HOMEPrivacy Policy

Privacy Policy

 Arotahi Privacy Policy 

Privacy is given serious impor­tance at The New Zealand Baptist Mis­sion­ary Society (“Arotahi”, “we”, “us”, “our”).  We main­tain to ensure that all rel­e­vant privacy and data pro­tec­tion laws are com­plied with when dealing with per­sonal client information.

We strongly encour­age you to go through this Privacy Policy care­fully. A thor­ough under­stand­ing will help you make an informed deci­sion when giving per­sonal infor­ma­tion to us.

If you are pri­mar­ily based in the Euro­pean Union and use our website and/or Ser­vices, we have some addi­tional terms laid out in the adden­dum (“GDPR Adden­dum”) which apply to you.

This Privacy Policy does not limit your exist­ing rights under rel­e­vant privacy and data pro­tec­tion laws.

1.0 Col­lec­tion of Per­sonal Information

Arotahi col­lects per­sonal infor­ma­tion to enable us to provide a service to you, raise finan­cial support from you or oth­er­wise engage with you. The infor­ma­tion col­lected from an iden­ti­fi­able indi­vid­ual may include that individual’s name, date of birth, country of res­i­dence, IRD number, bank account infor­ma­tion and contact details (phys­i­cal address, email address, fax number and land­line and/or mobile number or other contact details you provide us) as well as infor­ma­tion on com­pa­nies, trusts or other enti­ties asso­ci­ated with the indi­vid­ual. We also collect infor­ma­tion about how you use our website (for example, traffic volumes, time spent on pages), your IP address and/or other device iden­ti­fy­ing data, infor­ma­tion con­tained in your cor­re­spon­dence with us or survey responses and other infor­ma­tion required to provide a service or infor­ma­tion you have requested from us.

Arotahi col­lects and holds such per­sonal infor­ma­tion that we may collect directly from you when you:

  • make a request for pro­vi­sion of our Services,
  • become a member and we provide you with the Services,
  • make dona­tions,
  • use our website,
  • contact the Arotahi support team,
  • visit our website.

You may choose to not dis­close this infor­ma­tion to us. You should be aware however that it may mean we are restricted or pre­vented from pro­vid­ing our ser­vices to you.

2.0 Arotahi may receive per­sonal infor­ma­tion from you about others

Through your use of the Ser­vices, Arotahi may also collect infor­ma­tion from you about someone else where you have autho­rised us to do so (for example, by choos­ing a feature of the website that con­tem­plates the inter­ac­tion with a third party website or feature or user) or where the infor­ma­tion is pub­licly avail­able.  This could include per­sonal infor­ma­tion col­lected when users you have invited use our Ser­vices or website (“User Data”).  If you provide Arotahi with per­sonal infor­ma­tion about someone else, you must ensure that you are autho­rised to dis­close that infor­ma­tion to Arotahi and that, without Arotahi taking any further steps required by applic­a­ble data pro­tec­tion or privacy laws, Arotahi may collect, use and dis­close such infor­ma­tion for the pur­poses described in this Privacy Policy.

This means that you must take rea­son­able steps to ensure the indi­vid­ual con­cerned is aware of and/or con­sents to the various matters detailed in this Privacy Policy, includ­ing the fact that their per­sonal infor­ma­tion is being col­lected, the pur­poses for which that infor­ma­tion is being col­lected, the intended recip­i­ents of that infor­ma­tion, the indi­vid­u­al’s right to obtain access to that infor­ma­tion, Arotahi’s iden­tity, and how to contact Arotahi.

3.0 Arotahi col­lects, holds, and uses your per­sonal infor­ma­tion for limited purposes

Arotahi col­lects the per­sonal infor­ma­tion to assist us in pro­vid­ing you with the Ser­vices that you have requested. This infor­ma­tion may be used for pur­poses includ­ing to:

  • provide the requested Ser­vices to you,
  • market our Ser­vices and prod­ucts relat­ing to these Ser­vices. We may also send you newslet­ters and up to date infor­ma­tion on changes via text, email or other elec­tronic means (you can opt out of this by con­tact­ing us at any time),
  • carry out train­ing of our per­son­nel in rela­tion to the Services,
  • ensure we comply with laws and reg­u­la­tions in applic­a­ble jurisdictions,
  • keep open lines of com­mu­ni­ca­tion with you, includ­ing in response to a complaint,
  • accept and process your dona­tions. This includes autho­ris­ing us to process credit card trans­ac­tions, and
  • any other use that is autho­rised by you or rel­e­vant privacy laws.

