Login
Login

Privacy Policy

MATES Privacy Policy

This privacy policy (this Policy) applies to each of MATES in Construction (NZ) Ltd (NZBN 9429047565050) (referred to in this Policy as “MATES”, “we”, “our”, “us”).

MATES provides suicide prevention through community development programs on sites, and by supporting workers in need through case management and a 24/7 helpline. We serve the construction industry in New Zealand.

We are committed to the protection of your personal information.

This Policy sets out the way we will collect, use, disclose, store and protect personal information collected from you (“you”, “your”). This Policy also describes the way in which you may access or correct the personal information we hold about you, and how to contact us if you have any complaints in relation to your privacy.

We will handle your personal information in accordance with applicable privacy laws, including the Privacy Act 2020 and its New Zealand Information Privacy Principles (IPPs).

  • Key terms used in this Policy
      1. For definitions of the following key terms used in this Policy, please refer to the dictionary at section 17 of this Policy: “collect”, “consent”, “disclosure”, “health information”, “personal information”, “sensitive information”, and “use”.
  • Why do we collect personal information and what types of personal information do we collect?
    1. We will only collect personal information if it is reasonably necessary for our functions and activities, including activities aimed at reducing suicide and improving mental health and wellbeing in relevant industries, including the New Zealand Construction Industry. 
      1. In particular, we may collect your personal information for the following activities:
        1. to train workers in suicide prevention.
        2. to maintain and support a peer support network of “Connectors” and “ASIST workers”.
        3. to provide information and knowledge around good mental health practice, including through site meetings.
        4.  to provide case management support to individuals seeking to assist them in improving their mental health and wellbeing.
        5. to offer support on sites following a suicide or a significant and stressful event.
        6. to raise funds for our operations through partnerships, sponsorships, grants, gifts and fundraising activities. 
        7. fee for service work outside the construction industry.
        8. public relations activities.
      2. Your personal information that we collect will vary depending on your interactions with you and the functions and activities that we engage in with you. Some examples of personal information that we may collect are:
  1. your contact details such as your physical address, telephone number and email address;
  2. details of your occupation, trade, worksite, and your employer;
  3. information about your health and wellbeing, including mental health-related information, where relevant to our services. This may include details provided during interactions with our support programs, case management services, peer support networks, mobile applications, or research initiatives. Any health-related data collected is used solely to provide support, improve our services, and contribute to research aimed at enhancing mental health outcomes in the workplace.
  4. location data, where applicable, when you use our mobile applications or digital services. We do not store full location history or routes travelled. Instead, we only retain summary information, such as total distance, duration, and the latitude and longitude of the start and end points. This data is used specifically for features such as tracking distance for the MATES Long Lap event, enhancing user experience, and supporting service delivery. Location data is not shared with third parties without consent, except where required by law or necessary to provide essential services.
  5. information that we are required or authorised to collect and keep under a New Zealand law or a court order.
  1. If you apply for a job with us by sending us a copy of your CV, this will be a collection by us of your personal information such as your educational qualifications, career history, interests, hobbies and job interests and such other information as may be routinely included in a CV. We collect this information from you as part of our recruitment activities.
  2. Some information that we collect about you may be sensitive information, such as health information. We will only collect sensitive information from you if:
    1. our collection of that sensitive information is reasonably necessary for one or more of our activities or functions, and we have obtained your explicit consent to do so, particularly in cases where it relates to mental health and wellbeing data; or
    2. we are otherwise required or permitted by law to do so.
  3. The IPPs list a number of circumstances that permit us to collect personal information about you without your consent. These include:
    1. that non-compliance would not prejudice the interests of the individual concerned; or if our collection of the sensitive information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
    2. That compliance would prejudice the purposes of the collection; or
    3. that the individual concerned authorises collection of the information from someone else; or
    4. that the information is publicly available information; or
    5. that non-compliance is necessary—
      1. to avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences; or
      2. for the enforcement of a law that imposes a pecuniary penalty; or
      3. for the protection of public revenue; or
      4. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
      5. to prevent or lessen a serious threat to the life or health of the individual concerned or any other individual; or
    6. that compliance is not reasonably practicable in the circumstances of the particular case; or
    7. that the information—
      1. will not be used in a form in which the individual concerned is identified; or
      2. will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned.
  4. We only collect sensitive information in the circumstances listed in the IPPs.
  5. You are not required to disclose your personal information to us. However, if you do not provide the information requested, we may not be able to provide you with appropriate services, provide you with relevant information regarding our services, or engage in relevant activities with you.
  • How do we collect personal information?
      1. The way we collect your personal information:
        1. by a lawful means; and
        2. by a means that, in the circumstances of the case (particularly in circumstances where personal information is being collected from children or young persons),— 
          1. is fair; and
          2. does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.
        3. We may collect information from you in a number of different situations:
          1. Information you provide on training forms, your responses to surveys, and other feedback you provide.
          2. In conversation with MATES case managers or MATES field officers.
          3. Your participation in MATES events or fund-raising activities.
          4. From third parties such as your colleagues, employer, union, family or friends, if they call us with concerns for your wellbeing.
        4. We will usually collect your personal information directly from you through your interactions with us.
        5. If you supply us with personal information of a third party, such as a spouse, colleague or friend, or the executor of your will, we accept that information on the condition that you have permission from that third party to provide that personal information to us to use for our functions and activities.
        6. We will only collect your personal information from third parties if:
