Privacy Policy

Privacy Policy

  1. INTRODUCTION

1.1. Rationale

At In Education Limited t/a Staff My Team we recognise and respect individual rights of whänau and kaiako in protecting their privacy. It is important for all In Education Limited t/a Staff My Team employees to be aware of the requirements of the Privacy Act 2020 and take all necessary steps to prevent a privacy breach from occurring.

1.2. Te Whariki

Well-being/ Mana atua – Goal 3: Tamariki, whãnau and employees experience an environment where they are kept safe from harm.

Belonging/ Mana whenua – Goal 4: Tamariki, whãnau and employees experience an environment where they know the limits and boundaries of acceptable behaviour.

1.3. Licensing Criteria for Early Childhood Education & Care Services 2008

Governance, management and administration: Professional Practices.

GMA7: Suitable human resource management practices are implemented. Documentation required: Processes for human resource management; including: selection and appointment procedures; job/role descriptions; induction procedures into the service; a system of regular appraisal; provision for professional development; a definition of serious misconduct; and discipline/dismissal procedures.

GMA7A: Before a person is employed or engaged as a children’s worker, as defined in the Children’s Act 2014, a safety check as required by that Act must be completed. A detailed record of each component of the safety check must be kept, and the date on which each step was taken must be recorded, including the date of the risk assessment required to be completed after all relevant information is obtained. These records must be kept by, or available to, the service provider as long as the person is employed or engaged. Every children’s worker must be safety checked every three years. Safety checks may be carried out by the employer or another person or organisation acting on their behalf.

DOCUMENTATION REQUIRED: 1. A written procedure for safety checking all children’s workers before employment or engagement of the worker commences that meets the safety checking requirements of the Children’s Act 2014.

  1. A record of all safety checks and the results.
  1. PROCEDURES
  • When collecting, using, disclosing, or otherwise dealing with any personal information, we will always consider and adhere to the information privacy principals as outlined at the conclusion of this Policy (Section 22 of the Privacy Act 2020).

Key privacy principles for In Education Limited t/a Staff My Team employees to adhere to are:

  • We will only collect, create and retain personal information that we reasonably require for the purpose of carrying out In Education Limited t/a Staff My Team activities.
  • We will always be transparent about the personal information we collect as well as how we may use, store and disclose it.
  • We will always take reasonable steps to ensure that personal information is adequately protected against loss and unauthorised access, use and disclosure.
  • We will only ever use and share personal information in ways agreed with the person the information is about, and only where necessary to meet our lawful purposes.
  • We will ensure the privacy rights of others, including the right to know in advance, and to consent to how their personal information is used and shared, as well as the right to access and correct their information.
  • In Education Limited t/a Staff My Team is committed to keeping children healthy and safe. We may share information with appropriate agencies (such as health and education providers or other agencies involved with your child’s life) if sharing that information will protect or improve the safety, health or well-being of a child. Our agency by law can always share information with Oranga Tamariki and the police. Further information can be found in our Child Protection Policy.
  • The In Education Limited t/a Staff My Team Director is the Privacy Officer for In Education Limited t/a Staff My Team. The Privacy Officer is responsible for ensuring all privacy law obligations are met when it comes to our collection, use, storage, security and retention of personal information of employees, children and others. In the case of a serious privacy breach, the In Education Limited t/a Staff My Team director is responsible for reporting to the Privacy Commissioner.
  • Kaiako must be aware of In Education Limited t/a Staff My Team policies and procedures and their responsibilities to keep private information secure, including all written information and photographs. See social media policy.
  • If kaiako are made aware of any privacy breaches, they must notify the privacy officer as soon as possible, preferably within 24 hours of the breach being discovered. The privacy officer will complete a privacy breach report (a template for this is kept with the Director).
  • All records of privacy breaches or near misses is kept with the In Education Limited t/a Staff My Team director and if appropriate, discussed at monthly meeting.
  • The Privacy Act 2020 makes it compulsory to report any privacy breaches “that have caused serious harm or are likely to do so”, In the event that a breach of this nature does occur, In Education Limited t/a Staff My Team will notify the Privacy Commissioner of the privacy breach. If we are unsure as to whether the breach is a serious one, we will contact the Privacy Commissioner and seek guidance.
  • If there is a privacy breach, we will always notify the affected individuals promptly so that they can take steps to protect themselves and regain control of their information as soon as possible.
  • Personal employee information will be collected and generated. What information and how this is used, can be found in the privacy and data policy.
  • All individuals have the right to request copies of their own personal information or to know what information In Education Limited t/a Staff My Team has. On occasion some information may need to be withheld and if that is the case an explanation will be offered.
  • All individuals have the right to correct any personal information In Education Limited t/a Staff My Team holds about them.
  • All individuals have the right to make a complaint about the way In Education Limited t/a Staff My Team has collected, processed and used their personal information. (See complaints policy.) If this process is unsatisfactory, individuals can make a complaint to the Officer of the New Zealand Privacy Commissioner at: www.privacy.org.nz.
  • At times we will need to share personal information with external agencies. Where possible, we will seek consent to disclose personal information to third parties. Where this is not possible, we will only disclose personal information if we have a lawful and reasonable basis for doing so.
  • All members of the In Education Limited t/a Staff My Team community, whanau, kaiako and all other employees, recognise the privacy of the whanau attending an early childcare centre. They will seek consent before using images of employees, tamariki or whanau on any social networking site. 
  • All confidential personnel files are kept under lock and key.
  • Where personal information is particularly sensitive (e.g. it is financial or health related) In Education Limited t/a Staff My Team will take additional steps to ensure the information is secure and can only be accessed by those at In Education Limited t/a Staff My Team who have a legitimate need to access and use it.
  • We use some third-party services to store personal information that is provided to us, this is covered in our privacy and data policy.
  • In Education Limited t/a Staff My Team is required to keep some information for specific periods of time. After such time In Education Limited t/a Staff My Team will take all reasonably practicable steps to delete and destroy this information.
  • In Education Limited t/a Staff My Team employees understand that photographic and video footage of tamariki learning experiences recorded on digital devices (on personally owned device) such as mobile phone, tablets, and other recordable electronic equipment will only be used within the context of learning stories, centre documentation, group planning at the request of the centre you are relieving in. This would not happen regularly. 
  1. LINKS TO:
  • Social Media Policy

