1. Privacy Policy

Privacy Policy

Scope

This Privacy Policy explains how Grow HR Limited (Grow HR, we, us) collects, stores, uses and discloses personal information when providing its consultancy services, operating our website, for events and communications and managing our business.

This Policy aligns with the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). It applies to all personal information we handle, whether collected directly from individuals or indirectly from clients and third parties as part of our services.

Situations where this Policy applies

  • You access or use our website(s), services or platforms.
  • You, or your employer interacts with us about our services, events or communications.
  • You are an employee of, or contractor to Grow HR.
  • We indirectly collect your personal information.

By engaging with our services or otherwise interacting with us, you acknowledge this Policy. If you provide us personal information about other individuals (e.g. an employee, contractor or applicant), you confirm you are authorised to do so, and you have informed those individuals where required to by the Privacy Act 2020 (and amendments).

What personal information we may collect - We only collect information that is lawful and reasonably necessary for our functions and activities.   We limit access to those who need it and ensure it is collected, used and disclosed only to the extent necessary for the relevant purpose.  Examples include, but are not limited to;

  • Identity and contact information (e.g. name, phone number, email).
  • Applicant information (e.g. referees, identity documents, date of birth)
  • Employment information (e.g. role, performance information, medical certificates, drug & alcohol results, disciplinary records, remuneration details).
  • Recruitment information (e.g. CV, application data, referee details, vetting results).
  • Log and analytics data from our website (e.g. IP address, browser type, pages visited

How we collect personal information

  • Directly from you (e.g. enquiries, meetings, surveys, events, email/phone).
  • From clients and authorised third parties (e.g. health professionals, nominated referees, recruitment check agencies).
  • From publicly available sources (e.g. LinkedIn) where appropriate.
  • Automatically via cookies and analytics when you use our website.

Notification that we have or are collecting personal information either directly or indirectly will depend on the situation. You can disable cookies in your browser settings; doing so may affect some features of our website.

Purposes for which we use personal information - We only use personal information for the reason it was collected, or for something closely related to that reason. We will not use it for something different unless we have your consent or are required or permitted to do so by law.  Examples include;

  • Delivering services and otherwise fulfilling our professional duties.
  • Managing client relationships and engagements.
  • Recruitment and employment assessments (e.g. background or reference checks).
  • Providing newsletters, industry updates and event invitations where you opt in.
  • Improving our services and website through aggregated analytics (non-identifiable).

Disclosure of personal information - We will only disclose personal information where permitted by the Privacy Act 2020. This means we will only disclose personal information if:

  • The disclosure is for the purpose for which the information was collected, or a directly related purpose.
  • The individual has authorised the disclosure (e.g. to carry out recruitment checks / obtain a medical report).
  • The information is publicly available and disclosure would not be unfair or unreasonable.
  • Disclosure is required or permitted by law (for example, to prevent or lessen a serious threat to health or safety, or to assist law enforcement),
  • The information is provided in a form that does not identify the individual (for example, anonymised data for reporting or benchmarking).

We will not disclose personal information to third parties for unrelated purposes without consent, unless required or permitted by law. 

Security safeguards - We operate a range of security safeguards including role-based access controls, multi-factor authentication and encryption for systems handling sensitive data, secure storage of case notes and documents, staff training.

Retention and destruction - We retain personal information for as long as it is required for the purposes for which it was collected or to meet legal and business requirements. We then take reasonable steps to securely destroy or de-identify it.

As a general guide: contact and engagement records are retained for the duration of the client relationship and for a period of up to seven years thereafter; case files relating to employment matters (including investigations, disciplinary processes and mediations) are retained for a minimum of seven years from the conclusion of the matter, reflecting the potential for related proceedings; recruitment records are retained for up to two years from the date of the relevant decision. 

Access and correction - Where we have processed personal data on behalf of an employer they will normally be responsible for managing requests for access or corrections to personal information.  In those cases, Grow HR will direct your request to the relevant client organisation rather than responding on their behalf. If you are unsure who to contact, you are welcome to reach out to our Privacy Officer who will assist you in identifying the right point of contact.

All other individuals have the right to request access to and correction of their personal information held by Grow HR. We will respond promptly and may refuse access in limited circumstances permitted by law (e.g. where disclosure would endanger safety or breach another person’s privacy).

If you are not satisfied with our response to an access, correction or privacy complaint, you have the right to complain to the Office of the Privacy Commissioner. Further information is available at www.privacy.org.nz.

Roles and responsibilities - Grow HR maintains a Privacy Officer responsible for overseeing compliance with this Policy and the Privacy Act 2020, handling access/correction requests and managing privacy incidents.  

Privacy breach - If a privacy breach occurs we will notify the Office of the Privacy Commissioner and affected individuals as required.   

Updates to this Policy - We may update this Policy to reflect changes in legislation, technology or our practices. The latest version will be available on our website.

Contact us - Privacy Officer: directors@growhr.co.nz

Updated: March 2026

 

Contact Grow HR now. Phone (06) 878 5454