Privacy

If you handle personal information, then you are likely to be an 'agency'.  An agency is any organisation or business, which its in the public or private sector that includes government departments, companies, small businesses, social clubs and other types of organisations. 

You must have a written Privacy Policy which sets out how your agency handles personal information.  

The Privacy Act has 14 information privacy principles which set out how you should handle personal information. 

• Principle 1   - Purpose for collection

• Principle 2   - Source of information - collection from the individual

• Principle 3   - What to tell the individual about collection

• NEW Principle 3A - Indirect collection notification

• Principle 4   - Manner of collection

• Principle 5   - Storage and security of information

• Principle 6   - Providing people access to their information

• Principle 7   - Correction of personal information

• Principle 8   - Ensure accuracy before using information

• Principle 9   - Limits on retention of personal information

• Principle 10 - Use of personal information

• Principle 11 - Disclosing personal information

• Principle 12 - Disclosure outside New Zealand

• Principle 13 - Unique identifiers

From 1 May 2026, if an agency collects personal information from a person indirectly, then they must notify the individual (unless an exemption applies).

PRIVACY OFFICER

A person must be nominated as your Privacy Officer and they must be familiar with your privacy obligations.  If your customer has questions about privacy, then they should be directed to the Privacy Officer.