Your privacy is important to us at Le Va.
This policy’s purpose is to help you understand what information we collect, as well as how we use and safeguard that information. The Privacy Act 2020 regulates us on how we collect, use, hold, disclose, access, correct, manage and dispose of your personal information.
This policy covers all programmes within Le Va, including Aunty Dee, Mental Wealth, LifeKeepers, and Atu-Mai.
To access, amend, withdraw or enquire about your data, please contact our Privacy Officer. The Chief Executive is the Privacy Officer for Le Va.
Effectively engaging with people and providing our services requires us to collect and use some personal information. However, we only collect the personal information you choose to give us, your employer has provided us, or that is required by us to adequately identify you. You can opt-out of our communications activities, such as receiving our newsletter, at any time.
We collect information about you from:
The information we may collect when you engage with us includes:
We collect the following information about your use of our website (please note we make no efforts to associate this with your identity unless you have signed up to our website):
We use some third-party providers to manage some of our engagement processes and services, such as newsletters, events registration, live chat and e-learning. Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use protect any personal information they process for us.
We use the following third-party providers.
We use social networking services such as Twitter, Facebook, LinkedIn, TikTok, YouTube, Vimeo and Instagram to communicate with the public about our work. When you communicate with us using these services, the social networking service may collect your personal information for its own purposes.
These services may track your use of our website on those pages where their links are displayed. If you are logged into those services (including Facebook any Google service) while using our site, their tracking will be associated with your profile with them.
These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.
We use third-party providers to store and process our data.
We store most of the personal information we collect and generate electronically on Microsoft Azure cloud servers located in Australia, Digital Ocean servers in Singapore and Amazon Web Services servers. We also use Microsoft Office 365 for our email and other office productivity applications. While your information may be stored overseas, we only use providers that have comparable privacy safeguards to New Zealand.
We retain personal information in compliance with the requirements of the Public Records Act 2005.
We take all reasonable steps to ensure any personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand Government for the secure handling, storage and disposal of any protectively marked or security classified information.
We take reasonable steps to ensure that our third-party data processors can meet our privacy and security requirements.
We will only use the personal information you provide us for the purposes of delivering the services you have requested (such as registering you for an event, applying for funding) or carrying out our lawful functions.
Non-personal, non-identifiable information may be used for reports which may be assessed by third- parties, including researchers, government departments and funders to evaluate the effectiveness of Le Va’s work.
We may use your personal information to:
Where access to Le Va’s programmes (such as LifeKeepers) is being funded through a private company/organisation, personal details (name and role) and information regarding progress and completion may be shared with an individual’s employer (the employer will communicate this prior to making the training available to their staff) to ensure the individual is supported to complete the training in full.
Personal information pertaining to your clinical safety and wellbeing may be used to follow up with you. This information may be shared with third-parties if there are concerns about your immediate safety. Wherever possible, this will be communicated beforehand.
We do not generally share your personal information with third-parties other than third-parties which are providing services to us. However, we may share your personal information, if necessary, to appropriately respond to your enquiry. We may share your personal information with a third-party where the disclosure is authorised by you.
We may share personal information if required by law (for example to assist with the investigation of a criminal offence), to prevent or lessen a serious threat to the health and safety of a person or the public, for statistical purposes where you will not be identified, or for any other lawful purpose under the Act. If our staff are threatened or abused, we may refer this to the Police.
The Act gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also complain to us at any time if you think we have misused your personal information.
Contact us to exercise any of these rights, including the right to complain about our privacy practices.
You have the right to request a copy of the personal information we hold about you (whether we have collected from you directly or from a third-party). You also have the right to ask us to correct your information if you think it is wrong.
We will process your request as soon as possible, and no later than 20 working days after we receive it.
We will be as open as we can with you, but please note that your right to request personal information may be limited if it breaches another person’s right to privacy or is subject to overriding national security legislation.
We may occasionally need to withhold personal information under sections 49-53 of the Privacy Act, for example where the information requested is legally privileged. However, we will only ever withhold information where necessary.
You may request a correction of personal information that you consider is inaccurate. Where the correction requested is not able to be made or we dispute the accuracy of the correction, we will make a note on your personal information.
You can opt-out of receiving our newsletter or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting us.
When you visit the Le Va website (and our programme-specific sites such as Atu-Mai, Aunty Dee, LifeKeepers, Mental Wealth) it will attempt to set cookies on your browser. A cookie is a text file that a website transfers to your browser to remember specific information about your visit or visits.
Some of these cookies may remain on your computer after you close your browser. Some of these cookies are from organisations we use to monitor website usage.
We do not use cookies to collect personal information about you, only about your browser session. The cookies make it easier for you to use the dynamic features of certain website pages.
You can configure your internet browser not to store cookies and set your browser to ask for your permission before it accepts a cookie.
All staff receive relevant information privacy training to minimise the risk of a privacy breach.
Personal information is only used for the purposes Le Va has declared it will be used for. If it is disclosed outside of the purpose, any potential impact on individuals affected is assessed once the incident is discovered. If the impact is likely to cause serious harm our Privacy Officer is notified, so an internal investigation can be carried out and an action plan implemented.
If a breach of privacy occurs that is likely to cause affected individuals serious harm (guidance on this is available through the Privacy Commissioner’s Notify Us tool on their website), the Privacy Officer will notify the Privacy Commissioner and any affected individuals unless an exemption under the Act applies.
We want to know if you have concerns about our privacy practices, whether these relate to the way we collect or share information about you or our decision on your access request. This allows us to try and put things right for you and helps us to identify and fix any problems with our systems or processes.
In the first instance, let us know about your concerns and we will try our best to resolve it. This could include escalating your concerns to a senior staff member to ensure we have made the right decision and fully considered your concerns.
If we cannot resolve your concerns, then you have the right to complain to the Privacy Commissioner about our actions. In the first instance, please email or write to us at the following address, marking it for the attention of the Privacy Officer.