          1. it is provided to us so that we can carry out at least one of our functions or activities, for example it is necessary for us to collect your personal information from your employer so that we are able to collect your redundancy pay contribution from your employer on your behalf;
          2. it is unreasonable or impracticable to collect the information directly from you; or
          3. if we are concerned about your wellbeing and/or safety
          4. we are required or authorised by a New Zealand law, or a court/tribunal order, to collect the information from someone other than you.
  • Notification of collection
      1. At or before the time we collect your personal information (or, if that is not practicable, as soon as practicable after), we will take such steps as are reasonable in the circumstances to notify you of the following (“Collection Information”):
        1. our identity and contact details;
        2. the fact that the information is being collected; and 
        3. the purpose for which the information is being collected; and 
        4. the intended recipients of the information; and 
        5. if the collection of the information is authorised or required by or under law,—
          1. the particular law by or under which the collection of the information is authorised or required; and
          2. whether the supply of the information by that individual is voluntary or mandatory; and
        6. the consequences (if any) for that individual if all or any part of the requested information is not provided; and
        7. the rights of access to, and correction of, information provided by the IPPs.
  • How do we use and disclose your personal information?
      1. We will use and disclose your personal information for the purpose for which it was collected from you (the primary purpose). The types of primary purposes for which we may collect your personal information are set out in section 2(a) of this Policy. The specific primary purpose for which we collect your information will depend on your interaction with us.
        1. We will only use or disclose your personal information for other purposes (secondary purposes):
          1. if we receive your consent to do so; or
          2. the IPPs otherwise permit us to do so.
        2. The IPPs permit us to use or disclose personal information for a secondary purpose without your consent only in limited circumstances, including:
          1. you would reasonably expect us to use or disclose the information for a certain secondary purpose and the secondary purpose is:
            1. directly related to the primary purpose (for sensitive information); or
            2. related to the primary purpose (for non-sensitive personal information); or
          2. to avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences; or
          3. for the enforcement of a law that imposes a pecuniary penalty; or 
          4. for the protection of public revenue; or 
          5. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
          6. that the use of the information for that other purpose is necessary to prevent or lessen a serious threat to—
            1. public health or public safety; or
            2. the life or health of the individual concerned or another individual.
        3. We may use external service providers located in New Zealand to help us provide our services to you. These service providers may include information and communications technology (“ICT”) service providers who maintain and update our ICT systems and databases, data entry providers who manage and enter data for us, and training providers who we work with. Your information may be shared between us and these service providers, but only on a strict need to know basis, and only to the extent needed for these service providers to provide these services for us. We take all reasonable steps to ensure these service providers comply with the privacy laws when handling your personal information, including the IPPs.
        4. We may use information from surveys you complete to keep accurate training records, inform process/training improvements and support statistical reporting to external funders of our activities.
        5. We may also use any survey responses you provide to us in research projects related to the work carried out by MATES, but only if you separately provide your consent.
        6. As a charity we receive funding to raise awareness and training on mental health and suicide prevention. As part of obtaining and maintain such funding we may de-identify your personal information (so that you cannot reasonably be identified from the information), and use this information to generate statistical reports for external funders of our activities and other third party stakeholders.
  • Do we disclose your personal information overseas?
      1. We do not disclose your personal information to foreign recipients or entities (B). However, if circumstances arise where we need to disclose your personal information to B, we will comply with the requirements of the IPPs and other applicable privacy laws when doing so.
        1. Provided we are first permitted to disclose your information under the IPPs (as set out in this Policy above), we will only disclose your personal information overseas if:
          1. the individual concerned authorises the disclosure to B after being expressly informed by us that B may not be required to protect the information in a way that, overall, provides comparable safeguards to those in this Act; or 
          2. B is carrying on business in New Zealand and, in relation to the information, we believe on reasonable grounds that B is subject to this Act; or the disclosure is otherwise required or authorised by law.
          3. we believe on reasonable grounds that B is subject to privacy laws that, overall, provide comparable safeguards to those in this Act; or
          4. we believe on reasonable grounds that B is a participant in a prescribed binding scheme; or
          5. we believe on reasonable grounds that B is subject to privacy laws of a prescribed country; or
          6. we otherwise believe on reasonable grounds that B is required to protect the information in a way that, overall, provides comparable safeguards to those in this Act (for example, pursuant to an agreement entered into between us and B).
        2. We will in all cases take reasonable steps to ensure that any such recipient of your personal information does not breach the IPPs.
  • Direct marketing
      1. We may, from time to time, use or disclose your personal information (other than sensitive information) for direct marketing to you of our services that may interest you, for example by sending you our newsletter or other information about us or our activities, if:
        1. we collected the personal information we use for the direct marketing from you; and
        2. you have expressly consented to us using or disclosing your personal information for direct marketing, or your consent can reasonably be implied or understood based on our relationship with you.
        3. We will not use or disclose sensitive information about you for direct marketing purposes unless we have your consent to do so.
        4. If we do use or disclose your personal information for direct marketing purposes, we will provide you with a simple way to unsubscribe from receiving our direct marketing communications. If you follow our process for unsubscribing, we will no longer send you these communications.
  • Anonymity and Pseudonymity
      1. When interacting with us, you may choose to remain anonymous or to use a pseudonym. 
        1. However, we may choose not to deal with you this way if:
          1. we are required or authorised by or under a New Zealand law, or a court order, to deal with you in accordance with your identity; or
          2. it is impracticable for us to deal with you in this way.
        2. In some circumstances, it may not be possible for us to provide a service without the knowledge of your identity.
  • Receipt of unsolicited personal information
