Skills Group Privacy Statement
Skills Group (Skills Organisation Incorporated, Skills International Limited and Shift Innovation Centre) must collect, use and share personal information about the people we deal with to meet our core purposes. This privacy statement explains how and why we do this and also how we store and protect it, and how you can access and correct it.
We don’t just view privacy as a compliance requirement, we see it as a fundamental part of our values:
• Real – We are
genuine, and we will always be honest and upfront with you about our
privacy practices, and any data breaches that affect your information.
• Smart – We love to find better ways to do stuff, and that includes managing and protecting your personal information. We’re continuously improving our privacy practices because we know how important these are to trainee trust and confidence.
• Partner – Partnering is in our DNA, and we think it is important to partner with our trainees and let them access and correct their information at any time. After all – you’re the best person to ensure that we’re using up-to-date information.
• Grow – We grow others and ourselves, and we need information about you to do this well. We will always make sure we collect only the information we need to grow you and we will only use your information for legitimate purposes.
Here, you can find out how we collect personal information, what we collect, and why we collect it.
When we collect personal information from you (for example, when you sign our training agreement), we may also tell you other things about the way we’ll manage that information. It is important that you read and understand this statement and any other things we tell you about privacy. You can always ask us if you’re not sure.
We may update our privacy statement, to reflect changes to privacy regulations or our business operations. This privacy statement was last updated in November 2018.
How we collect
We collect personal information from you directly (or via your employer or one of our overseas diplomatic posts) when you apply for any of our services, or when you engage with our call centre, website or contact us in other ways. We may generate information about you internally when we’re delivering services.
We may also collect information about you from third parties, including your employers, your other training providers or government agencies such as the Tertiary Education Commission, NZ Qualifications Authority or (where you are an overseas-based trainee) the Ministry of Foreign Affairs and Trade.
In all cases, we’ll only ever collect or generate the minimum amount of personal information necessary to meet our purposes. If you choose not to provide any of the personal information requested, we may not be able to consider you for enrolment in a training programme and our ability to deliver services to you may be affected.
What we collect
If you are a NZ-based trainee, we may collect the following personal information about you:
• contact information, including address; phone number and email;
• date of birth;
• National Student Number;
• iwi affiliation;
• citizenship or residency;
• information about your education and qualifications;
• the languages you speak;
• information about your employment;
• information about your literacy and numeracy abilities;
• identity verification documents, such as passport, drivers licence or birth certificate;
• emails or other correspondence relating to the services you receive from us;
• internal notes about the services you receive from us; and
• information about any health and safety incidents you are involved in.
If you are an overseas-based trainee, we may also collect the following personal information about you:
• information about
your travel arrangements;
• information about your living arrangements while you are in NZ; and
• any interactions we have with you during your stay in NZ.
We also collect the following information about you when you use our websites or online services:
• IP address;
• language spoken;
• location; and
• cookies (small data files that our website sends to your browser, which may then store them on your system for later retrieval).
Why we collect
We will usually
tell you why we need to collect information about you at the time we
ask you for it. In general, however, we collect personal information
in order to deliver the services you have requested from us (that is,
meet our contractual obligations to you and your employer), improve
and grow our business and market our services, comply with our
contractual and regulatory reporting requirements, and keep our
trainees and staff safe.
How we process your information
To meet the purposes set out above, we need to
process (that is, use and share)
the personal information we collect about you. We will only process
your information in the ways set out below. If we need to process your
information in a way we did not anticipate, then we will do so only
with your consent or if we are otherwise required or permitted by law
to do so.
The ways we use your information
We will use the personal information we collect about you to:
• consider your application for services;
• manage and deliver any services you request from us;
• contact you if required for the purposes of delivering services;
• investigate and resolve any queries or concerns you raise with us about our services, or your training more generally;
• provide pastoral care to you during your training;
• assist you with travel and accommodation if you are an overseas-based trainee;
• continuously improve our products and services;
• inform you about services, products or updates that might be of interest to you;
• meet our reporting obligations in respect of the services we deliver, including to your employer, regulators or agencies that have contracted us to facilitate training; and
• comply with our legal and regulatory obligations and any lawful requests from government agencies or regulators.
