Our Employee Privacy Statement
This Privacy Statement explains how the University of Otago / Ōtākou Whakaihu Waka collects, stores, uses and shares personal information about our current, prospective and former employees. This includes staff employed on casual agreements and our Campus Temps.
The University takes care to ensure that your personal information is managed in accordance with the Privacy Act 2020 and, where applicable, the Health Information Privacy Code 2020. This statement operates in conjunction with any specific privacy notice or declaration made in connection with the collection by, or supply to, the University of individual items of information.
This Privacy Statement may be updated from time to time to reflect internal and external changes.
Collection of personal information
We will only collect personal information that we consider is necessary to meet our lawful purpose. We need to collect this information to meet our obligations as an employer, including to meet our legal obligations in respect of health and safety.
We collect information:
- from you directly (e.g. when you submit an application for a job vacancy, or when you enter data into the University’s Staff Web Kiosk)
- from third parties (e.g. your nominated referees)
- generated during your employment with us (e.g. during performance reviews).
Personal information we collect from you directly will include:
- contact information, including your title, name, address, email and phone number
- education, experience and work history information, names of referees and any other information you provide to us in your CV, or other supporting documentation
- your date of birth and country of birth
- your tax number and tax code, bank account number, and superannuation scheme membership
- identity information, where required for recruitment processes and delegations (e.g. financial)
- information about your immigration status and your right to work, and if applicable, information required by our licensed immigration adviser in connection with support being provided for a visa application
- whether you worked for the University of Otago in the past
- your gender and racial or ethnic origin (including your iwi affiliations, if applicable) for statistical purposes and promotion of equity and diversity
- health information, including information about any disabilities or other conditions that might impact on your employment or on our workplace health and safety obligations
- personal and health information required for the management of ACC claims
- psychometric testing information, where this is relevant to your employment
- personal and health information when using University recreation services
- information about any criminal convictions or pending criminal charges relating to you
- your trade union membership information, to ensure that you are employed on the correct employment agreement
- your driver licence number, where this is relevant to your employment
- your disclosure of any conflicts of interest
- your emergency contact information
- your passport details, where necessary to facilitate travel
- personal information, including about your family members, needed in connection with a domestic or international relocation, and
- other information that we request (for example, in our HR forms) or you have decided to share with us.
Personal information we collect from third parties with your consent will include:
- any information provided by your nominated referees
- confirmation of your academic qualifications and registrations, where this is relevant to your employment
- information related to anti-money laundering, including a credit check, where this is relevant to your employment
- health information from your medical practitioner, including any changes to your health or medical conditions that might impact on your employment or leave entitlements or on our workplace health and safety obligations, and
- criminal conviction information, or Police vetting information, where this is relevant to your employment.
- We may also collect personal information publicly available online and information you have made public on any social media platforms you use, where this may be relevant to our decision to employ you, particularly when we are recruiting for senior academic and professional roles.
Personal information generated during your employment may include:
- interview notes (if you are shortlisted and interviewed)
- your photograph (e.g.for staff ID cards, taken for marketing and communications)
- salary, benefit and deduction information (e.g. tax, child support, superannuation)
- information about your employment status and terms of employment
- performance information, including information generated during your performance reviews and on an ad hoc basis
- information about your professional development and training
- information about your teaching and research activities, if you are an academic employee, including research awards, research outcomes and teaching evaluation outcomes
- information about performance issues, disciplinary action, complaints or personal grievances
- leave information, including leave taken and ongoing leave entitlements
- audio and/or visual recording of lectures – where a lecturer has consented to such recording. (Refer Recording of Lectures and other Teaching Activities Policy)
- information about your use of email, internet and IT services – the University may inspect and monitor all information and
- communications technology hardware and software, data and associated infrastructure and devices, including tracking the usage, or examining the content of any University provided computer or which has been connected to its networks. Refer Information and Communications Technology Regulations 2014, Internet Usage Policy, Digital Communications Policy
- information about the use of your University mobile device. (Refer Mobile Device Policy)
- your location information - we may collect and use location information for the purposes of ensuring your health and safety or investigating incidents, particularly while you are travelling
- information about the use of your Staff ID access card - for safety and security purposes, and to enable access to restricted areas
- CCTV images/footage - for safety and security purposes we may collect still or video footage of your activities from CCTV cameras on the University campus. Refer Closed Circuit Television (CCTV) Security Systems Policy, and
- sensors used as part of any space utilisation projects.
