Purpose: The policy covers how PGG Wrightson will manage individual customer, employee and third party information to ensure compliance with the 13 privacy principles contained in the Privacy Act 2020.
This policy covers personal information, including:
- What personal information we collect
- How long we keep it
- Why and how we collect it
- How we use it
- Where we store it and our storage security procedures
- Allowing the subject of the information to access and correct it
- Keeping it complete, up to date and accurate
- When we disclose it
Scope: This policy applies to:
- Temporary and Casual employees
- PGW customers, suppliers and third parties
- Third party contractors (e.g. consultants)
- Employees (full time and part time)
- Independent contractors (e.g. Real Estate, Livestock agents etc)
- Directors and Officers of PGW
This policy applies only to “personal information” (as defined in this policy). PGW has other obligations to keep confidential certain information that we hold about companies and other organisations regarding their strategies, business affairs, accounts, finance or contractual arrangements (except where disclosure is authorised).
Date of original issue: 11 February 2015
File retention: PGG Wrightson Websites
Review: This policy is reviewed every 2 years by General Manager Corporate Affairs with input from General Managers.
Related Policies and Documents
Privacy Act 2020 http://legislation.govt.nz/
Code of Conduct https://www.pggwrightson.co.nz/Our-Company/Governance
1 PERSONAL INFORMATION
Personal Information means information that can be used to identify an individual. This ranges from information like names, addresses and IRD numbers, to photos of people, lists of items they buy, and websites they have visited. It should be noted that information such as things that they buy are not Personal Information unless they are associated with a name, or other piece of information that can be used to identify an individual.
Personal information does not include information we hold about organisations. However, it does
include information about identifiable individuals relating to their role in those organisations (e.g.
information we hold about a director, partner or trustee).
2 APPLICATION OF THIS POLICY
2.1 When does this policy apply?
This policy applies whenever you interact with PGW, including online - or use a PGW product or service, such as entering or buying items from our physical or online stores, applying for a customer account, or entering a competition we run. This policy also applies to all personal information we obtain from that interaction, and any other personal information we obtain.
2.2 Privacy Act 2020 Principles
PGW handles personal information in accordance with the Privacy Act 2020, which sets out 13 privacy principles for dealing with personal information, that can be viewed here.
2.3 When does this policy not apply?
3 WHAT PERSONAL INFORMATION DOES PGW COLLECT?
PGW collects personal information from various sources for a variety of reasons. The main sources of personal information are set out below.
The information below is not a complete list of all personal information we collect. The personal information we collect differs depending on the nature of the relationship and which of our products and services are involved. However, we only collect personal information when it is necessary and for a specific purpose.
If we request personal information from you and you do not supply it, we may not be able to provide you with the product or service you request.
3.1 Personal information about customers
PGW collects personal information from customers and their staff to facilitate and manage customer transactions for products and services, including:
- Name, address and contact details
- Date of birth
- Account and newsletter preferences
- Information about any call to us, including a recording of the call, details about the product(s) you bought the reason why you contacted us and the advice we gave you
- Information about a product or service you purchased from or sold to us, the place of purchase, deliveries and returns, and information about your ownership of the product
- Information about third party provider products that you obtain through us e.g. fuel cards Information relating to your use of any of our loyalty programs and the rewards that you claim
- Credit and financial information and checks, including validation of identity and property ownership
- Property information relating to any real estate agency arrangement
3.2 Personal information about suppliers
PGW collects personal information from suppliers and their staff to facilitate and manage the supply of products and services to PGW, including:
3.3 Personal information collected via our websites
PGW collects personal information from persons who use or interact with our website(s), social media pages, and online shopping service, which may include:
Interests and preferences that you specify during setup of an Internet enabled product or service
Address of your Internet service provider, the name of the web page directing you and your clicks and activity on our website
Information about your visit to our website, such as your browser software, which pages you viewed and which items you 'clicked' on, added to your cart or removed from your cart
Information about where your device is physically located (for example, when you are using a geo-location service or application and you have provided consent to your location being shared)
