Privacy and Confidentiality Policy

Privacy and Confidentiality Policy###

Policy Statement

Child Matters is committed to protecting the privacy of its staff and students and will deal with all personal information in accordance with this Privacy and Confidentiality Policy and with the Privacy Act 2020.

Purpose

Child Matters respects a person’s right to privacy. The purpose of this policy is to:

provide guidelines for Child Matters to follow in order to protect the personal information of its staff and students
ensure staff understand the circumstances in which it is appropriate to access, and disclose, personal student and staff information held by Child Matters.
ensure staff understand the need to observe the requirements of the Privacy Act 2020 (“the Act”) in the use, storage, and management, of that personal information and any other personal information they become aware of as they undertake their roles.

In addition, this policy seeks to ensure:

Data minimisation – limiting the amount of personal information that Child Matters collects and retains
Transparency – being open and honest about what information Child Matters collects and how it will be used.
Security – protecting the personal information Child Matters holds from harm
Use limitation – making sure Child Matters uses and discloses personal information only when necessary and with a lawful basis
Privacy rights – helping the individual exercise their privacy rights and maintain some control over their information.

This policy does not limit or exclude any rights under the Act. If any person wishes to seek further information on the Act, they can do so by visiting www.privacy.org.nz.

Scope

This policy applies to the information of all Child Matters staff and students.

This policy must be adhered to by all Child Matters staff.

For the purposes of this policy, “staff” includes, but is not limited to, any person employed directly by Child Matters, any person individually contracted by Child Matters, volunteers working on behalf of Child Matters, and all Child Matters Board Members.

Legislation

This policy has been written in accordance with the following legislation:

Crimes Act 1961
Education Act 1989
Employment Relations Act 2000
Human Rights Act 1993
Oranga Tamariki Act 1989
Privacy Act 2020

Collection, Access, and Use of Personal Information

COLLECTION OF INFORMATION

Collection of Staff Information

Child Matters may collect personal information from staff by consent. Where personal information is collected, this should be collected from the individual directly, unless an exception, as listed in Principle 2 of the Privacy Act 2020, can be relied upon to collect it from a third party.

Staff will be advised by Child Matters of the purpose for collecting personal information. This can include, but is not limited to:

Ascertaining their suitability to undertake the job applied for.
Meeting HR administrative requirements e.g., emergency contact information, leave records, employment and financial records, health records and other necessary data.
Meeting reporting requirements of funders and government agencies.

Collection of Student Information

Child Matters may collect personal information from students by consent. Where personal information is collected, this should be collected from the individual directly, unless an exception, as listed in Principle 2 of the Privacy Act 2020, can be relied upon to collect it from a third party.

Child Matters collects and processes personal information of students primarily for the purposes of considering applications for study, enrolling students, supporting students, and administering student records and courses of study.

Students will be advised by Child Matters of the purpose for collecting personal information. Collection and processing of student personal information is necessary for Child Matters to carry out their core functions and activities. This can include, but is not limited to:

Satisfying the reporting and legislative requirements of the Ministry of Education, NZQA and other governmental organisations
Assessment purposes
Meeting the requirements of moderation
Documenting that students have met the requirements for admission to the course
Meeting the administrative requirements of Child Matters in regard to emergency contact details and possible health problems
Meeting the requirements for sponsorship.

ACCESS TO PERSONAL INFORMATION

Staff and student information will only be viewable by authorised Child Matters staff and contactors. This may include authorised third parties providing services to Child Matters. Child Matters staff must only access information that is required by them to carry out a Child Matters function. Any subsequent use of the information must be clearly based on professional need.

Subject to certain grounds for refusal as set out in the Act, individuals, or their authorised representatives, have the right to request a copy of personal information that Child Matters holds about them, or to ask Child Matters to correct personal information if they believe it to be incorrect.

In accordance with the Act, and upon request, Child Matters will make personal information held about a person available to them. Evidence will be required to confirm the identity of the individual making the request matches that of the individual to whom the personal information relates.

USE OF PERSONAL INFORMATION

As well as the purpose of collection prescribed above in this policy, student contact information collected at the time of enrolment may subsequently be used to keep students informed of future programmes. Students are advised that this will occur, and invited to have their information withdrawn from Child Matters marketing database should they wish to do so.

Before using personal information in new ways, or in ways that are not part of the routine business of Child Matters, Child Matters must ensure that this is necessary for a lawful purpose or is otherwise permitted or required by law.

