This policy covers:
- Personal information that we collect, and why
- How we collect it
- Where we store it
- Our storage security procedures
- Keeping it complete, up to date and accurate before we use it
- How long we can keep it
- What we can use it for
- When we can disclose it
- Allowing the person who is the subject of the information to access it
- Correcting it if it is wrong.
PGG Wrightson Group – New Zealand Operations
Date of issue
11 February 2015
PGG Wrightson Corporate Website
This policy is reviewed every 2 years by General Manager Strategy & Corporate Affairs with input from General Managers.
Related Policies and Documents
Privacy Act 1993
Code of Conduct
1. Policy Standard
This policy explains how PGW will manage all personal information from any source in accordance with the Privacy Act 1993 twelve information privacy principles.
PGW is committed to ensuring the privacy of personal information is protected and we strive to uphold the best practice privacy standards in the collection, storage and use of personal information.
Personal Information means information about an identifiable individual.
- PGW customers, suppliers and third parties
- Directors and Officers of PGW Group Companies
- Employees (full time and part time)
- Temporary and Casual employees
- Independent contractors (e.g. Real Estate, AGNZ, Livestock agents etc).
- Third party contractors e.g. consultants and
- The PGW Group of Companies (e.g. PGG Wrightson Ltd, subsidiaries of PGG Wrightson Ltd, associated companies over which PGW has significant influence JV companies or consortia which are under the day to day management of PGW or a subsidiary of PGW).
1.4 Privacy Act 1993 Principles
The 12 Privacy Principles can be viewed at: http://www.legislation.govt.nz/act/public/1993/0028/latest/DLM297038.html
How PGW complies with the Privacy Principles is set out below.
1.5 Personal information that we collect, and why
Personal information collected by PGW is collected for the purpose of managing customer transactions for products and services, supplier and other third party relationships, and employee relationships.
The personal information we collect differs depending on which of our products and services you are involved in, and may include:
- name, address and contact details
- date of birth
- account and newsletter preferences
- for employees, all employment related information
- for customers, information about a product or service you purchased from or sold to us, the place of purchase and information about your ownership of the product
- information about any call to us, including a recording of the call, details about the product(s) you bought, the reason why you contacted us and the advice we gave you
- information relating to your use of any of our loyalty programs and the rewards that you claim
- information about third party provider products that you obtain through us eg fuel cards
- your business contact details and other business information, place of employment and position
- product reviews, comments, photos and forum posts that you have submitted
- credit and financial information and checks, including validation of identity and property ownership
- information about your social network profile such as your social network ID, profile picture, gender and location
- the fact that you have clicked on a 'like' or 'tweet' or similar button in one of our websites or services or one of our pages on a social network site, which we may associate with the details that we store about you
- information about your visit to our website, such as your browser software, which pages you view and which items you 'clicked' on
- service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, domain, device and application settings, errors and hardware activity
- information about where your device is physically located (for example, when you are using a geo-location service or application and you have provided consent to your location being shared)
- interests and preferences that you specify during setup of an Internet enabled product or service
- in the case of candidates seeking employment with us, and our employees, information relevant to your employment history.
If we request personal information from you and you do not supply it, we may not be able to provide you with the product or service you request. We also sometimes collect information about people who are not our employees or customers as part of providing a product or service, for example the other party to a sales transaction that you are involved in.
1.6 How we collect personal information
Whenever possible, we collect personal information directly from you. Collection occurs when you first apply or request a product or service from us or start work with us, also during the course of our relationship with you we may continue to collect personal information. Information may be collected in various ways, such as mail, internet, telephone, face to face conversation, email, and in various formats such as forms, letters, electronic file notes and recorded conversations. Customers will be identified by a PGW customer number and password (if applicable). Employees will be identified by a PGW employee number and password (where applicable).
We may also collect personal information from other people, organisations and sources, such as when collection from you is impractical or where you have consented to us collecting it from someone else. These may be parties related to PGW or third parties such as your agent, where you have appointed an agent to act on your behalf in dealings with us (e.g. a broker or lawyer), or employment referees that prospective employees have given us.
