Privacy Policy

Introduction

Kāpō Māori Aotearoa New Zealand Incorporated ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the Privacy Act 2020 and other relevant New Zealand legislation.

Information We Collect

How We Collect Information

We collect information through:

• Direct interactions (forms, emails, phone calls, in-person meetings)
• Our website and online services
• Registration for events, workshops, or conferences
• Membership applications
• Referrals from healthcare providers and other support services
• Surveys and feedback forms
• Social media interactions

How We Use Your Information

We use your personal information to:

• Provide and improve our services to tāngata kāpō Māori and their whānau
• Communicate with you about our services, events, and initiatives
• Process membership applications and manage member relationships
• Administer and improve our website and online presence
• Comply with legal obligations and funding requirements
• Conduct research to improve service delivery (in anonymised form)
• Advocate for the needs of our community
• Apply for funding and grants to support our mahi

Legal Basis for Processing

We process your personal information based on:

• Your consent
• Fulfillment of our contractual obligations to you
• Compliance with legal requirements
• Our legitimate interests, where these do not override your rights
• Public interest, particularly in promoting health equity for tāngata kāpō Māori

Data Sovereignty and Individual Rights

We respect the principle of data sovereignty (rangatiratanga o ngā raraunga) and acknowledge that individuals have inherent rights over their personal information. This means:

• You remain the ultimate owner of your personal information
• We act as kaitiaki (guardians) of your information while it is in our care
• We prioritise your control over how your information is used
• We recognise the cultural significance of information relating to Māori identity

While respecting these principles, we also acknowledge our obligations to government funders and Crown entities that support our services. We balance these responsibilities by:

• Only sharing necessary information to fulfil reporting requirements
• Seeking consent where possible before sharing identifiable information
• Advocating for privacy-respectful reporting mechanisms
• Prioritising transparency in how crown obligations affect data handling

Data Sharing and Disclosure

We may share your information with:

• Trusted service providers who assist in our operations
• Partner organisations to facilitate coordinated support
• Government agencies and funders (in aggregated or anonymised form)
• Research partners (with appropriate consent and data protection measures)
• Legal authorities when required by law

We will not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure servers and encrypted connections
• Access controls and authentication procedures
• Regular security assessments and updates
• Staff training on privacy and data protection
• Physical security measures for our premises and equipment

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including statutory and regulatory requirements, and legitimate organisational purposes. When personal information is no longer needed, it is securely destroyed or permanently anonymised.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and collect analytical information. These may include:

• Essential cookies necessary for website functionality
• Analytical cookies to understand visitor behaviour
• Preference cookies to remember your settings

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

Your Privacy Rights

Under the Privacy Act 2020, you have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Object to or restrict certain processing activities
• Data portability (in certain circumstances)
• Withdraw consent where processing is based on consent
• Lodge a complaint with the Privacy Commissioner

To exercise these rights, please contact our Privacy Officer using the details below.

Children's Privacy

We recognise the importance of protecting children's privacy. Where we collect information about children under 16, we will seek parental or guardian consent and implement additional safeguards to protect their information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes through our website or direct communication where appropriate.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact our Privacy Officer:

If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner at www.privacy.org.nz.

Other Important Information