In the event of a sale, merger, con­sol­i­da­tion, liq­ui­da­tion, reor­gan­i­sa­tion or acqui­si­tion, your infor­ma­tion may be transferred.

When we collect and process User Data we act as an agent of you for the pur­poses of the New Zealand Privacy Act 2020 and any other rel­e­vant privacy laws. If applic­a­ble, we also act as the data proces­sor for the pur­poses of the General Data Pro­tec­tion Reg­u­la­tion of the Euro­pean Union (“GDPR”). Such User Data will only be processed in accor­dance with this Privacy Policy and in com­pli­ance with all applic­a­ble privacy laws.

By using our website or asking us to provide you with the Ser­vices, you consent to your per­sonal infor­ma­tion being col­lected, held and used in this way and for any other use you autho­rise. Arotahi will only use your per­sonal infor­ma­tion in the ways out­lined in this Privacy Policy or if we have your express per­mis­sion. If you have any per­sonal infor­ma­tion related to your engage­ment with our Ser­vices such as a pass­word, it is your respon­si­bil­ity to keep that safe. If you become aware of any breach of your secu­rity, you should contact us imme­di­ately and change your password.

4.0 Arotahi can collect your non-per­son­ally iden­ti­fi­able data

When you use our Ser­vices, you are agree­ing to Arotahi access­ing, aggre­gat­ing and using non-per­son­ally iden­ti­fi­able data col­lected from you. This data does not iden­tify you nor any other individual.

This data may be used to:

  • help us under­stand how our clients are engag­ing with our Ser­vices and website, for example, the busiest days of the month, quan­tity and timing of pay­ments and most popular web pages;
  • provide clients with further infor­ma­tion regard­ing the uses and ben­e­fits of our Services;
  • increase busi­ness pro­duc­tiv­ity as the aggre­gated data can provide rel­e­vant busi­ness insights; and
  • oth­er­wise improve our website and Services.

5.0 Trans­fer and storage of per­sonal information 

All infor­ma­tion that you provide to us or is entered into our website or col­lected from your vis­it­ing our website is auto­mat­i­cally trans­ferred to the Arotahi servers. When you use our Ser­vices, you consent to your per­sonal infor­ma­tion being held by our servers as out­lined in this Privacy Policy.

The website and Ser­vices may be sup­ported by busi­nesses that are outside of your country. If you are sit­u­ated within the Euro­pean Eco­nomic Area (EEA), please refer to the GDPR Adden­dum. This will outline how per­sonal data is trans­ferred from the EEA.

As at the date of this Privacy Policy, our servers are located in New Zealand, hosted by MyHost and in Aus­tralia, hosted by Microsoft Azure cloud ser­vices. We also use Microsoft Office 365 for our email and other office pro­duc­tiv­ity appli­ca­tions. Your per­sonal infor­ma­tion will be trans­mit­ted through and stored on, those servers as part of the Ser­vices. If the loca­tion of our servers changes in the future, we will update this Privacy Policy. We would encour­age you to fre­quently review our Privacy Policy so you are aware of any changes.

Arotahi is based in New Zealand and may access your per­sonal infor­ma­tion from New Zealand. New Zealand is recog­nised by the Euro­pean Com­mis­sion as a country that ensures an ade­quate level of data pro­tec­tion. This deci­sion pro­vides our basis for trans­fer­ring per­sonal infor­ma­tion to New Zealand.

By pro­vid­ing your per­sonal infor­ma­tion to Arotahi, you consent to us storing your per­sonal infor­ma­tion on servers hosted by MyHost and Microsoft Azure cloud ser­vices and access­ing your per­sonal infor­ma­tion from New Zealand. If your per­sonal infor­ma­tion is be stored on servers located in other coun­tries, it will remain within Arotahi’s effec­tive control at all times. The server host’s role is limited to pro­vid­ing a hosting and storage service to Arotahi, and we’ve taken steps to ensure that our server hosts do not have access to, and use the nec­es­sary level of pro­tec­tion for, your per­sonal information.

