Privacy Policy
Humankind Limited (we’ll use we, us, and our from now on) complies with the New Zealand Privacy Act 2020 (we’ll use the Act from now on) when dealing with personal information. Personal information is information about an identifiable individual.
We know maintaining client confidentiality and protecting personal information is important. Given the nature of our business, we have access to personal information and this policy explains how we will collect, use, disclose, and protect your personal information.
This policy does not exclude any of your rights under the Act. For further information on the Act, check out www.privacy.org.nz.
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we uploaded the revised policy. This policy was last updated on 11 June 2021.
Collecting personal information
When we work with you, we may collect personal information about you, your business, and your employees. This may happen:
- when you provide that information to us to help us provide our services to you (as outlined in the Statement of Work or Consultancy Services Order);
- through any contact you have with us (e.g., phone, email, or registration), or when you use our services generally; or
- through third parties (where you have authorised this) or publicly available information.
We may also collect other confidential information from you about your organisation. This may include commercially sensitive information.
Holding and using personal information
We will use the personal information we collect:
- to provide services to you;
- for identifying possible conflicts of interest;
- to market our services to you. This may mean we will contact you electronically and/or sending you Humankind publications and invitations;
- to improve the services that we provide to you;
- to respond to communications from you, including any feedback you provide us;
- to conduct research and statistical analysis (we’ll anonymise the data);
- to protect and/or enforce our legal rights and interests, including defending any claim;
- for internal business purposes (e.g., invoicing and receipting) or for specific purposes we tell you about; or
- for any other purpose authorised by you or the Act.
Disclosing personal information
We may disclose your personal information to:
- any business that supports our services and products, including any person that hosts or maintains any IT system or data centre that we use to provide our website or services (see the Security section of this policy below);
- other third parties (for anonymised statistical information);
- a credit reference agency for the purposes of credit checking you;
- another company within our group;
- a person who can require us to supply your personal information (e.g., a regulatory authority);
- any other person authorised by the Act or another law (e.g., law enforcement agency); and
- any other person authorised by you.
A business that supports our services may be located outside of New Zealand. This may mean your personal information is held and processed outside of New Zealand.
We are committed to:
- taking reasonable steps to protect your personal information from unauthorised use, activity, loss or disclosure; and
- on written request, or as required by law, return or destroy your information belonging to you.
Accessing and correcting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. We will first need evidence from you to confirm that you are the individual the personal information relates to.
If you request a correction, we will make it if we think the correction is reasonable and we are reasonably able to change the personal information. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to access or correct your information, simply email us at [email protected]. Your email should provide evidence of who you are and set out the details of your request (e.g., the personal information, or the correction, that you are requesting).
We may charge you the costs of providing to you copies of your personal information or correcting that information (within reason of course).
Information Storage
Our primary data storage process is via the cloud, in Microsoft 365 Tenant, however, if the work requires it, we may physically store the personal information we collect at our office located at L8 175 Victoria St, Wellington or at a Humankind approved workspace outside our offices. If the personal information is in a physical format, it will be stored in a secure environment.
Security
We take technical and organisational measures to prevent unauthorised processing of your personal information and against accidental loss or destruction of, or damage to your personal information.
We work with a third-party IT supplier (CodeBlue) to monitor and proactively maintain the cyber security of our systems and information. This third-party supplier will have access to personal information processed on Humankind IT systems. We use industry-standard security practices to protect the integrity, confidentiality, and security of any personal information we own or hold on behalf of clients including:
- the use of firewalls;
- Advanced Threat Protection;
- Multifactor Authentication on all licenses and access;
- ESET Endpoint Protection; and
- Cisco Umbrella Open DNS filtering for Web and Internet protection.
Notification of Data Breach
While all precautions are taken to ensure all personal information (physical or digital) is treated with security, if we become aware of any breach of security that results in the accidental or unauthorised disclosure of or access to your personal information, we will take steps in accordance with the Act, including:
- notifying you of the data breach in writing as soon as reasonably practicable after becoming aware of the breach;
- promptly taking reasonable steps to minimise harm and secure the personal information in question;
- assisting you regarding your obligations to provide information to your affected users; and
- notifying other relevant parties such as the Privacy Commissioner and CertNZ.
Internet use
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, that is at your own risk.
If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.
Cookies
We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of our website. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all the features of our website.
Contacting us
If you have any questions about this privacy policy, our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us at [email protected].