Privacy Policy

INTRODUCTION

Kumarani Productions Trust (KPT) and all projects that Kumarani Productions Trusts supports, including Circus Kumarani and Northland Circus Festival, adheres to the legal obligations set out in the Privacy Act 2020

This includes, but is not limited to,

  • Procedures for the collection, use, and retention of personal information.

  • Procedure to report breaches to the Privacy Commissioner.

  • Appropriate IT and cyber-security measures, including

    • Protect collected information from unauthorized access or loss including firewalls, antivirus systems, and password protection.

    • Regular review of user accounts, passwords and system access

    • Secure devices and hardware, including processes for e-waste disposal

  • Ensure that all staff understand the latest privacy requirements

  • Nominating a Privacy Officer

  • Training Staff in the organization privacy policy and security

This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

CHANGES TO THIS POLICY

We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.

COLLECTION, USE, AND RETENTION OF PERSONAL INFORMATION

KPT will only collect identifying information if it is necessary for the smooth operation of performances, workshops, events, or other activities. 

Personal information collected from children or young people will be limited to necessary information, with all contact details that of their adult guardian. 

All personal information collected in hardcopy (written) format will be stored onsite at Circus Kumarani, in a secure storage area and kept for no longer than the maximum period as stated by New Zealand Law. 

All personal information collected in electronic format will be stored on the admin@circuskumarani.co.nz Google Drive, in a password protected folder and kept for no longer than the maximum period as stated by New Zealand Law.

All personal information collected will only be used for the purpose that the individual was initially consenting to. This means that no personal information will be uploaded or shared with third parties without the individual’s knowledge. I.E. Those who have signed up to workshops and provided personal information will not be included in promotional emails etc. 

KPT will provide people with access to their personal information within an appropriate timeframe if requested.

All KPT student and staff files are stored securely as described above and access is restricted at all times by the Manager. Access to this information will be provided to the client, parent or legal guardian as appropriate, authorised staff on a ‘need to know’ basis, and auditors, contractors and licensing or accreditation staff on a case by case basis at the discretion and under the supervision of the Manager or the Board of Trustees.

BREACH OF SECURITY

In the event that Kumarani Productions Trust is subject to a breach of cyber-security, KPT will notify the Office of the Privacy Commissioner as soon as possible. This will be done by using the NotifyUs tool, available at https://www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/ 

IT AND CYBER SECURITY MEASURES

All computers owned by the Trust and / or are primarily used for KPT work will have a firewall and antivirus software installed on them, and be kept up to date with the latest system updates. 

All computers owned by the Trust will be password protected, with an annual change of passwords conducted on the 1st of February each year. 

All cloud storage systems (OneDrive and Google Drive) and email accounts are password protected with an annual change of passwords conducted on the 1st of February each year. 

All cloud storage systems and email accounts will require new users to complete a security check that involves a phone number for formal approval. 

A review of user accounts and system access will occur on the 1st of February each year, with all non-current users having access revoked, if not done previously.

All IT hardware and devices are to be kept at the Circus Kumarani office, or with the person in a secure manner. 

Any IT hardware and devices that are to be disposed of will be done by an approved e-waste provider. Prior to this all IT hardware and devices will undergo a complete system reset by a member of KPT. 

COMMUNICATION OF PRIVACY REQUIREMENTS

All KPT employees, and where appropriate, volunteers will be trained in and made aware of the latest privacy requirements and the Trust’s latest privacy policies and procedures. All KPT participants will be informed of their privacy rights upon enrolment or registration. 

Andy Sondalini is the current nominated privacy officer for KPT.

CONTACT

If you have any questions, concerns or complaints, email admin@circuskumarani.co.nz