      1. If we receive personal information that we did not take any active steps to collect, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information pursuant to the IPPs.
      2. If we determine that we have received personal information that we would not have been permitted to collect pursuant to the IPPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.
      3. If we determine that we would have been permitted to collect the personal information pursuant to the IPPs, we will ensure that the information is dealt with in a manner that complies with the APPs.
  • Quality of personal information
      1. We will endeavour to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date and complete. Further, we will endeavour to take reasonable steps to ensure that the personal information that we use or disclose is, having regard to the purpose of our use or disclosure, accurate, up-to-date, complete and relevant.
      2. The reasonable steps described above that we may undertake include:
        1. ensuring that updated and new personal information is promptly added to relevant existing records;
        2. reminding you to update your personal information when we engage with you;
        3. with respect to personal information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
          1. checking that the opinion is from a reliable source;
          2. providing the opinion to you before we use or disclose it;
          3. clearly indicating on our record that the information is an opinion and identifying the person who formed that opinion.
  • How do we hold and protect your personal information?
      1. We may hold your personal information in a number of ways including electronically and in physical format.
        1. Electronic copies of records will be kept in a manner consistent with the requirements of the IPPs and applicable electronic transactions legislation.
        2. We will take such steps as are reasonable in the circumstances to protect personal information that we hold from:
          1. loss; and
          2. access, use, modification, or disclosure that is not authorised by us; and
          3. other misuse; and
        3. that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information. 
  • Data breaches
      1. We are required to comply with the Privacy Act 2020 and apply reasonable means of reporting to the Privacy Commission when a “notifiable privacy breach” of personal information occurs.
        1. An “notifiable privacy breach” occurs when personal information held by an organisation is:
          1. accessed, disclosed, altered, lost, or destroyed accidentally or without authorisation, or
          2. cannot be accessed by the organisation on a temporary or permanent basis. For example, it’s encrypted by ransomware; and
          3. has either caused, or is likely to cause, serious harm to someone whose information was affected by the breach.
        2. An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an eligible data breach.
        3. If we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the New Zealand Privacy Commissioner about the breach in accordance with the Privacy Act 2020
  • . Access to personal information
      1. Requests for access to personal information should be made in writing and addressed to our Privacy Officer. The Privacy Officer may be contacted at info@mates.net.nz
        1. If we receive a request to access personal information, we will within a reasonable period of the request being made- 
          1. confirmation of whether the agency holds any personal information about them; and
          2. access to their personal information.
        2. If an individual concerned is given access to personal information, the individual must be advised that, under IPP, the individual may request the correction of that information.
        3. The Privacy Act 2020 list the situations where we may deny access to personal information. These situations include where the disclosure of the information would—
          1. be likely to pose a serious threat to the life, health, or safety of any individual, or to public health or public safety; or
          2. create a significant likelihood of serious harassment of an individual; or 
          3. include disclosure of information about another person who— 
            1. is the victim of an offence or alleged offence; and 
            2. would cause significant distress, loss of dignity, or injury to feelings by the disclosure of the information; or
        4. If we refuse to give access to personal information in accordance with the Privacy Act 2020, or if we refuse to give access in the manner requested, we will take steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the person requesting access.
        5. If we refuse to give access to personal information in accordance with the Privacy Act 2020, we will provide a written notice setting out:
          1. the reasons for denying access to personal information (except where it would be unreasonable to provide the reasons);
          2. the ways which are available to complain about the refusal; and
          3. any other matters prescribed by the regulations.
        6. Generally, we will not charge fees for giving access to personal information. However, we reserve the right to charge reasonable fees where requests for personal information are complicated or are resource intensive.
  • Correction of personal information
      1. Requests for correction of personal information should be made in writing and addressed to our Privacy Officer. The Privacy Officer may be contacted at info@mates.net.nz
        1. An individual whose personal information is held by us is entitled to request the us  to correct the information. 
        2. MATES, on request or on its own initiative, take such steps (if any) that are reasonable in the circumstances to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading. 
        3. When requesting the correction of personal information, or at any later time, you are entitled to—
          1. provide us with a statement of the correction sought to the information (a statement of correction); and
          2. request us to attach the statement of correction to the information if we do not make the correction sought.
        4. If we are not willing to correct the information as requested and has been provided with a statement of correction, we will take such steps (if any) that are reasonable in the circumstances to ensure that the statement of correction is attached to the information in a manner that ensures that it will always be read with the information.
        5. If we correct personal information or attaches a statement of correction to personal information, that agency must, so far as is reasonably we will inform every other person to whom the we have disclosed the information.
  • Complaints
      1. If you believe that we have breached the Privacy Act 2020 or IPPs in any way in relation to your personal information and would like to make a complaint, or if you have any other privacy-related concerns, you may contact our Privacy Officer. The Privacy Officer may be contacted at info@mates.net.nz
        1. The Privacy Officer will review your complaint, consider our conduct in relation to the complaint and the requirements of the Privacy Act 2020 or IPPs, and will consider appropriate action. The Privacy Officer will inform you of its decision within 30 days of receiving the complaint.
        2. If you are unhappy following the determination of the Privacy Officer, or if you do not wish to raise a complaint or concern with us directly, you may wish to contact the Office of the New Zealand Privacy Commissioner. See www.privacy.org.nz
  •  Changes to this Policy
    1. We may revise this Policy from time to time. We will update you on any changes to this Policy through our website at www.mates.net.nz, and we will make the most current version of the Policy available when you receive services from us, or on your request.
  1. Dictionary of key terms

