The Privacy Act 1993 (Privacy Act) is a New Zealand law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Personal information shall not be collected by Applied Biosecurity Solutions unless –
We collect and hold a broad range of personal information in records relating to:
This personal information may include but is not limited to:
Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without prior request.
Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.
We primarily use forms, online portals and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us.
We may also collect your personal information if you:
We hold personal information in a range of paper-based and electronic records, including cloud computing.
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.
We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.
These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.
We collect personal information for a variety of different purposes relating to our functions and activities including:
We use and disclose personal information for the primary purpose for which it is collected.
We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.
Likely secondary purposes for which we many use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communicating with us, such as post, fax or telephone (although these also have risks associated with them).
We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.
We will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.
We may retain all personal information that we collect (on both our active systems and our archive systems), for as long as administratively necessary, in accordance our approved Quality systems.
The Public Records Act 2005 requires us to retain “protected records” indefinitely. In some circumstances, your personal information may be included within a protected record.
Your rights of access to and correction of any personal information we hold about you are subject to the procedures set out in the Privacy Act.
If can request access to or correction of your personal information, by emailing email@example.com. We will respond to you within 7 calendar days.
If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request.