Policy Owner: Roger Sutton, CEO
Approved date: July 2021
1. Policy statement
This Statement is provided for your information and doesn't limit or exclude your rights under the Privacy Act 2020.
2. Topics covered in this policy
- What information do we collect?
- How do we use your information?
- How we share your information
- Storage of your personal information
- Protecting your information
- Accessing and updating your information
- Internet use
- Destruction of your information
- Disclosure outside New Zealand
- Unique Identifiers
- Changes to our Privacy Statement
- Breaches of Act
3. General - Website Access
4. What information does EA Networks collect?
We also collect information relating to you that you have provided to us (for example, on a services application or registration form, through the way you use our products and services), or that we may have obtained from another source (such as your electricity provider or Retail service providers (RPS)).
The information may include your name, address, telephone number(s), email address, information on how you use our products and services, and anything we need to provide products or services to you. We may also monitor and record your calls to us and our calls to you.
We collect personal information about you when:
- It is necessary to provide goods or services you have requested or inquired about.
- It is required in order to maintain your shareholder information.
- You have expressly consented to us collecting that information, for example when you apply for an account with us, or enter a competition or promotion run by us.
- It is necessary to protect or enforce our legal rights or interests (including to protect our IT systems or to improve cyber security), or to defend any claims made against us by any person (including you); or,
- It is required by law.
Where possible, we will collect the information directly from you. However, the method of collecting this information may vary depending on which one of our services you are using (for example your retail service provider for fibre services and your electricity retailer for electricity and shareholder activities).
When you access our website, we may collect information including the following:
- your internet protocols, address and domain name used by your computer.
- your computers operating system and browsers.
We will not disclose any such information except in aggregate form. We also use CCTV cameras to record footage at some of our sites. This footage may constitute ‘personal information' as defined in the Privacy Act 2020.
5. How EA Networks use your information?
The information that we collect from you may be used by us for several purposes connected with our business such as:
- Supplying you with products and services.
- Processing your orders or applications and administering your account.
- Enabling an organisation to pay a benefit to a customer.
- Enabling an organisation to pay a benefit to a shareholder.
- Billing you (unless you pay by another agreed method) and collecting any debt owed to us by you.
- Dealing with your requests, enquiries or complaints and other customer care related activities.
- Informing you about special offers or promotions that are relevant to your relationship with us.
- Carrying out any activity in connection with a legal, governmental or regulatory requirement on us or in connection with legal proceedings, crime or fraud prevention, detection or prosecution.
- Carrying out activities connected with the running of our business such as personnel training, quality control, network monitoring, testing and maintenance of computer and other systems and in connection with the transfer of any part of our business in respect of which you are a customer or a potential customer; or,
a. For general administrative and business purposes.
b. CCTV footage specifically may be used for the following purposes:
i. Detecting and deterring criminal behaviour on our sites; and,
ii. Monitoring the safety and security of our staff and our sites and completing incident investigations.
- Analysing and improving our website.
We will only collect information from you if this is necessary for our business and will not be used for another purpose.
6. Sharing your information
There may be times when we need to disclose your personal information to third parties. You authorise us to disclose your information to:
- Other parts of our operation who may use and disclose your information for the same purposes as us.
- Those who provide us with products or services that support the services that we provide, such as (but not limited to) our suppliers, field service providers and contractors.
- Credit reference agencies (unless we have agreed otherwise), who may share your information with other organisations and who may keep a record of the searches we make against your name.
- If someone else pays your bill, such as your landlord, that person.
- Anyone we transfer our business to in respect of which you are a customer or a potential customer.
- Anyone who hosts or maintains data centres, service platforms, cloud-based solutions and other infrastructure and systems on behalf of us and EA Networks, where your information is processed, hosted or stored; or,
- Any person or organisation as authorised by the Privacy Act 2020.
Our website may contain hyperlinks to websites operated by third parties. We are not responsible for the content or collection, storage or distribution of personal information you provide to those websites. We encourage you to check the privacy statements for each of those websites to protect your personal information.