Voluntary
You are not required to provide us with all of this personal information. However, if you choose not to provide the information requested, it may prevent the University from processing your application or employment related request.
It is mandatory for employers to collect certain information from its employees, for example, applicable tax codes and information relating to an employee’s eligibility to work in New Zealand.
How is your personal information used?
We will use your personal information in the ways set out below. Where we need to use information in a way we have not anticipated here, we will only do so if required or permitted by law.
We may use your personal information to:
- decide on your employment application, including verifying your qualifications and registrations, and experience with referees and third parties
- maintain our records - if you accept an offer of employment with the University, your Candidate Profile, CV, academic transcript, and any other information obtained about you during the interview process will become part of our employee records
- consider your suitability for current and future positions at the University, unless you have opted not to receive this information (when you complete your candidate profile you are asked whether or not you want email advice of any future positions which match your job preference and interests)
- determine and process your pay and other entitlements
- correspond with you
- inform you about the range of facilities, services and benefits available to staff
- inform you about opportunities to engage with and support the University
- administer your employment, including administration of ACC requirements
- determine your development and training requirements and provide any training needed
- manage your performance, including conducting performance reviews
- provide assistance to employees with disabilities on request
- provide associated services such as security, parking, information technology and sport and recreation services
- where applicable, provide support in relation to your visa application
- investigate any performance/disciplinary issues or complaints about you or another employee
- ensure the health and safety of any employee, and assist you in the event of an emergency
- comply with legislative reporting and recordkeeping requirements and our obligations under the Official Information Act
- conduct benchmarking, analyses, quality assurance and planning activities, including statistical, management and governance reporting
- set budgets, including research budgets for the purposes of making research funding applications, and
- contact you, after your employment with the University ceases, to seek your feedback in relation to benchmarking, analyses, quality assurance and planning activities, or in relation to a retrospective employment related matter.
How is your personal information shared?
Information provided by job applicants is used solely for the recruitment function. It is disclosed only to staff and relevant panel members involved in the selection and appointment process and is treated confidentially.
Information relating to current employees (including successful job applicants) needs to be shared internally with systems and people who have a legitimate role in the management, administration and safety of employees or the compiling of management information. The University will only use or disclose your personal information under the following circumstances:
- for the purpose for which it was collected
- for a related purpose which you might reasonably expect
- where you have consented to the disclosure
- if we are required or permitted to do so by law
- where we have engaged a contracted service provider or partner to perform legitimate functions on our behalf.
If we do need to share information with others:
- where possible, we will only share anonymous information that does not identify you
- if we need to identify you, we will always try to tell you first and explain why we need to share the information
- we will share the minimum amount of information necessary to meet our objectives
- we will only ever share information with the people or agencies who really need to see it.
People who may have access to your personal information include:
- human resources staff, for the purposes of managing the recruitment and employment process
- professional staff, for the purposes of compiling and generating internal and external management information or for maintaining systems
- your manager and their manager
- contracted service providers which the University uses to perform services on its behalf - e.g. Howden Care, our third-party administrator in relation to managing ACC claims
- University owned or related entities where you use the services they provide – e.g. Unipol Recreation Te Whare o Te Rēhia
- the University's legal advisers or other professional advisers and consultants engaged by the University
- your nominated financial institution for payment of your salary
- Unisaver, Kiwisaver or other superannuation scheme
- government agencies, such as the Inland Revenue Department, the Ministry of Education, the Tertiary Education Commission, the Ministry of Social Development, the Ministry of Foreign Affairs and Trade, the Ministry of Business, Innovation and Employment, Immigration New Zealand, and the Accident Compensation Corporation
- agencies involved in quality assurance and planning for higher education, such as the Academic Quality Agency for New Zealand Universities
- agencies involved in funding research or other projects (though we will endeavour to aggregate personal information shared for this purpose where possible)
- agencies that provide staff benefits including automated payments for services (e.g. health insurance providers, union fees, professional body membership fees), and
- in the event of an emergency, police, medical or hospital personnel, civil emergency services, your legal representative or nominated emergency contact person, or any other person assessed as necessary to respond to the emergency.
If we need to share your information with a third party that is overseas, such as another tertiary education provider, we will ensure that this complies with principle 12 of the Privacy Act. If the third party is not located in a country that has comparable privacy laws to ours, we will require them to agree to protect your information to New Zealand standards (unless you have provided consent to such disclosure and acknowledge that the country to which your information is being sent may not provide the same privacy safeguards as exists under New Zealand law).
