Privacy is given serious importance at The New Zealand Baptist Missionary Society (“Arotahi”, “we”, “us”, “our”). We maintain to ensure that all relevant privacy and data protection laws are complied with when dealing with personal client information.
If you are primarily based in the European Union and use our website and/or Services, we have some additional terms laid out in the addendum (“GDPR Addendum”) which apply to you.
1.0 Collection of Personal Information
Arotahi collects personal information to enable us to provide a service to you, raise financial support from you or otherwise engage with you. The information collected from an identifiable individual may include that individual’s name, date of birth, country of residence, IRD number, bank account information and contact details (physical address, email address, fax number and landline and/or mobile number or other contact details you provide us) as well as information on companies, trusts or other entities associated with the individual. We also collect information about how you use our website (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, information contained in your correspondence with us or survey responses and other information required to provide a service or information you have requested from us.
Arotahi collects and holds such personal information that we may collect directly from you when you:
- make a request for provision of our Services,
- become a member and we provide you with the Services,
- make donations,
- use our website,
- contact the Arotahi support team,
- visit our website.
You may choose to not disclose this information to us. You should be aware however that it may mean we are restricted or prevented from providing our services to you.
2.0 Arotahi may receive personal information from you about others
3.0 Arotahi collects, holds, and uses your personal information for limited purposes
Arotahi collects the personal information to assist us in providing you with the Services that you have requested. This information may be used for purposes including to:
- provide the requested Services to you,
- market our Services and products relating to these Services. We may also send you newsletters and up to date information on changes via text, email or other electronic means (you can opt out of this by contacting us at any time),
- carry out training of our personnel in relation to the Services,
- ensure we comply with laws and regulations in applicable jurisdictions,
- keep open lines of communication with you, including in response to a complaint,
- accept and process your donations. This includes authorising us to process credit card transactions, and
- any other use that is authorised by you or relevant privacy laws.
In the event of a sale, merger, consolidation, liquidation, reorganisation or acquisition, your information may be transferred.
4.0 Arotahi can collect your non-personally identifiable data
When you use our Services, you are agreeing to Arotahi accessing, aggregating and using non-personally identifiable data collected from you. This data does not identify you nor any other individual.
This data may be used to:
- help us understand how our clients are engaging with our Services and website, for example, the busiest days of the month, quantity and timing of payments and most popular web pages;
- provide clients with further information regarding the uses and benefits of our Services;
- increase business productivity as the aggregated data can provide relevant business insights; and
- otherwise improve our website and Services.
5.0 Transfer and storage of personal information
The website and Services may be supported by businesses that are outside of your country. If you are situated within the European Economic Area (EEA), please refer to the GDPR Addendum. This will outline how personal data is transferred from the EEA.
Arotahi is based in New Zealand and may access your personal information from New Zealand. New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection. This decision provides our basis for transferring personal information to New Zealand.
By providing your personal information to Arotahi, you consent to us storing your personal information on servers hosted by MyHost and Microsoft Azure cloud services and accessing your personal information from New Zealand. If your personal information is be stored on servers located in other countries, it will remain within Arotahi’s effective control at all times. The server host’s role is limited to providing a hosting and storage service to Arotahi, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
If you are not comfortable with your personal information being transferred to a server in another jurisdiction, you should not provide Arotahi with your personal information or use our website.
6.0 Arotahi is committed to protecting your personal information
Arotahi will at all times work to ensure that we are taking all the steps to protect your personal information. The information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all data transferred between you and the website for the provision of the Services is encrypted.
Despite our best efforts, the internet itself cannot be trusted as a secure environment. Consequently, we are unable to give an absolute promise that your information will always be safe. Sharing of personal information over the internet is to be done at your own risk. You should only give out your personal information to the website within a secure environment.
If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.
