There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject...
Where an authorised information matching programme is to continue for any period longer than 1 year, or for an indefinite period...
Subject to subclauses (2) and (3), the agencies involved in an authorised information matching programme...
Personal information that is disclosed, pursuant to an information matching provision, to an agency for use in an authorised information matching programme...
The agencies involved in an authorised information matching programme shall establish reasonable procedures for confirming the validity of discrepancies...
The agency primarily responsible for the operation of an authorised information matching programme shall establish and maintain detailed technical standards...
Except with the approval of the Commissioner, information transferred between agencies for the purposes of an authorised information...
Except as provided in any other enactment, unique identifiers shall not be used as part of any authorised information...
The income of the Commissioner shall be exempt from income tax...
The income of the Commissioner shall be exempt from income tax...
For the purpose of providing superannuation or retiring allowances for the Commissioner or Deputy Commissioner, the Commissioner may...
The person who, immediately before the commencement of this section, was holding office as the Privacy Commissioner under the Privacy Commissioner Act 1991 shall...
For the avoidance of doubt, and without limiting the provisions of the Acts Interpretation Act 1924, it is hereby declared that the repeal, by section 129(2) of this Act...
Where any request made under section 14(1) of the Wanganui Computer Centre Act 1976...
As soon as reasonably practicable after 1 July 1993, the State Services Commissioner shall arrange for a final report of the Wanganui Computer Centre Privacy Commissioner...
Section 129B takes effect on the repeal of the Acts and Regulations Publication Act 1989 and the Regulations (Disallowance) Act 1989...
The enactments specified in Schedule 6 are hereby amended in the manner indicated in that schedule...
The Governor-General may, by Order in Council amend Schedule 5A by making such amendments to the text of the basic principles of national application...
The Governor-General may from time to time, by Order in Council, make regulations for all or any of the following purposes...
Every person commits an offence against this Act and is liable on conviction to a fine not exceeding $2,000 who...
Subject to subsection (4), anything done or omitted by a person as the employee of another person shall, for the purposes of this Act...
Any officer or employee of a local authority may from time to time, by writing under that officer’s or employee’s hand, either generally or particularly...
A local authority may from time to time, either generally or particularly, delegate to any officer or employee of the local authority all or any of the powers of the local authority under this Act...
The Commissioner shall not, in any report or statement made pursuant to this Act or the Crown Entities Act 2004...
Subject to subsection (2), the rule of law which authorises or requires the withholding of any document, or the refusal to answer any question...
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Inspector-General of Intelligence and Security...
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Health and Disability Commissioner...
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with an Ombudsman...
Every person to whom section 96 applies shall maintain secrecy in respect of all matters that come to that person’s knowledge in the exercise of that person’s functions under this Act...
Where any personal information is made available in good faith pursuant to principle 6...
Section 87 and Part 4 of the Human Rights Act 1993 apply, with all necessary modifications (if any), in relation to proceedings under section 114G as if they were proceedings under that Act...
An agency on whom a transfer prohibition notice is served may appeal to the Human Rights Review Tribunal...
Every person who, without reasonable excuse, fails or refuses to comply with a transfer prohibition notice commits an offence and is liable on conviction to a fine not exceeding $10,000...
If, at any time, the Commissioner considers that all or any of the provisions of a transfer prohibition notice served on an agency need not be complied with...
A prohibition under section 114B(1) is to be effected by the service of a transfer prohibition notice on the agency proposing to transfer the personal information concerned....
To enable the Commissioner to determine whether to prohibit a transfer of personal information, the Commissioner...
The Commissioner may prohibit a transfer of personal information from New Zealand to another State if the Commissioner is satisfied, on reasonable grounds, that...
In this Part, unless the context otherwise requires OECD Guidelines...
Section 113 shall expire on 1 July 1997, but the expiration of that section shall not affect the validity of any Order in Council that has been made under that section...