Otherwise, we will only disclose your personal information, if doing so is:
- Necessary to protect or enforce our legal rights or interests, or to defend any claims made against us by any person (including you).
- Necessary in order to report a cyber incident or for cyber security purposes (including to prevent unauthorised access to, or attacks on, our systems).
- Necessary to lessen a serious threat to a person's health or safety; or
- Required to uphold or enforce the law; or
7. Storage of your personal information
We store personal data electronically and in paper form. The personal data is kept safe and secure using generally accepted standards of security.
8. Protecting your personal information
We will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up to date and stored in a secure environment protected from unauthorised access, modification or disclosure.
CCTV footage will usually be retained for a period of 15 days, after which time it will be deleted.
9. Accessing and correcting your personal information
You may request access to the personal information we hold about you by sending an email to email@example.com. Please quote your name and address. We would be grateful if you could also provide brief details of what information you want a copy of (this helps us to more readily locate your data).
In some cases, there may be a charge associated with providing copies of your personal information to you. If so, we will advise you of this prior to sending your information to you.
We will not be able to provide your personal information if we do not know or don't have reasonable grounds to believe it is personal information about you or if disclosing the information would involve the unwarranted disclosure of the affairs of another individual.
You can request correction or amendment of the information held by us at any time and as often as necessary by sending us an email to firstname.lastname@example.org and specifying the information that you require changed. If it is reasonable in the circumstances for us to do so, we will make the requested change or correction, otherwise we'll take reasonable steps to mark that information as having been subject to a change or correction request.
If we do not agree that the information needs correction you can request us to attach a correction statement to our records.
You can lodge a complaint with the Privacy Commissioner if you are not satisfied as to how your correction request has been dealt with by us.
We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, if you are using the internet, remember to sign out of your account and close your browser window when you have finished. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place.
10. Internet use
We make every effort to maintain the security of our internet connections; however, for reasons outside of our control, security risks may still arise. Any personal information transmitted to us or from our online products or services will therefore be at your own risk, however we will use our best efforts to ensure that any such information remains secure.
- Understand what you like and use about our website.
- Understand what you do not like and do not use on our website.
- Provide a more enjoyable, customised service and experience.
- Enable you to use certain services on our website; and,
- Help us develop and deliver better products and services tailored to our customers' interests and needs.
We also collect IP addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of the service of providing internet session management and for security purposes.
We may use a persistent cookie to record details such as a unique user identity and general registration details on your PC. This helps us recognise you on subsequent visits to this website so that you don't have to re-enter your registration details each time you visit us and allows us to carry out the activities mentioned above.
Most browser technology (such as Internet Explorer, Chrome etc.) allows you to choose whether to accept cookies or not – you can either refuse all cookies or you can set your browser to alert you each time that a website tries to set a cookie. You do not need to have cookies turned on to access our sites, but you may need them for customisable areas of the site that we may develop in the future, or to access and benefit from certain functionality offered by the site.
Our website may contain links to third party websites. These websites have not been prepared by and are not controlled by us. They are provided for your convenience only, and do not imply that we check, endorse, approve or agree with the privacy practices of the third party websites our website links to. Accordingly, we are not liable to any person for any of the content contained on any third party websites or the use of the same.
We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personal information.
11. Destruction of your information
We take all reasonable steps to ensure your personal information is appropriately disposed of once it is no longer needed for the purpose for which it was collected.
12. Disclosure outside New Zealand
We will not disclose information outside New Zealand unless the business or organisation has equivalent privacy laws to those applying in New Zealand and agrees to protect that information.
13. Unique Identifiers
We will not attach a unique identifier to you except if this has already been given to you by another organisation.
15. Breach of Act
If we breach the Act, and this breach is likely to cause serious harm, or has caused such harm, we shall immediately advise the Privacy Commission and all affected persons as soon possible. We will then follow any recommendations on ways to remedy such a breach.