Last updated 20 September 2018
1.1 Your privacy is important to JacksonStone & Partners (JacksonStone, us, or we). Privacy and confidentiality is key to our business. This means your Personal Information is stored securely within our locally-hosted network, protected actively maintained, industry-standard security.
1.2 JacksonStone & Partners is committed to ensuring that any Personal Information you provide to us is held and used only in accordance with the privacy principles contained in the Privacy Act 1993.
1.3 In addition to our privacy obligations under New Zealand Privacy Law, we are a data controller for the purpose of the General Data Protection Regulation (GDPR). You can contact us in writing at the below address:
PO Box 25177, Wellington 6146, New Zealand
Or email email@example.com
3.2 If you do not agree to any change we make, you should immediately stop using our services and our website.
4. Why do we collect Personal Information?
4.1 JacksonStone collects, uses and discloses Personal Information to carry out our functions, to provide you with products and services, to market our functions, products and services and to meet our legal obligations.
5. Who do we collect Personal Information about?
5.1 We collect and hold Personal Information about:
(a) Persons we deal with in the course of carrying out our functions and individuals associated with those persons;
(b) Individuals we provide products and services to;
(c) Suppliers and their employees and contractors;
(d) Prospective employees, employees and contractors; and
(e) Other individuals who come into contact with us.
6. What Personal Information do we collect?
6.1 The type of Personal Information we collect depends on the purpose for collection and circumstances of collection, but may include:
(a) Identifying information, such as your name, date of birth, citizenship or residency and appearance;
(b) Contact information, such as your postal address, telephone number, facsimile address and email address;
(c) Payment information (if you are paying us), such as bank account or credit card details, including number, expiry date, cardholder name and billing address;
(d) Payment information (if we are paying you), such as bank account details, including number, branch, SWIFT code, account holder, and New Zealand Inland Revenue number;
(e) Special categories of Personal Information, such as Personal Information that reveals political opinions, religious or philosophical belief, trade union membership, health status, sex life or sexual orientation;
(f) Information about your work history, such as your occupation, employment history and/or details, credit history, education and qualifications, personal and professional skills and attributes, testimonials and feedback, including your curriculum vitae and other documents that may contain further Personal Information. In certain circumstances we may also ask for information such as your New Zealand Inland Revenue number;
(g) Information about your preferences, such as how you would prefer to be contacted;
(h) Website user data, collected when you visit our website. Website user data may include your IP address, cookies, device information, unique device identifiers, operating system and version and mobile network information.
7. Special categories of Personal Information
7.1 Some Personal Information, including information that reveals racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, genetic data, biometric data, health status, sex life or sexual orientation is treated as a special category of personal data under the GDPR. Generally, we will limit our collection of Personal Information that falls into this category, however, occasionally this type of information may be relevant to our interactions with you. By providing us with Personal Information that falls within this category, you explicitly consent to this information being processed for the purposes in clause 4.
8. Non-personal information
8.1 We may from time to time collect information that is not Personal Information (i.e. it is not attributable to you individually). The purpose of this is to ensure we can further develop and improve our services.
8.2 If we do combine non-personal information with Personal Information the combined information will be treated as Personal Information.
9. How do we collect Personal Information?
9.1 We may collect Personal Information directly from you, including in the following circumstances:
(a) when you interact with us in person, on the phone or via email;
(b) when you provide us with your Personal Information in another kind of document, for example, a contract for services or a curriculum vitae;
(c) when you enter information into an online form; and
(d) when you interact with us on our Social Media.
9.2 We collect some information automatically when you visit our website and interact with us on social media.
From third parties
9.3 We may collect Personal Information about you from third parties, including:
(a) partners that we work with to carry out our functions and to provide you with products and services;
(b) our professional advisors;
(c) a person you have provided as a referee;
(d) from credit check agencies, or educational establishments for qualification checks; and
(e) in certain circumstances, publically available information.
10. Are you required to provide Personal Information to us?
10.1 In general, we will let you know at the time of collection whether the provision of Personal Information to us is optional or whether it is required for us to provide you with products or services or to perform our functions in relation to you.
10.2 If we have indicated that the requested Personal Information is required and you do not provide it, we will not be able to provide you with some or all the services you have requested or perform certain functions in relation to you.
11.1 We do not provide services to, or collect Personal Information about, minors, however we cannot distinguish the age of persons who access and use our website. If a minor (according to applicable laws) has provided us with Personal Information without parental or guardian consent, the parent or guardian should contact us to remove the Personal Information.
12. How we use your Personal Information
12.1 We use your Personal Information to:
(a) assist us in performing our functions, including providing services to our clients;
(b) provide you with products and services and perform our contractual obligations to you;
(c) help us improve our products and services;
(d) assess your suitability to work with or for us;
(e) communicate with you in the context in which you have engaged with us;
(f) communicate essential notifications and other information to you;
(g) notify you about other or new JacksonStone services, products or promotions where you have opted to receive such notifications;
(h) distribute information about other services and other organisations’ services to you where you have opted to receive such information;
(i) communicate with you, either directly or via one of our partners, for marketing, research or participation in surveys or competitions where you have opted to receive such communications;
(j) facilitate the development, maintenance and marketing of our website;
(k) perform statistical analysis of user behaviour, and of characteristics and use of our website;
(l) comply with our legal obligations, including under the Privacy Act 1993 and all other applicable New Zealand laws.
