Privacy policy

Te Kāhui Korowai Rangatahi Youth Health Aotearoa has adopted this policy to ensure that we handle personal information in accordance with the Privacy Act 2020 (the Act) and any other relevant legislation.

In this policy, “we”, “us” and “our” is referring to Te Kāhui Korowai Rangatahi Youth Health Aotearoa (TKKR).

We recognise that you have the right to control your personal information, and you have our assurance that we will take all reasonable steps to ensure that the personal information we collect is protected from misuse or unauthorised disclosure.

This policy sets out how we will collect, use, store, disclose and protect your personal information.

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz

 

What is personal Information?

Personal information is any information about you as an individual.

 

Collection of personal Information

We may collect the following personal information;

  • Your personal details which you provide to us when joining including (but not limited to):
    • Your name, address, contact number(s) and email address (and any updates to the same)
    • Your membership application form and any supporting documents.
    • Your current professional role.

We also collect and hold the following information (this is not an exhaustive list):

  • Click tracking in relation to your use of our website or emails sent by us; to you and vice versa
  • Log file and cookies information
  • Aggregated information generated by our systems which tracks traffic to our website
  • Photos taken at events
  • Project photos supplied for use.

If you provide us with electronic contact details, you agree that we may send you electronic emails for the purposes set out in this policy. There will be an option to unsubscribe if you do not wish to continue with any of these services.

 

How do we store the information?

Your personal information is collected and held on a dedicated membership file on our cloud computer network, with access only available to our staff and administrators.

Our website is backed up and hosted via New Zealand-based servers.
Third party hosts, such as Mailchimp and Survey Monkey, are used during the course of day-to-day business.

 

How long do we hold information for?

All personal information collected will be retained only for as long we need it to perform our contractual obligations, to meet our legitimate interests, to manage your membership or to comply with our legal obligations.

 

Why do we collect this information?

The information ensures that we can:

  • provide better services to our membership by tailoring our services, marketing and events to meet the needs of our members
  • comply with requirements of the Incorporated Societies Act 2022
  • ensure our website is relevant and includes items of interest to the membership
  • monitor and provide analysis of website trends and
  • for any other purpose which is communicated to you at the time of collection.

We will not, without your direct agreement, use the information we hold about you to directly track or monitor your individual usage of our website or any click throughs.

We use Google Analytics to collect analytical information, such as the number of visitors to our website per day and the number of pages visited. This non-personal information is aggregated by Google Analytics and enables us to measure activity within our website. For further information please refer to Google Analytics website.

 

Who has access to the personal information?

The administration and leadership staff have access to your personal information.

Where information is required to be disclosed to our contractors or agencies (such as our web-hosting agency) to enable them to provide services or communications, we will take all steps to ensure the use of the information is consistent with this policy.

We will take all reasonable steps to ensure that the information is protected against loss, access, use, modification, disclosure or any other misuse.

 

Access to personal information

Where personal information is held by us and it is easily retrieved, you shall be entitled to:

  • seek confirmation from us that we do in fact hold personal information and
  • access that information.

If you believe that the personal information is not correct, you may request in writing that we correct the information.

If you would like to access any information, or request that it is corrected, please contact us on directly on admin@tkkr.co.nz  or through our website.

 

Refusal of access to personal information

We may refuse you access to personal information if (among other things):

  • Disclosing the information would disclose information about another individual
  • The request is frivolous or vexatious or the information requested is trivial
  • The information is not readily retrievable
  • The information does not exist or cannot be found.

We will inform you of our decision within 20 days of you making the request.

 

Privacy Officers

If you are concerned about any possible interference with your privacy, or would like to request access to personal information, please contact our Privacy Officer – admin@tkkr.co.nz

 

If you are unable to contact the Privacy Officer or are concerned about the way in which the Privacy Officer has dealt with your request, please contact Deb Struthers, General Manager at deb.struthers@tkkr.co.nz

 

Protection of information where a request for access is made

When a request is made to access any personal information that we hold about you, we will try our best to copy or preserve the information until the request has been dealt with and, in particular, we will try to retain information for at least three (3) months after we respond to your request to allow anyone who has requested disclosure to review our decision with the Privacy Commissioner.

 

Disclosure of a breach

If you become aware of any breach of the Act and/or this policy, you are required to notify the Privacy Officer or your manager immediately. Reporting of serious breaches is now mandatory and it is an offence not to report them. We will determine whether further reporting is required.

 

Breach of Policy

Any breach of this policy that places, or is likely to place, us in breach of our legal obligations under the Act may be regarded as serious misconduct.

 

Changes to this Privacy Policy

We may occasionally update this policy. We will use our best to notify you of any changes.

 

Last Updated: 27 July 2025