If you are not com­fort­able with your per­sonal infor­ma­tion being trans­ferred to a server in another juris­dic­tion, you should not provide Arotahi with your per­sonal infor­ma­tion or use our website.

6.0 Arotahi is com­mit­ted to pro­tect­ing your per­sonal information 

Arotahi will at all times work to ensure that we are taking all the steps to protect your per­sonal infor­ma­tion. The infor­ma­tion is stored on secure servers that have SSL Cer­tifi­cates issued by leading cer­tifi­cate author­i­ties, and all data trans­ferred between you and the website for the pro­vi­sion of the Ser­vices is encrypted.

Despite our best efforts, the inter­net itself cannot be trusted as a secure envi­ron­ment. Con­se­quently, we are unable to give an absolute promise that your infor­ma­tion will always be safe. Sharing of per­sonal infor­ma­tion over the inter­net is to be done at your own risk. You should only give out your per­sonal infor­ma­tion to the website within a secure environment.

If we become aware of any secu­rity breach relat­ing to your per­sonal infor­ma­tion, we will advise you as soon as we can.

7.0 Arotahi will only release your Per­sonal Infor­ma­tion in limited circumstances 

The Per­sonal infor­ma­tion which you provide to us will only be dis­closed if it is nec­es­sary, appro­pri­ate and achieves the outcome for which you engaged our Ser­vices and as out­lined in our Terms of Use.

Unless there is a sale, merger, con­sol­i­da­tion, liq­ui­da­tion, reor­gan­i­sa­tion or acqui­si­tion, Arotahi will not dis­close your per­sonal infor­ma­tion to a third party unless we have your express consent. It is impor­tant to note however, that we may have to do so without your consent to comply with any court orders, sub­poe­nas, or other legal process or inves­ti­ga­tion includ­ing by tax author­i­ties, required by law. If it is pos­si­ble and appro­pri­ate, we will endeav­our to notify you to let you know this has occurred.

Your per­sonal infor­ma­tion is not con­trolled, accessed or used by the third parties who host our servers, except for the intended use of storing that information.

Our adver­tis­ing and ana­lyt­ics part­ners may receive infor­ma­tion about your use of our website through cookies, web beacons and similar storage tech­nolo­gies. More infor­ma­tion on this can be found in the Cookies section of this Privacy Policy.

8.0 Arotahi does not store your credit card details

If you need to use your credit card for any of our Ser­vices, your credit card details will not be stored online and cannot be accessed by our staff. However your credit card details may be encrypted and securely stored by our chosen payment provider. This will enable Arotahi to auto­mat­i­cally bill your credit card on a recur­ring basis.

9.0 Request­ing access to your per­sonal information 

It is up to you to ensure that the per­sonal infor­ma­tion you provide is accu­rate, com­plete and up-to-date. Unless there are certain legal grounds for refus­ing, you may ask to access the per­sonal infor­ma­tion we have that is readily avail­able. You may also ask us to update or correct any infor­ma­tion we have about you. This may be done by request­ing in writing and sending it to us at PO Box 12149, Penrose, Auck­land, New Zealand 1061 or by email to hello@arotahi.org.nz. You will need to prove that you are the indi­vid­ual to whom the per­sonal infor­ma­tion relates.

We will process your request as soon as rea­son­ably prac­ti­ca­ble, unless there are legal grounds pre­vent­ing us from doing so. We will explain why if we are unable to do so. One example for refusal would be if access would unrea­son­ably impact the privacy of another indi­vid­ual. If you request a cor­rec­tion and we have to refuse, rea­son­able steps will be taken to note down that you requested that correction.

If appro­pri­ate and rea­son­able, we may charge you the cost of pro­vid­ing and/or cor­rect­ing your per­sonal information.

Your per­sonal infor­ma­tion will only be kept for as long as it is needed. There may be cir­cum­stances however where we have to keep the infor­ma­tion for a spec­i­fied amount of time to meet various legal and report­ing requirements.

