstances, reasonable to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading.
(3) Where we hold personal information and where we are not willing to correct that information in accordance with a request by the individual concerned, we shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the information, in such a manner that it will always be read with the information, any statement provided by that individual of the correction sought.
(4) Where we have taken steps under subclause
(2) or subclause
(3), we shall, if reasonably practicable, inform each person or body or agency to whom the personal information has been disclosed of those steps.
(5) Where we receive a request made pursuant to subclause (1), we shall inform the individual concerned of the action taken as a result of the request.
Correction of personal information
(1) Where we hold personal information, the individual concerned shall be entitled –
(a) to request correction of the information; and
(b) to request that there be attached to the information a statement of the correction sought but not made.
(2) where wet hold personal information we shall, if so requested by the individual concerned or on our own initiative, take such steps (if any) to correct that information as are, in the circumstances, reasonable to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading.
Accuracy, etc, of personal information to be checked before use
When we hold personal information, we will not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.
Agency not to keep personal information for longer than necessary (principle nine)
When we hold personal information, we will not keep that information for longer than is required for the purposes for which the information may lawfully be used.
Limits on use of personal information
Where we hold personal information that was obtained in connection with one purpose, we will not use the information for any other purpose unless we believe, on reasonable grounds:
(a) that the source of the information is a publicly available publication; or
(b) that the use of the information for that other purpose is authorised by the individual concerned; or
(c) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(d) that the use of the information for that other purpose is necessary to prevent or lessen a serious threat to –
(i) public health or public safety; or
(ii) the life or health of the individual concerned or another individual; or
(e) that the purpose for which the information is used is directly related to the purpose in connection with which the information was obtained; or
(f) that the information:
(i) is used in a form in which the individual concerned is not identified; or
(ii) is used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(g) that the use of the information is in accordance with an authority granted under the Act.
Unique identifiers
(1) We will not assign a unique identifier to an individual unless the assignment of that identifier is necessary to enable us to carry out any one or more of our functions efficiently.
(2) We will not assign to an individual a unique identifier that, to our knowledge, has been assigned to that individual some other person, unless those 2 persons are associated persons.
(3) Where we assign unique identifiers to individuals, we will take all reasonable steps to ensure that unique identifiers are assigned only to individuals whose identity is clearly established.
(4) We will not require an individual to disclose any unique identifier assigned to that individual unless the disclosure is for one of the purposes in connection with which that unique identifier was assigned or for a purpose that is directly related to one of those purposes.