1.7 Where we store personal information
PGW stores customer and employee personal information in a number of locations, including:
- customer and employee documentation is scanned into PGW’s computer systems, various equipment, programmes, databases and digital archives
- physical paperwork is filed in a secure location
- electronic files are stored securely with third party cloud-hosting providers
These storage mechanisms may be managed internally by PGW and held locally in New Zealand, or they could be managed by a third party storage provider with whom PGW has a contractual relationship and be held on a server locally or overseas.
1.8 PGW’s storage security procedures
PGW will take all reasonable steps to store your personal information safeguarding against loss, misuse and disclosure, such as:
- following certain procedures, for example checking your identity against available data when you telephone us and using secure passwords for our computer systems
- limiting physical access to PGW’s premises
- limiting access to personal information to those who specifically need it to conduct their business responsibilities
- requiring our third party providers to have acceptable security measures to keep personal information secure
- putting in place physical, electronic, and procedural safeguards in line with industry standards and
- destroying personal information pursuant to the law and our record retention policies.
PGW cannot guarantee that your personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur. If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. Please notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.
1.9 Keeping personal information complete, up to date and accurate before we use it
PGW will not use any personal information about our customers or employees without taking reasonable steps to ensure that the information is up to date, complete, relevant and not misleading.
Please take care when submitting personal information to us, in particular when completing free text fields or uploading documents and other materials. Some of our services are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
If you believe that any of the personal information that we hold about you is not accurate, complete or up- to-date, please let us know.
1.10 How long we can keep personal information
PGW will keep personal information about customers or employees for as long as they continue to hold that relationship with PGW.
Thereafter, personal information will not be used after six years of the termination of the relationship, unless required by law.
1.11 What we can use personal information for
Personal information will be used by PGW in association with any past or future sales, transactions, interactions or proposals between PGW and the customer or employee including to:
- identify you when you telephone us to make an enquiry. For example, we may ask for your date of birth so that we can avoid disclosing information to a person who is not authorised by you to receive it
- contact you about any services and products provided by us previously, now or in the future
- help prevent or detect fraud or loss
- contact you by any means (including mail, email or telephone) in relation to a particular service or product
- contact you for research/feedback purposes
- make changes to your PGW account details
- provide you with a product or service you have requested, including checking that a payment is not made fraudulently, delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion
- train staff and for quality assurance purposes
- obtain opinions or comments about PGW products and/or services, including conducting product surveys
- respond to your requests for information when you contact us about PGW and its products and services
- conduct prize draws, contests and other promotional offers
- consider employing you if you contact us via one of PGW's job application websites
- record statistical data for marketing analysis
- manage employee information, including using it for human resources, payroll and health and safety matters, and data-matching.
1.12 When we can disclose personal information
PGW will not give personal information to a third party unless:
- it is one of the purposes for which the information has been obtained (for example to undertake a credit check for the purpose of processing an application for credit, or for bank transaction business)
- it is disclosure to the customer or a person authorised by the customer
- it is necessary to enable a sale of PGW’s business
- it is necessary to prevent a serious or imminent threat to public health or safety
- it is authorised by the Privacy Commissioner
- the personal information is publicly available
- it is necessary to avoid prejudice to the maintenance of law or
- the information will not be used in a form which identifies you.
In general, PGW does not sell, rent or otherwise disclose information about you to third parties without your consent. However, there are exceptions. PGW may disclose your personal information to third party service providers so that they can provide certain contracted services to PGW, such as IT support or programming, hosting services, telephony services, fulfilling orders, delivering packages, mailing or sending of documents to you electronically or otherwise, processing payments including Rewards Cards payment and providing fraud checking services.
We prepare anonymous, aggregate or generic data (including "generic" statistics) for a number of purposes, including for product and service development, business promotion and research purposes. As we consider that this is not personal information, we may share it with any third party (such as our suppliers, advertisers, industry bodies, the media and/or the general public).