10.0 Arotahi uses cookies

A cookie is a small text file that is stored on your com­puter for record-keeping pur­poses. It does not iden­tify you per­son­ally or contain any other infor­ma­tion about you but it does iden­tify your com­puter. Arotahi’s website uses these cookies.

Along with some of our affil­i­ates and third-party service providers, Arotahi may use a com­bi­na­tion of “per­sis­tent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on our website. Amongst other pur­poses, these can be used to track how the website is being used and the level of engage­ment with ads.

You have the ability to get your browser to send you an alert when you receive a cookie. This then gives you the chance to accept or reject it. If you refuse a cookie, this can have a neg­a­tive impact on how the website is used or func­tions. Note, Arotahi does not respond to or honour “Do Not Track” requests at this time.

Per­for­mance and tar­get­ing cookies may be used when you visit our website.

Per­for­mance cookies serve to collect infor­ma­tion on how you use the website. This can tell us about our most popular pages, and if you have received any error mes­sages while on the pages. No iden­ti­fy­ing per­sonal infor­ma­tion is gath­ered via these cookies. Instead, these cookies only work to improve the usage of the website. As a result of the cookies, Arotahi may be sent reports showing aggre­gate numbers and trends from third party ana­lyt­ics partners.

Alter­na­tively, tar­get­ing cookies provide you with per­son­alised adver­tise­ments that are related to you and your inter­ests. They can deter­mine how often you see a par­tic­u­lar adver­tise­ment and can measure whether the adver­tis­ing cam­paign has been effec­tive. They will remem­ber that you have visited the website and may share this infor­ma­tion with other parties such as adver­tis­ers. As a result, you may see adver­tise­ments about our Ser­vices in other areas of the inter­net. When you use our website, third party providers may display adver­tise­ments rel­e­vant to your inter­ests. This infor­ma­tion will have been gen­er­ated by your pre­vi­ous use of the website and other brows­ing history. Your browser col­lects infor­ma­tion about your inter­net use. Third party providers then use this infor­ma­tion to place ads on web­sites through­out the inter­net that may relate to you and your interests.

It is pos­si­ble to opt-out of tar­geted adver­tis­ing at http://www.youronlinechoices.eu/.  You can learn more about inter­est-based adver­tis­ing and opt out of inter­est-based adver­tis­ing from par­tic­i­pat­ing online adver­tis­ing com­pa­nies at the fol­low­ing links:

Digital Adver­tis­ing Alliance EU (EDAA) – http://www.youronlinechoices.com/

DAA App­Choices page – http://www.aboutads.info/appchoices

Network Adver­tis­ing Ini­tia­tive (NAI) – http://optout.networkadvertising.org/

Digital Adver­tis­ing Alliance (DAA) – http://optout.aboutads.info/

You should be aware that opting out will not stop the adver­tis­ing all together. You will instead be served with generic ads.

11.0 You may opt out of any email communications

Arotahi uses email to send out various infor­ma­tion relat­ing to billing, mar­ket­ing our ser­vices and general com­mu­ni­ca­tion. There are clear instruc­tions on the emails explain­ing how to remove your­self from our mailing list. If you choose to opt out, this will not remove you from receiv­ing emails about breaches (if rel­e­vant) or any changes to the Privacy or Terms of Use policies.

12.0 Your respon­si­bil­ity in trans­fer­ring your data to third-party applications

Our website may have links or ads that get you to follow a link to a third-party appli­ca­tion or website.  It is your respon­si­bil­ity to be vig­i­lant when giving out per­sonal infor­ma­tion on these links as Arotahi has no control, and takes no respon­si­bil­ity for these web­sites and applications.

13.0 Privacy com­plaints process

If you are unhappy with how we have handled your per­sonal infor­ma­tion, you may send a com­plaint. Please provide us with the full details of your com­plaint along with any sup­port­ing documentation:

  • Email: hello@arotahi.org.nz
  • Post: PO Box 12149, Penrose, Auck­land, New Zealand 1061

We will:

  • Send you an initial response to your query or com­plaint within ten (10) busi­ness days; and
  • Look into and seek to resolve the issue within twenty (20) busi­ness days. If nec­es­sary, we may need a longer period to do this but will notify you of this delay.

