The law has changed, and your business has new obligations under the Privacy Act 2020
As of December 2020, New Zealand’s Privacy Act 2020 has come into effect.
The changes in the Act introduce greater protections for individuals, and some new requirements for businesses and organisations.
The full details are available from the Office of the Privacy Commissioner and we recommend that all organisations and businesses make use of their very user-friendly resources to come up to speed with the new requirements.
The Act has implications for many aspects of how we do business, mostly around how we store data and personal information, and introduces stronger penalties for privacy breaches than were in the previous Privacy Act.
Please note that Turboweb are not lawyers, and this is not legal advice – if there is any question about whether or not your business is effectively complying with Privacy Act 2020 legislation, please consult your legal team.
How the Privacy Act 2020 affects your company’s website
For your business’s website, the changes to the Privacy Act bring New Zealand’s laws into line with the protections and requirements already in force in many places around the world.
In essence, your Privacy Page needs to tell your clients, customers, and website visitors:
- What information you are gathering from them
- How you are storing that information
- What you are doing with that information
- What will happen if they don’t give you that information
Use the Privacy Statement Generator
The Privacy Commissioner has got a very useful tool on their website to help businesses write compliant Privacy Statements for their websites.
Turboweb recommend that all website owners use this generator to see what type of information is needed in their privacy statement.
The Privacy Statement Generator is best for personally identifying information, such as name, contact details, purchasing information etc. But we find that the autogenerated text at the end can be a bit clumsy. It’s okay to take the statement and make it more readable and clear – especially if your website collects different types of information.
For instance, if your website has got a contact form or a newsletter signup, or if people make purchases or bookings through your site, then you are collecting personally identifiable information from people. This is the type of information that the Privacy Statement Generator deals with the best.
However, if your website has Google Analytics installed (and we recommend that it does), you are collecting information about their use of your website, time spent on specific pages etc, and you are sharing that information with a third-party (Google). But there is no link made between the data about their usage of your website and their personally identifying information. We can’t tell that Sally Smith from Invercargill spent 4 hours looking at your accommodation website, for instance.
But they still need to be informed that this data is being gathered.
We recommend adding to your auto-generated Privacy Statement
Most Turboweb websites will need to add something similar to the following information:
1. Website Analytics, Cookies, and Tracking
- We gather information about user behaviour on our website, via a third-party service (Google) in order to improve our website and services.
- We may use this information from time to time to deliver targeted advertising to website users via Google Ads and social media platforms (e.g. Facebook).
- For information about opting out of Google Analytics tracking, see here.
2. Newsletter and Mailing List
- We use a third-party mailing list provider (Mailchimp) to send out newsletters to clients who have opted-in to this. Mailchimp and similar third-party mailing list providers all provide an easy unsubscribe option, and your contact information is only used for the defined purpose.
3. Payment Processing
- Online payments are processed by a secure third-party. (add details e.g. Stripe, Paypal etc). We do not keep this information, and it is only used for the purposes of completing your transaction.
For more information or assistance with your website Privacy Statement, contact Turboweb. Our content team can help you sort out what your business needs are, and how to craft a privacy statement that meets your needs.