GENERAL PRIVACY POLICY
1. INTRODUCTION
This document sets out the privacy policy of The FIN Agency Limited NZBN 94290 529 05520 (referred to in this privacy policy as ‘we’, ‘us’, or ‘our’).
We take our privacy obligations seriously and are committed to safeguarding privacy of personal information, in accordance with the Privacy Act 2020 and the Information Privacy Principles. Providing personal information is an act of trust which we take seriously and we’ve created this privacy policy to explain how we handle personal information.
By providing personal information (including sensitive information) to us, you consent to our collection, storage, maintenance, use and disclosure of personal information in accordance with this privacy policy.
We may change this privacy policy from time to time by posting an updated copy on our website and we encourage you to check our website regularly to ensure that you are aware of our most current privacy policy.
2. APPLICATION OF THIS PRIVACY POLICY
To avoid confusion on how we handle the personal information of the different individuals we engage with, we have differentiated depending on the relationship between us and the individual.
“Personnel” refers to individuals who are engaged whether directly to us as a contractor or employee of an agency we have engaged to provide us goods and services. We will use this term to identify if an area of this policy only applies to or excludes Personnel.
3. WHAT IS PERSONAL INFORMATION?
Throughout this policy, we refer to your ‘personal information’ which is defined in the Privacy Act 2020 as information about an identifiable individual.
Most of this policy applies to all personal information we collect, however, some of our privacy practices differ slightly for certain types of information we collect (including sensitive information of Personnel only and confidential information). Where this is the case, we have outlined that particular practice in its own section within this policy and, to the extent of any inconsistency, that section supersedes the general practices outlined in the rest of this policy.
4. TYPES OF PERSONAL INFORMATION WE COLLECT AND HOLD
The personal information we collect may include the following:
(a) name;
(b) age and date of birth;
(c) gender;
(d) mailing or home address;
(e) social media information;
(f) telephone number, email address and other contact details;
(g) information regarding your personal interests and circumstances;
(h) information about your preferences, interests, and experiences with our services;
(i) credit card or other payment information;
(j) sensitive information as set out below;
(k)information about your business circumstances;
(l)information in connection with client surveys, questionnaires and promotions;
(m)your device identity and type, IP address, geo-location information, page view statistics, advertising data and standard web log information;
(n) information about third parties; and
(o)any other information provided by you to us via our website or our online presence, or otherwise required by us or provided by you.
The personal information we may collect from Personnel only may include the following in addition to the items detailed immediately above:
(p) information about your preferences, interests and experiences in providing services
to us;
(q) sensitive information, as set out below;
(r)information related to your occupation, workplace, professional history and professional interests;
(s) visa and working entitlements;
(t) criminal history checks;
(u) registration status with regulatory authorities;
(v) workplace incident information;
(w) solvency statements; and
(x) the contact details of third parties, such as your emergency contacts.
5. HOW WE COLLECT PERSONAL INFORMATION
We will collect your personal information in a lawful and fair way. We will only collect your personal information where you have consented, or otherwise in accordance with the law. We ordinarily collect personal information directly from you or where it is provided to us with your authority, however, from time to time, we may also be required to collect personal information about you from a third party.
5.2 COLLECTION FROM YOU
We may collect personal information from you where you:
(a) call or email us;
(b) contact us through our website;
(c)receive goods or services from us;
(d)submit any of our online sign-up forms;
(e)ask for access to information we hold about you;
(f)make a complaint or report a matter to us;
(g)participate in any offers, promotions, competitions, rewards or incentive activities;
(h)communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
(i)have made an application of employment to us;
(j)interact with our website, social applications, services, content and advertising; or
(k)invest in our business or enquire as to a potential purchase in our business.
5.3 COLLECTION FROM THIRD PARTIES
Whenever possible, we collect your personal information directly from you. However, there may be occasions when we collect personal information about you from someone else. For example, where you:
(a) have donated to, or have shown an interest in donating to, a not-for-profit who has engaged us to provide them services in relation to such donation;
(b) provide personal information to a third party service provider we have engaged to assistus in delivering our services;
(c) have made a complaint or reported misconduct to us and we require further information to investigate; or
(d) have made an application of employment or engagement by us via a recruitment agency.