14.0 This Privacy Policy may be updated

Arotahi reserves the right to change this Privacy Policy at any time. The amended Privacy Policy will be con­sid­ered effec­tive as soon as it is posted to this website.  If you con­tinue to access and use our website and/or receive our Ser­vices, you will be con­sid­ered to have accepted the amended Privacy Policy.

This Privacy Policy was last updated on 22 Novem­ber 2022. 

GDPR Adden­dum

If you are located in the Euro­pean Union (“EU”), and wish to use our website and/or Ser­vices, the GDPR applies to you. These addi­tional terms (“GDPR Adden­dum”) apply to this and make up part of our Privacy Policy.

The EU General Data Pro­tec­tion Reg­u­la­tion (“GDPR”) was set up to control the col­lec­tion, pro­cess­ing and trans­fer of EU indi­vid­u­als’ per­sonal data (as defined in the GDPR).  The per­sonal infor­ma­tion described in the Arotahi Privacy Policy comes under the per­sonal data in the GDPR.  It is impor­tant to us that we comply with the GDPR when dealing with the per­sonal data of EU-based vis­i­tors to our website.

This GDPR Adden­dum was drafted to be concise and easy to under­stand.  It does not outline in exhaus­tive detail all aspects of our col­lec­tion and use of per­sonal data.  If you wish to have more infor­ma­tion or need an expla­na­tion, please contact us. Your request should be sent to a member of our office team via email: hello@arotahi.org.nz.

For the pur­poses of the GDPR:

  • Arotahi is the data con­troller (as defined in the GDPR) when pro­cess­ing per­sonal information.
  • MyHost and Microsoft Azure cloud ser­vices is the data proces­sor when pro­cess­ing per­sonal information.

1.0 Pro­cess­ing per­sonal data 

The per­sonal infor­ma­tion out­lined in this Privacy Policy is the per­sonal data that Arotahi may process. Any pro­cess­ing done will be to achieve the pur­poses set out in this Privacy Policy.

As per­mit­ted under the GDPR we can process your infor­ma­tion for the pur­poses described in the body of the Privacy Policy by relying on one or more of the fol­low­ing lawful grounds: (a) you have agreed with us explic­itly that we may process your infor­ma­tion for a spe­cific reason; (b) the pro­cess­ing of per­sonal infor­ma­tion is nec­es­sary to perform the agree­ment we have with you (or to take steps to enter into an agree­ment with you); © the pro­cess­ing is nec­es­sary for us to comply with our legal oblig­a­tions; or (d) the pro­cess­ing is actu­ally nec­es­sary for our legit­i­mate inter­ests, which include: (i) to protect our busi­ness inter­ests; (ii) to ensure that com­plaints are appro­pri­ately inves­ti­gated; (iii) to eval­u­ate, develop or improve prod­ucts and ser­vices we offer; or (iv) to keep you informed of rel­e­vant prod­ucts and ser­vices, unless you indi­cate that you do not wish us to be kept updated. While we will gen­er­ally rely on your spe­cific consent to process special cat­e­gories of per­sonal data (i.e., ‘sen­si­tive infor­ma­tion’), in some cases (for example, relat­ing to an alleged offence), we may need to use some infor­ma­tion to comply with our legal obligations.

It is pos­si­ble to use access and use our website without pro­vid­ing us with data. However some of our ser­vices will require you to provide us with your name and email address, for example if you sign up to any newslet­ters. If you choose not to divulge that infor­ma­tion, we will be unable to provide you with our full services.

