1. Introduction
AJoseph Immigration ("we," "us," or "our")is committed to protecting the privacy of personal information we collect and process. We comply with New Zealand’s Privacy Act 2020, upholding the principles of
purpose limitation, collection limitation, storage and security, accuracy, and access and correction. This policy outlines our approach to managing personal information and demonstrates our commitment to privacy.
2. Purpose and Transparency
This policy explains how we collect, use, store, and protect persona linformation, and outlines individuals' rights under the Privacy Act 2020. Thispolicy applies to all employees, contractors, and third-party service providersto ensure compliance with New Zealand privacy laws.
3. Scope
This policy covers all personal information we collect, hold, and process in physical and digital forms.
Personal information, as definedunder the Privacy Act, is any information that can identify an individual, including but not limited to:
Contact Information: Name, email, phone number, and address
Purchase History: Information on past orders and transactions
Online Activity: IP address, website cookies, device identifiers, and browser typeThis policy pertains to clients, employees, suppliers, and otherstakeholders whose personal information we may collect.
4. Collection of Personal Information
We collect personal information lawfully and fairly for purposes directly related to our business activities. Types of information and lawfulbases include:
Contact Information: Collected with consent for customer service and communication.
Purchase History: Collected as necessary for contract fulfilment and product recommendations.
Device and Usage Information: Collected with consent for improving website functionality.When collecting personal information, we inform individuals of thepurpose and their rights through privacy notices, consent forms, or website disclosures, as applicable. If we collect
sensitive information (e.g.,health, ethnicity), it will be done only with explicit consent, where necessaryfor specific services.
5. Lawful and Fair Use of Personal Information
We use personal information for lawful and specified purposes, including: Delivering products and services Communicating order updates and responses to enquiries Analysing website traffic to improve navigation Recommending products based on purchase historyWe will not use personal information for other purposes unlessadditional consent is obtained, or an exception under the Privacy Act applies.
6. Disclosure of Personal Information
We may share personal information with:
Service Providers: For tasks like IT support or payment processing, including cloud storage providers or delivery services. These providers are required to comply with the Privacy Act 2020 and maintain privacy protection.
Business Partners: Where necessary for collaborative service delivery
Legal and Regulatory Compliance: To law enforcement or other entities as required by New Zealand lawWhen personal information is transferred overseas, we comply with thePrivacy Act 2020 requirements, ensuring adequate protection measures such as
standard contractual clauses or compliance with equivalent privacy frameworks. Data transfers are limited to countries with similar privacy protections, includingAustralia and the EU.
7. Security and Privacy by Design
To safeguard personal information, we use:
Firewalls and Intrusion
Detection Systems: To secure our systems.
Access Controls: Restricted access based on job roles and need.
Data Encryption: Secure storage and encrypted communications.
Regular Security Audits: Ongoing reviews to detect vulnerabilities.
Data Breach Response Plan: A documented plan for assessing and managing potential breaches, including notification obligations.Our “Privacy by Design” approach integrates privacy considerations into all new projects and processes.
8. Data Retention and Disposal
We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law. Examples of retention periods include:
Contact Information: Retained for up to 7 years for audit and regulatory compliance.
Financial Information: Retained for 7 years, as required for accounting records.
Website Usage Data: Retained for 2 years for analytical purposes.When data is no longer needed, it is securely disposed of or anonymised according to our data disposal protocols.
9. Rights of Individuals
Under the Privacy Act 2020, individuals have the right to:
Access and Correction: Request access to their personal information and request corrections if it is inaccurate or incomplete.
Deletion: Request deletion of information that is no longer required.
Data Portability: Request transfer of their personal information in a structured, commonly used format.
Object or Restrict Processing: Object to or request restriction on the processing of their information.Requests can be submitted to [Contact Information] by written request, using our online form, or by contacting the Privacy Officer directly. We will respond within
20 working days as required by the Privacy Act.Individuals also have the right to request human intervention in automated decisions that significantly affect them.
10. Marketing Communications
We obtain consent for marketing through opt-in methods, such as subscription checkboxes. Individuals may withdraw consent at any time bycontacting us or using the “unsubscribe” link in communications.
11. Cookies and Tracking Technology
Our website uses cookies and similar technologies to enhance userexperience and gather analytics. Cookies may include:
Functional Cookies: For essential website functions.
Analytical Cookies: For tracking website usage and improving user experience.
Targeting Cookies: For tailoring advertising based on browsing history.Individuals may adjust cookie preferences via browser settings.
12. Automated Decision-Making
Where we use automated decision-making, we are transparent about the logic involved. These processes support recommendations or analyses that enhance service delivery. Individuals may request further information on the logic, as well as request human intervention if the decision significantly impacts them.
13. Breach Notification
In the event of a
privacy breach, we will assess and, where necessary, notify affected individuals and the Office of the PrivacyCommissioner. Our assessment includes evaluating the breach’s nature, impact, and response.
14. Complaints and ResolutionIf individuals believe their privacy rights have been breached, they may contact our Privacy Officer. We are committed to resolving complaints fairly and in a timely manner. Complaints are reviewed internally, and we aim to resolve them promptly. Complaints can also be submitted to the Office of thePrivacy Commissioner (
www.privacy.org.nz).
