ECAAS ISO New Zealand recognises the importance of protecting personal information, which it may be required to collect from individuals who become associated with its business. The purpose of this Policy is to ensure that any individual who provides information to ECAAS is protected according to the requirements of the Privacy Amendment Act (Private Sector) 2000.
For the purpose of this Policy, “information” is described as:
“Personal information” means information relating to an individual, including an opinion, which may be provided to ECAAS as part of its business requirements either in material form or not, and whether true or not. Such information may personally identify an individual or make the person’s identity reasonably apparent.
“Sensitive information” means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual practices, criminal record or health information.
ECAAS takes it obligations under the Privacy Act seriously, and as such, will take all reasonable steps in order to comply with the Act and protect the privacy of personal information that it holds.
1.1 Collection and Use of Information
ECAAS may require the collection of personal information from individuals to provide the company with the necessary information for the employment process. The reasons for the collection of personal information include, but are not limited to: create an employment record; submit tax; Superannuation; WorkCover and process payroll.
ECAAS may collect and hold personal information, such as, but not limited to, names of employees and proprietors of organisations, addresses, telephone numbers, facsimile numbers, e-mail addresses, titles and professional affiliations. These details are collected for the purpose of providing ECAAS services to customers and clients, and the selling and marketing of our services. ECAAS may also use such information to apply customer/member satisfaction surveys, distribution of newsletters and events such as “loyalty” programs. ECAAS will not disclose this information to any other organisation. In the event that sensitive information is collected by ECAAS it will not be used for any purpose without the express permission of the individual. The collection, use and disclosure of information will be in accordance with ECAAS' Collection Statement.
1.2 Storage, Access and Retention of Personal Information
All personal information collected by ECAAS will be retained as part of a database, which will be securely monitored and maintained by ECAAS. The data will not be made available to a third party, unless it is legally required and verified, without the authority of the individual who provided the personal information.
ECAAS will take all reasonable steps to protect the security of the personal information that it holds. Hardcopy documents will be securely locked away outside business hours. Software and electronic data shall be protected by the maintenance of effective and up-to-date: anti-virus software; firewalls; user restrictions and back-up processes.
ECAAS will make available for inspection all personal information, based on the information supplied by the individual, that it holds in relation to an individual, provided reasonable notice is given. In the event that any part of the personal information that the individual inspects is determined to be incorrect and requires alteration then ECAAS will make such alteration in compliance with the corrected advice provided by the individual.
Additionally, where information held by ECAAS is no longer required to be held, and the retention is not required by law, then ECAAS will destroy such personal information by a secure means.