1. Privacy Policy

Privacy Policy

Scope

This Privacy Policy explains how Grow HR Limited (Grow HR, we, us) collects, stores, uses and discloses personal information when providing its consultancy services, operating our website, for events and communications and managing our business.

This Policy aligns with the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). It applies to all personal information we handle, whether collected directly from individuals or indirectly from clients and third parties as part of our services.

When a client shares personal information with us so we can provide our services, we may use that information on the client's behalf or as part of our own professional records, depending on the work involved. Who is responsible for that information will depend on the type of engagement and what we have agreed with the client.

Situations where this Policy applies

  • You access or use our website(s), services or platforms.
  • You, or your employer interacts with us about our services, events or communications.
  • You are an employee of or contractor to Grow HR

By engaging with our services or otherwise interacting with us, you acknowledge this Policy. If you provide us personal information about other individuals (e.g. an employee, contractor or applicant), you confirm you are authorised to do so and have informed those individuals as required by the Privacy Act 2020 (and amendments).

What personal information we may collect - We only collect information that is lawful and reasonably necessary for our functions and activities.   We limit access to those who need it and ensure it is collected, used and disclosed only to the extent necessary for the relevant purpose.  This includes, but is not limited to;

  • Identity and contact information (e.g. name, phone number, email).
  • Applicant information (e.g. referees, identity documents, date of birth)
  • Employment information (e.g. role, performance information, medical certificates, drug & alcohol results, disciplinary records, remuneration details).
  • Recruitment information (e.g. CV, application data, referee details, vetting results).
  • Log and analytics data from our website (e.g. IP address, browser type, pages visited

How we collect personal information

  • Directly from you (e.g. enquiries, meetings, surveys, events, email/phone).
  • From clients and authorised third parties (e.g. health professionals, nominated referees, employment checking agencies where justified).
  • From publicly available sources (e.g. LinkedIn) where appropriate.
  • Automatically via cookies and analytics when you use our website.

Notification that we have, or are collecting personal information will depend on the situation. A common example in our work is when an employer asks us for advice about an employee situation, such as a performance concern, disciplinary matter, or workplace investigation. In these cases, the employer shares information about the employee with us so we can advise them. In these types of situations the employer remains responsible for managing their privacy obligations to their employees. Grow HR only uses that information to support the employer in carrying out their responsibilities lawfully and fairly. 

You can disable cookies in your browser settings; doing so may affect some features of our website.

Purposes for which we use personal information - We only use personal information for the reason it was collected, or for something closely related to that reason. We will not use it for something different unless we have your consent or are required or permitted to do so by law.  Examples include;

  • Delivering services and otherwise fulfilling our professional duties.
  • Managing client relationships and engagements.
  • Recruitment and employment assessments with prior consent (e.g. background or reference checks).
  • Providing newsletters, industry updates and event invitations where you opt in.
  • Improving our services and website through aggregated analytics (non-identifiable).

Disclosure of personal information - We will only disclose personal information where permitted by the Privacy Act 2020. This means we will only disclose personal information if:

  • The disclosure is for the purpose for which the information was collected, or a directly related purpose,
  • The individual has authorised the disclosure,
  • The information is publicly available and disclosure would not be unfair or unreasonable,
  • Disclosure is required or permitted by law (for example, to prevent or lessen a serious threat to health or safety, or to assist law enforcement),
  • The information is provided in a form that does not identify the individual (for example, anonymised data for reporting or benchmarking).

We will not disclose personal information to third parties for unrelated purposes without consent, unless required or permitted by law. 

Security safeguards - We operate a range of security safeguards including; 

  • Role-based access controls
  • Multi-factor authentication and encryption for systems handling sensitive data.
  • Secure storage of case notes and documents.
  • Staff training.

Retention and destruction - We retain personal information for as long as it is required for the purposes for which it was collected or to meet legal and business requirements. We then take reasonable steps to securely destroy or de-identify it.

As a general guide: contact and engagement records are retained for the duration of the client relationship and for a period of up to seven years thereafter; case files relating to employment matters (including investigations, disciplinary processes and mediations) are retained for a minimum of seven years from the conclusion of the matter, reflecting the potential for related proceedings; recruitment records are retained for up to two years from the date of the relevant decision. 

Access and correction - Where we have processed personal data on behalf of an employer they will normally be responsible for managing requests for access or corrections to personal information.  In those cases, Grow HR will direct your request to the relevant client organisation rather than responding on their behalf. If you are unsure who to contact, you are welcome to reach out to our Privacy Officer who will assist you in identifying the right point of contact.

All other individuals have the right to request access to and correction of their personal information held by Grow HR. We will respond promptly and may refuse access in limited circumstances permitted by law (e.g. where disclosure would endanger safety or breach another person’s privacy).

If you are not satisfied with our response to an access, correction or privacy complaint, you have the right to complain to the Office of the Privacy Commissioner. Further information is available at www.privacy.org.nz.

Roles and responsibilities - Grow HR maintains a Privacy Officer responsible for overseeing compliance with this Policy and the Privacy Act 2020, handling access/correction requests and managing privacy incidents.  

Privacy breach - If a privacy breach occurs we will notify the Office of the Privacy Commissioner and affected individuals as required.   

Updates to this Policy - We may update this Policy to reflect changes in legislation, technology or our practices. The latest version will be available on our website.

Contact us - Privacy Officer: directors@growhr.co.nz

Updated: March 2026

 

Contact Grow HR now. Phone (06) 878 5454