PURPOSE

Thrive Wellbeing Collective (we, us, our) are committed to protecting the privacy of individuals and maintaining privacy standards regarding the personal information we collect in compliance with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. This relates specifically to the collection, storage and security, access and correction, accuracy, retention, use and disclosure, and unique identifiers collected regarding trustees, staff, self-employed practitioners, clients and visitors/guests. This policy applies to those that are employed by Thrive Wellbeing Collective including temporary and fixed term employees and volunteers; self-employed practitioners; contractors and representatives of Thrive Wellbeing Collective that hold information regarding individuals.

DEFINITIONS

Definition of Personal Information

Personal information means information about an identifiable individual. It includes your name, date of birth/age, gender and contact details as well as health and other information that would enable you to be identified.

1. POLICY

1.1 We will provide access to information for employees, volunteers regarding the obligations under the Act and provide with training to enable them to fulfil these.

1.2 Thrive Wellbeing Collective will appoint a Privacy Officer who will facilitate compliance with the Act.

1.3 Effective internal policies and processes will be in place to prevent personal information being collected, held, shared/exchanged, accessed, or disposed of improperly.

1.4 This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

2. Collection of Personal Information

2.1 We do not collect personal information unless it is for a lawful purpose connected with a function or activity of Thrive Wellbeing Collective or directly related to the purpose for which the information was obtained.

2.2 Personal information collected by us will usually fall into one of the following categories:

• Contact information (e.g. name, age, address, email address and telephone numbers).

• Unique identifiers – an identifier that is assigned to an individual by an agency other than Thrive Wellbeing Collective for the purposes of the operations of that agency. 

• Employment information (e.g. employment history, work performance, absences, workplace incidents, next of kin information).

• Financial information (e.g. bank account details).

• ‘Sensitive’ information (e.g. medical history, criminal history).

2.3 If possible, we will only collect personal information from you directly. We may collect your information from you in a variety of ways including face-to-face, over the telephone, through an online form or portal, through a paper form or by email.

2.4 Sharing your personal information with us is voluntary, however we may not be able to complete some operations or requirements (including statutory, legislative requirements) without a certain level of personal data being collected. Any impact on an individual’s ability to participate in said operations or requirements will be discussed with the individual.

2.5 Sometimes we will collect personal information from a third party or a publicly available source if it is unreasonable or impracticable to collect the personal information directly from you (e.g. checking a candidate’s work history). We may also collect information about you from another source if:

• You have given your consent for us to collect your information from another source.

• The information will not be used in a form that identifies you.

• The Privacy Commissioner has authorised the collection of information in this manner.

3. Protecting and Storing Personal Information

3.1 Thrive Wellbeing Collective endeavours to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of an individual’s personal information. These safeguards are designed to prevent personal information from loss and unauthorised access, copying, use, modification, or disclosure. These include:

• Secure hard copy document storage (i.e. storing hard copy documents in locked filing cabinets).

• Password protected data storage devices such as laptops, tablets and smart phones.

• Providing a discreet environment for confidential discussions.

• Access control for our building including reception protocols and measures for securing the premises when unattended.

• Security measures for our website.

3.2 Although we take all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss, misuse, or unauthorised access to such information. Thrive Wellbeing Collective will not be held responsible for such actions where the security of the personal information is not within our control or we cannot reasonably prevent such an incident.

4. Use and Disclosure of Personal Information

4.1 We will use your personal information:

• to verify your identity

• to communicate news and developments, including contacting you electronically (e.g. by text or email for this purpose)

• to improve the services, support, training, and other offerings that we provide to you

• to undertake credit checks of you (if necessary)

• to bill you and to collect money that you owe us, including authorising and processing credit card transactions

• to respond to communications from you, including a complaint 

• to conduct research and statistical analysis (on an anonymised basis)

• to protect and/or enforce our legal rights and interests, including defending any claim

• for any other purpose authorised by you or the Act.

