Why is this policy important?
The Privacy Act defines principles we need to comply with, including the principle that we can only use information for the purposes for which we collected it.
The systems we use to hold client information include: email, International Taekwon-Do's national databse, Dropbox, online services such as MailChimp, third party providers such as Xero, and hard copy client files stored in the office.
Our policy - the dos
- We ensure all information is kept securely.
- We only share and use information as per the agreed purpose.
- We only collect personal information necessary for the services being provided and ensure that the client knows that their information is available anytime they wish to view it.
- We ensure that client information is retained and stored in a secure environment.
- When we collect client information, we explain the reasons why the information is collected and how it will be used.
Our policy - the don'ts
- We don’t give out any personal information, unless we know exactly who’s asking for it, why they want it and that they are authorised to have it.
- We don’t breach client confidentiality.
- We don’t collect information that isn’t required to complete the services we agreed with the client.
- We don’t leave client information visible for other people to see.
- We explain to our customer the purpose of collecting personal information about them.
- We cover what we are trying to achieve and what personal information is needed to achieve it.
- We explain to our clients how we handle their personal information. For example:
- We only collect personal information directly from them or from a public source. https://www.privacy.org.nz/purpose/#collection
- We only use their information to provide our services to them.
- We are required to keep information for seven years after our client relationship ends. https://www.privacy.org.nz/privacy-for-agencies/getting-started/purpose/#responsibility
- We will dispose of it appropriately at the end of the seven-year period. https://www.privacy.org.nz/privacy-for-agencies/getting-started/purpose/#disposal
- We will establish a process to periodically review the data that we hold in our business.
- We only keep client data or information that we are required hold. This helps reduce our risk if client information is accidentally made public.
- We check the terms and conditions or agreements with our systems providers to ensure that there are suitable arrangements in place to keep the data secure.
- On an annual basis, we will review the terms of our Professional Indemnity Insurance to ensure that we are insured for a breach of privacy.
- We will develop a response plan for what to do if our business is affected by a data breach.
How do we know we comply?
- We are aware of our obligations under the Privacy Act and we have completed the online learning modules https://elearning.privacy.org.nz/
- We maintain an Issues and Breach Register and we know how to record and manage a breach.
- We periodically review the Privacy Commissioner’s website for guidance on managing client privacy.
- We review the guidelines developed by the NZ Government to help prevent breaches of data. https://www.cert.govt.nz/businesses-and-individuals.
- When we use a new provider we check their terms and conditions to understand how they store and use our client information and data.
Effective date: 30/11/2019
Last reviewed: 23/02/2020