Privacy Policy
This privacy policy was last updated on 01 June 2019.
Introduction
NZ Forest Products Group Limited (NZFPG) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
This privacy policy applies to New Zealand Forest Products Group Limited (NZFPG) (NZBN 9429047467705) and any entity owned or controlled by NZ Forest Products Group Limited (NZFPG) (“Related Entity”) in relation to NZ Forest Products Group Limited (NZFPG)’ and its Related Entities’ (together “NZ Forest Products Group Limited (NZFPG)” or “we”) operations in New Zealand. This policy explains how NZ Forest Products Group Limited (NZFPG) handles personal information and complies with the requirements of the New Zealand Privacy Act 1993 (“Privacy Act”). If you have any further questions in relation to this policy, please contact our Administration team admin@nzforestproducts.com.
Personal information or personal data is information about an identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data.
Processing is how we sometimes refer to the handling, collecting, protecting or storing of your personal data. NZ Forest Products Group Limited (NZFPG) processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
Exclusions
This policy relates to NZ Forest Products Group Limited (NZFPG)’s collection and handling of personal information that is covered by the Privacy Act. It is not intended to cover categories of personal information that are not covered by the Privacy Act unless otherwise specified.
Policy
- Collection of personal information
- Our legal grounds for processing your personal data
- Why we process personal information
- Disclosure of personal information
- Retention
- Transfer of information outside New Zealand
- Privacy on our Web Sites and Applications
- Security of Personal Information
- Access to Information
- Corrections and Concerns
Collection of personal information
NZ Forest Products Group Limited (NZFPG) collects, holds and processes personal information from clients, suppliers, employees, contractors and other individuals. We collect and hold this information when it is necessary for business purposes.
The main types of personal information NZ Forest Products Group Limited (NZFPG) collects, holds and processes relate to the contact details and organisational roles of our clients, suppliers and other business contacts. Typically, this information includes names, addresses, telephone numbers, e-mail addresses and job titles. In the course of providing professional services to our clients, we may collect and hold more detailed personal information (for instance financial details if we are engaged to perform financial services, or credit information).
We generally do not intend to collect and we ask you not to submit any special categories of personal information. Special categories of personal information include race or ethnic origin; political opinions or political affiliations; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data that uniquely identifies someone; sexual life or sexual orientation; and criminal records.
If you choose to provide special categories of personal information about yourself to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under applicable law, for us to collect and use that information as necessary in the ways described in this privacy policy or as described at the point you choose to disclose this information.
We collect most information directly from individuals when we deal with them. The personal information we collect may be provided in forms filled out by individuals, face to face meetings, email messages, telephone conversations, when you use our websites or our social media, or by third parties. If you contact us, we may keep a record of that contact.
Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or through the use of a pseudonym, although sometimes this is possible (for example, when seeking staff or client feedback generally).
Our legal grounds for processing your personal data
We rely on one or more of the following processing conditions:
- our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your fundamental rights);
- our legitimate interests in developing and improving our businesses, services and offerings and in developing new NZ Forest Products Group Limited (NZFPG) technologies and offerings (provided these do not interfere with your fundamental rights);
- our legitimate interests in maintaining the security of our and our client’s data and in ensuring the quality of our services;
- to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
- to perform our obligations under a contractual relationship with you; or
- where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.
Why we process personal information
The primary purposes for which we collect, hold and process personal information are:
- to provide professional services to our clients: we provide a diverse range of services to our clients. Some of our services require us to collect and process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility, tax and pension services;
- to respond to an individual’s request;
- to maintain contact with clients;
- administering, managing and developing our business and services: This includes:
- managing our relationship with clients and prospective clients;
- developing our business and services (such as identifying client needs and improvements in service delivery);
- analysing and evaluating the strength of interactions between NZ Forest Products Group Limited (NZFPG) and a contact;
- performing analytics, including producing metrics for NZ Forest Products Group Limited (NZFPG) leadership, such as trends, relationship maps, sales intelligence and progress against account business goals;
- administering and managing IT systems, websites and applications; and
- hosting or facilitating the hosting of events.