For Personnel only:
(e) you are engaged or employed by a third party who provides us with goods or services;
(f) you are involved in a complaint or matter requiring investigation;
(g) a matter arises which impacts your eligibility to continue to be engaged as Personnel(such as a regulatory body removing your working entitlements or licence); or
(h) from references where we are considering your application of employment by us.
5.4 DIGITAL COLLECTION
We may also collect your personal information when you use or access our website or our social media pages. This may be done through use of web analytics tools, ‘cookies’, web beacons, customised links or other similar tracking technologies that allow us to track and analyse your digital interactions with us such as website usage and interactions with emails we send. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites.
Your web browser can choose whether to accept cookies. Most web browser software is initially set up to accept them. If you do not want your browser to use cookies, you can manage and control their use through your browser settings.
6. HOW WE HOLD PERSONAL INFORMATION
We respect the privacy of your personal information and we will take such reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access.
Generally, we store all personal information on secure servers managed by third party cloud storage providers. In some instances, we hold personal information on our personnel’s devices (such as emails from you) or, where necessary, in hard copy (such as printed invoices).
Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
In selecting information technology service providers, we take care to engage reputable businesses who we believe will maintain an acceptable standard of security and protection of your personal information.
Whilst we take reasonable measures, no data storage or transmission systems can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any personal information we handle.
7. PURPOSES FOR WHICH WE HANDLE YOUR PERSONAL INFORMATION
We collect, use, hold and disclose personal information for the following purposes:
(a) to provide services or information to you;
(b) to procure donations for the not-for-profits who engage us to provide them services;
(c) any purpose which is included in this policy or in any collection notice we provide to you;
(d) for record keeping and administrative purposes;
(e) to provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing our services to you;
(f) to third party services providers for the purpose of enabling them to provide services to us, including (without limitation) those who assist in processing and collecting donor details for our not-for-profit clients;
(g) where you are a donor, to facilitate your donation to a not-for-profit we provide our services to;
(h) in obtaining the services of our professional advisers such as insurance providers, accountants, lawyers and auditors;
(i) to improve and optimise our service offering, customer experience and digital tools such as our website and social media;
(j) to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
(k) to respond to and investigate customer complaints and reports;
(l) to manage any competitions or promotions we run;
(m) in engaging with a prospective purchaser of all or part of our business;
(n) to send you marketing and promotional messages and other information that may be of interest to you, including related to our services, to the not-for-profits who engage us, any service providers we engage and other promotional partners;
(o) to comply with our legal obligations, resolve disputes or enforce our agreements with your or third parties;
(p) to send you administrative messages, reminders, notices, updates, security alerts, and other information requested by you; or
(q) to consider an application of employment from you.
For Personnel only:
(r) to third party service providers for the purpose of enabling them to provide services to us, including (without limitation) those who assist in processing Personnel to assess eligibility to provide services to us, create identification and IT system access and reporting; and
to comply withour regulatory requirements such as those by the Public Fundraising Regulatory Association.
We may also handle your personal information for:
(a) any purpose for which we receive consent from you for;
(b) secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use;
(c) as needed in an emergency or in investigating suspected criminal activity;
(d) as required under a subpoena, court order or other mandatory reporting requirements;
(e) it is reasonably necessary for the establishment, exercise or defence of a legal claim;
(f) such purposes where we reasonably believe that use of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent; or
(g) any other purpose which is permitted or required under applicable privacy laws.
8. OVERSEASE DISCLOSURE
The personal information we collect is stored on servers managed by third party service providers who may be located in New Zealand and overseas. Additionally, the service providers may operate overseas disaster recovery sites or have personnel overseas who may access the personal information we hold to assist us in managing our servers.
We also may use Google Analytics (or other web traffic monitoring services) to track web traffic information which is operated by Google which stores information across multiple countries.
When you communicate with us through a social media service such as Facebook or Twitter, the social media provider and its partners may collect and hold your personal information overseas.
We also engage some third party service providers who may be given access to your personal information and are located in countries outside New Zealand such as Australia and Singapore. We will only make such disclosure to overseas as necessary for them to provide their services to us and
in accordance with this privacy policy and the Privacy Act 2020.
