Privacy Policy

At the Employment Law Institute of New Zealand (“ELINZ”), we take privacy and confidentiality seriously.  This Privacy Policy outlines how we collect, store, and protect personal information in accordance with New Zealand’s Privacy Act 2020.

Collection of Personal Information
We collect personal information as necessary to provide membership services to our admitted members (and to assess applicants).  The information that we collect may include personal contact details and employment history.  All ELINZ Executive Members may have access to this information.

How Your Information is Stored
All ELINZ Executive Members work from secure offices—whether in a dedicated work environment or a home office—where access is restricted to authorised individuals, such as known household members or approved staff members.

We implement strict security measures to protect personal and member data, including:

  • Digital Storage
    All member and organisational information is stored on password-protected devices. Where cloud-based applications (e.g., Dropbox, MYOB) are used, two-factor authentication (2FA) will be enabled where possible for additional security.

    • When working remotely or outside the usual office environment, laptops and mobile devices must follow the same security protocols, including password protection and encrypted storage.
  • Paper Records
    Any printed documents must be stored securely, whether in a home or office setting and should be kept in a locked drawer or cabinet when not in use. Documents should be securely shredded when they are no longer required.
  • Access Control
    Access to sensitive information is restricted to Executive Members only. Devices should be locked when unattended, and unauthorised individuals (including visitors or household members) should not have access to work-related information.
  • Regular Updates
    All software, including security patches and antivirus tools, should be kept up to date on all devices used for work purposes.

These measures apply across all working environments to maintain the highest standard of confidentiality and data protection.

Confidentiality & Data Sharing
We do not share personal information with third parties unless required by law or with explicit member consent.  If we need to share information, we will seek prior approval.

Retention & Disposal
We retain member records for as long as necessary to provide ongoing professional services and maintain a history of interactions.  This indefinite time period allows ELINZ to offer continuity in membership support and services.

All digital records are securely stored on password-protected systems with appropriate access controls.  Paper records, where applicable, are securely stored within offices and shredded when no longer required.

If a member wishes to request the deletion of their personal information, they can contact ELINZ’s Secretary to discuss their options.  Deletion will be subject to legal and professional obligations.

Data Security and Breach Response
While ELINZ takes all reasonable steps to protect personal information, if a data breach occurs that may cause harm, we will take appropriate action, including notifying affected parties where required under the Privacy Act 2020.

Third-Party Services
We may use secure third-party services (such as Dropbox and Xero) to store and process member information.  These services have their own privacy and security policies, and we take reasonable steps to ensure they align with best practices for data protection, including:

  • Security Verification – We select third-party providers with strong security measures in place, such as data encryption, secure access controls, and compliance with relevant privacy laws.
  • Two-Factor Authentication (2FA) – Where available, we enable 2FA on all accounts to add an extra layer of protection against unauthorised access.
  • Limited Access – Only selected Executive members will have access to these services, and each member has their own login and password credentials.  We do not share login credentials with anyone.
  • Regular Security Reviews – We periodically review the security settings of third-party platforms to ensure they remain up-to-date and compliant with our privacy and confidentiality standards.
  • Data Minimisation – We only store necessary member information within these services and regularly review and remove outdated or unnecessary records.

While we take all reasonable precautions, members should be aware that third-party platforms operate independently and are subject to their own terms and conditions.

Use of Artificial Intelligence (AI) in Business Operations
As part of our operations, we may utilise AI-powered tools to enhance efficiency, accuracy, and member services while maintaining strict privacy and security measures.  AI-based services we may use include, but are not limited to:

  • Grammarly and other writing assistants – For grammar, spelling, and clarity checks in documents and correspondence.
  • Generative AI tools (e.g., Otter AI, ChatGPT, Microsoft Copilot, and similar programs) – For drafting content, analysing, and summarising complex information.
  • Interpretative AI in Microsoft products (e.g., Excel, Word, and Teams integrations) – For data analysis, document automation, and process optimisation.

We ensure that the use of AI in our organisation aligns with privacy and confidentiality obligations by implementing the following protections:

  1. Anonymisation & Data Minimisation – When using AI for drafting or analytical purposes, we avoid inputting identifiable member details unless absolutely necessary and permitted.
  2. Secure Platforms – AI tools used are integrated into secure and reputable platforms with strong privacy safeguards.  Where premium or enterprise versions with enhanced security features are available and necessary for member-related work, these are used.  This ensures ethical and credible platforms are prioritised.
  3. Human Oversight – We review, edit, and verify any AI-generated content to ensure accuracy, relevance, and compliance with New Zealand employment law.
  4. Confidentiality Compliance – No member-sensitive data is shared with AI tools that do not meet stringent privacy standards.

Website Data & Cookies
If you visit our website, limited data may be collected through website analytics or cookies.  This helps improve site functionality but does not personally identify visitors unless they voluntarily provide information (e.g., via a contact form).

Your Rights
Under the Privacy Act 2020, you have the right to request access to and correction and deletion of your personal information.  If you have any concerns or would like to exercise your rights, please contact us at secretary@elinz.org.nz

Changes to this Policy

This Privacy Policy may be updated from time to time.

Last updated: 11 March 2025