- providing our clients and prospective clients with information about us and our range of services : we use client and prospective client business contact details to provide information that we think will be of interest about us and our services in accordance with any permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events;
- for general management and reporting purposes, such as invoicing and account management;
- for recruitment purposes;
- for purposes related to the employment of our personnel and providing internal services to our staff;
- receiving services: we process personal data in relation to our suppliers and their staff as necessary to receive the services they are contracted to provide;
- security, quality and risk management activities: we have security measures in place to protect our and our client’s information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have in place policies and procedures to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those client engagement and acceptance procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputation issues);
- complying with any requirements of law, regulation or a professional body of which we are a member: as with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data; and
- other purposes related to our business.
We may keep a record of your Personal Information, correspondence or comments in a file specific to you. We will utilize, disclose or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
If you choose not to provide us with personal information, we may be unable to do such things.
We may collect, hold and use personal information about individuals to market our services, including by email. However, individuals always have the opportunity to elect not to receive further marketing information from us by writing to the Privacy Officer at privacy-officer@nz.NZ Forest Products Group Limited (NZFPG).com. Please allow 20 working days for your request to be processed.
Alternatively, if we have contacted you by email, you may use the unsubscribe function in that email to notify us that you do not want to receive further marketing information from us by email.
If we collect, hold or use personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.
Employee records are not generally subject to the Privacy Act and therefore this policy may not apply to the handling of information about employees by NZ Forest Products Group Limited (NZFPG). For information about our practices relating to employee information, please contact us directly.
Disclosure of personal information
NZ Forest Products Group Limited (NZFPG) does not routinely disclose personal information to other organisations unless:
- use or disclosure is permitted by this policy;
- we believe it is necessary to provide you with a product or service which you have requested (or, in the case of a partner, employee or contractor of NZ Forest Products Group Limited (NZFPG), it is necessary for maintaining or related to your role at NZ Forest Products Group Limited (NZFPG));
- to protect the rights, property or personal safety of any member of the public or a customer of NZ Forest Products Group Limited (NZFPG) or the interests of NZ Forest Products Group Limited (NZFPG);
- some or all of the assets or operations of NZ Forest Products Group Limited (NZFPG) are or may be transferred to another party as part of the sale of some or all of NZ Forest Products Group Limited (NZFPG)’ business;
- you give your consent; or
- such disclosure is otherwise required or permitted by law, regulation, rule or professional standard. This would potentially involve disclosure as necessary to law enforcement, regulatory and other government agencies and to professional bodies.
We may also disclose personal information under the following circumstances:
- with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
- when explicitly requested by you;
- when required to deliver publications or reference materials requested by you;
- when required to facilitate conferences or events hosted by a third party;
We may also share non-personal, de-identified and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to or trade personal information with third parties.
NZ Forest Products Group Limited (NZFPG) uses a range of service providers to help us maximise the quality and efficiency of our services and our business operations (including internal business requirements, such as recruitment and human capital requirements). We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. This means that individuals and organisations outside of NZ Forest Products Group Limited (NZFPG) will sometimes have access to personal information held by NZ Forest Products Group Limited (NZFPG) and may collect or use it from or on behalf of NZ Forest Products Group Limited (NZFPG). This may include, but is not limited to, independent contractors and consultants, travel service providers, mail houses, off-site security storage providers, information technology providers, event managers, credit managers, debt collecting agencies, providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The third party providers may use their own third party subcontractors that have access to personal data (subprocessors). It is our policy to use only service providers and third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by NZ Forest Products Group Limited (NZFPG) and in accordance with our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorised purposes. We also require the flow of those same obligations down to their sub-processors. If NZ Forest Products Group Limited (NZFPG)’ staff obtain products or services offered by a third party pursuant to an agreement or arrangement between that third party and NZ Forest Products Group Limited (NZFPG), such as a credit card provider, we may provide your personal information to that third party, including information that relates to your use of such services.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the data and to comply with our data protection, confidentiality and security standards.
Retention
We retain personal data processed by us for as long as is necessary for the purpose for which it was collected. Personal data may be held longer periods where extended retention periods are required by law or regulation and as necessary in order to defend our legal rights.
Transfer of information outside New Zealand
In addition to disclosures permitted under this policy, we may disclose your personal information to other NZ Forest Products Group Limited (NZFPG) firms within the NZ Forest Products Group Limited (NZFPG) global network.
We may share personal data with other NZ Forest Products Group Limited (NZFPG) member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from NZ Forest Products Group Limited (NZFPG) member firms in different territories).
