This privacy statement explains how the Ministry of Foreign Affairs and Trade (MFAT) collects, stores, uses and shares your personal information for purposes related to APEC 2021.
Openness and transparency are important to us. The Privacy Act 2020 requires us – like any other New Zealand agency – to tell you certain things about the personal information we need to carry out our functions. This is where we explain our privacy practices and why you can trust us to handle your information with manaakitanga (respect and care).
In this Privacy Statement we explain what personal information we collect and how we use or share it. We also explain about the way we store and protect personal information and your rights to access and correct it.
In short, here are a few key privacy messages to note:
- We only collect personal information where this is necessary to carry out our functions
- We may collect personal information about you either directly from you or from other people or agencies, and we may generate personal information about you when we carry out our functions
- We store some of our data (including your personal information) on secure Microsoft Azure, Amazon Web Services (AWS) cloud platforms, in secure data centres, and on secure servers in our premises. We protect our data with all reasonable technical and process controls
- You can ask us for a copy of your personal information at any time. We will be as open as we can with you but must also ensure we meet our confidentiality obligations
- We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law
If you cannot find the information you need, or you have concerns about the way we are managing your personal information, then please contact us at any time at email@example.com.
We may update this privacy statement from time to time, for example to reflect changes to the Privacy Act, so feel free to check in again occasionally to see what might have changed. This statement was last updated in December 2020.
The Ministry’s primary place of business is HSBC Tower, 195 Lambton Quay, Wellington 6011, New Zealand.
Storage and security
We use third party providers to store and process our data.
We store most of the personal information we collect and generate electronically on secure servers in data centres in New Zealand, in our premises and in Microsoft Azure and AWS cloud servers located in overseas jurisdictions these arrangements offer comparable privacy protections to New Zealand through local legislation and/or our contractual arrangements. This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand.
We retain personal information in compliance with the requirements of the Public Records Act 2005.
We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage and disposal of any protectively marked or security classified information.
We ensure that our third party data processors can meet our privacy and security requirements by undertaking Privacy Impact Assessments on systems where personal information may be collected, used or stored. We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf.
What we do with your personal information
How we use it
We will only use the personal information you provide to us for the purposes of delivering the services you have requested (such as registering you for an event, responding to a privacy enquiry or processing your submission) or carrying out our lawful functions.
We may use your personal information to:
- Contact you about your request, query or registration
- Consider and respond to your enquiry
- Improve our website and the delivery of our online services
- Conduct internal statistical analysis and meet our reporting requirements.
When we share it
We do not generally share your personal information with third parties (other than third parties which are providing services to us). However, we may share your personal information in the following circumstances:
- If necessary to appropriately respond to your enquiry
- We may share personal information with the Police or another government agency, if required by law (for example to assist with the investigation of a criminal offence), to report significant misconduct or breach of duty, or where there is a serious threat to health or safety. If our staff are threatened or abused, we may refer this to the Police.
- We will also share your personal information with the Office of the Privacy Commission in the event of a notifiable breach of your privacy.
Your privacy rights and how to contact us
The Privacy Act gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also complain to us or the Office of the Privacy Commissioner at any time if you think we have misused your personal information.
Contact us to exercise any of these rights, including the right to complain about our privacy practices. Remember that you can make an information request to us in any form.
Requesting access to or correction of your information
You have the right to request a copy of the personal information we hold about you (whether we have collected from you directly or from a third party). You also have the right to ask us to correct your information if you think it is wrong.
We will process your request as soon as possible, and no later than 20 working days after we receive it.
We may also occasionally need to withhold personal information under sections 49-55 of the Privacy Act, for example where the information requested is legally privileged. However, we will only ever withhold information where necessary to do so.
Complaining about our privacy practices
We want to know if you have concerns about our privacy practices, whether these relate to the way we collect or share information about you or our decision on your access request. This allows us to try and put things right for you and helps us to identify and fix any problems with our systems or processes.
In the first instance, let us know about your concerns and we will try our best to resolve it. This could include escalating your concerns to a senior staff member to ensure we have made the right decision and fully considered your concerns.
If we cannot resolve your concerns, then you have the right to complain to the Office of the Privacy Commissioner about our actions:
Phone: 0800 803 909 (Monday to Friday, 10:00 to 15:00)
By email: firstname.lastname@example.org
For more information about the complaints process visit the Office of the Privacy Commissioner’s website here.
APEC 2021 registration
When you register to attend APEC 2021 meetings using our secure cloud-based Event Management System, on account creation you will be required to accept the registration terms and conditions which includes a privacy authorisation. The terms and conditions outline how we manage the data you provide during registration, including how this information is collected, used, stored, and shared or disclosed.
Third party providers
We use some third party providers to manage some of our engagement processes and services, such as newsletters, events registration, and surveys. Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use can protect the personal information they process for us, including by conducting privacy impact assessments.
We use the following third party providers, however this is not an exhaustive list:
We may collect the following information about your use of our website (though, if we do collect it, please note we make no efforts to associate this with your identity):
- Your IP address
- The search terms you used
- The pages you accessed on our website and the links you clicked on
- The date and time you visited the site
- The referring site (if any) through which you clicked to our website
- Your operating system (such as Windows 10)
- The type of web browser you use (such as Mozilla Firefox)
We may use web cookies to temporarily store information to enhance your browsing experience and helps us improve our website.
Cookies are small text files on your computer’s hard drive to collect information about your use of our website. Cookies do not collect identifiable information about you.
You can disable and enable cookies at any time and can continue to view our website. But if you disable a cookie, you will not be able to subscribe to our updates, publications and alerts, fill out a feedback or enquiry form, and will have a reduced online experience.
Links to social networking services
We use social networking services such as Twitter, Facebook, YouTube and LinkedIn to communicate with the public about our work. When you communicate with us using these services, the social networking service may collect your personal information for its own purposes.
These services may track your use of our website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using our site, their tracking will be associated with your profile with them.
These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.
Social media cookies/analytics
We use social media to help communicate our messages to the public. These social media services have their own privacy policies and may track your use of our website on those pages where their links are displayed. They do this by the use of persistent session cookies. If you are logged in to those services (including any Google service) while using our site, their tracking will be associated with your profile with them.
To disable all cookies
Most web browsers will allow you to set some control over cookies in your browser settings. This includes deleting them from your browser or disabling them altogether.
If you do choose to set your browser to disable all cookies, this may affect your ability to use some of the features on our site.
To learn more about cookies and how you can manage them in your web browser, visit:
To enable or disable a cookie:
- Google Chrome: Settings > Show advanced settings > Privacy > Site settings
- Mozilla Firefox: Options > Privacy > History (use custom settings)
- Safari: Edit > Preferences > Privacy
- Internet Explore: Tools > Internet options > Privacy