We use the personal information collected when you use our website or online services to:
• provide you with a seamless and easy online
• assist you to find online services and information quickly;
• create and deliver content relevant to you;
• inform you about services, products or updates that might be of interest to you;
• continuously improve our website and online services.
The ways we share your informationWe will only ever share the minimum amount of personal information required to meet our purposes. If we can meet our purposes by sharing de-identified information, then we will.
We may share your personal information with:
• other entities within the Skills Group;
• contracted service providers we use to deliver information or other services (such as our cloud storage provider or our display advertising partner);
• your employer;
• your training provider or assessor;
• previous training providers;
• government agencies, including regulators (such as TEC and NZQA), to meet our reporting requirements; or
• in the event of an emergency, or where we believe there may be a risk of harm to you or others, the Police or any other government agency that we believe may be able to assist.
Here you can find out where we store your personal information and how we keep it safe.
Storage and location
We store all the personal information we collect or generate electronically on password-protected servers located in New Zealand and overseas (with IT service providers in Australia and Singapore). We also store some personal information in hard copy, where necessary. We keep all hard copy documentation in secured cabinets.
We retain personal information only for as long as we have a lawful purpose to use it. Usually, we retain information about trainees for the duration of their training plus a further two years to allow us to manage any complaints or queries about training and meet our regulatory and reporting obligations.
When we no longer need to use it, we securely destroy it. We also make sure that any third-party service providers which hold personal information on our behalf destroy the information we no longer need.
We take reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse.
We recognise that we’re accountable for your personal information wherever it is in the world. Where we can, we will use cloud platforms that host our data only in countries that have adequate privacy laws in place. However, where we cannot do this, we take reasonable steps to ensure that any third-party service providers we use can meet our privacy and security expectations.
Most of the personal information we hold is stored on Microsoft 365. Microsoft has put in place a significant number of security and privacy safeguards to protect information it holds on our behalf. You can read more about Microsoft’s privacy and security practices here.
In addition to using safe and secure systems, we:
• require staff
to understand and adhere to our Information Security
Management Policy and Information Communication Technology Usage
• have strict access controls in place to limit staff access to and use of systems and to monitor access;
• require staff to use strong passwords to protect our systems from unauthorised access;
• build security into new systems and software, using best industry standards;
• use encryption to protect our data, including full disk encryption on portable devices, server encryption, and network traffic encryption;
• use secure communications (SSL) on all our websites and web applications;
• train our staff about information security at onboarding and throughout their employment, and remind them of their security obligations when they leave us;
• ensure our third-party suppliers can meet our security expectations; and
• conduct annual penetration and security testing on our systems, to make sure our controls are effective.
you can find out how to access, correct, or control how we use your
information, and how to complain if you think we’ve misused it.
Accessing or correcting your information
You have the right to ask us for a copy of the personal information we hold about you. You also have the right to ask us to correct your information if you believe it is wrong. These are important rights and we’re committed to making it easy for you to exercise them.
If you want to make a request about your personal information, the best place to start is to talk to your Account Manager. However, you can also contact us in the following ways:
• call us on 0508
• use our contact form at https://skills.org.nz/contact/contact-2; or
• write to us at Skills Group, Freepost 5164, PO Box 24-469, Royal Oak, Auckland, 1345.
Where you use our contact form or write to us, please make sure you put the word “PRIVACY” in the subject line, to ensure that your request goes to the right person.
We may need to verify your identity or authority before responding to your request. Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible, and no later than 20 working days after we receive it.
Controlling the way we use your information (opting out)
There are some things we need to do with your information – like using or sharing it to deliver the services you have requested from us – but where we’re using your information in other ways that are not critical to services, then you may be able to ask us to stop doing this.
To opt out of receiving our newsletter or other marketing communications, use our contact form at https://skills.org.nz/contact/contact-2/ or use the unsubscribe function at the bottom of our update emails.
Making a complaint
If you have any concerns about the way we’ve collected, used or shared your personal information, let us know and we’ll try our best to resolve them. If we can’t resolve your concerns, you can also make a complaint to the Office of the NZ Privacy Commissioner by:
• completing an online complaint form at www.privacy.co.nz;
• writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143, NZ.