Privacy Policy

1.  INTRODUCTION

1.1. From time to time Habit Holdings Limited ("the Company") or any subsidiary may collect, use and disclose personal information relating to its customers, contractors, suppliers and employees in the performance of its business activities.

1.2. This policy sets out guidelines to assist the Company and its employees comply with the requirements of the Privacy Act 1993 ("Privacy Act") and the Information Privacy Principles (" IPP") in relation the collection, storage, use and disclosure of records containing individuals' Personal Information.

2.  SCOPE

2.1. This policy applies to the collection, storage, use and disclosure by the Company (or a person acting on behalf of the Company) of individuals' Personal Information in New Zealand.

3.  DEFINITIONS

3.1.  Personal Information means information about an identifiable individual.

4.  COLLECTION OF PERSONAL INFORMATION

4.1. The Company may collect Personal Information for a lawful purpose connected with a function or activity of the Company. Personal Information must not be collected in an unreasonably intrusive way.

4.2. A person who collects Personal Information on behalf of the Company must comply with this Policy and the requirements of the Privacy Act.

5.  USE AND DISCLOSURE OF PERSONAL INFORMATION

5.1. The Company will not use or disclose Personal Information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:

a. the secondary purpose is directly related to the primary purpose of collection;

b. the individual has consented to the use or disclosure; or

c. the source of the information is a publicly available publication; or

d. the use or disclosure of the information for the secondary purpose is necessary to avoid prejudice to the maintenance of the law by any public sector agency, or for the enforcement of a law imposing a pecuniary penalty, or for the protection of the public revenue, or for the conduct of proceedings before any court or tribunal; or

e.the use or disclosure of the information is necessary to prevent or lessen a serious threat to public health or public safety, or the life or health of the individual concerned or another individual; or

f. the use or disclosure is required or authorised by or under law; or

g. the use or disclosure is not inconsistent with the requirements of the Privacy Act.

6.  DATA QUALITY

6.1. The Company will take reasonable steps to make sure that the Personal Information it collects, uses or discloses is accurate, complete and up-to-date.

7.  DATA SECURITY

7.1. The Company will take reasonable steps to protect the Personal Information it holds from misuse and loss and from unauthorised access, modification or disclosure.

7.2. The Company will take reasonable steps to destroy or permanently de-identify Personal Information (such as a job applicant's resume) if it is no longer needed.

8.  OPENNESS

8.1. This Privacy Policy will be made available to anyone who asks for it.

8.2. On request by a person, the Company will take reasonable steps to let the person know, generally, what sort of Personal Information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

9.  ACCESS AND CORRECTION

9.1.  if the Company holds Personal Information about an individual, it will comply with legislative obligations to provide the individual with access to the information on request by the individual.

9.2. If the Company holds Personal Information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, the Company will take reasonable steps to correct the information so that it is accurate, complete and up-to-date.

9.3. The Company will provide reasons for denial of access or a refusal to correct Personal Information.

10.  SECURITY

10.1. The Company has implemented generally accepted standards of technology and operational security in order to protect Personal Information from loss, misuse, alteration or destruction.

10.2. A person acting on behalf of the Company must not transfer Personal Information to an individual without first establishing the identity of the recipient through the use of a personal identifier and/or cross check.