1.13 Allowing the person who is the subject of the information to access personal information
Any individual is entitled to confirmation from PGW as to whether we hold personal information and are entitled to request a copy of that personal information, which will be provided within 20 working days if it is readily retrievable.
To protect the privacy of our customers, PGW will verify our customer is who they say they are before we provide access to or change information.
Any requests made by an agent on your behalf (such as a lawyer or broker) must be accompanied by a written authority from you authorising that particular agent to act on your behalf.
Any requests from outside of PGW for access to personal information should be made to the General Manager Strategy & Corporate Affairs.
Any requests from PGW employees for access to personal information should be made to the General Manager HR.
The Act outlines circumstances under which we may refuse to allow you access to some or all of your personal information. In such cases, we will give you a reason for our decision.
1.14 Correcting personal information
Individuals have the right to request access to personal information we hold about them, and request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.
1.15 Unique identifiers
A “unique identifier” is a tag that does not use the individual’s name. PGW will only assign a unique identifier, eg a customer account number or employee number, if this is necessary to enable us to carry out our functions effectively.
1.16 PGW mailing lists
PGW may use your information to provide you with newsletters and other communications by post, email, telephone and/or text message, if you have provided your prior consent or we are otherwise permitted to do so under applicable law.
You can change your marketing communication preferences at any time:
- if you would like to unsubscribe from an email sent to you, follow the 'unsubscribe' link and/or instructions placed (typically) at the bottom of the email. But note that:
- if you use more than one e-mail address to contact PGW, you will need to unsubscribe separately for each email address and
- this method will only unsubscribe for the newsletter or other communication that you have received and you should use one of the other methods if you wish to opt-out of all our marketing communications,
- you can contact us in order to change your marketing communication preferences.
1.17 PGW’s websites
PGW’s websites collect the domain names, not the email addresses of visitors. Our web server may require you to place a “cookie” (small data file) on your computer’s hard drive, in order to track statistical information about navigation to and throughout certain areas of the site. If you are just surfing and reading information on our website, then we collect and store the following information about your visit:
- the IP address of your machine when connected to the Internet and the domain name from which you are accessing the Internet
- the operating system and the browser your computer uses, and any search engine you are using
- the date and time you are visiting
- the URLs of the pages you visit
- if you provide it, your email address
We use that information to measure the number of visitors to different parts of the site and, for example, to measure the effectiveness of advertising. Although we may publish aggregated information about usage patterns, we do not disclose information about individual machines except for the reasons set out below in this section. We do not sell information which identifies you personally. We may gather more extensive information if we are concerned, for example, about security issues. If we think it is necessary, we can disclose information to relevant law enforcement authorities, such as the Police or the Department of Internal Affairs.
Some of our online services may allow you to upload and share messages, photos, video and other content and links with others and/or create a publically accessible profile for your account. For example:
- the communities and forums area of our websites, allows you to post comments (with your account name), which are visible to other users of that service and
- other services allow you to share a link which if clicked on may allow the recipient to access your uploaded content.
You should not expect any information that you make available to others via PGW's online services to be kept private or confidential. Content and links that you share might, for instance, be forwarded by your recipients to others. You should always exercise discretion when using such services.
1.18 Monitoring communications
PGW may monitor and record communications we receive, including recording and storing phone calls. This may be done for quality and training purposes to improve the service that we provide, to ensure compliance with our practices and procedures and/or to provide evidence of a transaction such as where a contract is entered into, or a claim is made.
2. Clarification and Breaches
Further clarification of this policy can be obtained from:
- for PGW employees and contractors – the General Manager HR
- for legal issues, the General Manager Strategy & Corporate Affairs
- for customers and third parties – the Business Support Services Manager or Contact Centre Manager.
2.2 Breaches of policy
If you want to report a suspected breach of your privacy or you do not agree with a decision regarding access to your personal information, please contact us. We have an internal complaints process to address such issues and will promptly acknowledge and investigate complaints.
Any enquires or complaints can be made direct to the PGW managers outlined in section 2.1.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the office of the Privacy Commissioner phone toll free 0800 80 39 09.