• Privacy covers the way we handle personal information about your data subjects (the people we deal with, including our students, alumni, donors, research participants and colleagues). You need this information to do your jobs, but people will only give you their information if they trust us to use it responsibly and treat it with care and respect. 
• Personal information is any information about an identifiable individual – hard copy, electronic or verbal. It is information that could allow someone to identify an individual.
• Privacy is not about secrecy or confidentiality (although some of your processes, such as research projects or health services, do require special consideration of confidentiality). You must protect personal information from misuse, but you must also use and share that information appropriately to deliver services and do your work.

Privacy is about the fair and responsible use of personal information. We have developed policies and procedures around the following fundamental privacy concepts: 

• data minimisation – limiting the amount of personal information you collect and retain 
• transparency – being open and honest about what information you collect and how it will be used 
• security – protecting the personal information you hold from harm 
• use limitation for intended purposes – making sure you use and share personal information only when necessary and with a lawful basis 
• privacy rights – helping your data subjects to exercise their privacy rights and maintain some control over their information. 

If you try your best to stick to these key principles, then you will have a good chance of getting privacy right and protect your data and your people from harm. 

The links and guides on this page should help you to understand your obligations and manage important privacy processes well.

Below are a summary of some questions that are answered in accordance with the Privacy notice template (DOCX 32 KB). Keep a note of other FAQs and add them, with answers, on this page.

FAQs for you to use

1. What legal basis does [organisation name] have to use my information?

[Organisation name] collects information to carry out operations, functions and activities or legitimate interests. Learner analytics helps us to help you receive the best education and opportunities, tailored to your specific needs.

The rights and responsibilities that apply to the [organisation name], students and all users can be found in the terms of the [organisation name] Privacy Notice. 

2. Do I have to give my consent before [organisation name] collects and uses my personal information for learner analytics?

Typically, you are asked to provide consent as part of enrolling at [organisation name]. Under the [organisation name] Privacy Notice you can see the privacy rights and responsibilities (for yourself and the organisation name). 

3. Can I opt out or withdraw consent from [organisation name] collecting and using my personal information for learner analytics?

You can ask to withdraw consent or opt out of your data being used for learner analytics; however, it may not always be possible for us to delete your data because of statutory obligations that require us to keep student data. Where we are required to keep your data, this must be explained to you. If you have any questions email your [organisation name] Privacy Officer, privacy@[organisation name], or call 0800 [organisation].  

4. Can I get a copy of my data or information [organisation name] holds on me?

Yes. The [organisation name] acts as the guardian of your personal information and under the Privacy Act 1993. You are entitled to request access to or a copy of personal information an agency holds about you. However, the [organisation] may withhold information under special circumstances as set out in the Privacy Act 2020. If you have any questions email your [organisation name] Privacy Officer, privacy@[organisation name], or call 0800 [organisation].  

5. Can I ask for my information to be corrected?

Yes, you have the right to ask for your information be corrected if you think it is wrong (and you are unable to update it yourself online).

6. How do I complain if I think my rights or privacy has been breached?

You can contact your [organisation name] Privacy Officer, privacy@[organisation name], or call 0800 [organisation].

7. What is the GDPR and why do we need to worry about it?

GDPR is the general data protection regulation. If the [organisation name] is collecting new information about people who reside in the European Union, it needs to apply the rules of the GDPR. If you have any questions email your [organisation name] Privacy Officer, privacy@[organisation name], or call 0800 [organisation].  

8. Can my data be sold?

No. We will only ever provide your data to other external parties when it is required by law (eg, to government agencies such as the TEC for enrolment purposes). 

9. Can my data be used to discriminate against me?

No. The Bill of Rights Act sets out certain freedoms for New Zealanders, including the right to be free from discrimination.  

The Human Rights Act includes prohibited grounds for discriminating, exceptions, the creation of the Human Rights Commission, the creation of the Human Rights Review Tribunal, etc. The act elaborates on the right to be free from discrimination and creates certain government institutions to provide resources to those who have suffered discrimination. The two statutes work in conjunction with one another. 

10. Where can I go to get more information?

If you have any questions email your [organisation name] Privacy Officer, privacy@[organisation name], or call 0800 [organisation].  

You can also check out these useful websites:

• Privacy Act 2020
• Privacy Commissioner
• Bill of Rights Act 1990
• Human Rights Act 1993
• Information on the privacy principles (Office of the Privacy Commissioner)
• Code of Practice for Learning Analytics JISC UK
• Ethical Use of Student Data Open Polytech UK