The responsible Minister may from time to time, by notice in the Gazette, authorise any local authority to have access to law enforcement information held by a holder agency...
An accessing agency may have access to law enforcement information held by a holder agency if such access is authorised by the provisions of Schedule 5...
This Part does not limit the collection, use, or disclosure of personal information that...
In this Part, unless the context otherwise requires accessing agency means any public sector agency for the time being specified in Schedule 5...
The Governor-General may, by Order in Council made on the recommendation of the responsible Minister given after consultation with the Privacy Commissioner...
The chief executive of an accessing agency must include in every annual report prepared by the chief executive for the purposes of section 43 of the Public Finance Act 1989...
Access to identity information permitted under section 109D may be facilitated between a holder agency and an accessing agency in the manner agreed by the agencies...
An accessing agency may, for the purpose specified in the second column of Schedule 4A opposite the name of the accessing agency...
In this Part, access, in relation to a database, includes remote access to that database...
This Part does not limit the collection, use, or disclosure of personal information that...
The purpose of this Part is to authorise accessing agencies, when carrying out specified functions...
Notwithstanding anything in the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987...
Despite section 97A, if the collection or disclosure of information is authorised by an information matching provision, nothing in subclause (2)(d)(i) of principle 2 or...
For the purposes of this Part, the Governor-General may from time to time, by Order in Council, make such amendments to Schedule 4 as the Governor- General thinks fit...
As soon as practicable after 1 January 1994, and then at intervals of not more than 5 years, the Commissioner shall...
The Commissioner shall include in every annual report of the Commissioner under section 150 of the Crown Entities Act 2004...
Every specified agency that is involved in an authorised information matching programme shall make such reports to the Commissioner...
Subject to subsections (1A) to (2A) and to section 180C(1) of the Corrections Act 2004, a specified agency shall not take adverse action against any individual...
Where a specified agency derives or receives information produced by an authorised information matching programme, the Commissioner may...
Notwithstanding anything in section 100, where a specified agency derives or receives information produced...
Subject to any other enactment or rule of law that limits or restricts the information that may be taken into account in taking adverse action against an individual...
No personal information held by any specified agency shall be disclosed, pursuant to an information matching provision...
The following matters are the matters referred to in section 13(1)(f) to which the Commissioner shall have particular regard...
This Part does not limit the collection...
In this Part, unless the context otherwise requires...
Without limiting the matters that an Order in Council made under section 96J must insert into Schedule 2A in accordance with section 96L(3), the Governor...
The relevant Minister must present a copy of a report under section 96X(1) to the House of Representatives...
After completing a review under section 96W, the Commissioner may report to the relevant Minister if he or she has reasonable grounds to suspect that an approved information...
The Commissioner may, on his or her own initiative, conduct a review of the operation of an approved information sharing agreement...
This section applies if the parties to an approved information sharing agreement amend the agreement (whether in accordance with the Commissioner’s recommendation...
The Commissioner may require a lead agency to prepare a report under section 96S(1)(b) either...
A report prepared by a lead agency under section 96S(1)(b) must include the matters prescribed in regulations made under this Act that the Commissioner...
A lead agency for an information sharing agreement must, if the agreement is approved by Order in Council under section 96J(1)...
The requirement to give notice under section 96Q applies unless...
A party to an approved information sharing agreement must give written notice to an individual before it takes any adverse action against the individual on the basis...
If an information sharing agreement is approved by Order in Council, the Commissioner may prepare a report to the relevant Minister on any matter relating to privacy...
The agencies proposing to enter into an information sharing agreement must, before the proposed agreement is concluded...
Before recommending the making of an Order in Council, the relevant Minister must...
An Order in Council is a legislative instrument for the purposes of the Legislation Act 2012...
An Order in Council must provide that it comes into force on a date specified in the Order in Council (which must not be a date that is before the date on which it is made)...
An Order in Council must state, if applicable,the nature of the exemption...
