1. Privacy Policy

Privacy Policy

Scope

This Privacy Policy explains how Grow HR Limited (Grow HR, we, us) collects, stores, uses and discloses personal information in the course of providing human resources and employment relations consultancy services, operating our website(s), events and communications, and managing our business.

This Policy aligns with the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). It applies to all personal information we handle, whether collected directly from individuals or indirectly from clients and third parties as part of our services.

Situations where this Policy applies

  • You access or use our website(s), services or platforms.
  • You interact with us about our services, events or communications.

By engaging with our services or otherwise interacting with us, you acknowledge this Policy. Where you provide personal information about other individuals to us (e.g. employees, contractors, applicants), you confirm you are authorised to do so and have informed those individuals as required that we may collect, use and disclose their information to deliver agreed services

What personal information we may collect

We only collect information that is lawful and reasonably necessary for our functions and activities that includes, but is not limited to;

  • Identity and contact information (e.g. name, phone number, email).
  • Employment information (e.g. role, performance information, medical certificates, disciplinary records, remuneration details).
  • Recruitment information (e.g. CV, application data, referee details, vetting results).
  • Log and analytics data from our website (e.g. IP address, browser type, pages visited).

How we collect personal information

  • Directly from you (e.g. enquiries, meetings, surveys, events, email/phone).
  • From clients and authorised third parties (e.g. health professionals, drug testing agencies, nominated referees, employment checking agencies where justified).
  • From publicly available sources (e.g. LinkedIn) where appropriate.
  • Automatically via cookies and analytics when you use our website.

Indirect collection: When we receive personal information from someone other than the individual concerned (e.g. a client), we will take reasonable steps to ensure individuals are aware of the collection, the purposes, and their rights. From 1 May 2026 we will notify individuals of indirect collection in accordance with the Privacy Amendment Act (IPP3A).  We will not notify individuals if doing so would prejudice the purpose of collection, is not reasonably practicable, or if the individual has already been made aware of the collection and its purpose.

Purposes for which we use personal information

We use personal information only for the purpose for which it was collected or for a purpose directly related to that purpose, unless we have consent or another lawful basis.  Examples include;

  • Delivering services and otherwise fulfilling our professional duties.
  • Managing client relationships and engagements.
  • Recruitment and employment assessments with prior consent (e.g. background or reference checks).
  • Providing newsletters, industry updates and event invitations where you opt in.
  • Improving our services and website through aggregated analytics (non-identifiable).

Disclosure of personal information

We will only disclose personal information where permitted by the Privacy Act 2020. This means we will only disclose personal information if:

  • The disclosure is for the purpose for which the information was collected, or a directly related purpose,
  • The individual has authorised the disclosure,
  • The information is publicly available and disclosure would not be unfair or unreasonable,
  • Disclosure is required or permitted by law (for example, to prevent or lessen a serious threat to health or safety, or to assist law enforcement),
  • The information is provided in a form that does not identify the individual (for example, anonymised data for reporting or benchmarking).

We will not disclose personal information to third parties for unrelated purposes without consent, unless required or permitted by law

Security safeguards

We operate a range of security safeguards including; 

  • Role-based access controls and least-privilege access.
  • Multi-factor authentication and encryption for systems handling sensitive data.
  • Secure storage of case notes and documents.
  • Staff privacy training and acceptable use standards.
  • Vendor due diligence and contractual safeguards for service providers.

Retention and destruction

We retain personal information only for as long as it is required for the purposes for which it was collected or to meet legal and business requirements. We then take reasonable steps to securely destroy or de-identify it.

Access and correction

Where we have processed personal data on behalf of your employer they will normally be responsible for managing requests for access or corrections to personal information.  

All other individuals have the right to request access to and correction of their personal information held by Grow HR. We will respond promptly and may refuse access in limited circumstances permitted by law (e.g. where disclosure would endanger safety or breach another person’s privacy).

Privacy breaches

If a privacy breach occurs that has caused, or is likely to cause serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as soon as practicably able. We maintain an incident response process to assess harm, contain the breach, and implement remedial actions.

Cookies and website analytics

We use cookies to improve user experience and to understand website performance. You can disable cookies in your browser settings; doing so may affect some features of our website.

Roles and responsibilities

Grow HR maintains a Privacy Officer responsible for overseeing compliance with this Policy and the Privacy Act 2020, handling access/correction requests and managing privacy incidents.

Updates to this Policy

We may update this Policy to reflect changes in legislation, technology or our practices. The latest version will be available on our website.

Contact us

Privacy Officer: directors@growhr.co.nz

Updated: December 2025

 

Contact Grow HR now. Phone (06) 878 5454