Privacy Policy April 2021
The NZ Privacy Act was updated and came into effect on 1st December 2020.
Data security is extremely important in today’s environment, and how Smart Bookkeeping handles personal and client data, and requests to access this data is outlined in the policy below.
Smart Bookkeeping collects, uses, stores, and potentially discloses personal information of individuals in the workplace, including staff, contractors, volunteers and visitors. This information is used to assess suitability for employment, maintain employee files and for payroll and statistical purposes.
Smart Bookkeeping also collects and stores personal information of clients and is passed personal information from third parties related to clients, eg IRD. This information will be stored securely.
We may ammend this privacy policy from time to time in response to changes to technology, our data collection practices or the law.
Smart Bookkeeping is responsible for:
- Letting individuals know what information we are collecting and what purpose it will be used for.
- Only collecting and storing the information we require for the purposes of our relationships eg employment related purposes or fulfillment of client work.
- Only using information that we can reasonably consider accurate eg been supplied by the individual or in the process of a formal investigation
- Keeping all information in a secure place take steps to ensure there is no unauthorised access. Currently all client information is held on Onedrive.
- Providing you with the right to review and correct any information that we have on record for you. The process for this is detailed in this policy.
- Investigating any potential or actual breaches of privacy
- Notifying the Privacy Commissioner and any affected individuals of any notifiable breaches as defined in this policy and/or the Privacy Act 2020.
You are responsible for:
- Providing all relevant information when requested
- Updating personal information when changes occur eg addresses and bank details
- Protecting the privacy of information you receive in the process of carrying out your duties
- Immediately notifying Smart Bookkeeping of any potential or actual breaches of information
Use of Information
Smart Bookkeeping may use the information gathered for the purposes of:
- Verifying individuals identity
- Assessing suitability of employment
- Employment related processes
- Fulfilling of client work
- Other circumstances as allowed by the Act
Smart Bookkeeping Limited may also use the information if it is in the public domain and /or does not identify the individuals concerned.
We may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this unless we are legally restricted from doing so.
We will take reasonable steps to ensure that the personal information about you we collect, use or disclose is accurate, complete, up to date and stored in a secure environment protected from unauthorised access, use, modification or disclosure.
We will not retain personal information for longer than is required, employee files will be destroyed six (6) years after the employment relationship has ended and applications for employment will be destroyed one (1) year after the application was made. Client information will be held for 7 years or for the period of the business relationship.
Request for Access:
You may request access to, and correction of, personal information by writing to donna@smartbookkeeping.co.nz
We will respond to these requests in writing (email) within 20 working days
Company equipment:
Smart Bookkeeping may collect personal information stored on company equipment eg laptop, phone, surveillance cameras and use this for any employment related purpose.
Any information held on such equipment and related data is generally not subject to privacy rights, and you must not hold any expectations of privacy in respect of use of equipment that is provided by the Company
Requirement to notify
You will notify Smart Bookkeeping of any breaches, or potential breaches of information held.
This must be in writing to donna@smartbookkeeping.co.nz
We will investigate any breaches, or potential breaches and notify the Privacy Commission of any unauthorised or accidental access to, disclosure, alteration, loss or destruction of personal information, or an action that prevents us from accessing the information on either a temporary or permanent basis, which has caused or is likely to cause ‘serious harm’ to affected individuals.
When assessing whether the breach has or could cause ‘serious harm’ we will consider:
- any action taken by us to reduce the risk of harm following the breach:
- whether the personal information is sensitive in nature:
- the nature of the harm that may be caused to affected individuals:
- the person or body that has obtained or may obtain personal information as a result of the breach (if known):
- whether the personal information is protected by a security measure:
- any other relevant matters.
Some examples of potential serious harm are:
- Physical harm or intimidation,
- Financial fraud including unauthorised credit card transactions or credit fraud,
- Family violence,
- Psychological, or emotional harm.
Failure to notify of any actual or potential privacy breach, may constitute serious misconduct and may potentially result in disciplinary action up to and including termination of employment.
Further Information
Further information about the Privacy Act 2020, other relevant regulations, the Privacy Commission, its complaints procedures, your legal rights in respect of privacy, etc., can be found via the following links:
Privacy Act 2020: http://www.legislation.govt.nz/act/public/2020/0031/latest/whole.html
Office of the Privacy Commissioner: https://www.privacy.org.nz/privacy-act-2020/privacy-act-2020/
