Christ Church Cathedral Reinstatement Limited (CCRL) and its shareholder Church Property Trustees (CPT) comply with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person). This policy has been prepared in accordance with our obligations, and your rights under the Act and sets out how we will collect, use, disclose and protect your personal information. If you wish to seek further information on the Act, see www.privacy.org.nz.
Changes to this policy
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 28 August 2023.
What personal information do we collect?
We need to collect personal information for a number of reasons, however this will only be necessary for a function or activity of CCRL and CPT, including when you, make a donation, communicate with us in relation to our fundraising activities and when you subscribe to our regular newsletters.
This information may include your name, contact information, proof of identity, billing, bank account or credit card information, your communications and interactions with us (including communications via our website and email address).
How we collect personal information
Wherever possible your personal information will be collected from you, or anyone you authorise to provide us with your personal information. We may collect personal information when you, or someone acting on your behalf, provides it to us directly. For example, when you:
- communicate with us in person, by phone, letter or electronically through our website.
- complete and submit a donation form on our website.
- subscribe for our newsletters and email updates; and
- follow or post comments in response to our social media or other online communications.
Your personal information will be held at our office (as listed on our website). It may also be held for us in the data centres, platforms and systems of our third-party service providers, some of which may be located outside of New Zealand.
When you visit or return to our website, we may use technology solutions such as cookies to provide you with better access to tailored information. A cookie is a small data file that a website sends to your device, which may be stored for later retrieval by our website. Some cookies we use last only for the duration of your website session and expire when you close your browser. Other cookies are used to remember you when you return.
We may use non-personalised statistics to monitor site traffic, to analyse trends, to gather demographic information about those who use our services, to improve our services and to improve user experience. These anonymised and/or amalgamated statistics do not include personal information.
How we use your personal information
We will only use your personal information for the purposes for which it was collected (or otherwise as required or authorised by law). This may include using your personal information:
- To process and receipt payments we receive from you.
- For the purposes of fundraising campaigns, donor stewardship and providing information about our activities and projects.
- To verify your identity (if necessary to ensure we provide you with appropriate and relevant services and information, and to avoid inappropriate release or use of your information).
- To provide services and products to you.
- To market our services and products to you, including contacting you electronically (e.g. by email for this purpose).
- To improve the services and products that we provide to you (e.g., sponsorship products).
- To comply with relevant laws and regulations.
- For any specific purpose that we notify you of at the time when your personal information is collected.
- For general administrative and business purposes, and to carry out activities connected with the running of our business or operations such as personnel training or testing and maintenance of computer and other systems.
- To respond to communications from you, including a complaint.
- To conduct research and statistical analysis (on an anonymised basis).
- To protect and/or enforce our legal rights and interests, including defending any claim.
- For any other purpose authorised by you or the Act.
Disclosing your personal information
For the purposes we have described above, we may disclose your personal information to:
- Another company within our group.
- Any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services and products.
- Other third parties (for anonymised statistical information).
- A person who can require us to supply your personal information (e.g. a regulatory authority).
- Any other person authorised by the Act or another law (e.g. a law enforcement agency)
- Any other person authorised by you.
How long do we hold personal information?
We may retain personal information we collect for as long as administratively necessary or required by law.
If you do not provide requested personal information
If you do not provide all the personal information that we request, we may be unable to adequately respond to you, provide the services you have requested, process payments, or otherwise deal with any requests or enquiries you have submitted.
Security and accuracy
We work diligently to protect the security of your personal information, including credit and debit card information. We maintain all reasonable safeguards to keep your information safe and secure, and protected against loss, other misuse, and unauthorised access, use, modification, or disclosure. We keep physical documents secure where there is a reason to take them outside our premises. Electronically stored personal information is protected from external sources and regular backups of the data are undertaken
We will also undertake reasonable measures to ensure personal information is accurate, current and relevant. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
Accessing and correcting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, contact us via our contact form on our website. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or attaching a statement of correction to that information.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk. If you post your personal information on our website’s message board or chat room, you acknowledge and agree that the information you post is publicly available.
Questions or complaints
If you feel we have breached any of the principles set out in the Act or have a privacy issue you wish to discuss, please contact us via our contact form on our website.
If you believe there is a privacy dispute we cannot resolve, you can make a complaint to the Privacy Commissioner, who can investigate potential breaches of the Act. You can contact the Privacy Commissioner by:
Phone: 0800 803 909 (Monday to Friday, 10:00am to 3:00pm)
By Post: Office of the Privacy Commissioner, PO Box 10094, Wellington 6143
Approved by CCRL Board of Directors, 28 August 2023