Menu
Privacy Policy - Matatapu
1. Introduction:
The Methodist Church of New Zealand Archives is committed to promoting and protecting the privacy of all individuals associated with its activities.
This policy seeks compliance with The Privacy Act 2020 (hereinafter referred to as ‘the Act’), which describes how we may collect, use, and store personal information, and the requirements around breaches. The Office of the Privacy Commissioner is empowered by The Privacy Act 2020 to administer, monitor, and enforce compliance with the Act, including investigating any alleged breaches.
The Methodist Church of New Zealand has a Privacy Officer who understands the information collection and storage requirements under the Act, and deals with requests for personal information. The current privacy officer (2025) is the General Secretary of the Church, Rev. Tara Tautari.
This policy provides guidance on the following aspects of managing personal information:
i. How we collect and store personal information.
ii. What personal information we collect.
iii. How we use and disclose personal information about individuals.
iv. How individuals may access personal information relating to them that is held by the Methodist Church of New Zealand Archives.
v. How personal information is disposed of.
vi. How to address complaints of breaches of privacy.
vii. How we respond to the requirements of the Privacy Commissioner and The Privacy Act 2020.
This policy applies in addition to any other policy and processes which may be adopted by the Methodist Church of New Zealand Archives in relation to our specific activities. In the event of any inconsistency between this policy and any other policy or process, this policy prevails.
2. Collection, Storage, Use, and Disclosure of Personal Information:
The Privacy Act 2020 is primarily concerned with the protection of personal information and good information handling practices. The Methodist Church of New Zealand Archives is responsible for ensuring these guidelines and practices are followed through our processes and/or procedures.
When we collect personal information about an individual, we make known the purpose of collecting it, who will have access to it, and whether it is compulsory or optional information. We advise that individuals have the right to request access to, and correction of, their personal information.
We only collect personal information:
i. For purposes connected with the activities and functions of the entity, and only when it is necessary to have this information.
ii. Directly from the person concerned, or, if a minor, their parent or guardian, unless it is publicly available from elsewhere, or the person's interests are not prejudiced when we collect the information from elsewhere.
iii. In a transparent and respectful manner.
We will ensure that:
iv. We have reasonable safeguards in place to protect personal information from loss, unauthorised access, use, or disclosure. These safeguards include the use of individual logins for computers, and a secure, monitored physical repository. We may require any employees, contractors, volunteers, and third-party contractors to sign confidentiality agreements when handling personal information.
v. If an individual wants access to information we hold about them, we provide it. Individuals may request correction of this information or, when not corrected, that a record of the request is attached to the information.
vi. We take reasonable steps to make sure personal information is correct, up to date, relevant and not misleading.
vii. We only keep information for as long as it is needed, and for the purposes for which it was obtained.
viii. Information is only used for the purposes for which it was obtained except in certain circumstances (for example, for statistical purposes where the person's identity is not disclosed).
ix. We safeguard personal information, and we do not release that information to third parties unless we are allowed, or required, to release information by law. This covers disclosure to persons other than those able to legitimately access material about others (such as a guardian of a minor).
x. As a general rule, information about any person is not given to a third party without the person's knowledge, unless:
i. The information is already publicly available.
ii. It is being passed on in connection with a purpose for which it was obtained.
iii. The right to privacy is over-ridden by other legislation.
iv. It is necessary for the protection of individual or public health and safety.
3. Legal Holds:
When litigation, an audit, or investigation occurs or is reasonably anticipated, a written notice (referred to as a ‘Litigation Hold Notice’ or a ‘Legal Hold’) will be issued to appropriate employees, contractors, and volunteers. All records, whether official records, information copies, working documents, or transitory records, potentially relevant to the matter must be retained until the Litigation Hold is terminated. The effect of this notice is to freeze or suspend the destruction or alteration of records, electronically stored information, and other materials identified in the notice.
Records relevant to the matter may not be destroyed - even if the retention period in question has expired or expires during the Litigation Hold - until the action is resolved and a notice terminating the Hold has been issued. There are serious legal consequences for individuals that destroy or alter records under a Litigation Hold or know of a pending issue and do not halt destruction.
4. Privacy Breaches:
Privacy breaches are the loss of personal information to a third party that has no right to that information. If a privacy breach is identified, the first step is to report it to the Privacy Officer.
The Privacy Officer will work through four steps:
i. Contain the breach and make a first assessment.
ii. Evaluate the breach.
iii. Notify affected people if necessary.
iv. Prevent the breach from happening again.
If a privacy breach has caused (or is likely to cause) serious harm, the Privacy Officer will need to notify The Office of the Privacy Commissioner and affected individuals as soon as possible. Under The Privacy Act 2020, it is an offence to fail to inform the Privacy Commissioner when there has been a notifiable privacy breach.
The threshold for a notifiable breach is ‘serious harm’. This can be assessed by considering, for example, the sensitivity of the information lost, actions taken to reduce the risk of harm, the nature of the harm that could arise, and any other relevant matters.
Under The Privacy Act 2020, the Privacy Commissioner will be able to direct agencies to provide individuals access to their personal information. The Privacy Officer is responsible for liaising with The Officer of the Privacy Commissioner and the Methodist Church of New Zealand Archives should a compliance notice be received.
5. Websites and Social Media:
The Methodist Church of New Zealand Archives’ websites must be compliant with The Privacy Act 2020.
If you access our websites, we may collect additional personal information about you in the form of your IP address and domain name.
Our websites use cookies in order to identify users and to prepare customised web pages for them. Cookies do not identify you personally, but they may link back to a database record about you. We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively.
Our website may contain links to other websites or usage of third-party websites. We are not responsible for the privacy practices of linked websites, and linked websites are not subject to our privacy policies and procedures. We are not responsible for risks and liabilities when engaging in any third-party websites or communication media and applications like Facebook, Twitter, WhatsApp, TikTok or Google. Please refer to the Terms of Use on individual websites for further details.
The Kei Muri Māpara website Terms of Use are available to read here. The Methodist Church of New Zealand's online Takedown Policy is available to read here.
Please notify us in writing if you have found material on the Kei Muri Māpara website, or our associated websites, that you are concerned contains your personal information for which you have not given permission, or that otherwise contravenes the Privacy Act 2020. Our Takedown Policy, available via the link above, contains detailed instructions on how to make your notification to us.