Where is your personal information stored?
Personal information is held by (or on behalf of) the University of Otago. We store information electronically on University systems and, less often, in hard copy on University files.
We may use third-party service providers (e.g. cloud based processors) to store your personal information and provide us with services in New Zealand and overseas. Where this occurs, the University will do everything reasonably within its power to ensure that the service provider also has reasonable security measures in place to protect the information.
Health information collected by the University’s Occupational Health Service is saved to a patient medical management system, MedTech – a secure cloud-based data storage platform that is separate from the other information the University collects about you. All steps will be taken to ensure unauthorised access to this health information is not possible – for example restricted access and individual passwords, auto lock and privacy screens on computers.
Information relating to ACC claims is stored separately in an electronic claims management system, held by Howden Care, our third-party administrator. Information in this system is kept secure (password protected) and is restricted to designated personnel, and complies with the Privacy Act 2020 and the Health Information Privacy Code 2020.
Where applicable, information collected for the purposes of providing you with support in connection with a visa application, will be stored in a separate database, Ezy Migrate – a secure client management software for New Zealand immigration.
We recognise that we are accountable for your personal information wherever it is in the world. Where we can, we will send personal information only to countries that have adequate privacy laws in place (such as New Zealand, Australia or the European Union). However, where we cannot do this, we take reasonable steps to ensure that any third-party service providers we use can meet our privacy and security expectations.
Security of your personal information
We will take all reasonable steps to keep personal information safe and secure and to ensure that it is protected against loss or unauthorised access, modification, use or disclosure. For example:
- University systems are protected by firewalls and modern encryption standards
- University systems are password protected, and access is monitored and audited
- All members of the University community are required to adhere to the security measures set out in the Information and Communications Technology Regulations, the Information Security Policy, Information Framework, Cyber Security Framework and related suite of policies
- Access to the personal information we store is limited to those staff members who have a legitimate business requirement to use it. Refer our Privacy Policy
- We make privacy and information security training available to employees
- We have a data breach management procedure in place, and
- Information is backed up regularly, and backups are encrypted and held in secure storage facilities.
How long is your personal information kept?
We retain your personal information only for as long as we need it to perform our contractual obligations or meet our legitimate interests, or to comply with our legal obligations, including under the Public Records Act 2005 and the associated Disposal Authority for New Zealand Universities, the Tax Administration Act 1994 and Employment Relations Act 2000. Once there is no longer a need or obligation for the University to retain this information, it will be deleted or securely destroyed.
In relation to information on ACC claims, the University and its third-party administrator, Howden Care, manage claim files in accordance with ACC’s Disposal Authority and the University’s Accreditation Agreement. Claim files are not destroyed without ACC’s approval. ACC’s directive (ACC5804) on ‘Retention and Disposal of claim files’ provides details on how long a claim file is retained and the actions required before they can be destroyed.
Computerised records of events and incidents are archived and not destroyed. These electronic records remain retrievable within the system, should they be required.
We generally retain information about unsuccessful job applicants to enable us to keep in touch with them in case other suitable roles become available. We also retain personal information about temporary staff and contractors for this purpose. If you are not comfortable with us retaining your information, you can email kevin.seales@otago.ac.nz to opt out.
Access to your information and correction
You have the right to request a copy of the personal information that we hold about you. We will be as open as we can with you but sometimes we might need to withhold personal information, for example where the information is legally privileged, relates to references provided to us in confidence or includes personal information about other people. If we need to withhold information, we will tell you why.
You may also ask us to correct or remove any information if you think it is wrong. If we cannot correct your information (for example, where we don’t agree that it’s wrong), we will tell you why. You can ask us to attach your correction request to the information as a statement of correction.
If you would like to ask for a copy of your personal information, or to have it corrected, please email kevin.seales@otago.ac.nz
Contact details
Please contact us if you have any concerns about the collection, use or disclosure of your personal information.
University of Otago
362 Leith Street
North Dunedin 9016
PO Box 56
Dunedin 9054
University’s Privacy Officer for all employment related matters - Kevin Seales, Director of Human Resources
Tel +64 3 479 8267
Email kevin.seales@otago.ac.nz
It is important that the information we hold about you is accurate and current. Please keep us informed of any changes that may be necessary.