POLICY PURPOSE
People who disclose their personal information or personal information about others to the Company have a legal right that their information is used correctly and that their privacy is reasonably maintained. This policy aims to ensure that information about people is handled responsibly by Universal Communications Group.
Property owners, owner’s representatives, body corporate committee members, tenants, client representatives, Delivery Partners, job applicants and other groups of people do share their information with the Company from time to time and their disclosure of private information is covered by this policy.
DEFINITIONS AND ABBREVIATIONS
Agency means any individual, organisation or business, whether in the public sector or the private sector.
Personal information is any information about an individual (a living natural person) as long as that individual can be identified.
Telecommunications (As per Telecommunications Act 2001), means the conveyance by electromagnetic means from one device to another of any encrypted or non-encrypted sign, signal, impulse, writing, image, sound, instruction, information, or intelligence of any nature, whether for the information of any person using the device or not; but does not include any conveyance that constitutes broadcasting.”
Telecommunications information includes
- Subscriber information;
- Traffic information;
- The content of a telecommunication.
Note: The code covers personal information collected or held by telecommunications agencies relating to individuals who subscribe to, or use, the telephone or other telecommunications services.
Legal Framework
The Privacy Act 1993 (“The Privacy Act”) regulates the way the Company collects, uses, keeps secure and discloses personal information. It also gives individuals the right to know what information the Company holds about them and a right to correct the information if it is wrong. The Information Privacy Principles in Part 2 of The Privacy Act, including the telecommunications information privacy codes, are legally binding on the Company.
The Office of the New Zealand Privacy Commissioner
The Office of the Privacy Commissioner can be contacted in order to obtain guidance on compliance with The Privacy Act. Its contact details are 0800 803 909 or enquiries@privacy.org.nz or refer to www.privacy.org.nz
Privacy Contact Officer
The Group Human Resources Manager is the Company’s designated Privacy Contact Officer.
INFORMATION PRIVACY PRINCIPLES
Principle 1: Purpose of collection of personal information (and telecommunications information)
The Company must not collect personal information (and telecommunications information) unless:
- the information is collected for a lawful purpose connected with a function or activity of the agency; and
- the collection of the information is necessary for that purpose.
Principle 2: Source of personal information (and telecommunications information)
Personal information must be collected directly from the individual concerned.
The exceptions to this are when the agency collecting the information believes on reasonable grounds that:
- the information is publicly available; or
- the individual concerned authorises collection of the information from someone else; or
- the interests of the individual concerned are not prejudiced; or
- it is necessary for a public sector agency to collect the information to uphold or enforce the law, protect the tax base, or assist court or tribunal proceedings; or
- complying with this principle would prejudice the purposes of collection; or
- complying with this principle would not be reasonably practical in the particular case; or
- the information will not be used in a form that identifies the individual; or
- the Privacy Commissioner has authorised collection under section 54.
Principle 3: Collection of information (including telecommunications information) from subject
Where the Company collects personal information and/or telecommunications information directly from the individual concerned, it must take reasonable steps to ensure that the individual concerned is aware of:
- the fact that the information is being collected, and
- the purpose for which the information is being collected, and
- the intended recipients of the information, and
- the name and address of the Company that is collecting the information, and the agency that will hold the information, and
- any particular law governing the collection of the information and whether or not the supply of the information by that individual is voluntary or mandatory, and
- any consequences if all, or any part of, the requested information is not provided, and
- the individual’s rights of access to, and correction of, personal information.
The Company is not required to take the steps referred above in relation to the collection of telecommunications information from an individual if the Company has taken those steps in relation to the collection, from that individual, of the same information or information of the same kind, on a recent previous occasion.
It is not necessary for the Company to comply with the above steps if the Company believes, on reasonable grounds that:
- non-compliance is authorised by the individual concerned, or
- the interests of the individual concerned would not be prejudiced, or
- non-compliance is necessary for a public sector agency to collect the information to uphold or enforce the law, protect the tax base, or assist court or tribunal proceedings; or
- compliance would prejudice the purposes of the collection, or
- compliance is not reasonably practicable in the particular case, or
- the information will not be used in a form that identifies the individual, or
- the collection is for the purposes of interconnection or the delivery of a CMS (Call Management System).
- as a general rule, the Company should only collect information with the knowledge of the person it is about. The main exceptions will be information about an individual’s criminal record, information about an individual’s tax records or claims for a benefit from the state.
Principle 4: Manner of collection of personal information (and telecommunications information)
Personal information and/or telecommunication information must not be collected by:
- unlawful means, or
- means that are unfair, or intrude to an unreasonable extent on the personal affairs of the individual concerned.