7.0 Arotahi will only release your Personal Information in limited circumstances
Unless there is a sale, merger, consolidation, liquidation, reorganisation or acquisition, Arotahi will not disclose your personal information to a third party unless we have your express consent. It is important to note however, that we may have to do so without your consent to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, required by law. If it is possible and appropriate, we will endeavour to notify you to let you know this has occurred.
Your personal information is not controlled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.
8.0 Arotahi does not store your credit card details
If you need to use your credit card for any of our Services, your credit card details will not be stored online and cannot be accessed by our staff. However your credit card details may be encrypted and securely stored by our chosen payment provider. This will enable Arotahi to automatically bill your credit card on a recurring basis.
9.0 Requesting access to your personal information
It is up to you to ensure that the personal information you provide is accurate, complete and up-to-date. Unless there are certain legal grounds for refusing, you may ask to access the personal information we have that is readily available. You may also ask us to update or correct any information we have about you. This may be done by requesting in writing and sending it to us at PO Box 12149, Penrose, Auckland, New Zealand 1061 or by email to email@example.com. You will need to prove that you are the individual to whom the personal information relates.
We will process your request as soon as reasonably practicable, unless there are legal grounds preventing us from doing so. We will explain why if we are unable to do so. One example for refusal would be if access would unreasonably impact the privacy of another individual. If you request a correction and we have to refuse, reasonable steps will be taken to note down that you requested that correction.
If appropriate and reasonable, we may charge you the cost of providing and/or correcting your personal information.
Your personal information will only be kept for as long as it is needed. There may be circumstances however where we have to keep the information for a specified amount of time to meet various legal and reporting requirements.
A cookie is a small text file that is stored on your computer for record-keeping purposes. It does not identify you personally or contain any other information about you but it does identify your computer. Arotahi’s website uses these cookies.
Along with some of our affiliates and third-party service providers, Arotahi may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on our website. Amongst other purposes, these can be used to track how the website is being used and the level of engagement with ads.
You have the ability to get your browser to send you an alert when you receive a cookie. This then gives you the chance to accept or reject it. If you refuse a cookie, this can have a negative impact on how the website is used or functions. Note, Arotahi does not respond to or honour “Do Not Track” requests at this time.
Performance and targeting cookies may be used when you visit our website.
Performance cookies serve to collect information on how you use the website. This can tell us about our most popular pages, and if you have received any error messages while on the pages. No identifying personal information is gathered via these cookies. Instead, these cookies only work to improve the usage of the website. As a result of the cookies, Arotahi may be sent reports showing aggregate numbers and trends from third party analytics partners.
Alternatively, targeting cookies provide you with personalised advertisements that are related to you and your interests. They can determine how often you see a particular advertisement and can measure whether the advertising campaign has been effective. They will remember that you have visited the website and may share this information with other parties such as advertisers. As a result, you may see advertisements about our Services in other areas of the internet. When you use our website, third party providers may display advertisements relevant to your interests. This information will have been generated by your previous use of the website and other browsing history. Your browser collects information about your internet use. Third party providers then use this information to place ads on websites throughout the internet that may relate to you and your interests.
It is possible to opt-out of targeted advertising at http://www.youronlinechoices.eu/. You can learn more about interest-based advertising and opt out of interest-based advertising from participating online advertising companies at the following links:
Digital Advertising Alliance EU (EDAA) – http://www.youronlinechoices.com/
DAA AppChoices page – http://www.aboutads.info/appchoices
Network Advertising Initiative (NAI) – http://optout.networkadvertising.org/
Digital Advertising Alliance (DAA) – http://optout.aboutads.info/
You should be aware that opting out will not stop the advertising all together. You will instead be served with generic ads.
11.0 You may opt out of any email communications
12.0 Your responsibility in transferring your data to third-party applications
Our website may have links or ads that get you to follow a link to a third-party application or website. It is your responsibility to be vigilant when giving out personal information on these links as Arotahi has no control, and takes no responsibility for these websites and applications.
