Privacy Policy

Ka Uruora – Privacy Statement 

In this document Ka Uruora refers to Ka Uruora Aotearoa Trust and its associated trusts and bodies, including [Ka Uruora Foundation, Ka Uruora Housing Trust, Ka Uruora Kāinga Limited, Ka Uruora ki te Raki Foundation, Ka Uruora Ki Te Raki Housing Trust, Ka Uruora Te Tauihu and Ka Uruora Te Tauihu Housing Trust and any othe], and any other trusts or bodies operating as part of the Ka Uruora operational structure;  

This privacy statement explains how Ka Uruora (‘we’, ‘us’, ‘our’) collects, uses, stores, shares and disposes of your personal information. Personal information means information about an identifiable individual (being a natural person, not a corporate body), as defined in the Privacy Act 2020.  

This privacy statement reflects our commitment to respecting and protecting all personal information that we hold about you.  

Our Policy  

We only use, store, and share personal information collected in accordance with this privacy statement and the Privacy Act 2020. 

Scope 

This privacy statement applies to all personal information, including personal information collected through our website, social media pages, phone calls, written communications we receive, meetings we conduct, and other interactions with you and the organisations we partner with to deliver our services.  

This privacy statement also applies to personal information provided by the following persons: 

  • our clients and potential clients, including people who participate, or apply to participate, in the programmes we administer and their authorised representatives;  
  • persons who voluntarily provide us personal information, for example users of our website, those who contact us or connect with us on social media; and  
  • other ‘associated people’ (such as shareholders, company directors, responsible and advisory trustees) of our clients. 

This statement applies to all capacities in which we exercise our duties, functions, and obligations.   

You accept this Privacy Statement when you interact with us or use our services. 

Collection 

What personal information do we collect? 

We only collect personal information where it is necessary to carry out our functions or to deliver our programmes. For example: your name, address, contact information, iwi affiliation and financial information if you are participating in one of our programmes.  

In some cases, if personal information we request is not provided, we may not be able to provide some or all of our services to you. 

How do we collect your personal information? 

We collect your personal information directly from you, such as when: 

  • You contact us by email, phone or through our website. 
  • You attend a meeting with us. 
  • You contact or connect with us on social media. 
  • You provide us with your information in order to participate in one of our programmes.  

We may also collect information about you from other people, such as when:  

  • You provide one of our partners with your information in order to participate in one of our programmes. Our partners (Partners) include funding partners and service partners, such as: 
  • New Zealand Housing Foundation;  
  • Smartshares Limited; and  
  • partners contracted to deliver education and associated support services.  
  • You authorise someone else to provide us with personal information or to update your personal information, for example when someone else updates your details with us. We may ask your authorised person to show proof of connection to you. 
  • We search publicly available information. 
  • Agencies such as local councils provide us with information about you or your property. 
  • Organisations such as your bank provide us with information in relation to your participation in our programmes. 
  • We engage third parties to undertake services on our behalf to enable us to perform our functions, and those third parties collect your information. 

If you have provided us with information about another person, you warrant that you have that person’s permission to do so, and that the information is accurate. 

Cookies 

Our website, and other web services we offer, use cookies. Browser or ‘web’ cookies are small text files that are sent by a website and stored on your computer’s hard drive to collect information about how you browse the website. 

Cookies are used to: 

  • Measure how you use the website so it can be updated and improved based on your needs. 
  • Remember the notifications you’ve seen so that we don’t show them to you again. 

You can manually disable cookies at any time. Check your browser’s ‘Help’ to find out how (disabling cookies will not affect your ability to use this website). 

Data collected by cookies may include: 

  • Your IP address. 
  • The search terms you used on this site. 
  • The pages you accessed on this site and the links you clicked on. 
  • The date and time you visited this site. 
  • The referring site (if any) from which you clicked to reach this site. 
  • The device you used to access this site. 
  • Your operating system (e.g. Windows 10, Mac OS X). 
  • The type of web browser you used to access this site (e.g. Internet Explorer, Google Chrome). 
  • Other things like your screen resolution, the release of your installed Flash version and the language setting of your browser. 

Storage, Security and Retention  

How do we store your personal information? 

We take reasonable care and will require any third parties acting on our behalf, to keep your personal information safe from loss, misuse, and unauthorised disclosure. 

We store any hard copy personal information within our offices or in outsourced secure, off-site storage. Our primary database on which we store your electronic copy personal information is within an Australia-domiciled data centre. In some cases, aspects of your personal information may be stored outside of New Zealand for business continuity/redundancy purposes, or specialised services that are not hosted in New Zealand. We will only disclose personal information to countries outside of New Zealand when we believe on reasonable grounds that the relevant country is subject to privacy laws that, overall, provide comparable safeguards to those in New Zealand.  

How do we secure your personal information?  

