Privacy Policy

Purpose 

This Policy has been written to help NZAET customers understand how NZAET collects, uses and protects their information when they visit our website and use our products and services.

Definitions and background

NZAET collects private data from individuals and so is subject to the requirements of the Privacy Act 2020. Principle 3 of the Act requires NZAET to ensure that the individuals are aware that information is being collected, the purpose for which it is collected and the intended recipients of the information. 

This policy is provided for information and doesn’t limit or exclude the rights of an individual under the Privacy Act 2020.

This Privacy Policy covers the following topics: 
1. What information does NZAET collect?
2. How does NZAET use personal information?
3. Sharing personal information
4. Protecting personal information
5. Accessing personal information
6. Internet use
7. Changes to this Privacy Policy

Policy

1. What information does NZAET collect?
NZAET collects information relating to individuals that they have provided (for example, on an application or registration form) or that NZAET may have obtained from another source (such as our trainers, training providers, employers or industry organisations).

This information may include: name, date of birth, address(es), email, telephone number(s), training records, employer details, the industry(ies) that an individual works in and other relevant information.

2. How does NZAET use personal information?
The information that NZAET collects from an individual may be used by NZAET and its employees, officers, agents, contractors and affiliates as detailed below for a number of purposes connected with its business such as:
2.1 issuing certificates; 
2.2 issuing reminders about certificate expiry date; 
2.3 providing the individual with relevant products and/or services such as technical updates or details of upcoming courses; 
2.4 billing the individual (unless s/he pays by another agreed method) and collecting any debt owed to NZAET by an individual;
2.5 settling accounts with those who provide related services to NZAET;
2.6 dealing with requests, enquiries or complaints from the individual and other customer related activities;
2.7 carrying out market and product analysis and marketing NZAET's products and services generally; 
2.8 contacting individuals about our products and services and the products and services of carefully selected third parties which NZAET thinks may be of interest to the individual (unless the individual asks NZAET in writing not to);
2.9 inclusion, subject to any objection or preference the individual may have indicated to NZAET in writing, in any directory or register operated by NZAET or by a third party on NZAET's behalf (unless otherwise approved by the individual such information will be limited to name, company/employer, industry sector, certificate type and number, expiry date and status);
2.10 carrying out any activity in connection with a legal, governmental or regulatory requirement on NZAET or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;
2.11 carrying out activities connected with the running of NZAET's business such as personnel training, quality control, network monitoring, testing and maintenance of computer and other systems and in connection with the transfer of any part of NZAET's business in respect of which the individual is a customer or a potential customer;
2.12 for general administrative and business purposes.

3. Sharing personal information
There may be times when NZAET needs to disclose an individual’s personal information to third parties. If NZAET does this, it will only disclose information to:
3.1 Those who provide products or services to NZAET or support the services that NZAET provides, such as resource developers, trainers and training providers (unless otherwise approved by the individual such information will be limited to the information required to carry out the business activity); 
3.2 Those who require information about the certification status of individuals such as employers, industry organisations, regional councils or quality assurance programmes (unless otherwise approved by the individual such information will be limited to name, company/employer, industry sector, certificate type and number, date of original issue, expiry date and status);
3.3 Anyone who hosts or maintains data centres, service platforms and other infrastructure and systems on behalf of NZAET, where information is processed;
3.4 Anyone NZAET transfers its business to in respect of which the individual is a customer or a potential customer;
3.5 Persons to whom NZAET may be required to pass an individual’s information by reason of legal, governmental or regulatory authority including law enforcement agencies and emergency services;
3.6 Any person or organisation as authorised by the Privacy Act 2020.

4. Protecting personal information
NZAET will take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure.

5. Accessing and correcting personal information
Individuals have the right to access and request the correction of their own personal information, if NZAET holds that personal information in a way that it can be readily retrieved. Individuals can initiate a request for access to the personal information NZAET holds about them by sending an email to info@growsafe.co.nz.

In some cases, there may be a charge associated with providing copies of personal information to an individual. If so, NZAEET will advise the individual of this prior to sending the information.

6. Internet use
NZAET will make every effort to maintain the security of its internet connections.  However for reasons outside of its control, security risks may still arise. Any personal information transmitted to NZAET or from our online services will therefore be at the individual’s own risk.  However, NZAET will use its best efforts to ensure that any such information remains secure. NZAET cannot protect any information that an individual makes available to the general public – for example, on message boards or in chat rooms.

NZAET may use cookies and other interactive techniques to collect non-personal information about how individuals interact with its website, and web-related products and services, to:
6.1 understand what an individual likes and uses about our website; 
6.2 understand what an individual does not like and does not use on the NZAET website; 
6.3 provide a more enjoyable, customised service and experience, and 
6.4 help NZAET develop and deliver better products and services tailored to our customers’ interests and needs.

NZAET may use a persistent cookie to record details such as a unique user identity and general registration details on an individual’s PC. This helps NZAET to recognise individuals on subsequent visits to its website so that individuals don’t have to re-enter their registration details each time they visit the NZAET website and allows NZAET to carry out the activities mentioned above.

Most browser technology (such as Internet Explorer, Firefox, Google Chrome etc) allows individuals to choose whether to accept cookies or not – an individual can either refuse all cookies or set their browser to alert them each time that a website tries to set a cookie.

7. Breach of Privacy
NZAET's General Manager is the first point of contact in the event of a privacy breach.  NZAET has a process in place to manage the breach and minimise harm to the affected individual. These steps include:
7.1 Stop the practice that caused the breach 
7.2 Retrieve the information or ensure that the unauthorised recipient destroys the information
7.3 If appropriate, inform the individual whose privacy has been breached
7.4 Identify the cause of the breach and take any actions needed to ensure it does not re-occur.

8. Changes to our Privacy Policy
NZAET may change this Privacy Policy from time to time.