This policy sets out the kind of information CORE collects and holds; how we collect, use, disclose and store personal information; the purposes for which this information is collected; how it may be accessed and corrected; how you may complain about a breach of the principles of a privacy and how we will deal with such a complaint.
Information we collect includes, but not limited to:
We provide the option for individuals to either not identify themselves or to use a pseudonym, when dealing with us. In some circumstances if you choose not to provide requested information we may not be able to provide you with certain services. We do not provide this option in circumstances where it is impracticable to do so or where we are legally required to deal with identified individuals only.
Data collected for the purposes of education within the school environment will be done so with the consent of the school, data collected for extracurricular activities will be collected with the consent of a verified parental caregiver. We will take appropriate steps to delete any personally identifiable information of persons less than 13 years of age that has been collected on our systems without verified parental/caregiver consent upon learning of the existence of such personally identifiable information.
CORE collects and holds personal information for the business purposes detailed generally on our systems. These purposes include:
Other purposes you might reasonably expect us to apply related to these primary purposes.
We collect personal information through:
Users should be aware that there are inherent risks in transmitting information across the internet.
CORE uses Teamwork software to host our Help Desk. A user provides their name and email address to submit a question via the software to CORE, only data about users’ usage and activity is collected for the purpose of improving our systems and tools and cannot be used by us to personally identify users. By using the help desk you consent to the processing of data about you by us in the manner described. https://www.teamwork.com/legal/privacy-policy/
CORE uses a number of learning management systems to host our online modules. Data including user type, organisation name, and the user’s name and email address is collected. By using our online modules you consent to processing of data. https://moodle.org/admin/tool/policy/view.php?policyid=1, https://www.matrixlms.com/info/privacy, https://learningpool.com/privacy-policy/
CORE uses Spanning Backup to backup and restore data in the Google domain: https://spanning.com/privacy-statement/
CORE uses SurveyMonkey, Twitter, Facebook, Instagram, LinkedIn, YouTube and Mailchimp for marketing purposes. If you join one of CORE’s social media platforms and associate or follow, CORE then you consent to the privacy policies of those tools:
By joining the CORE Education mailing list using Mailchimp then you consent to the policies of Mailchimp.
CORE uses and discloses personal information for the purposes that it was collected, as outlined in this statement and elsewhere on the CORE website, and for associated management purposes. The two most common ways we collect personal information is you have signed up to receive communications or you have registered for an event (webinar, programme, conference).
It may also use and disclose personal information for any other purposes to which you have consented. Subject to privacy policies, CORE may also use and disclose personal information for any other related purpose that you would reasonably expect the information to be used or disclosed.
We may use and disclose your personal information in the following specific circumstances:
CORE will not otherwise use or disclose your personal information without your consent unless required or authorised by law.
Information may be shared outside of New Zealand, as requested by the individual or where the foreign person or entity requesting the data is subject to the other countries legislative requirements and/or appropriate contractual terms.
Where CORE is responsible for processing or hosting data on behalf of another organisation the terms and conditions of that organisation sets the policy on how that data may be used. CORE cannot use the data as if it was their own.
CORE may use your personal information to send to you marketing material that we consider will be useful to you, or other material about our activities. We will only do this if we collected the information from you and you would reasonably expect us to use or disclose the information for that purpose, or if you have consented to receiving such communications. If you don’t wish to receive this material from us you can inform us and we will stop sending it to you within a reasonable period of time. From time to time we may provide your email address to a third party for research and evaluation purposes. We will not provide your personal information to third parties for direct marketing purposes.
CORE takes reasonable steps to protect your personal information from loss, unauthorised access, modification, disclosure, interference or other forms of misuse.
These steps include electronic access restrictions for electronic data, and securing paper files containing personal information in locked cabinets or off-site secure storage facilities. CORE holds personal information in a number of different formats, including on servers located off-site, databases, filing systems and in offsite backup storage.
CORE only retains personal information for as long as it is required for its business purposes or for as long as required by law, and information no longer required is destroyed securely. We may retain information for data analysis, but if this occurs, it will be retained in a form that does not allow you to be identified from that information.
You may request access to your personal information and to request correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. Such requests should be directed to our Privacy Officer whose details are provided below.
We will take reasonable and practicable steps to provide you access and/or make a correction to your personal information within a reasonable period, unless we consider there is a sound reason under the relevant law to withhold the information, or not to make the changes. If we do not provide you access to your personal information, or refuse to correct your personal information, where reasonable we will provide you with notice including the reasons for the refusal.
If you have a complaint relating to a breach of the privacy principles outlined in a Privacy Act you should contact our Privacy Officer at the details given below. CORE will investigate your complaint and respond to you within a reasonable time and in accordance with our legal obligations. We will take any necessary corrective actions promptly.
Where a breach occurs and where the unauthorised or accidental access, or disclosure, loss, alteration or destruction of personal information has caused harm or is likely to cause serious harm CORE will:
Serious Harm is defined as having an impact on the individual such as:
CORE will notify the Privacy Commissioner as soon as practical and describe the breach including:
CORE will notify the affected parties as soon as practical and describe the breach as soon as practicable directly or by public notice if not. That breach will describe the breach including the below information:
CORE will take steps to contain the breach and assess what information was lost and will:
If you have any questions or concerns about how CORE treats your personal information please contact our Privacy Officer directly via email at firstname.lastname@example.org, via telephone on 0800 267 301 or write to the Privacy Officer at:
PO Box 13 678
We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time so you are encouraged to review this policy from time to time. We will, of course, notify you of any changes where we are required to do so.
Date last modified: May 2021