Skip Navigation Links Home Privacy Procedure

Privacy Procedure


This policy sets out the UCOL Te Pūkenga approach to ensure compliance with the Privacy Act 1993 and rules governing access to personal information held by the organisation.


This policy applies to all staff and contractors. The Act applies to almost every person, business or organisation in New Zealand and it sets out 12 information privacy principles, which guide how personal information can be collected, used, stored and disclosed.


The Privacy Officer is responsible for:

a) Encouraging staff compliance with the information privacy principles and the Act; and

b) Providing advice to staff dealing with privacy requests, complaints or general inquiries regarding the Act; and

c) Working with the Privacy Commissioner during investigations into complaints received in respect to the Act; and

d) Ensuring compliance by UCOL Te Pūkenga with the provisions of the Act; and

e) Providing staff training about the Act, which is relevant to UCOL Te Pūkenga.

Policy Statements

1. UCOL Te Pūkenga applies the Information Privacy Principles in the Privacy Act 1993 (the Act) in its day to day activities. A summary of these principals is included in this Policy.

2. UCOL Te Pūkenga has established procedures and guidelines with respect to requests for access to personal information.

3. UCOL Te Pūkenga retains staff personal files for seven years following the end of the employment relationship.

4. UCOL Te Pūkenga has a designated Privacy Officer.

A brief guide to the 12 Privacy Act Principals

Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.

Principle 5 governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure.

Principle 6 gives individuals the right to access information about themselves.

Principle 7 gives individuals the right to correct information about themselves.

Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed.

Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.

Further information can be obtained on the Privacy Commission website:

Relevant Legislation
 Privacy Act 1993
 Official Information Act 1982

Related Websites