The Governor-General may, by Order in Council made on the recommendation of the relevant Minister, approve an information sharing agreement....
An information sharing agreement must be in writing...
If only 1 public sector agency that is a department enters into an information sharing agreement, it must be designated as the lead agency for the agreement...
An agency that represents the interests of a class of agencies may enter into an information sharing agreement with a department if that agency is...
Any 2 or more of the following may enter into an information sharing agreement...
An approved information sharing agreement may authorise a part of an agency to share any personal information with 1 or more parts of...
An approved information sharing agreement may authorise an agency to share any personal information with 1 or more other agencies in accordance with the terms of the agreement...
In this Part, unless the context otherwise requires adverse action...
To avoid doubt, nothing in this Part limits the collection, use, or disclosure of personal information...
The purpose of this Part is to enable the sharing of personal information to facilitate the provision of public services...
This section applies to the Commissioner adn every person...
Subject to subsection (2) and to section 94, any person who is bound by the provisions of any enactment to maintain secrecy in relation to...
Except as provided in section 119, every person shall have the same privileges in relation to the giving of information to, the answering of questions put by...
Where any requirement to which section 92 applies is made to any agency, the agency may extend the time limit set out in subsection (2) of that section in respect of that requirement if...
This section applies in every case where, during the course of an investigation under Part 8 of any decision of any agency in relation to an information privacy request, the Commissioner...
he Commissioner may summon before him or her and examine on oath any person who in the Commissioner’s opinion is able to give information relevant to...
Every investigation under Part 8 by the Commissioner shall be conducted in private...
Sections 92Q to 92W and Part 4 of the Human Rights Act 1993 shall apply, with such modifications as are necessary...
In any proceedings under section 82 or section 83, the Tribunal may award damages against the defendant for an interference...
Where, by any provision of the information privacy principles or of this Act or of a code of practice issued under section 46 or section 63...
Whether or not the Director of Human Rights Proceedings is or was a party to the proceedings before the Human Rights Review Tribunal...
If, in any proceedings under section 82 or section 83, the Tribunal is satisfied on the balance of probabilities that any action of the defendant...
In any proceedings before the Human Rights Review Tribunal, the Director of Human Rights Proceedings or the aggrieved individual (as the case may be)...
Notwithstanding section 82(2), the aggrieved individual (if any) may himself or herself bring proceedings before the Human Rights Review Tribunal against a person to...
This section applies to any person in respect of whom an investigation has been conducted under this Part...
Nothing in sections 76, 77, and 82 to 89 applies to any complaint made under this Part in relation to an action of an intelligence and security agency...
If, during or after any investigation, the Commissioner is of the opinion that there is evidence of any significant breach of duty or misconduct...
This section applies to any interference with the privacy of an individual involving a breach of any of principles 1, 2, 3, 4, 8, 9, 10, and 11...
Notwithstanding anything in section 77, where the Commissioner, after making any investigation under this Part...
Where the Commissioner, after making any investigation under this Part, is of the opinion...
The Commissioner may call a conference of the parties to a complaint by...
Where any investigation is made following a complaint, the Commissioner shall conduct the investigation with due expedition...
Where it appears from a complaint, or any written response made in relation to a complaint under section 73(b)(ii)...
Before proceeding to investigate any matter under this Part, the Commissioner...
Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates...
Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates...
Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly...
Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly...
The Commissioner may in his or her discretion decide to take no action or, as the case may require, no further action, on any complaint if, in the Commissioner’s opinion...
On receiving a complaint under this Part, the Commissioner may investigate the complaint...
The functions of the Commissioner under this Part shall be to investigate any action...
A complaint to the Commissioner may be made either orally or in writing...
Any person may make a complaint to the Commissioner alleging that any action is or appears to be an interference with the privacy of an individual....
For the purposes of this Part, an action is an interference with the privacy of an individual if, and only if in relation to that individual...