We take security seriously. Our website and our systems have security measures in place to prevent the loss, misuse and alteration of information under our control. To maintain the cyber security of our systems and information, our systems are subject to ongoing security monitoring (including activity logging), security analysis, patching, security testing and auditing. 

We may use information about your use of our website and other IT systems to prevent unauthorised access or attacks on these systems or to resolve such events. We may use this information even if you are not involved in such activity. 

We may use services from one or more third party suppliers to monitor or maintain the cyber security of our systems and information. These third-party suppliers will have access to monitoring and logging information as well as information processed on our website and other IT systems. 

How long do we keep your personal information? 

The law requires us to destroy your personal information if we no longer require it for the purpose for which we collected it or if it is no longer required to meet our legal requirements. If we have to keep it to meet our legal requirements, we will continue holding it until it is no longer required to meet those requirements. 

Use of Personal Information  

We use the personal information you provided us for the purposes that you provided the personal information to us and to perform our lawful duties and functions as required.  

We may also use your personal information: 

  • To perform a purpose directly related to the purpose for which you have given your personal information to us. 
  • Where the law permits or requires its use. 
  • To meet our legal obligations, as well as obligations imposed by governmental, judicial or regulatory entities or authorities, and entities that supervise or regulate us. 
  • To contact you about a request or query. 
  • As part of ‘data matching’ activities, in which we compare your information with information that is public and/or held by someone else (for example, using a service provider to confirm your postal address details). 
  • To help us understand your needs and preferences so that we can enhance or develop new products and services. 
  • As otherwise permitted by the Privacy Act 2020. 

Accuracy of Information 

We will not use or disclose any personal information without taking reasonable steps (in the circumstances) to ensure it is accurate, up to date, complete, relevant, and not misleading. 

Sharing and Disclosure 

Who do we provide your information to? 

We do not generally share your personal information with third parties unless sharing it is needed for the purpose for which you gave the information to us. However, we may share your personal information in the following circumstances:  

  • With our Partners. 
  • With your Iwi.  
  • With people or organisations that undertake services for you and/ or us (such as insurers, our technology vendors, and providers of management services). 
  • For a directly related purpose to the purpose for which the information was collected. 
  • When required or permitted by law. 
  • When we need legal or other professional advice.  
  • To meet obligations imposed by governmental, judicial or regulatory entities or authorities and entities that supervise or regulate us. 
  • When you have provided your authorisation to disclose your personal information (for example to your attorney or authorised person).  

We will not disclose personal information to another person or agency unless we believe on reasonable grounds: 

  • the disclosure is directly related to the purposes for which the personal information was collected;  
  • the personal information is publicly available, and disclosure is not unfair or unreasonable; 
  • you have authorised the disclosure; 
  • the personal information will be used in a form where you are not identifiable; or  
  • non-compliance is necessary as set out in the Privacy Act 2020. 

When we disclose your information to third parties, we make sure they are aware of the importance we place on protecting your privacy. They are required to keep your information confidential and only use it for the purpose for which we have supplied it, or as permitted or required by law. 

In all other cases we will only disclose your personal information if it is permitted under the Privacy Act 2020. 

Right of Access and Correction 

How can you check and correct your personal information? 

Subject to the exceptions in the Privacy Act 2020, you have the right to: 

  • Find out from us whether we hold personal information about you. 
  • Access that information. 
  • Request corrections of that information, if applicable. If we have a good reason for refusing a request for correction, we are not required to change the personal information, however, the “correction” will be attached to the personal information. If you request such a correction, we will inform you of the action taken as a result of the request. 

If you want to find out whether we hold personal information about you, access that information, or request a correction, please contact our Privacy Officer (details below).  

Notifiable Breaches 

If there is a breach of privacy involving your personal information, we will comply with any legal obligations in the Privacy Act 2020. If there is a notifiable privacy breach (one which has caused or is likely to cause serious harm) we will notify the Office of the Privacy Commissioner and the affected people (unless an exception applies). 

Privacy Officer 

We have a privacy officer who is responsible for: 

  • maintaining this policy and relevant processes; 
  • supporting staff with complying with the policy; 
  • liaising with third parties in respect of privacy matters, including the Privacy Commissioner or other relevant regulators;  
  • dealing with any requests we receive under the Privacy Act 2020; and 
  • managing any privacy complaints received.  

For information, requests, or complaints please contact the privacy officer:  

Brenda Kingi-Booth – Brenda@kauruora.nz  

If you make a privacy complaint, we will follow it up through our internal complaints process.  

If you are not satisfied with the outcome, you can contact the Privacy Commissioner on 0800 803 909 or visit https://www.privacy.org.nz/ 

Updating This Policy 

We review this policy regularly and we might make some changes from time to time. We may amend and update this Privacy Statement by posting a revised version on our website. You will always find the current version on our website at https://kauruora.nz/. Any amendments will be effective immediately from the date the new version is posted. 

Last updated 06 November 2024