Why we have this policy
Rural Accountants Limited Partnership (RALP) are bound by the Privacy Act 2020 and as such is guided by that Act on how we collect, store, use and share personal information.
RALP will ensure that:
· you know when your information is being collected
· your information is used and shared appropriately
· your information is kept safe and secure
· you can get access to your information
The Privacy Act 2020 came into force on 1 December 2020, replacing the Privacy Act 1993.
The Principals of the Privacy Act that govern RALP are:
Principal 1 – Purpose for Collection.
RALP will only collect personal information for lawful purposes to enable us to perform the duties we are contracted to complete.
Principal 2 – Source of information.
RALP will collect information direct from the person involved. However, if the party is unable to provide the information personally, we will collect it from other people in certain circumstances. For instance:
· if the person concerned authorises collection from someone else
· if the information is collected from a publicly available source
· if collecting information from the person directly is not really practicable or would undermine the purpose of collection.
Sometimes, information can be collected from other sources for law enforcement and court proceedings.
Principal 3 – What to tell the individual about collection.
RALP will be open as to why we are collecting personal information & its purpose. RALP will take all reasonable steps to make sure that the person knows:
· why it’s being collected
· who will receive it
· whether giving it is compulsory or voluntary
· what will happen if the information isn’t provided.
Sometimes there may be good reasons for not letting a person know about the collection – for example, if it would undermine the purpose of the collection to protect law enforcement investigations, or it’s just not possible to tell the person.
Principal 4 – Manner of collection.
RALP will only collect information by lawful means and seen as fair and reasonable in the circumstances. Particular care must be taken when collecting information from children or young people.
Principal 5 – Storage & security of the information.
RALP will ensure that there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information.
If RALP has a serious privacy breach it will notify the Office of the Privacy Commissioner as soon as possible (within 72 hours).
Principal 6 – Access to personal information.
RALP acknowledges that people have a right to ask for access to their own personal information.
Generally, RALP will provide access to the personal information it holds about someone if the person in question asks to see it but not for anyone else, unless they’re acting on that person’s behalf and have written permission.
In some situations, RALP may have good reasons to refuse a request for access to personal information. For example, the information may involve an unwarranted breach of someone else’s privacy or releasing it may pose a serious threat to someone’s safety. Withholding grounds could cover:
Principal 7 – Correction of personal information.
RALP acknowledge that a person has a right to ask an organisation or business to correct information about them if they think it is wrong.
If RALP does not agree that the information needs correcting, an individual can ask that RALP attach a statement of correction to our records, and that RALP will take reasonable steps to do so.
Principal 8 – Accuracy of personal information.
RALP must check before using or disclosing personal information that it is accurate, up to date, complete, relevant and not misleading.
Principal 9 – Retention of personal information.
RALP will endeavour not to keep personal information for longer than it is required for the purpose it may lawfully be used.
Principal 10 – Limits on use of personal information.
RALP can generally only use personal information for the purpose it was collected, and there are limits using personal information for different purposes.
Sometimes other uses are allowed, such as use that is directly related to the original purpose, or if the person in question gives their permission for their information to be used in a different way.
Principal 11 – Disclosure of personal information.
RALP may generally only disclose personal information for the purpose for which it was originally collected or obtained. Sometimes other reasons for disclosure are allowed, such as disclosure for a directly related purpose, or if the person in question gives their permission for the disclosure.
For instance, RALP may disclose personal information when:
· disclosure is one of the purposes for which the organisation got the information
· the person concerned authorises the disclosure
· the information is to be used in a way that does not identify the person concerned
· disclosure is necessary to avoid endangering someone’s health or safety
· disclosure is necessary to uphold or enforce the law.
Principal 12 – Disclosure outside of New Zealand.
RALP may only disclose personal information to another organisation outside New Zealand if we check that the receiving organisation:
· is subject to the Privacy Act because they do business in New Zealand
· will adequately protect the information, e.g. by using model contract clauses, or
· is subject to privacy laws that provide comparable safeguards to the Privacy Act
If none of the above criteria apply, a business or organisation may only make a cross-border disclosure with the permission of the person concerned. The person must be expressly informed that their information may not be given the same protection as provided by the New Zealand Privacy Act.
Principal 13 – Unique identifiers.
RALP currently does not use or intend to use Unique Identifiers for its clients.