Privacy Policy
Arotahi Privacy Policy
Privacy is given serious importance at The New Zealand Baptist Missionary Society (“Arotahi”, “we”, “us”, “our”). We maintain to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.
We strongly encourage you to go through this Privacy Policy carefully. A thorough understanding will help you make an informed decision when giving personal information to us.
If you are primarily based in the European Union and use our website and/or Services, we have some additional terms laid out in the addendum (“GDPR Addendum”) which apply to you.
This Privacy Policy does not limit your existing rights under relevant privacy and data protection laws.
1.0 Collection of Personal Information
Arotahi collects personal information to enable us to provide a service to you, raise financial support from you or otherwise engage with you. The information collected from an identifiable individual may include that individual’s name, date of birth, country of residence, IRD number, bank account information and contact details (physical address, email address, fax number and landline and/or mobile number or other contact details you provide us) as well as information on companies, trusts or other entities associated with the individual. We also collect information about how you use our website (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, information contained in your correspondence with us or survey responses and other information required to provide a service or information you have requested from us.
Arotahi collects and holds such personal information that we may collect directly from you when you:
- make a request for provision of our Services,
- become a member and we provide you with the Services,
- make donations,
- use our website,
- contact the Arotahi support team,
- visit our website.
You may choose to not disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.
2.0 Arotahi may receive personal information from you about others
Through your use of the Services, Arotahi may also collect information from you about someone else where you have authorised us to do so (for example, by choosing a feature of the website that contemplates the interaction with a third party website or feature or user) or where the information is publicly available. This could include personal information collected when users you have invited use our Services or website (“User Data”). If you provide Arotahi with personal information about someone else, you must ensure that you are authorised to disclose that information to Arotahi and that, without Arotahi taking any further steps required by applicable data protection or privacy laws, Arotahi may collect, use and disclose such information for the purposes described in this Privacy Policy.
This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Privacy Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Arotahi’s identity, and how to contact Arotahi.
3.0 Arotahi collects, holds, and uses your personal information for limited purposes
Arotahi collects the personal information to assist us in providing you with the Services that you have requested. This information may be used for purposes including to:
- provide the requested Services to you,
- market our Services and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
- carry out training of our personnel in relation to the Services,
- ensure we comply with laws and regulations in applicable jurisdictions,
- keep open lines of communication with you, including in response to a complaint,
- accept and process your donations. This includes authorising us to process credit card transactions, and
- any other use that is authorised by you or relevant privacy laws.
In the event of a sale, merger, consolidation, liquidation, reorganisation or acquisition, your information may be transferred.
When we collect and process User Data we act as an agent of you for the purposes of the New Zealand Privacy Act 2020 and any other relevant privacy laws. If applicable, we also act as the data processor for the purposes of the General Data Protection Regulation of the European Union (“GDPR”). Such User Data will only be processed in accordance with this Privacy Policy and in compliance with all applicable privacy laws.
By using our website or asking us to provide you with the Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. Arotahi will only use your personal information in the ways outlined in this Privacy Policy or if we have your express permission. If you have any personal information related to your engagement with our Services such as a password, it is your responsibility to keep that safe. If you become aware of any breach of your security, you should contact us immediately and change your password.
4.0 Arotahi can collect your non-personally identifiable data
When you use our Services, you are agreeing to Arotahi accessing, aggregating and using non-personally identifiable data collected from you. This data does not identify you nor any other individual.
This data may be used to:
- help us understand how our clients are engaging with our Services and website, for example, the busiest days of the month, quantity and timing of payments and most popular web pages;
- provide clients with further information regarding the uses and benefits of our Services;
- increase business productivity as the aggregated data can provide relevant business insights; and
- otherwise improve our website and Services.
5.0 Transfer and storage of personal information
All information that you provide to us or is entered into our website or collected from your visiting our website is automatically transferred to the Arotahi servers. When you use our Services, you consent to your personal information being held by our servers as outlined in this Privacy Policy.
The website and Services may be supported by businesses that are outside of your country. If you are situated within the European Economic Area (EEA), please refer to the GDPR Addendum. This will outline how personal data is transferred from the EEA.
As at the date of this Privacy Policy, our servers are located in New Zealand, hosted by MyHost and in Australia, hosted by Microsoft Azure cloud services. We also use Microsoft Office 365 for our email and other office productivity applications. Your personal information will be transmitted through and stored on, those servers as part of the Services. If the location of our servers changes in the future, we will update this Privacy Policy. We would encourage you to frequently review our Privacy Policy so you are aware of any changes.
Arotahi is based in New Zealand and may access your personal information from New Zealand. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection. This decision provides our basis for transferring personal information to New Zealand.
By providing your personal information to Arotahi, you consent to us storing your personal information on servers hosted by MyHost and Microsoft Azure cloud services and accessing your personal information from New Zealand. If your personal information is be stored on servers located in other countries, it will remain within Arotahi’s effective control at all times. The server host’s role is limited to providing a hosting and storage service to Arotahi, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
If you are not comfortable with your personal information being transferred to a server in another jurisdiction, you should not provide Arotahi with your personal information or use our website.