4.2 Regarding those employed directly by Thrive Wellbeing Collective, Thrive Wellbeing Collective may share employees’ information with other Thrive Wellbeing Collective employees, consultants and other parties who require such information to assist with establishing, managing or terminating Thrive Wellbeing Collective employment relationship with its employees, or for purposes associated with the Protected Disclosures Act 2000.

4.3 Thrive Wellbeing Collective must comply with Privacy Principle 11 of the Privacy Act 2020 which provides that information should not be disclosed to third parties unless:

• The disclosure is directly related to the reason the information was collected in the first place.

• The individual has authorised the disclosure.

• The information is publicly available.

• Disclosure is necessary for the maintenance of the law or for legal proceedings (e.g. for the Employment Relations Authority).

• Where possible criminal or other unlawful activity is suspected.

• Disclosure is necessary to prevent or lessen a serious threat to public health or safety, or the life or health of any individual.

• The information is to be used in a form in which the individual is not identified.

• Disclosure is authorised by the Privacy Commissioner.

5. Retention of Personal Information

5.1 Thrive Wellbeing Collective will retain personal information until we no longer have a lawful purpose for doing so.

6. Accuracy of Personal Information

6.1 We will strive to ensure that all personal information we collect, use or disclose is accurate, complete and up-to date.

6.2 If we are aware that we hold personal information that (having regard to the purpose for which it was collected) is inaccurate, out of date, incomplete, or irrelevant, we will take reasonable steps to correct that information. The Thrive Wellbeing Collective Privacy Officer should be contacted in any case of inaccuracy with an individual’s information.

6.3 In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction. Subject to certain grounds for refusal set out in the Act, you also have the right to request a correction of your readily retrievable personal information that we hold. Before you exercise this right, Thrive Wellbeing Collective will require evidence to confirm the identity of the individual to whom the personal information relates.

7. Access of Personal Information

7.1 All individuals may request to see their personal information. Request for access to personal information should be made in writing to the Privacy Officer. Thrive Wellness will provide access to view the personal information in the way preferred by the individual unless this would impair efficient administration, breach a legal duty, or breach an interest protected by one of the withholding grounds under the Act, following which Thrive Wellbeing Collective would then give reasons for the decision. Individuals will be able to access to view their personal information with The Privacy Officer present. Individuals are entitled to all other personal information held by Thrive Wellbeing Collective about them, their wage and time records, holiday and leave records and information held by their managers.

7.2 Thrive Wellbeing Collective may withhold information pursuant to Part 4 of the Privacy Act 2020. The reasons for which information may be withheld include, but are not limited to, the following:

• Giving access to information would involve the unwarranted disclosure of personal information about another person or employee.

• The information is protected by legal professional privilege.

• Giving access to the information could hinder an investigation into a criminal offence.

8. Website and Internet use

8.1 Reasonable steps will be taken to maintain secure internet connections. If you provide us with personal information over the internet, the provision of that information is at your own risk.

8.2 Thrive Wellbeing Collective is not responsible for personal information you provide to third party websites, regardless of if that website was accessed through the Thrive Wellness websites.

9. Cookies

9.1 Thrive Wellbeing Collective uses cookies (alphanumeric identifiers) that monitor use of the website. It is the users’ responsibility to disable cookies via the browser if desired. Disabling cookies may affect the functionality of the site.

COMPLAINTS

If an individual considers that there has been a breach of the Act they are entitled to complain to Thrive Wellbeing Collective. All complaints are to be in writing and addressed to the attention of the Privacy Officer on: thrivewellbeingcollective@gmail.com

Thrive Wellbeing Collective’s Privacy Officer will investigate the complaint and attempt to resolve it within a reasonable timeframe.

RELATED LEGISLATION

• Privacy Act 2020

• Unsolicited Electronic Messages Act 2007

• Human Rights Act 1993

OWNERSHIP AND REVIEW

This Policy is to be reviewed annually and updated as required.

Date of Publication: October 2024