Privacy Policy Kaupapa Tūmataiti

1. Policy Purpose

The purpose of this policy is to demonstrate how the Northland Events Centre (2021) Trust (NECT2021) will comply with its obligations under the Privacy Act 2020.

The Privacy Act 2020 and in particular the 13 Privacy Principles set out under section 22 of the Act, govern how an organisation should collect, handle and use personal information.

Throughout this policy where relevant the 13 Privacy Principles has been referenced and a copy of the principles is attached as Appendix A.

2. Scope

This policy applies to all NECT2021 Trustees, Employees and external services that NECT2021 may employ to collect personal information.

NECT2021 has appointed the Chief Executive as the Privacy Officer for all matters relating to this policy.

3. Policy Statement

As part of our normal business practice, we collect personal information. Under the Privacy Act 2020 we have an obligation to use and store this information appropriately. We may only view and use information relevant to our jobs and when providing service to our customers.

NECT2021 will:

  •  Only collect personal information if necessary, to complete business
  •  Tell a customer that we are collecting their personal information and why
  •  Protect a customer’s personal information and not share it with anyone outside of our business
  •  Only keep a customer’s personal information as long as necessary to complete business
  •  Safely store and dispose of our customers personal information so that it cannot be used by others
  •  Make sure that any personal information we do use is up to date and accurate
  •  Formally respond to any request for a copy of personal information held about a customer by that customer, a request by a customer to correct their personal information and/or any complaint by a customer about a privacy matter.

4. Policy Principles (Privacy Principles 1,2,3,4)

What personal information do we collect?

The type of personal information we collect, and hold, varies depending on the type of interaction we have with you. We will only collect personal information where it is a necessary part of a function or activity of our business.

We may collect, store, and use the following types of personal information about you:

  •  Name, title, date of birth and gender
  •  Contact details including your phone number and email address
  •  Payment details including your bank account and payment card details
  •  Usage information about how you use our services and facilities, website and social media platforms
  •  We may also collect other information that is relevant to specific services or events.

We are permitted to collect this information where it is relevant to the service we are providing, e.g. responding to customer requests for information or providing customers with our services and/or use of our facilities. We may also collect personal information regarding a person’s communications with us, or how they interact with us.

How and when do we collect personal information?

Direct interaction with customers

We collect personal information from customers or from anyone a customer authorises to provide information to NECT2021 on their behalf.

Where we are unsure about the identity of the person providing information or their authority to do so, it may be appropriate to take steps to confirm their identify and/or authority to act on behalf of a customer.

This following list is not exhaustive as any interaction may result in NECT2021 collecting personal information about an individual:

  •  Letters
  •  Phone calls or text messages
  •  E-mails
  •  Online forms
  •  Applications for our services such as bookings, signage, approvals, contracts, vacancies, event management
  •  Surveys
  •  Apps
  •  Newsletters and client updates
  •  Social media posts
  •  Audio recordings
  •  Images on camera and Closed Circuit Television (CCTV)

Third Party

We may collect personal information about you from other third parties to help us provide services to you and fulfill our regulatory obligations. This may include related organisations such as Whangarei District Council, and other organisations we interact with such as ticketing agencies, electronic surveillance and security providers.


When you visit our website, we may use technology solutions such as cookies to provide you with better access to tailored information and services.

We use Google Analytics to further understand how some of our services may be improved. Google Analytics relies on the use of cookies. For details on what information is collected via the use of cookies, and how it is stored and used, see Google’s privacy policy

We may use non-personalised statistics to monitor site traffic, to analyse trends and gather demographic information about those who use our services, to improve our services and to improve user experience.

We may broadcast live some events online or made available on the NECT2021 website and social media channels. Purchased tickets will state that the event may be filmed. Your image may be recorded and used by the venue or promoters as part of the event broadcast.

We may collect video footage and photographs through various means including CCTV to monitor traffic movements on nearby public road ways and parking areas within the venue and stadium areas in order to help reduce crime and antisocial behaviour.

Where possible, signage will advise when CCTV equipment is being used.

The Chief Executive and designated staff or authorities (NZ Police, Security Contractor, FENZ) are authorized to access CCTV footage to help reduce crime and antisocial behaviour or to conduct regular maintenance checks.

NECT2021 will not actively attempt to identify individuals from the CCTV footage unless reported or suspected incident require investigation by NZ Police or the Trust.