2.0 Your rights

The GDPR grants you certain rights in rela­tion to your per­sonal data. These include:

  • right of access — you have the right to ask, and we have the oblig­a­tion to confirm, if we are pro­cess­ing your per­sonal data. We can also provide you with a copy of that data.
  • right to rec­ti­fi­ca­tion – if we hold inac­cu­rate or incom­plete per­sonal data about you, you may ask to have it cor­rected or com­pleted. Once noti­fied, we will do all that we can to ensure the infor­ma­tion is made right. We will also endeav­our to pass on the cor­rec­tion if pos­si­ble to any third parties with whom we have shared your per­sonal data.
  • right to erasure – your per­sonal data is deleted once it has ful­filled its intended purpose. Pro­vided it does not con­tra­vene any applic­a­ble laws, we will also delete your per­sonal data if you send a request. If we have shared your per­sonal data with any third parties, we will take rea­son­able steps to inform them of your request.
  • right to with­draw consent – as men­tioned above, our legal basis for pro­cess­ing your per­sonal data is your consent. There­fore if you wish for us to stop pro­cess­ing your per­sonal data, you may with­draw your consent at any time.
  • right to restrict pro­cess­ing – you have the right to ask us to restrict or stop the pro­cess­ing of your per­sonal data in certain cir­cum­stances. We will pass this request on to third parties where possible.
  • right to object to pro­cess­ing – at any point you may also request that we stop pro­cess­ing your per­sonal data all together. We will do this to the extent required by the GDPR.
  • rights related to auto­mated deci­sion making, includ­ing pro­fil­ing – At the time of this GDPR Adden­dum, Arotahi does not make any auto­mated deci­sion making or pro­fil­ing using the per­sonal infor­ma­tion. If this were to change, you have the right to not be subject to a deci­sion based solely on this auto­mated pro­cess­ing, includ­ing pro­fil­ing which can have a sig­nif­i­cant legal impact. The excep­tions to this occur where such auto­mated deci­sion making is nec­es­sary for enter­ing into, or ful­fill­ing a con­tract with you, where rel­e­vant laws autho­rise it and when you have given explicit consent.
  • right to data porta­bil­ity – we will give you any per­sonal data that you have requested from us in a com­monly used, machine read­able and inter­op­er­a­ble format to ensure you can access it. Where pos­si­ble, and if you have requested, we will send your per­sonal data to another data controller.
  • the right to com­plain to a super­vi­sory author­ity – if you have any con­cerns about the way in which we have dealt with your per­sonal data, you may contact the rel­e­vant data pro­tec­tion super­vi­sory authority.


If your per­sonal data is used or obtained for direct mar­ket­ing pur­poses, you have the right to object.

If you wish to exer­cise any of your rights listed above, please contact our Privacy Officer. If you are dis­sat­is­fied with how we deal with your request, you may refer your query to your local data pro­tec­tion super­vi­sory author­ity e.g. in the United Kingdom, this is the Infor­ma­tion Commissioner’s Office.

3.0 Chil­dren

It is not our inten­tion to collect per­sonal data from chil­dren under the age of 16. If you believe that a child under 16 has given us their per­sonal data either through our website and/or by using our Ser­vices, please contact our Privacy Officer.  If they can access it, then it is your respon­si­bil­ity to obtain the consent of any Guardian of any chil­dren who can access the website or the Ser­vices and you agree to do so.

4.0 Inter­na­tional trans­fer of data

As we are based in New Zealand, the per­sonal infor­ma­tion that we collect through our website and our Ser­vices will be trans­ferred to, and stored in, a country oper­at­ing outside the Euro­pean Eco­nomic Area (EEA). Accord­ing to the GDPR, this trans­fer may only take place if the Euro­pean Com­mis­sion has decided that the country main­tains an ade­quate level of pro­tec­tion. If this ade­quacy status is not granted to us, we may trans­fer the per­sonal data, so long as there are suit­able safeguards.

The Arotahi Privacy Policy states that some of the per­sonal infor­ma­tion we collect is processed by third party data proces­sors in other coun­tries, includ­ing Aus­tralia.  We will only trans­fer this data outside the EEA if that country has been given the ade­quacy status men­tioned above, or if we have approved trans­fer instru­ments set up to protect your per­sonal data. If you wish to know more, please contact us using the details in our Privacy Policy.

5.0 Data Reten­tion Privacy Policy

We will only keep per­sonal infor­ma­tion for as long as is needed to achieve its purpose, or to comply with rel­e­vant law, whichever is longer.

6.0 Con­tact­ing us 

Please contact us via the details as set out in our Privacy Policy.