This policy aims to help people working at the Society of St Vincent de Paul in New Zealand (the Society) understand how their personal information may be collected, used and stored by the Society.
This policy applies to all individuals working at the Society (including in one of its Area Councils), including employees, volunteers and contractors.
Collecting Personal Information
When you become an employee of, or volunteer with the Society, the Society will need to collect some personal information from you. It may also collect other information needed to perform its functions, or where required by law.
Personal information may range from the ordinary (for example contact details) to very sensitive (medical information).
Using Personal Information
The Society will never sell your personal information.
Employees or volunteers of the Society may have access to your personal information to do their work. Their access to your personal information is limited to what is necessary.
Agents and contractors of the Society may have access to personal information needed to do their work but may not use it for any other purposes.
Your personal information may be used:
- for the Society activities and operations;
- to consider an employment or volunteer application;to amend records to remove or update personal information;
- for other everyday business purposes that involve use of personal information; and
- to comply with the law; or protect our rights, property, or safety, or that of our members, or others.
Storing and Disclosing Personal Information
The Society will maintain all reasonable protections against the loss, misuse or inappropriate disclosure of your personal information, and maintain processes to prevent unauthorised use or access to that information.
The Society will keep all physical documents secure, both inside and outside its premises.
The Society will keep electronic personal information secure by making sure its data storage is protected from external sources, maintaining a regular back up and applying good security practices.
The Society may use cloud computing. Where used, the Society will ensure that cloud computing solutions meet good practice security requirements.
Requests for Personal Information
You have rights to access and correct your personal information in accordance with the Privacy Act 2020. If you want to access or correct your personal information, please contact the National Executive Officer (firstname.lastname@example.org).
Any questions about the Society’s compliance with the Privacy Act 2020 should be referred to the National Executive Officer (email@example.com).
Breaches of this policy include breaches of any of the information privacy principles under the Privacy Act 2020.
Where the Society becomes aware of a privacy breach that has caused or is likely to cause serious harm it will notify the Office of the Privacy Commissioner as soon as practicable.
Reporting a Breach
Individuals who wish to report an alleged breach of this policy should report this to the National Executive Officer (firstname.lastname@example.org).