The Dunedin City Council respects and protects the privacy of all people we deal with and who provide us with information. This policy sets out our approach to the privacy of personal information and is based on the principles expressed through the Privacy Act 1993.
Collection and Use of Personal Information
The DCC will only collect information from you that you volunteer. This information is required for lawful purposes used in the functioning of the Council. We will hold your personal information in accordance with the requirements set out in the Privacy Act 1993. In particular:
Your personal information will only be used for the purposes for which it is collected.
It will be retained only for as long as is necessary to fulfil the purposes for which the information was collected (including any time that we are required by law to retain such information).
We will not release your personal information to any third party except where required to, permitted to, by law, and where you have authorised us to do so or where disclosure is connected to the purpose for which the information was collected.
Information we collect will not be used in ways that you have not consented to.
For more detailed information about the Privacy Act you can refer to the Privacy Commissioner's Guide to the Privacy Act 1993. If you are concerned that the Council may have breached the Privacy Act or if you are not sure of our obligations, you can contact the Privacy Commissioner as follows:
To provide you with personalised content, services or facilities – including those our Council Controlled Organisations provide;
To process and respond to inquiries;
For the purposes for which you provided the information.
To comply with relevant laws and regulations.
For any specific purpose that we notify you of at the time your personal information is collected.
Storage of Personal Information
We have strict security procedures covering the storage of your information in order to prevent unauthorised access and to comply with the terms of the Privacy Act 1993.
We do not sell, trade or rent your personal information to others. All data is stored behind corporate firewalls and only specific employees can access your personal data. The DCC has in place measures to protect against the loss, misuse and alteration of your personal information. Our servers are protected by reasonable physical and electronic security measures.
This means that sometimes we may ask you for proof of identity or for other personal information before we can process your enquiry further.
DCC Website and Cookies
You may browse and access information contained on our website without providing personal information.
Security of web-based personal information
A secure method using SSL (secure socket layer) encryption is used when customers use for services such as e-shop.
Links to Third Parties
The website may contain links to other websites operated by third parties. The DCC takes no responsibility for the privacy practices of third parties. You should consult the privacy policies of each linked website to determine the policy that each third party adheres to.
This website may record information about user behaviour. This data cannot be used to identify individuals or any personal information. Any information collected will be used to improve your website experience and will not include any information that identifies you.
Access and editing personal information
At any stage, you have the right to access and correct or update your personal information or to request not to receive communications from us. This can be done by contacting us by email email@example.com or by phone on 03 477 4000. It is your responsibility to ensure that personal information provided to us is accurate.
Official Information Act and LGOIMA Requests
All enquiries about or formal requests for information in terms of the Local Government Official Information and Meetings Act 1987, or the Privacy Act 1993 should be in writing to:
General Data Protection Rules (GDPR)
If you are in the European Union, you have additional rights in relation to your personal data under the European Union General Data Protection Regulation (in effect on 25 May 2018). Under the GDPR you have the right to:
Withdraw consent. You have the right to notify the DCC that you no longer want us to process or use your personal data. You can do that by contacting DCC on +643 477 4000 or firstname.lastname@example.org
Right to data portability. You have the right to obtain a copy of any personal data stored and processed by DCC and you may direct DCC to transfer your personal data to another controller via csv format.
Right to erasure/Right to be forgotten. You have the right to request that any of your personal data is deleted from our records. Please note that while we can delete your personal data from our current records, data may be stored in DCC inactive and archived records and will be deleted in accordance with DCC's document management policies. In some cases, your personal data may continue to be stored in archived records of transactions or activities where DCC is required by law to retain such records.
Right to restriction of processing. You may request that DCC restrict the processing of your personal data. This may affect your ability to use or navigate some of our customer services.