NZ Forest Products Group Limited (NZFPG) and other NZ Forest Products Group Limited (NZFPG) firms with which we exchange information may also use overseas facilities or contractors to process or back-up our information or to provide certain services to us. These NZ Forest Products Group Limited (NZFPG) firms, service providers and contractors may not be New Zealand entities or regulated by the Privacy Act, and may not be subject to privacy laws that provide the same level of protection as New Zealand’s. You consent to the disclosure of your personal information to such NZ Forest Products Group Limited (NZFPG) firms, service providers and contractors on this basis.
All service providers that have access to personal information held by us are required to keep the information confidential and not to make use of it for any purpose other than to provide services in accordance with their engagement. We will take all steps that are reasonably necessary to ensure your personal information is treated securely and in accordance with this Privacy Policy as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.
However, any such transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.
Privacy on our Web Sites and Applications
This policy also applies to any personal information we collect via our websites, including NZ Forest Products Group Limited (NZFPG).co.nz, and applications including mobile applications. In addition to personal information you provide to us directly (such as where you make a request or complete a registration form).
In order to properly manage our websites and applications, we may log certain statistics about the users of the facilities, for example the users’ domains and browser types. None of this information specifically identifies an individual and it is used solely to ensure that our websites and applications provide the best possible navigational experience for users.
Cookies and web beacons are used on some NZ Forest Products Group Limited (NZFPG) websites.
Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. In most cases, you can refuse a cookie and still fully navigate the NZ Forest Products Group Limited (NZFPG) websites. If you require more information on the type and use of cookies by NZ Forest Products Group Limited (NZFPG), see our Cookies Information page.
A web beacon is a clear picture file used to keep track of your navigation through a website. Along with cookies, web beacons help us gain an understanding of how users of NZ Forest Products Group Limited (NZFPG) websites navigate through and process the content contained in those websites. On occasion NZ Forest Products Group Limited (NZFPG) will advertise on third party websites. As part of the tracking process for advertising campaigns we may at times use web beacons to count visitors who have come to the NZ Forest Products Group Limited (NZFPG) websites after being exposed to NZ Forest Products Group Limited (NZFPG) advertising on a third party site.
We do not use this technology to access your personal information.
If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about members’ use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.
Because NZ Forest Products Group Limited (NZFPG) wants your user experience to be as informative and resourceful as possible, we provide a number of links to websites and embedded content operated by third parties that may also set cookies and web beacons. NZ Forest Products Group Limited (NZFPG) is not responsible for the privacy practices or policies of those sites. We encourage you to review each website’s privacy policy, especially if you intend to disclose any personal information via that site. A link to another non-NZ Forest Products Group Limited (NZFPG) website is not an express or implied endorsement, promotion or warranty of the products or services offered by or accessible through that site or advertised on that site.
Security of Personal Information
Depending on the purpose for which we have collected personal information (for example, registration for a NZ Forest Products Group Limited (NZFPG) event or a request for particular information or material), we may store some of the information electronically in NZ Forest Products Group Limited (NZFPG)’ customer relationship management system. Some or all of this personal information may be available to partners and authorised staff of NZ Forest Products Group Limited (NZFPG) for use in accordance with this policy.
NZ Forest Products Group Limited (NZFPG) will endeavour to take all reasonable steps to keep secure any information which we hold about you, whether electronically or in hard-copy, and to keep this information accurate and up to date. We also require our employees and data processors to respect the confidentiality of any personal information held by NZ Forest Products Group Limited (NZFPG).
NZ Forest Products Group Limited (NZFPG) aims to achieve industry best practice in the security of personal information which it holds. It is our policy not to retain personal information once there is no longer a legal or business need for us to do so.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Corrections and Concerns
If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve those concerns.
If you wish to have your personal information deleted, please let us know and we will take reasonable steps to delete it (unless we need to keep it for legal, or internal risk management reasons, or compliance with our professional obligations).
If NZ Forest Products Group Limited (NZFPG) becomes aware of any ongoing concerns or problems concerning our privacy practices, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our privacy policy, or you have a problem or complaint, please contact our Privacy Officer. If you are not satisfied with our handling of your problem or complaint you may make a complaint to the Office of the Privacy Commissioner (https://www.privacy.org.nz/about-us/contact/).