Long Arrow Right External Link angle-right Search Times Spinner angle-left

New Zealand - Data regulations

Privacy Act 1993, with Privacy Act 2020 taking effect on on 1 December 2020 (key changes involve early intervention and risk management).

Applies to “agencies” (any entity that holds personal information), with some exceptions.

Principle 1: Purpose of collection of personal information

Principle 2: Source of personal information

Principle 3: Collection of information from subject

Principle 4: Manner of collection of personal information

Principle 5: Storage and security of personal information

Principle 6: Access to personal information

Principle 7: Correction of personal information

Principle 8: Accuracy, etc., of personal information to be checked before use

Principle 9: Agency not to keep personal information for longer than necessary

Principle 10: Limits on use of personal information

Principle 11: Limits on disclosure of personal information

Principle 12: Unique identifiers.

Where the 12 Principles apply to Leadbook’s data:

  • Leadbook’s data is collected by lawful and fair means - Leadbook’s data is collected non-intrusively from public records, and does not involve intimidation or deception
  • Leadbook’s data is obtained from publicly available publications - it would not be unfair or unreasonable to use the information (Principle 10) or disclose the information (Principle 11)
  • Leadbook’s data is protected using Amazon Cloud Security
  • Leadbook’s data is unsolicited - Leadbook’s data can be used for direct marketing, if:
    • A request for consent is provided to the individual at the first reasonable opportunity, and
    • An option to opt-out is provided in every email, and
    • The individual has not previously opted out
  • Leadbook’s data contains only non-sensitive information
  • Individuals have the means (email) to request for their information to be accessed, corrected, or deleted
  • All collected opt-in information may not be used or disclosed for a purpose other than described in the opt-in request, unless the individual has given further consent, or the usage for the secondary purpose is exempted.

Leadbook opt-in process

We manage the entire opt-in process to ensure compliance: 

  1. Consultation for email content for opt-in requests
    1. To obtain implied/expressed consent where applicable
    2. To provide option to opt-out
  2. Opt-in mechanism
    1. Email campaign to request for the individual’s consent
    2. Because there is no “sensitive information” there is no requirements for double opt-in mechanism for expressed consent, where contacts receive a confirmation email when they indicate consent
  3. Opt-out mechanism
    1. Unsubscribe links and forms
    2. Inbox for collection of opt-out requests
  4. Handling of opt-in data
    1. Automatically updated
    2. If requested by the individual, access to the individual’s information can be provided, and records can be corrected or deleted
    3. Monitored for consented purposes for any campaigns done on Leadbook platform
  5. Handling of opt-out data
    1. Unsubscribed contacts are automatically suppressed for all campaigns done on Leadbook platform
    2. Conditionally suppressed, suppressed, or deleted if/as the individual specifies

How it works: opt-in campaign


Responsibilities for opt-in campaign

What Leadbook does

  • Consultation for opt-in campaign procedures and content
  • Content adaptation to email format
  • Technical setup for opt-in campaign
  • Execution, monitoring and reporting for opt-in campaign

What you provide

  • Intended purpose(s) for the collected data
  • Intended usage location(s) for the collected data
  • Target audience profile(s)
  • Requirement for information fields
  • Link to your privacy policy or your privacy policy in pdf format 

Content for opt-in requests

The email must include:

  • Your organisation or agency’s identity and contact details
  • Where and how you have obtained the personal information
  • The reason you have collected the personal information, and the consequences of not collecting the personal information
  • The kind of personal information being collected
  • Information about and directions to your privacy policy
  • If you are likely to disclose the personal information to overseas recipients, and if practical, the countries where they are located
  • A means for the individual to provide consent (opt-in):
    • Implied consent for non-sensitive information (business contact information obtained via Leadbook is non-sensitive information)
    • Expressed consent for sensitive information, if any sensitive information is to be obtained from surveys or other forms during a campaign
  • A means for the individual to withdraw consent (opt-out)