DISCLOSURE OF PERSONAL INFORMATION

In order to conduct its business, and as required under laws, regulations, and contractual agreements by which it is bound, Child Matters may use, and disclose, participant’s personal information to external agencies such as government departments, bodies responsible for course moderation and professional accreditation or membership, agencies for financial support and pastoral care. Where Child Matters agrees to share data with another agency it will ensure it is done so in adherence with the Act and that appropriate privacy protection is in place.

Child Matters will not disclose personal information unless:

Having regard to the nature of the information or the circumstances of collection, Child Matters reasonably believes there exists an expectation to use the information or make the disclosure.
Disclosure is required or authorised by law or court or tribunal.
It is necessary to protect the rights, property, health or personal safety of the public or Child Matters interests, and it is unreasonable or impracticable to obtain individual consent.
It is necessary to obtain third party services, for example to carry out data analysis or provide information processing services (where use of individual information by third parties is strictly controlled).
It is for one of the purposes expressly permitted under applicable data protection and privacy laws
Reasonable steps have been taken to ensure that the information is accurate and up to date – particularly where disclosure could impact on the rights or interests of the individual
Consent has been provided.

Security, Storage, and Destruction of Personal Information

SECURITY OF PERSONAL INFORMATION

Child Matters will take all reasonable steps to keep personal information safe and secure, and to ensure that it is protected against loss or unauthorised access, modification, use or disclosure.

In some instances, personal information may be transferred, and held, by service providers in New Zealand and overseas (including for example, where it is stored using a cloud-based service). Where this occurs, Child Matters will do everything reasonably within its power to ensure that the service provider also has reasonable security measures in place to protect your personal information.

Child Matters will not transfer personal information to a foreign person or entity (including an overseas-based service provider) unless:

it reasonably believes that the foreign person or entity has obligations to protect your personal information in a way that is comparable to the protections afforded by the Act; or
authorisation of the disclosure of personal information is obtained after being expressly informed by Child Matters that the foreign person or entity may not be required to protect your personal information in a way that, overall, provides comparable safeguards to those in the Act; or
it is not reasonably practicable in the circumstances for Child Matters to comply with the above points, and it believes on reasonable grounds that disclosure of the personal information is necessary as permitted under the Act.

**INTERNET SECURITY **

While Child Matters takes all reasonable steps to maintain secure internet connections, if personal information is provided over the internet, the provision of that information is at an individual’s own risk.

If an individual follows a link on the Child Matters website to another site, the owner of that site will have its own privacy policy relating to privacy and the use of personal information. Child Matters recommends reviewing that site's privacy policy before any personal information is provided.

** **

All staff and student information is to be stored in a secure location. Personal information will be stored on Child Matters files and databases and all practicable security measures will be maintained. All confidential information will be destroyed securely by using a certified document destruction company, and only following certainty of having approval for that destruction and having met all legal criteria for retention of documents.

All personal information held electronically will be securely deleted before reusing or disposing any electronic equipment including, but not limited to:

Computers
Laptops
Smartphones
Tablets
Hard Drives
USB Sticks
Photocopiers

LENGTH OF TIME HOLDING PERSONAL INFORMATION

Student Information

Regular up-skilling is an important part of all child protection training and as such confidential personal material collected from students may be kept indefinitely in anticipation of that student enrolling in a future course.

Information not required for statistical or historical purposes will be destroyed at the request of a student, or in the event of notification of the death of a student.

Records of achievement, recognition of prior learning or cross credits, individual student assessment, multi-choice answers and any examination results shall be kept electronically for an indefinite period as required by the New Zealand Qualification Authority (“NZQA”).

All other records relating to student achievement shall be kept for a minimum period of two years following the final date of the course.

Staff Information

All personal information relating to a member of Child Matters staff will be held for the duration of their employment.

Breach of Privacy

If you are concerned your privacy has been breached by Child Matters, you may make a complaint to:

The Child Matters Chief Executive Officer and/or
The Child Matters Privacy Officer

You also have the right to make a complaint to the Office of the Privacy Commissioner. You can contact the Office of the Privacy Commissioner at www.privacy.org.nz.

If there is a privacy breach in relation to personal information that Child Matters reasonably believes has caused or is likely to cause serious harm, unless one of the exceptions under the Act applies, Child Matters will notify the individual concerned as soon as practicable.

Contact Details

If you have any questions about our Privacy and Confidentiality Policy, or any other related matter, please contact us: Phone: 07 838 3370 Email: info@childmatters.org.nz

Chief Executive Officer: Jane Searle jane@childmatters.org.nz

Privacy Officer: Richard Corbidge richard@childmatters.org.nz