Privacy Policy

Pūtake | Purpose

  • The purpose of this policy is to ensure Toi Ohomai Institute of Technology (Toi Ohomai) complies fully with its obligations under the Privacy Act 2020 (the Act), including any applicable codes of practice issued by the Privacy Commissioner under the Act.
     
  • The purpose of the Act is to promote and protect individual privacy by:
    • providing a framework for protecting an individual’s right to privacy of personal information, including the right of an individual to access their personal information, while recognising that other rights and interests may at times also need to be taken in to account; and
    • giving effect to internationally recognised privacy obligations and standards in relation to the privacy of personal information.
  • This policy should be read in conjunction with Toi Ohomai Privacy Procedure. 

Mō Wai Me Te Whānuitanga | Scope

This policy applies to:

  • all employees of Toi Ohomai, including contracted staff and consultants providing services for Toi Ohomai, and those on fixed-term contracts (collectively referred to as kaimahi in this policy); and
  • where appropriate, Governance, which extends to all those operating at a governance level, including Council members and members of Council committees.

Ngā Mātāpono | Policy Principles

  • All Kaimahi and governance must ensure that, when using or dealing with personal information relating to any individual, they comply fully with the Act, including the Information Privacy Principles within the Act (and as also referred to within the Appendix to this policy) and any applicable codes of practice issued by the Privacy Commissioner under the Act. Where Personal Information is being received or collected from outside of New Zealand, it should also be considered whether other privacy/data protection regimes.
  • Kaimahi who are responsible for contractors or consultants working for, or on behalf of Toi Ohomai, must ensure that the contractors or consultants understand and comply with their obligations under the Act and the requirements of this policy.
  • The Privacy Officer is the primary person responsible for engaging with the Privacy Commissioner in relation to privacy matters. This includes responding to compliance notices, cooperating with investigations or complaint proceedings and submitting a notice of any Notifiable Privacy Breach.
  • The Chief Executive or delegate will ensure that at all times Toi Ohomai has a duly appointed Privacy Officer. These roles will be the first point of contact for any questions and complaints in relation to privacy issues occurring within their respective areas of accountability. 
  • The Privacy Procedures contain procedural information, and the Data Breach Response Plan contains processes to be followed in the event of a data breach.

Cookies and Tracking

We use cookies and pixel tags to store certain information which may enhance your usage of our website. Cookies are small files containing a string of characters that are stored in a browser-related file on your computer’s hard drive. Pixel tags are small graphic files that are placed on our pages. Cookies and Pixel tags are widely used on most major websites. No personally identifiable information is tracked or kept through the use of cookies or pixel tags. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website however.

We also use Google Analytics to collect statistics. This allows us to assess the number of visitors to different sections of our website; identify what information is most and least used; and monitor our systems performance. Google Analytics collects and stores the following data when a user visits our website:

  • The user’s IP address;
  • The date, time and duration of a user’s visit;
  • The webpages a user accessed and the documents downloaded; and
  • The type of browser used

As a visitor to Toi Ohomai’s website, cookies, pixel tags and Google Analytics may result in you receiving advertising from us even if you did not complete a task on our site, for example, using one of our Enquiry Forms or Application Forms to make an enquiry or to begin an application, but not complete it.

Unsubscribing 

If you receive promotional emails from us you may opt out from receiving these emails at any time by clicking the unsubscribe link or by emailing us at [email protected]
 

Ngā Haepapa | Responsibilities

Role Responsibilities 
Chief Executive or 
delegate
  • Ensures Toi Ohomai appoints a Privacy Officer.
Toi Ohomai Executive
Leadership Team
  • Ensures procedures that support the operation of this policy within Toi Ohomai are reviewed periodically, remain fit for purpose and are compliant with legislation.
Privacy Officer
  • Ensures that personal information held by Toi Ohomai is held in accordance with the Act.
  • Encourages Toi Ohomai Kaimahi to comply with the Information Privacy Principles set out in the Act.
  • Ensures all within Toi Ohomai comply with this policy and the Act.
  • Deals with requests made to Toi Ohomai under the Act with assistance from the teams that hold the relevant personal information.
  • Acts as the point of contact for Toi Ohomai as a whole with the Privacy Commissioner, including responding to compliance notices and cooperating with investigations or complaint proceedings.
  • Upon being notified of a privacy breach, complies with the Data Breach Response Plan to determine whether or not the breach is a Notifiable Privacy Breach and, if so, notifies the Privacy Commissioner and any affected parties.
  • Engages with Privacy Leads when notified of high-risk privacy matters.
  • Ensures details of the Privacy Officer remains up to date on the Toi Ohomai website and Te Aka.
Toi Ohomai Kaimahi
  • Comply with this policy.
  • Promptly report any privacy breaches to the Privacy Officer in accordance with this policy.
  • Assists with requests made to Toi Ohomai under the Act, where required.
  • Promptly forward any compliance notices or other correspondence received from the Privacy Commissioner to the Privacy Officer.
  • If responsible for engaging contractors or consultants, ensure contractors and consultants understand their obligations under the Act and undertake to comply with this policy.

Ngā Tikanga | Definitions 

  Definitions
Kaimahi All employees of Toi Ohomai, including contracted staff, consultants and secondees providing services for Toi Ohomai, and those on fixed term contracts.
Notifiable Privacy Breach

In accordance with section 112 of the Act, a notifiable privacy breach means a privacy breach that it is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so (taking into account the factors set out in section 113 of the Act).

The factors set out in section 113 of the Act are:

  • any action taken by the agency to reduce the risk of harm following the breach
  • whether the personal information is sensitive in nature
  • the nature of the harm that may be caused to affected individuals
  • the person or body that has obtained or may obtain personal information as a result of the breach (if known) whether the personal information is protected by a security measure and any other relevant matters. 
Governance All those operating at a governance level, including Council members and members of Council advisory committees.
Personal Information In accordance with the Act, personal information means information about an identifiable individual and includes information relating to a death that is maintained by the Registrar-General under the Births, Deaths, Marriages, and Relationships Registration Act 1995 or any former Act.
Privacy Officer One or more individuals appointed in accordance with section 201 of the Act.