Privacy Policy

Last Updated: February 2025

 

1. Purpose

Connect Consultancy is committed to protecting the privacy and security of personal information in compliance with the Privacy Act 2020 and its Information Privacy Principles (IPPs). This policy outlines how we collect, store, use, and disclose personal data while ensuring alignment with our Cyber Security Statement.

 

2. Scope

This policy applies to all employees, contractors, third-party vendors, and any entity processing personal data on behalf of Connect Consultancy.

 

3. Collection of Personal Information

We collect personal information only where necessary for business operations, legal compliance, or service provision. This includes but is not limited to:

  • Contact details (e.g., name, phone number, email).
  • Business-related information (e.g., company details, professional roles).
  • Client transaction data.
  • Employee records for HR purposes.

Data collection methods include direct interactions, online submissions, and third-party service integrations.

 

4. Use & Disclosure of Personal Information

Personal information is only used for its intended purpose or where required by law. We do not sell or share personal data without explicit consent, except where:

  • Required by law enforcement or regulatory authorities.
  • Necessary for service delivery through authorised third-party providers.
  • Covered under contractual agreements ensuring data security compliance.

Data shared with third-party vendors must comply with the Cyber Security Policy, requiring Data Protection Agreements (DPAs) and supplier security audits.

 

5. Data Security & Retention

To ensure personal data protection:

  • Storage: Data is securely stored with restricted access and encryption measures applied.
  • Retention: Data is retained only as long as necessary for business and legal purposes.
  • Deletion: Data no longer required is securely deleted in compliance with NZISM (New Zealand Information Security Manual) standards.

 

6. Individual Rights & Access Requests

Individuals may request:

  • Access to their personal data.
  • Corrections to inaccurate information.
  • Deletion of data where no legal obligation for retention exists.

Requests should be submitted to info@connect-consultancy.co.nz and will be processed within the legally required timeframe.

 

7. Privacy Breach Response

In the event of a privacy breach:

  • Affected individuals and the Privacy Commissioner will be notified where required.
  • CERT NZ & NCSC NZ will be engaged if a cyber incident is involved.
  • Incident response plans will be activated, as outlined in the Cyber Security Policy.

 

8. Compliance Monitoring & Enforcement

  • Employees must complete annual privacy training, integrated with cyber security training.
  • Quarterly audits will be conducted to assess compliance with privacy regulations.
  • Non-compliance may result in disciplinary action or contract termination.

 

9. Review & Updates

This policy is reviewed bi-annually or as required to reflect changes in privacy legislation and security risks.

 

By using our products and services, you acknowledge and agree to this Privacy Policy.

 

©Copyright Connect Consultancy 2025

All rights reserved  |  Privacy Policy

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.

Privacy Settings

Website Translator

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
Save Settings