The Privacy Act sets out a series of principles which relate to and promote:
The Act gives the Privacy Commissioner a power to issue codes of practice which may modify the effect or operation of the Act in respect of particular sectors, industries, occupations, or activities.
Under the Act, individuals have a right to request access to personal information about them held by an organisation, and to seek corrections to that information if the individual considers it to be incorrect.
For the purposes of the Privacy Act and this policy:
In return for the assurance that NZbrokers Management Ltd will observe the information privacy principles set out in the Privacy Act, employees and other persons are presumed to authorise at the time of their engagement the collection, storage, use, and disclosure of personal information.
A statement to this effect will be given to each intending employee or other persons for signature or approval before the engagement is confirmed.
NZbrokers Management Ltd is required to provide specific personal information about employees and others to various government agencies (eg Inland Revenue, Ministry of Social Development, Accident Compensation Corporation) and to other organisations (eg KiwiSaver scheme managers). It is assumed that employees and others authorise the disclosure of this information.
Employees and other persons may request access to any personal information about them which NZbrokers Management Ltd might have.
Requests for access to personal information may be made directly to the person or department where the information is believed to be held. Alternatively, requests may be made to the Chief Executive Officer or the Privacy Act Officer.
The person who receives a request for access to personal information must respond without undue delay. In most cases, the individual making the request will be able to inspect the information in the form in which it is held or stored and, where appropriate and if requested, be provided with a printed or electronic copy.
The person who receives a request for access to personal information may consider that the request the Chief Executive Officer/Privacy Act Officer raises issues that need further consideration. The request must then be referred to for a decision. That decision must be made and communicated to the individual concerned within 20 days of the date on which the request for access was received.
In limited circumstances, a request for access to personal information from an employee may be declined. A decision to decline a request must be discussed with, and approved by, the Chief Executive Officer/Privacy Act Officer
A request for access may be declined if the information concerned is evaluative or opinion material.
A request for access may be declined if disclosure of the information concerned would:
A request for access may be declined, with the approval of the Chief Executive Officer/Privacy Act Officer if:
If a request for access to personal information is declined, the individual who made the request must be given, in writing, the reason or reasons for the refusal. An explanation of the reason or reasons should be given if requested. The person who made the request must be told that the refusal may be reviewed by the Privacy Commissioner or an Ombudsman.
An individual or representative of a company who is a client, who believes that any personal information about them is not accurate may ask for the information to be corrected.
The request for a correction should be made in writing and specify the change or changes that the individual or representative wishes to have made. The request should be made directly to the person who holds the information or to the Chief Executive Officer for employees and the Privacy Act Officer for Clients.
If warranted, the requested correction will be made.
If correction is considered to be unnecessary or unwarranted, the individual must be advised accordingly. The individual or representative may then ask for the requested correction to be attached to the information concerned, so that it is visible whenever others have access to the information.
Employees and others may complain to NZbrokers Management Ltd that there has been interference with their privacy, and that this has caused them loss or damage, adversely affected their rights or interests, or resulted in significant humiliation, loss of dignity or injury to their feelings.
As an alternative, under the Privacy Act, complaints may be made to the Privacy Commissioner or an Ombudsman.
Employees and others who wish to complain that there has been interference with their privacy should first approach the person responsible for the alleged breach.
If that is not possible or appropriate, or the outcome of the approach does not satisfy the complainant, the complaint should be made again to the Chief Executive Officer for employees and Privacy Act Officer for Clients. The complaint may be made in person or in writing.
NZbrokers Management Ltd aims to investigate and resolve any complaint speedily and informally if possible.
Employees and others who wish to make a formal complaint that there has been interference with their privacy should set out in writing the details and circumstances of the alleged interference and deliver it to the Chief Executive Officer for employees and Privacy Act Officer for Clients.
The Chief Executive Officer/Privacy Act Officer will investigate the complaint as quickly as possible. The complainant, who may have the support or assistance of a representative or other person(s) chosen by the employee, will have the opportunity to contribute to the investigation.
The investigation will aim to achieve speedy resolution or satisfaction of the complaint. If that is not possible, and the complaint is upheld by the investigation, the matter may become the subject for training, counselling or disciplinary action.
The complaint and the outcome of the investigation are to be recorded and included on the employee’s personal file or in the Clients file.
NZbrokers Management Ltd