1. Introduction

1.1  From time to time Recruitment Studio (“the Agency) may collect, hold, use and disclose personal  information relating to its customers, contractors, suppliers and employees in the performance of its business activities

1.2  The Privacy Policy (“Policy”) sets out guidelines to assist the Agency and its employees comply with the requirements of the Privacy Act 2020 (“Privacy Act”) and the Information Privacy Principles (“IPP”) in relation the collection, holding, storage, use and disclosure of individuals’ Personal Information.

2. Scope

2.1. This Policy applies to the collection, holding, storage, use and disclosure by the Agency (or a person acting on behalf of the Agency) of individuals’ Personal Information in New Zealand.

3. Definitions

3.1. Personal Information means information about an identifiable individual.

4. Collection of Personal Information

4.1.  The Agency may collect Personal Information for a lawful purpose connected with a function or activity of the Agency and the collection of that information is necessary for that purpose. Personal Information shall not be collected by means that are unfair or unreasonably intrusive (particularly in circumstances where Personal Information is being collected from children or young persons).

4.2.  A person who collects Personal Information on behalf of the Agency must comply with this Policy and the requirements of the Privacy Act.

4.3.  When collecting Personal Information from an individual, the Agency shall inform the individual of the collection (and other matters) and has obtained any necessary consent for the Agency to collect, use and disclose that Personal Information.

5. Use and Disclosure of Personal Information

5.1. The Agency will not use or disclose Personal Information about an individual unless the Agency believes on reasonable grounds that:

a. the use or disclosure is for one of the purposes for which the information was obtained, or a directly related purpose;

b. the disclosure is to the individual concerned;

c. the information is in a form in that does not identify the individual or is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned;

d. the individual has authorised the use or disclosure; or

e. the source of the information is a publicly available publication and it would not be unfair or unreasonable to use the information; or

f. the use or disclosure is necessary to avoid prejudice to the maintenance of the law by any public sector agency, or for the enforcement of a law imposing a pecuniary penalty, or for the protection of the public revenue, or for the conduct of proceedings before any court or tribunal; or

g. the use or disclosure of the information is necessary to prevent or lessen a serious threat to public health or public safety, or the life or health of the individual concerned or another individual; or

h. the use or disclosure of information is necessary to enable an intelligence and security agency to perform any of its functions; or

i. the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern;

j. the use or disclosure is required or authorised by or under law; or

k. the use or disclosure is not inconsistent with the requirements of the Privacy Act.

6. Unique Identifiers

6.1. The Agency will only assign unique identifiers to individuals where necessary, including in the following circumstances:

a. an employee number for payroll purposes;

b. a user name for the purpose of signing on to the the Agency server / computer system;

c. security card for automatic access into secure sites;

d. unique identifiers assigned by the Agency will not be the same as that assigned by any other agency (e.g., IRD number).

e. The Agency may require an individual to disclose a unique identifier where necessary (e.g., an individual’s IRD number will be required to pay income tax or Kiwisaver payments).

7. Personnel files

7.1.  The Agency’s core employees maintains a personnel file for every employee.

7.2.  Electronic copies of personnel files are held in a secure folder on the Agency’s shared drive. Access is restricted to members of the Agency’s core employees, controlled by the system administrator.

7.3.  The Agency will not use Personal Information contained in the personnel file for any purpose other than the purpose for which it was collected unless authorised by the individual concerned.

8. Data Quality

8.1. The Agency will, before using or disclosing Personal Information, take reasonable steps to make sure that the Personal Information is accurate, complete, up-to-date, relevant and not misleading.

9. Data Security

9.1.  The Agency will take reasonable security safeguards to protect the Personal Information against loss, access, use, modification, disclosure that is not authorised by the Agency and other misuse.

9.2.  The Agency will take reasonable steps to destroy or permanently de-identify Personal Information (such as a job applicant’s resume) when it is no longer required for the purposes for which the Personal Information may lawfully be used.

10. Openness

10.1.  This Privacy Policy is available on the Agency’s website and on the Agency’s intranet.

10.2.  This Privacy Policy will also be made available to anyone who requests it from the Privacy Officer.

11. Access and Correction

11.1. Employees and other individuals are entitled to request confirmation from the Agency whether it holds personal information about them, and to request access to and/or correction of their personal information and the Agency will provide reasonable assistance.

11.2.  Requests should be made in writing (email suffices) to the Agency’s Privacy Officer and should provide evidence of the identity and authority of the requesting person, and details of the request (for example, any specific information that is requested to be accessed and/or provided).

11.3.  If the Agency does not hold the requested information, but believes that another agency holds the requested information, the Agency will ‘transfer’ the request to the other agency within ten (10) working days after the day it receives the request, unless it has good reasons to believe that the individual does not wish the request to be transferred to such other agency. In either case, the Agency will inform the requesting individual.

11.4.  Except for the event of a transfer, the Agency will respond to a request under this clause within twenty (20) working days after the day it receives the request.

11.5.  With regard to a request for access to personal information, the Agency may refuse access to personal information in accordance with the Privacy Act, for example, where a refusal is necessary for the protection of an individual’s health or safety, or where the information is evaluative material or a trade secret.

11.6.  The Agency will provide reasons for denial of access to Personal Information.

12. Disclosure of personal information overseas

12.1. The Agency will take reasonable care where personal information is to be disclosed to a foreign person or entity. The Agency may disclose personal information overseas where the specific requirements of the Privacy Act are met. These requirements are intended to ensure that personal information disclosed overseas is subject to comparable safeguards, or where that may not be possible, that the individual is fully informed and authorises disclosure.

13. Mandatory reporting of serious privacy breaches

13.1.  The Agency is required to notify the Privacy Commissioner and affected individuals as soon as practicable if it is aware a notifiable privacy breach has occurred. A privacy breach is notifiable if it is reasonable to believe it has caused serious harm to an affected individual (or individuals) or is likely to do so.

13.2.  Any employee who becomes aware of a privacy breach, or potential privacy breach, must notify the Agency’s Privacy Officer immediately.

14. Privacy Officer and addresses

14.1.  The Agency’s Privacy Officer is Bridgette Johnstone.

14.2.  The Privacy Officer’s role and responsibilities include:

a. encouraging compliance with the Information Privacy Principles;

b. dealing with requests made to the Agency pursuant to the Privacy Act;

c. working with the Privacy Commissioner in relation to investigations; and

d. ensuring compliance with the Privacy Act.

14.3.  The Agency’s address is Level 5, 35 High Street Auckland 1010.

15. Complaints

15.1.  The Agency takes all privacy complaints received seriously.

15.2.  The Agency will acknowledge the receipt of a complaint and will work with the complainant to resolve it.

15.3.  If you would like more information about the Agency’s process for handling complaints,

please contact bridgette@recruitmentstudio.co.nz.

16. Further information

16.1. For further information about privacy and the protection of privacy, visit the Office of the Privacy Commissioner’s website at www.privacy.org.nz.

17. Policy amendments

17.1.  The Agency may modify or amend this Policy from time to time.

17.2.  Therefore, the Agency encourages affected individuals to periodically review this Policy.

This Policy was updated October 2021.