1. Overview
This Privacy Policy sets out PAE (New Zealand) Limited’s expectations for the treatment of personal information. It aims to protect individuals from the potential harm of a privacy breach and to protect PAE, its clients, staff and subcontractors from privacy investigations and prosecution.
The Privacy Act 2020 (the Act) includes businesses such as PAE within the scope of Privacy requirements that previously only applied to government agencies. New requirements, penalties and criminal offences have been introduced. This Policy supports the implementation of the Act’s requirements.
2. Purpose
The purpose of this policy is to set out expected practices and behaviour in respect of the collection, storage and use of personal information.
3. Scope
This policy applies to the collection, storage, use and disclosure of personal information by PAE. Personal information means information about an identifiable individual, meaning some or all of the information can be used to identify an individual.
Under the Act, personal information held by an associated party (e.g. a supplier, subcontractor or service provider) on behalf of PAE is considered to be information held by PAE.
4. Policy
4.1. Privacy Officer
The Head of People & Culture is PAE’s Privacy Officer and performs the functions described in s 201 of the Act.
4.2. Application of the Privacy Principles
All PAE staff, suppliers and subcontractors must, in the design of systems and processes and in the execution of their work, comply with the Privacy Principles set out in the Act.
The Privacy Act has twelve information privacy principles. For the full text of each Privacy Principle, see the privacy.org.nz website. As a brief guide:
- Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.
- Principle 5 governs the way personal information is stored and retained. It is designed to protect personal information from unauthorised use or disclosure.
- Principle 6 gives individuals the right to access information about themselves.
- Principle 7 gives individuals the right to correct information about themselves.
- Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed and that once information is no longer needed, how we remove it from our records.
- Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.
PAE staff, suppliers and subcontractors that seek to change or introduce new ways to collect, process, store or disclose personal information held or shared by PAE should first seek guidance from the Privacy Officer.
1.1 Security and confidentiality
PAE will ensure personal information is protected from unauthorised disclosure and misuse.
1.2 Use of online services and other external organisations
Any online services (including ‘cloud’ services) and other external organisations that receive personal information from PAE must also comply with PAE’s expectations and New Zealand’s Privacy Law.
PAE staff, suppliers and subcontractors that seek to use online services and other external organisations to process, store or transmit personal information held by PAE should first seek guidance from the Privacy Officer.
1.3 Access to and correction of personal information
Every person has a right to access and/or correct personal information about themselves that is held by PAE.
Requests to access and/or correct personal information that do not fit within business-as-usual practices (e.g. staff requesting their own employment records or updating computer log-in information with a married name) should be forwarded to a member of the People and Culture team or the Privacy Officer.
1.4 Privacy disclosure statements
The Act requires PAE to ensure that individuals know why and how we collect their personal information and the purposes for which that information will be used.
4.1.1. Privacy Statement (Customer and 3rd parties)
We may collect, use or disclose personal information from you, including but not limited to:
- Full name, age and other identifying information;
- Commercial or residential address; and
- Contact information.
On occasion, we may have a need to collect other personal information from you, for example information to support credit checks or to enable our safe access to your property, at which time we will make a further disclosure to you about how and why we use and/or disclose that information.
We may collect, use or disclose your personal information in order to:
- Register your requirements and to record our service to you
- Organise access for our staff and subcontractors to your premises;
- Ensure your safety and the safety of our staff and subcontractors;
- Ensure compliance with laws, regulations and internal controls; and
- To complete our financial processes.
We may disclose this information to:
- Government agencies in order to comply with statutory or regulatory requirements; and
- Our staff, customers, suppliers and subcontractors in order to facilitate your interaction with them.
Providing some information is optional. If you choose not to provide sufficient personal details, we may be unable to complete the processes necessary for us to provide services to you.
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact the PAE Privacy Officer at privacy@pae.co.nz, or by telephone to 04 570 0560, or PAE (NZ) Limited, PO Box 30 372, Lower Hutt 5010.
4.1.2. Privacy Statement (Customer and 3rd parties)
We may collect, use or disclose personal information from you, including but not limited to:
Full name, age and other identifying information;
- Copies of photographic identification documents; and
- Contact information.
On occasion, we may have a need to collect other personal information from you, such as medical or criminal history or drug test results, at which time we will make a further disclosure to you about how and why we use and/or disclose that information.
We may collect use or disclose your personal information in order to:
- consider applications for employment or sub-contractor engagement;
- obtain security clearances;
- issue keys, passes and access codes;
- maintain training and other registers;
- ensure compliance with laws, regulations and internal controls;
- develop policies and procedures to ensure we support our people and our business;
- to issue and manage work; and
- to protect your health and safety.
Besides our staff, we may disclose this information to:
- Police and other government agencies in order to obtain and maintain security clearances; and
- Our staff, customers, suppliers and subcontractors in order to facilitate your interaction with them.
Providing some information is optional. If you choose not to provide sufficient personal details, we may be unable to complete the processes necessary for you to work on our behalf.
You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us at privacy@pae.co.nz, or by telephone to 04 570 0560, or PAE (NZ) Limited, PO Box 30 372, Lower Hutt 5010.
1.5 Responding to Privacy Breaches
A Privacy Breach is any unauthorised access to or disclosure of personal information. PAE has a formal Privacy Breach management procedure in place to respond quickly and effectively if such an event should occur.
2 Enquiries
If you have any queries about this policy, please discuss them with your manager or contact the Privacy Officer at the Lower Hutt Office, at privacy@pae.co.nz, or by telephone to 04 570 0560.