The Governor-General may from time to time, by Order in Council made on the advice of the responsible Minister given after consultation with the Commissioner...
Where a code of practice issued under section 63 is in force the doing of any action that would otherwise be a breach of a public register privacy principle...
The Commissioner may from time to time issue, in relation to any public register, a code of practice....
The public register privacy principles do not confer on any person any legal right that is enforceable in a court of law...
The Commissioner may, on complaint made to the Commissioner by any person or on the Commissioner’s own initiative, inquire into any public register provision...
Subject to subsection (3), the agency responsible for administering any public register shall, in administering that register...
Personal information shall be made available from a public register for no charge or for no more than a reasonable charge...
Personal information in a public register shall not be made available by means of electronic transmission, unless the purpose of the transmission...
Personal information obtained from a public register shall not be re-sorted, or combined with personal information obtained from any other public register...
Personal information shall be made available from a public register only by search references that are consistent with the manner in which the register is indexed or organised...
In this Part, unless the context otherwise requires...
Information privacy principles 2, 3, and 4(b) do not apply to information collected by an intelligence and security agency...
Nothing in the information privacy principles applies in respect of the collection of personal information by an agency that is an individual...
Nothing in principle 6 or principle 7 applies in respect of personal information in the course of transmission by post, telegram, cable, telex, facsimile transmission...
The Commissioner may authorise an agency to collect, use, or disclose personal information, even though that collection...
Where a code of practice issued under section 46 is in force he doing of any action that would otherwise be a breach of an information privacy principle shall...
If the Commissioner considers that it is necessary to issue a code of practice under section 46, or to amend or revoke any such code of practice...
The Commissioner may from time to time issue an amendment or revocation of a code of practice issued under section 46...
All codes of practice issued under section 46 are disallowable instruments, but not legislative instruments...
Where a code of practice is issued under section 46 the Commissioner shall ensure that there is published in the Gazette...
Subject to section 52, the Commissioner shall not issue a code of practice under section 46 unless...
Subject to section 48, the Commissioner may issue a code of practice under section 46 on the Commissioner’s own initiative or on the application of any person....
The Commissioner may from time to time issue a code of practice...
Where an information privacy request is made pursuant to subclause (1)(b) of principle 6, the agency...
Where an information privacy request made by an individual is refused, the agency shall...
Where the information in respect of which an information privacy request is made is comprised in a document and there is good reason...
Where the information in respect of which an information privacy request is made by any individual is comprised in a document...
Where an information privacy request is made or transferred to an agency, the agency may extend the time limit set out in section 39 or section 40(1) in respect of the request if...
Subject to this Act, the agency to which an information privacy request is made or transferred in accordance with this Act shall, as soon as reasonably practicable...
Where an information privacy request is made to an agency or is transferred to an agency in accordance with this section...
It is the duty of every agency to give reasonable assistance to an individual, who wishes to make an information privacy request...
If an individual making an information privacy request asks that his or her request be treated as urgent, that individual shall give his or her reasons why the request should be treated as urgent...
Where a public sector agency satisfies the Commissioner that the agency is commercially disadvantaged...
Subject to section 36, a public sector agency shall not require the payment, by or on behalf of any individual who wishes to make an information privacy request, of any charge in respect of...
An information privacy request may be made only by an individual...
This Part applies to the following requests (in this Act referred to as information privacy requests)...
Where a request made pursuant to principle 6 relates to information to which section 27 or section 28 applies...
Subject to sections 7, 31, and 32, no reasons other than 1 or more of the reasons set out in sections 27 to 29 justifies a refusal to disclose any information requested pursuant to principle 6...
An agency may refuse to disclose any information requested pursuant to principle 6 if...
Subject to subsection (2), an agency may refuse to disclose any information requested pursuant to principle 6 if the withholding of the information is necessary to protect information...
An agency may refuse to disclose any information requested pursuant to principle 6 if the disclosure of the information would be likely...