6.0 Arotahi is committed to protecting your personal information
Arotahi will at all times work to ensure that we are taking all the steps to protect your personal information. The information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all data transferred between you and the website for the provision of the Services is encrypted.
Despite our best efforts, the internet itself cannot be trusted as a secure environment. Consequently, we are unable to give an absolute promise that your information will always be safe. Sharing of personal information over the internet is to be done at your own risk. You should only give out your personal information to the website within a secure environment.
If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.
7.0 Arotahi will only release your Personal Information in limited circumstances
The Personal information which you provide to us will only be disclosed if it is necessary, appropriate and achieves the outcome for which you engaged our Services and as outlined in our Terms of Use.
Unless there is a sale, merger, consolidation, liquidation, reorganisation or acquisition, Arotahi will not disclose your personal information to a third party unless we have your express consent. It is important to note however, that we may have to do so without your consent to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, required by law. If it is possible and appropriate, we will endeavour to notify you to let you know this has occurred.
Your personal information is not controlled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.
Our advertising and analytics partners may receive information about your use of our website through cookies, web beacons and similar storage technologies. More information on this can be found in the Cookies section of this Privacy Policy.
8.0 Arotahi does not store your credit card details
If you need to use your credit card for any of our Services, your credit card details will not be stored online and cannot be accessed by our staff. However your credit card details may be encrypted and securely stored by our chosen payment provider. This will enable Arotahi to automatically bill your credit card on a recurring basis.
9.0 Requesting access to your personal information
It is up to you to ensure that the personal information you provide is accurate, complete and up-to-date. Unless there are certain legal grounds for refusing, you may ask to access the personal information we have that is readily available. You may also ask us to update or correct any information we have about you. This may be done by requesting in writing and sending it to us at PO Box 12149, Penrose, Auckland, New Zealand 1061 or by email to hello@arotahi.org.nz. You will need to prove that you are the individual to whom the personal information relates.
We will process your request as soon as reasonably practicable, unless there are legal grounds preventing us from doing so. We will explain why if we are unable to do so. One example for refusal would be if access would unreasonably impact the privacy of another individual. If you request a correction and we have to refuse, reasonable steps will be taken to note down that you requested that correction.
If appropriate and reasonable, we may charge you the cost of providing and/or correcting your personal information.
Your personal information will only be kept for as long as it is needed. There may be circumstances however where we have to keep the information for a specified amount of time to meet various legal and reporting requirements.
10.0 Arotahi uses cookies
A cookie is a small text file that is stored on your computer for record-keeping purposes. It does not identify you personally or contain any other information about you but it does identify your computer. Arotahi’s website uses these cookies.
Along with some of our affiliates and third-party service providers, Arotahi may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on our website. Amongst other purposes, these can be used to track how the website is being used and the level of engagement with ads.
You have the ability to get your browser to send you an alert when you receive a cookie. This then gives you the chance to accept or reject it. If you refuse a cookie, this can have a negative impact on how the website is used or functions. Note, Arotahi does not respond to or honour “Do Not Track” requests at this time.
Performance and targeting cookies may be used when you visit our website.
Performance cookies serve to collect information on how you use the website. This can tell us about our most popular pages, and if you have received any error messages while on the pages. No identifying personal information is gathered via these cookies. Instead, these cookies only work to improve the usage of the website. As a result of the cookies, Arotahi may be sent reports showing aggregate numbers and trends from third party analytics partners.
Alternatively, targeting cookies provide you with personalised advertisements that are related to you and your interests. They can determine how often you see a particular advertisement and can measure whether the advertising campaign has been effective. They will remember that you have visited the website and may share this information with other parties such as advertisers. As a result, you may see advertisements about our Services in other areas of the internet. When you use our website, third party providers may display advertisements relevant to your interests. This information will have been generated by your previous use of the website and other browsing history. Your browser collects information about your internet use. Third party providers then use this information to place ads on websites throughout the internet that may relate to you and your interests.
It is possible to opt-out of targeted advertising at http://www.youronlinechoices.eu/. You can learn more about interest-based advertising and opt out of interest-based advertising from participating online advertising companies at the following links:
Digital Advertising Alliance EU (EDAA) – http://www.youronlinechoices.com/
DAA AppChoices page – http://www.aboutads.info/appchoices
Network Advertising Initiative (NAI) – http://optout.networkadvertising.org/
Digital Advertising Alliance (DAA) – http://optout.aboutads.info/
You should be aware that opting out will not stop the advertising all together. You will instead be served with generic ads.
11.0 You may opt out of any email communications
Arotahi uses email to send out various information relating to billing, marketing our services and general communication. There are clear instructions on the emails explaining how to remove yourself from our mailing list. If you choose to opt out, this will not remove you from receiving emails about breaches (if relevant) or any changes to the Privacy or Terms of Use policies.
12.0 Your responsibility in transferring your data to third-party applications
Our website may have links or ads that get you to follow a link to a third-party application or website. It is your responsibility to be vigilant when giving out personal information on these links as Arotahi has no control, and takes no responsibility for these websites and applications.