As part of our event management programme, contracted security personnel and other designated staff may wear body cameras, which are activated as required in order to reduce abusive or threatening behaviour.

Any recordings of violent or threatening incidents will be advised to the New Zealand Police.

How do we use your information?

The personal information we collect from you may only be used to:

  •  Provide you with service or facilities that you have requested
  •  Confirm your identify
  •  Process an application to use our services or facilities
  •  Process payments received or made by us
  •  Provide you with information about our events, news, services or facilities, or the events, news, services or facilities that we consider may be of interest to you
  •  Respond to your requests, enquiries, feedback or other for customer care related activities
  • Update any information that we hold about you in our existing records or databases
  •  Assist us in analysing and improving our services
  •  Comply with relevant legal requirements
  •  General administrative and business purposes
  •  For any specific purpose that we tell you about when your personalinformation is first collected, or any other purpose that you authorise.

Who do we share your information with? (Privacy Principle 11)

Information will only be shared with your consent, or where there is a statutory requirement to share it.

We may disclose personal information about you to:

  •  Any person engaged by NECT2021 to provide services to you on our behalf where your personal information is necessary for the provision of those services
  •  A third party, if we are required to do so under any laws or regulations, or during the course of legal proceedings or other investigations. This may include sharing CCTV and event footage with New Zealand Police or other public sector agencies where criminal activity is reported or suspected. The New Zealand Police or their delegates may also access live feeds or historical recordings from CCTV cameras from time to time for law enforcement, investigation and emergency response purposes.
  •  A third party who provides data hosting or ticketing services
  • Any person we may notify you of at the time we collect your information, and any person to whom you authorise us to disclose your personal information.

Retention of personal information (Privacy Principle 9)

We may retain personal information we collect for as long as it is administratively necessary or required by law. This is in accordance with NECT2021’s information retention and disposal schedule or applicable statutory requirements.

The Public Records Act 2005 requires NECT2021 to retain protected records indefinitely. In some circumstances, your personal information may be included within a protected record.

Failure to provide personal information

If you do not provide all the personal information that we request, we may not be able to adequately respond to your correspondence, provide the services or facilities you have requested, process payments, or otherwise deal with any requests or enquiries you have submitted.

In some circumstances, failure to provide information when requested may be unlawful and may result in legal consequences. You will be made aware of any such situations at the time we collect your information.

Security and accuracy (Privacy Principle 5,7)

NECT2021 has a responsibility to ensure that customer information is safe and secure, and protected against loss, other misuse, and unauthorised access, use, modification, or disclosure.

We have implemented reasonable measures designed to:

  •  Keep your information safe and secure, and protected against loss, other misuse, and unauthorised access, use, modification, or disclosure, and ensure personal information is accurate, current, and relevant.

Requests for personal information (Privacy Principle 6,7)

Customers are entitled to ask us to confirm whether we hold any personal information about them.

Once we have verified a customer’s identity, we must provide them with confirmation and/or copies of the information we hold about them unless we believe it necessary to withhold the information under the Privacy Act.

Customers lodge requests for their personal information by emailing the Privacy Officer (NECT2021 Chief Executive)

Once we have verified identity, we will provide confirmation and access, unless we believe it is necessary to withhold the information under the Privacy Act. In most cases, we will provide you with access to your personal information within 20 working days. You can ask us to correct the personal information we hold about you if needed.

All requests for personal information will be formally logged and assigned to the Privacy Officer (NECT2021 Chief Executive) for further consideration as a privacy request.

Reporting of privacy breaches

Should NECT2021 become aware of a potential breach of privacy the Privacy Officer will investigate the cause of the breach, take action to prevent further breaches from occurring and, if appropriate, make reasonable endeavours to contact any affected parties.

As required under the Privacy Act, the Privacy Officer will report all breaches that may cause serious harm to the Office of the Privacy Commissioner (OPC) via their website

Questions, Complaints, Further Information

If you feel we have breached any of the principles set out in the Privacy Act or have a privacy issue you wish to discuss, please contact the Privacy Officer (Chief Executive) by emailing

If you believe there is a privacy dispute we cannot resolve, or for more information about privacy issues, visit the Office of the Privacy Commissioner at

5. Policy Implementation and Reporting

The implementation of this policy is the responsibility of the Chief Executive.

The Chief Executive will be responsible for formally updating the NECT2021 Audit & Risk Committee and Board for all matters pertaining to the policy.