Principle 5: Storage and security of personal information (and telecommunications information)
The Company must ensure that:
- reasonable security safeguards are in place to protect the information against loss, misuse, or disclosure; and
- if it is necessary for the information to be given to a person in connection with the provision of a service to the Company, everything reasonable is done to prevent unauthorised use or unauthorised disclosure of the information.
Principle 6: Access to personal information (and telecommunications information)
Where the Company holds personal information and/or telecommunication information in a way that it can be readily retrieved, the individual it is about is entitled to:
- get confirmation from the Company about whether or not it holds such personal information, and
- have access to that information.
Where an individual is given access to personal information and/or telecommunication information, the individual shall be advised that, under principle 7, the individual may request the correction of that information.
This principle is subject to the provisions of Parts 4 and 5 of the Privacy Act, which amongst other things deal with an agency’s right to refuse access in certain cases and details the procedure, the Company must follow when dealing with requests for access or correction of personal information.
When the Company refuses a request access to telecommunications information it must advise the individual of the complaints process available.
Principle 7: Correction of personal information (and telecommunications information)
Where the Company holds personal information and/or telecommunications information, the individual concerned is entitled to request correction of the information, and request that if it is not corrected, a statement is attached to the original information saying what correction was sought but not made.
- If the Company has disclosed personal information and/or telecommunications to another party, and it later corrects the information or attaches a statement of a requested correction, it should inform the other party of this.
- Where the Company receives a request to correct personal information and/or telecommunications information, it should inform the individual concerned of the action taken as a result of the request.
Principle 8: Accuracy, etc., of personal information to be checked before use
The Company must not use or disclose personal information and/or telecommunications information without taking reasonable steps to make sure the information is accurate, up-to-date, complete, relevant and not misleading.
Principle 9: Personal Information not to be kept for longer than necessary
Company shall not keep any personal information and/or telecommunication for longer than is required for the purposes for which the information may lawfully be used.
Principle 10: Limits on use of personal information (and telecommunications information)
If the Company obtains personal information and/or telecommunications information for one purpose, it must not use the information for any other purpose unless the Company believes, on reasonable grounds that:
- The use is one of the purposes for which the information was collected; or
- The use is directly related to the purpose the information was obtained for; or
- The agency got the information from a publicly available publication; or
- The individual concerned has authorised the use; or
- The use is necessary for a public sector agency to collect the information to uphold or enforce the law, protect the tax base, or assist court or tribunal proceedings; or
- The use is necessary to prevent or lessen a serious threat to public health or safety, or the life or health of any individual; or
- The individual concerned is not identified; or
- The use is authorised by the Privacy Commissioner under section 54.
Principle 11: Limits on disclosure of personal information (and telecommunications information)
Company must not disclose personal information unless it believes, on reasonable grounds:
- The disclosure is in connection with, or directly related to, one of the purposes for which it was obtained; or
- The agency got the information from a publicly available publication; or
- Disclosure is to the individual concerned; or
- Disclosure is authorised by the individual concerned; or
- It is necessary for a public sector agency to disclose the information to uphold or enforce the law, protect the tax base, or assist court or tribunal proceedings; or
- Disclosure is necessary to prevent or lessen a serious threat to public health or safety, or the life or health of any individual; or
- Disclosure is necessary to facilitate the sale of a business as a going concern; or
- The information is to be used in a form in which the individual concerned is not identified; or
- Disclosure has been authorised by the Privacy Commissioner under section 54.
Principle 12: Unique Identifiers
- The Company must not assign a unique identifierto an individual unless it is necessary to enable the Company to carry out its functions efficiently.
- The Company should not assign to an individual a unique identifier that has been assigned to that individual by another company or agency, unless both agencies are associated persons within the meaning of subpart YB of the Income Tax Act 2004 or it is permitted by sub rule 5.
- The Company may identify a telephone installation or an individual associated with that installation by reference to a number or identifier generated or assigned by another telecommunications agency where that is necessary for interconnection, wholesaling or similar arrangements between telecommunications agencies or between a telecommunications agency and another agency providing telecommunications service.
Schedule 1
Complaints of Breach of Code Procedure
- The Group Human Resources Manager will review the Company’s Privacy Policy and Privacy Statement on a needs basis to ensure legislative requirements are met.
- Any person who requests a copy of the Company’s Privacy Statement should be provided a copy.
- Privacy complaints should be forwarded to the Group Human Resources Manager, including the contact details of the complainant. The complaint should be addressed quickly and effectively (within 5 working days). Systematic or ongoing problems, if they occur must be addressed in order to enhance the stakeholder’s confidence in the Company’s privacy policies.
Contact Details: Privacy Commissioner Te Mana Matapono Matatapu
Enquiries Line (for general enquiries):
Ph: 0800 803 909
Email: enquiries@privacy.org.nz
Telephone: 04-474 7590 (Wellington)
Telephone: 09-302 8680 (Auckland)
Email: enquiries@privacy.org.nz