Service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, domain, device and application settings, errors and hardware activity
The fact that you have clicked on a 'like' or 'tweet' or similar button in one of our websites or services or one of our pages on a social network site, which we may associate with the details that we store about you
Product reviews, comments, photos and forum posts that you have submitted
Information about your social network profile such as your social network ID, profile picture, gender and location
PGW’s websites collect the domain names, not the email addresses of visitors. Our web server may require you to place a “cookie” (small data file) on your computer’s hard drive or device, in order to track statistical information about navigation to and throughout certain areas of the site. If you are just surfing and reading information on our website, then we collect and store the following information about your visit:
The IP address of your machine when connected to the internet and the domain name from which you are accessing the Internet
The operating system and the browser your computer and/or device uses, and any search engine you are using
The date and time you are visiting
The URLs of the pages you visit
If you provide it, your email address
We use that information to measure the number of visitors to different parts of the site and, for example, to measure the effectiveness of advertising. Although we may publish aggregated information about usage patterns, we do not disclose information about individual machines except for the reasons set out below in this section. We may gather more extensive information if we are concerned, for example, about security issues.
Some of our online services may allow you to upload and share messages, product reviews, photos, video and other content and links with others and/or create a publicly accessible profile for your account. When you comment, upload or share content, your username associated with the account you used to comment, upload or share will be visible to those who view the content.
You should not expect any information that you make available to others via PGW's websites to be kept private or confidential. Content and links that you share might, for instance, be forwarded by your recipients to others. You should always exercise discretion when using such services.
3.4 Personal information about employees and applicants for employment
PGW collects personal information necessary to assess an applicant’s suitability for a role, along with the information necessary for administrative purposes associated with employment, which may include:
Name, address and contact details
Age and date of birth
Police check/criminal record
Bank account number
All other personal information necessary for an employment relationship
3.5 Video footage
PGW sometimes takes video footage and photographs in areas with public access where we conduct our business, such as A&P shows and livestock saleyards. Some PGW stores operate CCTV cameras for security purposes.
3.6 Personal information about third parties
We also sometimes collect information about people who are not our suppliers, employees or customers as part of providing a product or service, for example the other party to a transaction that you are involved in.
4 HOW WE COLLECT PERSONAL INFORMATION
Where we can, we collect personal information directly from the individual concerned. For example, we collect information from you when you:
Become a PGW customer or employee and during the course of our relationship with you Make a purchase, return or exchange a product where we request that you verify your identity
Set up a PGW account Complete a survey
Visit or use a PGW website, including any forums or chatbot
Order through our retail store website or online payment gateways
Request delivery of products
Register or purchase a gift card
Arrange the collection of an item through our online ‘Click & Collect’ service (which requires you to verify your identity)
Complete an online form on one of our social media channels (for example, Facebook) or that is placed on a third party website
Subscribe to marketing and sales material or communications
Enter a trade promotion or competition in person or online
Complete a hard copy form or provide information in one of our stores
Provide information or feedback via phone, e-mail, chat or social media
Speak with us, or one of our representatives directly during a product or other enquiry
Contact us by telephone, via mail, e-mail, text or online
Enter into an agency agreement with one of our real estate agents
Arrange for one of our real estate agents to visit your property or provide an appraisal
Where we cannot collect personal information from you directly or you consent to us collecting it from elsewhere, we may collect personal information about you from other sources. These may be parties related to PGW or third parties such as your agent (e.g. a broker or lawyer), or employment referees that prospective employees have given us.
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. For example, if you wish to review a product or make a comment about our service, you are able to do this anonymously.
5 CREDIT CARD INFORMATION
We do not store your credit card information when you purchase from us in store or online. We use a secure Hosted Payment page solution from Windcave to process online orders, where customers can see their cards being authorised in real time, using an end-to-end fully encrypted Transport Layer Security (TLS) protocol.