“collect” Personal information, including sensitive information, will be ‘collected’ if it is included in a record or a generally available publication.

“consent”

You can give consent either:

  • (a) expressly – express consent is given explicitly either in writing or orally; or
  • (b) impliedly – your consent will be implied where your consent can be inferred from your conduct and our conduct.

“disclosure” Your personal information will be ‘disclosed’ if we share the information or make it accessible or visible to others outside our organisation, and releases the subsequent handling of the personal information from our effective control.

“health information” Health information is a type of both personal information and sensitive information. It includes information or an opinion about:

  • (a) a person's health, a person's wishes about the future provision of health services, or a health service provided or to be provided to a person; and
  • (b) other personal information collected to provide or in providing a health service to a person.

“personal information” Personal information is defined in the Privacy Act 1988 (Cth). In summary, personal information is information or an opinion about an identifiable person, or a reasonably identifiable person no matter whether:

  • (a) the information or opinion is true or false; and
  • (b) the information or opinion recorded in a material form or not.

Some examples of personal information include a person’s name, address and date of birth.

“sensitive information” Sensitive information is a type of personal information. Some examples of sensitive information include information or an opinion about an individual’s:

  • (a) racial or ethnic origin;
  • (b) political opinions or membership of a political association;
  • (c) religious beliefs;
  • (d) philosophical beliefs;
  • (e) membership of a trade union;
  • (f) health;
  • (g) criminal record; or
  • (h) sexual orientation or practices.

“use” We 'use' your personal information when we handle and manage the information within our organisation’s effective control. Examples include:

  • (a) accessing and reading the personal information;
  • (b) searching records for the personal information;
  • (c) making a decision based on the personal information; and
  • (d) passing the personal information from one part of the entity to another.