The NZ Privacy Act was updated and came into effect on 1st December 2020.
My Two Cents collects, uses, stores, and potentially discloses personal information of individuals in the workplace, including staff, contractors, volunteers and visitors. This information is used to assess suitability for employment, maintain employee files and for payroll and statistical purposes.
My Two Cents also collects and stores personal information of clients and is passed personal information from third parties related to clients, eg IRD. This information will be stored securely.
My Two Cents Limited is responsible for:
Letting individuals know what information we are collecting and what purpose it will be used for.
Only collecting and storing the information we require for the purposes of our relationships eg employment related purposes or fulfillment of client work.
Only using information that we can reasonably consider accurate eg been supplied by the individual or in the process of a formal investigation
Keeping all information in a secure place take steps to ensure there is no unauthorised access.
Providing you with the right to review and correct any information that we have on record for you. The process for this is detailed in this policy.
Investigating any potential or actual breaches of privacy
Notifying the Privacy Commissioner and any affected individuals of any notifiable breaches as defined in this policy and/or the Privacy Act 2020.
You are responsible for:
Providing all relevant information when requested
Updating personal information when changes occur eg addresses and bank details
Protecting the privacy of information you receive in the process of carrying out your duties
Immediately notifying My Two Cents Limited of any potential or actual breaches of information
Use of Information
My Two Cents Limited may use the information gathered for the purposes of:
Verifying individuals identity
Assessing suitability of employment
Employment related processes
Fulfilling of client work
Other circumstances as allowed by the Act
My Two Cents Limited may also use the information if it is in the public domain and /or does not identify the individuals concerned.
Data security is extremely important in today’s environment, and how My Two Cents handles
personal and client data, and requests to access this data is outlined in the policy below.
We may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this unless we are legally restricted from doing so.
We will take reasonable steps to ensure that the personal information about you we collect, use or disclose is accurate, complete, up to date and stored in a secure environment protected from unauthorised access, use, modification or disclosure.
We will not retain personal information for longer than is required, employee files will be destroyed six (6) years after the employment relationship has ended and applications for employment will be destroyed one (1) year after the application was made. Client information will be held for the duration of our contract and for 12 months following termination of contract.
Request for Access:
You may request access to, and correction of, personal information by writing to Haley Wilson, Director and Privacy Officer for My Two Cents email@example.com
We will respond to these requests in writing (email) within 20 working days
My Two Cents Limited may collect personal information stored on company equipment eg laptop, phone, surveillance cameras and use this for any employment related purpose.
Any information held on such equipment and related data is generally not subject to privacy rights, and you must not hold any expectations of privacy in respect of use of equipment that is provided by the Company
Requirement to notify
You will notify My Two Cents Limited of any breaches, or potential breaches of information held. This must be in writing to Haley Wilson, Director and Privacy Officer for My Two Cents
We will investigate any breaches, or potential breaches and notify the Privacy Commission of any unauthorised or accidental access to, disclosure, alteration, loss or destruction of personal information, or an action that prevents us from accessing the information on either a temporary or permanent basis, which has caused or is likely to cause ‘serious harm’ to affected individuals.
When assessing whether the breach has or could cause ‘serious harm’ we will consider:
any action taken by us to reduce the risk of harm following the breach:
whether the personal information is sensitive in nature:
the nature of the harm that may be caused to affected individuals:
the person or body that has obtained or may obtain personal information as a result of the breach (if known):
whether the personal information is protected by a security measure:
any other relevant matters.
Some examples of potential serious harm are:
Physical harm or intimidation,
Financial fraud including unauthorised credit card transactions or credit fraud,
Psychological, or emotional harm.
Failure to notify of any actual or potential privacy breach, may constitute serious misconduct and may potentially result in disciplinary action up to and including termination of employment
Further information about the Privacy Act 2020, other relevant regulations, the Privacy Commission, its complaints procedures, your legal rights in respect of privacy, etc., can be found via the following links:
Privacy Act 2020: http://www.legislation.govt.nz/act/public/2020/0031/latest/whole.html
Office of the Privacy Commissioner: https://www.privacy.org.nz/privacy-act-2020/privacy-act-2020/