As soon as practicable after the expiry of the period of 3 years beginning on the commencement of this section, and then at intervals of not more than 5 years, the Commissioner shall...
The provisions of Schedule 1 shall have effect in relation to the Commissioner and the Commissioner’s affairs...
Without limiting the right of the Commissioner to report at any other time, but subject to section 120, the annual report of the Commissioner under section 150...
It shall be the responsibility of each agency to ensure that there are, within that agency, 1 or more individuals whose responsibilities include...
For the purpose of the publication of any directory or any supplementary material pursuant to section 21...
The Commissioner may from time to time, as the Commissioner thinks fit, cause to be published 1 or more publications that include all or any of the following information...
If at any time it appears to the Commissioner that it may be desirable to obtain a declaratory judgment or order of the High Court in accordance with the Declaratory Judgments...
In addition to the matters in section 30(2) of the Crown Entities Act 2004, a member of a local authority is disqualified from being appointed as Commissioner...
In the performance of his or her functions, and the exercise of his or her powers, under this Act, the Commissioner shall...
In the performance of his or her functions, and the exercise of his or her powers, under this Act, the Commissioner shall...
The functions of the Commissioner shall be to promote...
There shall be a Commissioner called the Privacy Commissioner...
The entitlements conferred on an individual by subclause (1) of principle 6, in so far as that subclause relates to personal information held by a public sector agency...
For the purposes of principle 5 and principles 8 to 11, information held by an agency includes information that is held outside New Zealand by that agency...
Nothing in principle 11 shall apply, before 1 July 1996, in relation to the disclosure, by any agency, of personal information collected...
Subject to subsection (4), principles 1 to 4 apply only in relation to information collected after the commencement of this section...
Nothing in principle 6 or principle 11 derogates from any provision that is contained in any enactment and that authorises or requires personal information to be made available...
An agency that holds personal information shall not disclose the information to a person or body or agency unless the agency believes, on reasonable grounds...
An agency that holds personal information shall not disclose the information to a person or body or agency unless the agency believes, on reasonable grounds...
An agency that holds personal information that was obtained in connection with one purpose shall not use the information for any other purpose unless the agency believes...
An agency that holds personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used...
An agency that holds personal information shall not use that information without taking such steps (if any) as are, in the circumstances...
Where an agency holds personal information, the individual concerned shall be entitled to request correction of the information...
Where an agency holds personal information in such a way that it can readily be retrieved, the individual concerned shall be entitled...
An agency that holds personal information shall ensure that the information is protected...
Personal information shall not be collected by an agency by unlawful means...
Where an agency collects personal information directly from the individual concerned, the agency shall take such steps (if any) as are, in the circumstances...
Where an agency collects personal information, the agency shall collect the information directly from the individual concerned...
Personal information shall not be collected by any agency unless the information is collected for a lawful purpose connected with a function or activity of the agency...
This Act binds the Crown.,...
For the purposes of this Act, an action done by, or information disclosed to, a person employed by,...
Subject to subsection (2), information that is held by an officer or employee or member of an agency in that person’s capacity as such an officer or employee or member...
In this Act, unless the context otherwise requires action, includes...
Once upon a time there were only 2 things certain in life & now there are 3.
The sooner you come to grips with GDPR, the better of you’ll be in the long run.
Following these six steps will place you in good standing with GDPR protocols, setting your path towards a bright future with your audience.
Forget bitcoin, trust is the new currency of the future!
When it’s for contractual reasons, for example you purchased a product, service, made a donation and actions of similar nature, it generally ranges about 6-7 years.
It’s always good to reach out to the entity to clarify this for you. You’ll find that the majority of companies will be more than happy to answer your question. Keep in mind that they have 30 days to respond to you.
If they don’t, then you can file an official complaint via our online form FILE A COMPLAINT. This service is also part of our free membership.
Here is a great infograph from Erik Underwood c/o TechRepublic, with interesting insights into why your data is being collected.