13.0 Privacy complaints process
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation:
- Email: hello@arotahi.org.nz
- Post: PO Box 12149, Penrose, Auckland, New Zealand 1061
We will:
- Send you an initial response to your query or complaint within ten (10) business days; and
- Look into and seek to resolve the issue within twenty (20) business days. If necessary, we may need a longer period to do this but will notify you of this delay.
14.0 This Privacy Policy may be updated
Arotahi reserves the right to change this Privacy Policy at any time. The amended Privacy Policy will be considered effective as soon as it is posted to this website. If you continue to access and use our website and/or receive our Services, you will be considered to have accepted the amended Privacy Policy.
This Privacy Policy was last updated on 22 November 2022.
GDPR Addendum
If you are located in the European Union (“EU”), and wish to use our website and/or Services, the GDPR applies to you. These additional terms (“GDPR Addendum”) apply to this and make up part of our Privacy Policy.
The EU General Data Protection Regulation (“GDPR”) was set up to control the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in the Arotahi Privacy Policy comes under the personal data in the GDPR. It is important to us that we comply with the GDPR when dealing with the personal data of EU-based visitors to our website.
This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to a member of our office team via email: hello@arotahi.org.nz.
For the purposes of the GDPR:
- Arotahi is the data controller (as defined in the GDPR) when processing personal information.
- MyHost and Microsoft Azure cloud services is the data processor when processing personal information.
1.0 Processing personal data
The personal information outlined in this Privacy Policy is the personal data that Arotahi may process. Any processing done will be to achieve the purposes set out in this Privacy Policy.
As permitted under the GDPR we can process your information for the purposes described in the body of the Privacy Policy by relying on one or more of the following lawful grounds: (a) you have agreed with us explicitly that we may process your information for a specific reason; (b) the processing of personal information is necessary to perform the agreement we have with you (or to take steps to enter into an agreement with you); © the processing is necessary for us to comply with our legal obligations; or (d) the processing is actually necessary for our legitimate interests, which include: (i) to protect our business interests; (ii) to ensure that complaints are appropriately investigated; (iii) to evaluate, develop or improve products and services we offer; or (iv) to keep you informed of relevant products and services, unless you indicate that you do not wish us to be kept updated. While we will generally rely on your specific consent to process special categories of personal data (i.e., ‘sensitive information’), in some cases (for example, relating to an alleged offence), we may need to use some information to comply with our legal obligations.
It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.
2.0 Your rights
The GDPR grants you certain rights in relation to your personal data. These include:
- right of access — you have the right to ask, and we have the obligation to confirm, if we are processing your personal data. We can also provide you with a copy of that data.
- right to rectification – if we hold inaccurate or incomplete personal data about you, you may ask to have it corrected or completed. Once notified, we will do all that we can to ensure the information is made right. We will also endeavour to pass on the correction if possible to any third parties with whom we have shared your personal data.
- right to erasure – your personal data is deleted once it has fulfilled its intended purpose. Provided it does not contravene any applicable laws, we will also delete your personal data if you send a request. If we have shared your personal data with any third parties, we will take reasonable steps to inform them of your request.
- right to withdraw consent – as mentioned above, our legal basis for processing your personal data is your consent. Therefore if you wish for us to stop processing your personal data, you may withdraw your consent at any time.
- right to restrict processing – you have the right to ask us to restrict or stop the processing of your personal data in certain circumstances. We will pass this request on to third parties where possible.
- right to object to processing – at any point you may also request that we stop processing your personal data all together. We will do this to the extent required by the GDPR.
- rights related to automated decision making, including profiling – At the time of this GDPR Addendum, Arotahi does not make any automated decision making or profiling using the personal information. If this were to change, you have the right to not be subject to a decision based solely on this automated processing, including profiling which can have a significant legal impact. The exceptions to this occur where such automated decision making is necessary for entering into, or fulfilling a contract with you, where relevant laws authorise it and when you have given explicit consent.
- right to data portability – we will give you any personal data that you have requested from us in a commonly used, machine readable and interoperable format to ensure you can access it. Where possible, and if you have requested, we will send your personal data to another data controller.
- the right to complain to a supervisory authority – if you have any concerns about the way in which we have dealt with your personal data, you may contact the relevant data protection supervisory authority.
If your personal data is used or obtained for direct marketing purposes, you have the right to object.
If you wish to exercise any of your rights listed above, please contact our Privacy Officer. If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
3.0 Children
It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.
4.0 International transfer of data
As we are based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us, we may transfer the personal data, so long as there are suitable safeguards.
The Arotahi Privacy Policy states that some of the personal information we collect is processed by third party data processors in other countries, including Australia. We will only transfer this data outside the EEA if that country has been given the adequacy status mentioned above, or if we have approved transfer instruments set up to protect your personal data. If you wish to know more, please contact us using the details in our Privacy Policy.
5.0 Data Retention Privacy Policy
We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.
6.0 Contacting us
Please contact us via the details as set out in our Privacy Policy.