9. SENSITIVE INFORMATION - GENERAL
(Collection of sensitive information) We may collect your sensitive information in the course of providing our services. We will only solicit this sensitive information where you consent to our collection of the sensitive information and directly provide us with this information.
(Types of sensitive information) The sensitive information we collect may include your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.
(Handling of sensitive information) Your sensitive information will only be collected, held, used or disclosed for the purpose of:
(a) responding to or investigating any complaints, reports of misconduct or workplace incidents;
(b)any purpose for which we receive consent from you for;
(c)complying with our legal obligations or resolving disputes; or
(d)any other purpose which is permitted or required under applicable privacy laws.
(Withdrawing consent) If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.
10. SENSITIVE INFORMATION – PERSONNEL
(Collection of sensitive information) We may collect sensitive information about you during the course of providing you our services, or engaging you, either directly or via a third party, to provide us services. We will only collect this sensitive information where you consent to such collection and that is provided to us by a third party or you directly provide us with this information.
(Types of sensitive information) The sensitive information we collect may include the following:
(a) criminal history;
(b) membership of a trade union;
(c) health information;
(d) membership of a professional or trade association;
(e) any other sensitive information provided by you or a third party to us.
(Handling of sensitive information) Your sensitive information will only be collected, held, used or disclosed for the purpose of:
(a) responding to or investigating any complaints, reports of misconduct or workplace incidents;
(b) to ensure you are eligible to provide us goods and services;
(c)complying with out regulatory requirements such as those by the Public Fundraising Regulatory Association;
(d) in obtaining the services of our professional advisors such as insurance providers, accountants, lawyers and auditors;
(d) any purpose for which we receive consent from you for;
(e)complying with our legal obligations or resolving disputes or enforcing our agreements with you; or
(f) any other purpose which is permitted or required under applicable privacy laws.
(Withdrawing consent) If you wish to withdraw your consent to our collection, use or disclosure of your sensitive information, please contact us using the contact details set out below. We will deal with all such requests within a reasonable timeframe.
11. MARKETING
We may at times send you marketing communications which will be done in accordance with the Unsolicited Electronic Messages Act 2007.
In this regard, we may use email, SMS, social media, phone or mail to send you direct marketing communications.
Where consent is needed, we will ask you for your consent before sending you marketing communications, except where you:
(a) have explicitly opted-in to receiving email marketing from us in the past; or
(b) were given the option to opt-out of email marketing when you initially signed up for our goods or services and you did not do so.
You can, at any time, opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link on emails we send you) or by contacting us via the details provided at the end of this privacy policy. We will implement such a request as soon as possible, however, cannot guarantee that such a response will be immediate.
12. REQUESTING ACCESS OR CORRECTING YOUR PERSONAL INFORMATION
If you wish to request access to the personal information we hold about you or you think that any personal information we hold about you is inaccurate, please contact us using the contact details set out below including your name and contact details.
We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to or correction of your personal information and where this occurs, we will explain why. We will deal with all requests for access or correction to
personal information within a reasonable timeframe.
13. DEIDENTIFICATION OF PERSONAL INFORMATION
The data we collect may have analytical value to us, our customers, our business partners and our related entities. Where we have de-identified the data we have collected, we reserve the right to process and distribute the data we collect through our goods and services.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where we no longer require your personal information, we will securely de-identify or destroy your personal information in accordance with applicable laws and regulations.
14. ANONYMITY AND PSEUDONYMITY
We will generally need to know who you are in order to provide you with our services or facilitate donations.
Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (alias), for example when making general enquiries about the services we offer.
In some circumstances, you may receive better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.
You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether your real name is required.
15. LINKS
We will generally need to know who you are in order to provide you with our services or facilitate donations.
Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (alias), for example when making general enquiries about the services we offer. In some circumstances, you may receive better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.
You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether your real name is required.
16. CONTACT US
For further information about our privacy policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:
Name: The Privacy Officer
Address: 36 Ireland Street, Freemans Bay, Auckland, 1011
Phone: 0414 983 574
Email: michele@thefinagency.com.au
