The privacy of personal information is important to us, so we will not provide your information to any third parties except:
- to comply with any legislative obligations
- where third parties provide you with services on our behalf or assist with delivery of our services
- to anyone authorised by you to receive it.
2. What kind of personal information does Horizons collect?
The personal information we collect may include your name, date of birth, addresses, email address, telephone numbers, information on your use of our services or facilities and any other information provided by you in connection with, or specifically related to your communications with us, or your use of our services or facilities.
3. Collecting your information
We may collect personal information about you as set out below:
a. When you or someone acting on your behalf provides information to us directly. For example when you:
- apply for employment with us,
- correspond with us, whether in person, by letter, complete and submit a form, phone, text, email, instant messages or other means of electronic communication,
- complete and submit forms we provide for applications for consents, licences, approvals, permits, funding or other authorisations or for the use of any of our services or facilities, including signing up for and using our online services and apps, such as our online payment services.
- prepare and submit a written submission, request, or other feedback in relation to applications for consents, licences, approvals, permits, funding or other authorisations, or in relation to any form of draft or proposed plan, policy, bylaw or other document,
- use any of our services or facilities,
- subscribe to any of our newsletter or update services,
- follow or post comments in response to our social media or other facilities such as Facebook, Twitter, LinkedIn, YouTube, etc.
b. We may keep a record of any information that you acquire from us. Find out more by phoning us on 0508 800 800.
c. We may monitor and record phone calls made to or by us for quality control or staff training purposes. If a call you make to us, or that we may make to you, is to be monitored and recorded, you will be informed of this at the time of the call.
d. We may collect personal information about you from other organisations, entities or persons, such as:
- Our related organisations including Council Controlled Organisations;
- Our suppliers, which include organisations such as Land Information New Zealand
- The New Zealand Police, credit reporting agencies and other organisations, entities and persons where you have expressly authorised them to provide us with information.
e. When you visit one of our websites, we may use technology solutions such as “cookies” to provide you with better access to tailored information and services on the websites and to better serve you when you return to them.
f. Our internet service providers may also make a record of your visit and log information for statistical purposes. This information is only analysed on a bulk basis for broad demographic content. Individual use is not analysed. We do not attempt to identify users or their browsing activities unless they choose to give us personal information while using our website.
“Closed Circuit Television” (CCTV) is used in particular areas to monitor passenger and traffic movements, monitor Horizons facilities to assist with our environmental monitoring, help reduce crime and anti-social behaviour and to promote community safety. Signage advising of CCTV equipment will give notice of areas covered by such equipment. CCTV footage will only be viewed by authorised people in accordance with the purposes noted above or for the purposes of regularly checking the system is operational. No attempt is made to identify individuals from CCTV footage except in relation to a reported or suspected incident requiring investigation. We may share CCTV footage with the NZ Police or other public sector agencies where criminal activity is reported or suspected.
4. Using your information
The personal information that we collect from you or someone acting on your behalf may be used for any of the following purposes:
a. To provide you with services or facilities, including:
- those you have requested; and
- assisting our Council Controlled Organisations to provide such services or facilities to you.
b. To positively confirm your identity. This is to avoid inappropriate release or use of your information.
c. To respond to correspondence or to provide you with information that you have requested.
d. To process your application for any consent, approval, permit or other authorisation for which you have applied.
e. To process your application to use or to register for any of our services, including our online services.
f. To process payments received by or made by Horizons.
g. To respond to your requests, enquiries or feedback, or for customer care related activities.
h. To provide you with information about our events, news, services or facilities, or the events, news, or services of our Council Controlled Organisations that we consider may be of interest to you.
i. To comply with relevant laws and regulations.
j. To carry out activities connected with the running of our business or operations.
k. For any specific purpose which we notify you of at the time your personal information is collected.
l. For general administrative and business purposes.
5. Sharing your information
We may disclose personal information about you to:
a. Any person engaged by Horizons to provide products or services to you on our behalf, where your personal information is necessary for the provision of those products or services.
b. Council Controlled Organisations, in order to assist with the functions and services that they provide.
c. A third party if we are required to do so under any laws or regulations, or in the course of legal proceedings or other investigations. This may include sharing CCTV footage with the New Zealand Police or other public sector agencies where criminal activity is reported or suspected. The New Zealand Police may also access live feeds from certain CCTV cameras from time to time, for law enforcement, investigation and emergency response purposes.
d. Any person you authorise us to disclose your personal information to.
e. Any person, if that information is held in a public register, e.g. information held on property files or the rating information database.
f. Councillors and the public when you make a submission in relation to bylaws, annual plans, district or regional plans, or draft or proposed policies. Submissions are made available in full (including the submitter’s name and contact details) on our website and at our main office.
g. A third party contracted by us to provide data hosting services within New Zealand or in other countries. We will ensure appropriate safeguards are put in place to ensure adequate protection of your information.