6 PERSONAL INFORMATION THAT WE CREATE
PGW sometimes creates “unique identifiers” for individuals. For example:
- PGW will assign an account number to PGW account holders, which will be personal information where the account holder is an individual.
- Employees will be identified by a PGW employee number.
PGW will only assign a unique identifier only if this is necessary to enable us to carry out our functions effectively.
7 HOW WE STORE PERSONAL INFORMATION
PGW stores personal information in a number of locations, for example:
- customer and employee documentation are scanned into PGW’s computer systems and stored in our equipment, programmes and digital archives
- physical paperwork is filed in a secure location
- electronic files are stored securely with third party data warehouses and cloud-hosting providers.
Storage mechanisms may be managed internally by PGW and held locally in New Zealand, or they could be managed by a third party storage provider with whom PGW has a contractual relationship and be held on servers hosted locally or overseas.
7.1 PGW's stoage security procedures
PGW uses a variety of security technologies and procedures to help protect your personal information from loss, unauthorised access, use or disclosure, including:
- Storing the personal information you provide in computer servers with fully managed logical access that are located in controlled facilities secured by surveillance and security technology
- Following certain procedures, for example checking your identity against available data when you telephone us and using secure passwords for our computer systems and software
- Destroying personal information pursuant to the law and our record retention policies
- Putting in place physical, electronic, and procedural safeguards in line with industry standards
- Requiring our third party providers to have acceptable security measures to keep personal information secure
- Limiting access to personal information to those who specifically need it to conduct their business responsibilities
- Limiting physical access to PGW’s premises
Despite our best security efforts, PGW cannot guarantee that your personal information cannot be accessed by an unauthorised person or that unauthorised disclosures will not occur.
7.2 Passwords and security devices
If we provide you with any passwords or other security devices, it is important that you keep these secret and confidential and do not allow them to be used by any other person. Please notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.
7.3 How long we can keep personal information
How long PGW retains your personal information depends on your relationship with PGW. PGW will not retain personal information for longer than necessary with respect to your relationship with PGW.
8 HOW WE USE PERSONAL INFORMATION
8.1 Keeping personal information complete, up to date and accurate before we use it
PGW takes reasonable steps before using personal information to ensure that the information is up to date, complete, relevant and accurate.
Please take care when submitting personal information to us, in particular when completing free text fields (such as on a website or electronic form) or uploading documents and other materials.
8.2 What we can use personal information for
PGW uses personal information in association with any past or future sales, transactions, interactions or proposals between PGW and the customer, supplier or employee concerned. PGW will only use personal information for the purpose for which it was collected, which may include to:
Establish and manage a relationship with PGW
Undertake a credit assessment
Set up a PGW customer account and change PGW account details
Manage employee information, including using it for human resources, payroll and health and safety matters, and data-matching
Consider employing you if you contact us via one of PGW's job application websites
Ensure security and satisfaction
Answer enquiries and provide customer service Manage and resolve any legal, consumer or commercial complaints and issues
Prevent or detect fraud or loss
Train staff and for quality assurance purposes
Verify your identify you when you call us (e.g. by asking you to confirm your date of birth)
Provide products and services
Respond to requests for information about PGW and its products and services
Provide you with or contact you about a product or service you have requested, including, delivering your purchase to you, or ensuring that you benefit from any relevant special offer or promotion
Contact you in relation to a service or product
Manage your gift card balance
Send you an abandoned online shopping cart or ‘shopping bag reminder email’ for our retail website
Advertise your property
Provide an appraisal for your property
Marketing and research
Tell you about other products or services that we think may interest you, for example using remarketing capabilities
Contact you for research/feedback purposes
Record statistical data for marketing analysis
Obtain opinions or comments about PGW products and/or services, including conducting marketing research and analysis and product surveys
Conduct prize draws, contests and other promotional offers
Provide or contact you about loyalty, survey or marketing programmes provided by us previously, now or in the future
Provide you with newsletters and direct marketing electronically or physically, if you have consented to this, or it is permitted under law
8.3 Marketing communication preferences
We provide you with the option to subscribe to receive promotional and marketing communications from us via email and/or SMS.
