Privacy Policy

Privacy Act 1993

The Privacy Act 1993 (Privacy Act) is a New Zealand law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.


Personal information shall not be collected by Applied Biosecurity Solutions unless – 

  • The information is collected for a lawful purpose connected with a function or activity of Applied Biosecurity Solutions 
  • The collection of the information is necessary for that purpose. 
  • The information is collected directly from the individual concerned.

Types of personal information collected by us

We collect and hold a broad range of personal information in records relating to: 

  • employment and personnel matters for our staff 
  • the performance of our legislative and administrative functions; 


This personal information may include but is not limited to: 

  • your name, address and contact details (e.g. phone, email and fax); 
  • photographs, video recordings and audio recordings of you; 
  • information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children); 
  • information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests); 
  • information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence); 
  • information about your employment (e.g. work history, referee comments, remuneration); 
  • information about your background (e.g. educational qualifications, the languages you speak and your English proficiency); 
  • government identifiers (e.g. Centrelink Reference Number or Tax File Number); 
  • information about your recruitment, training and qualifications 

Collection of unsolicited information

Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without prior request. 

Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so. 

How we collect personal information

We primarily use forms, online portals and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us. 

We may also collect your personal information if you: 

  • communicate with us by telephone, mail, email, fax or SMS; 
  • attend a face to face meeting or event conducted by us or our contractors; 
  • use our websites; 
  • interact with us on our social media platforms. 

Storage and data security


We hold personal information in a range of paper-based and electronic records, including cloud computing. 

Data security

We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse. 

Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.

Data quality

We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading. 

These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly. 

Purposes for which information is collected, held, used and disclosed

We collect personal information for a variety of different purposes relating to our functions and activities including: 

  • performing our employment and personnel functions in relation to our staff; 
  • performing our legislative and administrative functions; 
  • policy development, research and evaluation; 
  • complaints handling; 


We use and disclose personal information for the primary purpose for which it is collected. 

We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety. 


Likely secondary purposes for which we many use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes. 

Electronic communication

There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communicating with us, such as post, fax or telephone (although these also have risks associated with them). 

We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided. 

Accidental or unauthorised disclosure of personal information

We will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. Legislative or administrative sanctions may apply to unauthorised disclosures of personal information. 

How long we hold personal information

We may retain all personal information that we collect (on both our active systems and our archive systems), for as long as administratively necessary, in accordance our approved Quality systems.


The Public Records Act 2005 requires us to retain “protected records” indefinitely. In some circumstances, your personal information may be included within a protected record. 

Accessing and correcting your personal information ​

Your rights of access to and correction of any personal information we hold about you are subject to the procedures set out in the Privacy Act. 

If can request access to or correction of your personal information, by emailing We will respond to you within 7 calendar days. 


If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request.