Date approved: February 2024

Review date: February 2025

Information privacy principals (Section 22 of the Privacy Act, 2020)

Principle 1: Purpose for collection Personal information must only be collected when it is for a lawful purpose and necessary.

Principle 2: Source of information Personal information must usually be collected from the person the information is about, with some exceptions.

Principle 3: What to tell an individual When collecting personal information, inform the person of why it is being collected, who will get the information, whether the person has to give the information (or whether it is voluntary), what will happen if the information isn’t provided.

 

Principle 4: Manner of collection Personal information must not be collected by unlawful means or by means that are unfair or unreasonably intrusive in the circumstances.

Principle 5: Storage and security Reasonable safeguards must be in place to prevent the loss, misuse or disclosure of personal information.

Principle 6: Access People usually have the right to ask for access to personal information that identifies them, although there are some instances when agencies can refuse.

Principle 7: Correction People have a right to ask an agency to correct information about themselves if they think it is wrong. If the agency does not want to do this, a person can ask the agency to add their views to the information kept about them.

Principle 8: Accuracy Before personal information is used or disclosed, an agency must take reasonable steps to check that the information is accurate, complete, relevant, up to date and not misleading.

Principle 9: Retention An agency that holds personal information, must not keep that information for longer than is necessary for the purposes for which the information may be lawfully used.

Principle 10: Use Agencies must use personal information for the same purpose for which they collected that information. (Other uses are occasionally permitted.)

Principle 11: Disclosure Agencies can only disclose personal information in limited circumstances. e.g. when required by law, the information is going to be used in a form that does not identify the person concerned, when the person concerned has given authorisation, etc.

Principle 12: Disclosure outside New Zealand Agencies can only disclose personal information to a person outside New Zealand if, in addition to meeting the requirements of Principle 11, that person overseas is subject to comparable privacy safeguards to those in the Privacy Act 2020 or one of the other exceptions listed in Principle 12 apply.

Principle 13: Unique identifiers Some agencies give people a unique identifier instead of using their name. e.g. IRD number, drivers licence number. An agency cannot use the unique identifier given to a person by another agency.