We will not sell, trade or rent your personal information to others.
6. What if you do not provide us with the personal information required
If you do not provide us with all of the personal information about you that we request from you, we may not be able to adequately respond to your correspondence, process any applications you have submitted, provide the services or facilities you have requested, process payments or otherwise deal with any requests or enquiries you have submitted.
In some circumstances, failure to provide information when requested may be unlawful, and/or result in legal consequences. These circumstances and the potential consequences will be explained to you when your personal information is collected.
7. Security and accuracy
We take reasonable steps to ensure personal information is:
- protected against loss, damage, misuse and unauthorised access; and
- accurate, up to date, complete, relevant, and not misleading.
All data is stored behind corporate firewalls and our servers are protected by reasonable physical and electronic security measures.
8. How long we hold personal information
We may retain all personal information that we collect (on both our active systems and our archive systems), for as long as administratively necessary, in accordance with our information retention and disposal schedule.
The Public Records Act 2005 requires us to retain “protected records” indefinitely. In some circumstances, your personal information may be included within a protected record, including submissions you make in relation to bylaws, annual plans, and regional planning instruments.
9. Accessing and correcting your personal information
Where you have an enquiry concerning the information we hold on you as a ratepayer, please contact firstname.lastname@example.org or otherwise contacting us on 0508 800 800.
You may request confirmation of whether or not we hold any personal information about you and you may request access to your personal information that we hold by emailing us at email@example.com or otherwise contacting us on 0508 800 800 or at the addresses provided below. Once we have verified your identity we will answer your request, pursuant to the provisions of the Act.
We can charge actual and reasonable costs for making information available. Details of the charges are published in the current Long Term or Annual Plans under the ‘Other Administrative Charges’ section.
You may request that the personal information we hold about you be corrected by emailing us at firstname.lastname@example.org. If we agree that your personal information is to be corrected we will provide you with an amended record of your personal information if requested.
Your rights of access to and correction of any personal information we hold about you are subject to the principles (see Appendix 1) and procedures set out in the Act.
10. Who you can contact for further information
Horizons Privacy Officer
Email address: email@example.com
Postal Address: Private Bag 11025, Manawatu Mail Centre, Palmerston North 4442
11. Linked Documents
Privacy Act 2020
Public Records Act 2005
12. Review of this Policy
This policy may be reviewed from time to time by Horizons at its sole discretion, and in any event will be reviewed biennially. To be clear, however, this policy remains valid and in force, irrespective of whether the review date has passed.
The next review will be in February 2023.
Appendix 1: Summary of the Privacy Act 2020 Privacy Principles
The Privacy Act 2020 has 13 privacy principles that govern how organisations should collect, handle and use personal information.
An organisation can only collect personal information for a lawful purpose and where the information is necessary for that purpose. The organisation should not ask you for personal information that is not necessary for their purposes.
An organisation should generally only collect personal information directly from you. But if this isn’t possible, they can collect it from other people in certain situations. For instance, if you give them permission to do so, the information is publicly available or collecting it from some else is in your interests.
When collecting personal information an organisation should let you know why the information is being collected, who will have access to it, whether it is optional to provide the information and what will happen if you don’t provide the information.
An organisation can only collect personal information in ways that are lawful, fair, not unreasonably intrusive and must take care when collecting personal information from children and young people.
An organisation will make sure that we have reasonable security safeguards in place to prevent loss, misuse, or disclosure of personal information.
You can ask an organisation for your personal information that they hold. If there is a good reason, an organisation may refuse access if releasing the information will endanger safety or risk serious harassment of others, breach another person’s privacy or enforcement of the law.
You can ask an organisation to correct personal information they hold on you if you think it is wrong.
Before using or disclosing your personal information, an organisation must check that it is accurate, complete, relevant, up to date and not misleading.
An organisation must not keep personal information for longer than is necessary.
An organisation will only use your personal information for the purpose they collected it for. They can only use your personal information for a different purpose if you give us permission or in some limited circumstances, like civil emergencies.
An organisation can only disclose personal information in limited circumstances. For example, if your information will be anonymous, you authorise the disclosure or the disclosure is necessary to avoid endangering someone else’s safety or is necessary to uphold or enforce the law.
An organisation can only send your personal information to someone overseas if the information will be adequately protected. If there aren’t adequate protections in place they should ask for your permission.
If an organisation uses a unique identifier to identify you in their dealings with you, they will only do so if it is necessary for their operations, not use the same as another organisation and keep the unique identifier safe to minimise the risk of misuse (such as identity theft).