13.0 Privacy complaints process
If you are unhappy with how we have handled your personal information, you may send a complaint. Please provide us with the full details of your complaint along with any supporting documentation:
- Email: firstname.lastname@example.org
- Post: PO Box 12149, Penrose, Auckland, New Zealand 1061
- Send you an initial response to your query or complaint within ten (10) business days; and
- Look into and seek to resolve the issue within twenty (20) business days. If necessary, we may need a longer period to do this but will notify you of this delay.
This GDPR Addendum was drafted to be concise and easy to understand. It does not outline in exhaustive detail all aspects of our collection and use of personal data. If you wish to have more information or need an explanation, please contact us. Your request should be sent to a member of our office team via email: email@example.com.
For the purposes of the GDPR:
- Arotahi is the data controller (as defined in the GDPR) when processing personal information.
- MyHost and Microsoft Azure cloud services is the data processor when processing personal information.
1.0 Processing personal data
It is possible to use access and use our website without providing us with data. However some of our services will require you to provide us with your name and email address, for example if you sign up to any newsletters. If you choose not to divulge that information, we will be unable to provide you with our full services.
2.0 Your rights
The GDPR grants you certain rights in relation to your personal data. These include:
- right of access – you have the right to ask, and we have the obligation to confirm, if we are processing your personal data. We can also provide you with a copy of that data.
- right to rectification – if we hold inaccurate or incomplete personal data about you, you may ask to have it corrected or completed. Once notified, we will do all that we can to ensure the information is made right. We will also endeavour to pass on the correction if possible to any third parties with whom we have shared your personal data.
- right to erasure – your personal data is deleted once it has fulfilled its intended purpose. Provided it does not contravene any applicable laws, we will also delete your personal data if you send a request. If we have shared your personal data with any third parties, we will take reasonable steps to inform them of your request.
- right to withdraw consent – as mentioned above, our legal basis for processing your personal data is your consent. Therefore if you wish for us to stop processing your personal data, you may withdraw your consent at any time.
- right to restrict processing – you have the right to ask us to restrict or stop the processing of your personal data in certain circumstances. We will pass this request on to third parties where possible.
- right to object to processing – at any point you may also request that we stop processing your personal data all together. We will do this to the extent required by the GDPR.
- rights related to automated decision making, including profiling – At the time of this GDPR Addendum, Arotahi does not make any automated decision making or profiling using the personal information. If this were to change, you have the right to not be subject to a decision based solely on this automated processing, including profiling which can have a significant legal impact. The exceptions to this occur where such automated decision making is necessary for entering into, or fulfilling a contract with you, where relevant laws authorise it and when you have given explicit consent.
- right to data portability – we will give you any personal data that you have requested from us in a commonly used, machine readable and interoperable format to ensure you can access it. Where possible, and if you have requested, we will send your personal data to another data controller.
- the right to complain to a supervisory authority – if you have any concerns about the way in which we have dealt with your personal data, you may contact the relevant data protection supervisory authority.
If your personal data is used or obtained for direct marketing purposes, you have the right to object.
If you wish to exercise any of your rights listed above, please contact our Privacy Officer. If you are dissatisfied with how we deal with your request, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
It is not our intention to collect personal data from children under the age of 16. If you believe that a child under 16 has given us their personal data either through our website and/or by using our Services, please contact our Privacy Officer. If they can access it, then it is your responsibility to obtain the consent of any Guardian of any children who can access the website or the Services and you agree to do so.
4.0 International transfer of data
As we are based in New Zealand, the personal information that we collect through our website and our Services will be transferred to, and stored in, a country operating outside the European Economic Area (EEA). According to the GDPR, this transfer may only take place if the European Commission has decided that the country maintains an adequate level of protection. If this adequacy status is not granted to us, we may transfer the personal data, so long as there are suitable safeguards.
We will only keep personal information for as long as is needed to achieve its purpose, or to comply with relevant law, whichever is longer.
6.0 Contacting us