You can change your marketing communication preferences at any time by contacting us directly or following the unsubscribe functions in our communications and on our websites. If you would like to unsubscribe from an email or SMS sent to you, follow the 'unsubscribe' link and/or instructions placed within the message we have sent you. Note:
- if you have subscribed with more than one e-mail address or mobile, you will need to unsubscribe separately for each email address and mobile
- this method will only unsubscribe for the newsletter or other communication that you have received, and you should contact us directly to opt-out of all marketing communications.
9 WHEN WE DISCLOSE PERSONAL INFORMATION
PGW may disclose personal information in compliance with the Privacy Act 2020, including:
If disclosure is one of the purposes for which the information was collected (for example to undertake a credit check)
To companies that perform services on our behalf such as printers, post suppliers, delivery and distribution companies, data entry service providers, trade promotion or gift card administration, account management providers, IT companies that manage and maintain our database, survey companies acting on our behalf and digital marketing agencies (for the purposes of targeting on social media)
To you or someone acting on your behalf, such as executors or trustees
To another PGW business
To professional advisers (such as lawyers or auditors)
To payment systems operators and financial institutions Upon lawful request from law enforcement agencies or government authorities
To organisations authorised by PGW to conduct promotional, research or marketing activities;
If it is necessary to avoid prejudice to the maintenance of law
If necessary, to prevent a serious threat a person or the public;
Where the information will not be used in a form which identifies you
Where the personal information is publicly available
If it is authorised by the Privacy Commissioner
If necessary, to enable a sale of PGW’s business
To prospective purchasers of your property, if the information is relevant to the sale of it
We share anonymised, aggregated, or generic data (including "generic" statistics) for purposes including product and service development, business promotion and research purposes. This data does not identify individuals and is not personal information.
10 ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
10.1 Accessing personal information
You can ask PGW at any time what personal information we hold about you and PGW will provide access in accordance with the requirements in the Privacy Act 2020.
Any requests from outside of PGW for access to personal information should be made to the General Manager Corporate Affairs at email@example.com.
Any requests from PGW employees for access to personal information should be made to the General Manager Human Resources.
Before providing any personal information to someone who requests it, we will verify the identity of the person requesting it.
Any requests made on your behalf by an agent must be accompanied by a written authority from you authorising that particular agent to act on your behalf.
We may decline to give you access to your personal information in accordance with the Privacy Act 2020. In such cases, we will give you a reason for our decision.
10.2 Correcting personal information
Individuals have the right to request access to personal information we hold about them, and request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.
11 CLARIFICATION AND BREACHES
Further clarification of this policy can be obtained from the below contacts at firstname.lastname@example.org:
- for PGW employees and contractors – the General Manager Human Resources
- for suppliers – General Manager Retail and Water
- for legal issues, the General Manager Corporate Affairs
- for customers and third parties – the Business Support Services Manager or Contact Centre Manager.
11.2 Breaches of policy
If you want to report a suspected breach of your privacy or you do not agree with a decision regarding access to your personal information, please contact us. We have an internal complaints process to address such issues and will promptly acknowledge and investigate complaints.
Any enquires or complaints can be made direct to the PGW managers outlined in section 11.1.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the office of the Privacy Commissioner phone toll free 0800 80 39 09.
11.3 Notifiable privacy breaches
Where there is any unauthorised or accidental access to, disclosure, alteration, loss or destruction of, or loss of access to any personal information, PGW will comply with its obligation under the Act to:
- Determine whether serious harm is likely with reference to the:
- nature of the information
- nature of the breach
- identity of the breaching party
- protections in place in relation to the information and any action taken by PGW following the breach)
- If serious harm is likely, notify the Privacy Commissioner and affected individuals of the breach.