13. Disclosure to third parties
13.1 JacksonStone works with clients and candidates in performing recruitment services. JacksonStone also uses third party providers to provide services and perform functions on our behalf. We may share your Personal Information with the third parties we work with or who provide us with services or perform functions on our behalf. These third parties include:
(a) Our clients, for whom we perform recruitment services;
(b) Our candidates, for whom we perform job placement services;
(c) Our professional advisors and consultants;
(d) Persons who assist us to provide services or perform our functions, including in relation to:
(i) the development, operation and maintenance of the our website;
(ii) secure payment processing;
(iii) information processing and storage;
(iv) managing and enhancing customer data;
(v) providing customer service;
(vi) assessing your interest in our products and services and conducting customer research or satisfaction surveys;
(e) Social Media sites on which we have a presence; and
(f) Anyone else to whom you authorise us to disclose it.
14. Disclosure by Law
14.1 We may be required by law to disclose your Personal Information.
14.2 We may also disclose your Personal Information to a third party if we have a belief that either you have consented to the action, or that such action is necessary to:
(b) comply with a judicial proceeding, court order, or legal process; or
(c) protect the rights, property, or personal safety of us or our agents, personnel and subcontractors, or others.
14.3 You authorise us to disclose any information about you to law enforcement or government officials as we, in our sole discretion, believe is necessary or appropriate.
15. Transfer of information overseas
15.1 We are based in New Zealand. This means that if you are an EU resident, your Personal Informational information will be transferred and stored outside the European Economic Area. New Zealand has ‘adequacy’ for the purpose of Article 45 of Regulation (EU) 2016/679.
15.2 Certain Personal Information may be transferred to third countries and/or international organisations outside New Zealand and the European Union for candidate search, headhunting, or hosting of JacksonStone data reasons]. Where Personal Information is transferred outside of the European Economic Area or New Zealand, it will be:
(a) to a country or organisation that has ‘adequacy’ for the purpose of Article 45 of Regulation (EU) 2016/679 (including organisations subject to the Privacy Shield); or
(b) transferred subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate.
16. Third-party sites and services
16.1 JacksonStone’s website and other materials may contain links or references to third-party websites, products and services.
16.2 Information collected by such third parties, which may include such your location data or contact details, is governed by the third party’s privacy practices or policies. We recommend that you check the privacy policies of those third parties. We accept no responsibility or liability for any third party’s practices or policies or your provision of Personal Information to them.
17.1 “Cookies” are a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity.
17.2 The JacksonStone website uses “cookies” to make the service as easy for you to use as possible and helps us better understand user behaviour.
17.3 We treat information collected by cookies and other similar technologies as non-personal information unless:
(a) applicable laws require us to treat them as Personal Information; and
17.4 You can disable cookies on your computer if you wish, but please note that if you disable caching or choose to block sites from sending any data, this may cause the website not to work.
18. Google Analytics
18.2 Google Analytics follows your progress through a website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. Google then stores this data in order to create reports.
18.3 Google will track your IP address. This information may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website activity and Internet usage.
18.4 Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. When you use our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
19. LinkedIn Analytics
19.1 We use LinkedIn Analytics and tracking pixels to:
(a) help us understand what kinds of people are interacting with our LinkedIn page;
(b) target our LinkedIn posts towards particular groups of people;
(c) understand the activity of people who visit our LinkedIn page and/or access our website through LinkedIn;
19.2 More information about Twitter Analytics can be found here.
20. Security of your Personal Information
20.1 To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Information, we have put in place reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal Information we collect.
20.2 JacksonStone and our third party providers store Personal Information in a secure environment accessed only by authorised persons. We use generally accepted security standards to protect Personal Information collected from you from misuse and loss and from unauthorised access, modification and disclosure.
20.3 JacksonStone also maintains internal privacy procedures to ensure its staff handle Personal Information in an appropriate way.
20.4 Given the nature of the internet we cannot guarantee security of information transmitted through the internet. We will do our best to protect your personal data, however any transmission is at your own risk.
21. How long will we keep your Personal Information?
21.1 JacksonStone will retain your Personal Information for as long as it is needed for the purpose for which it was collected (or any other purpose you have consented to) or for so long as we are required by law to retain it.
22. Non EU Data subjects
22.1 If you are not an EU resident, you have the following rights in relation to access and correction of your Personal Information:
Access to your Personal Information
22.2 You may request access to Personal Information that we hold about you by contacting us on firstname.lastname@example.org, or by contacting any JacksonStone staff member.
22.3 You may request that we correct factual errors in your Personal Information by sending us an email request that shows the error(s) to email@example.com. If we choose not to correct errors that you have identified in your Personal Information, you may request that we make reasonable efforts to note the correction request, to be held (if possible) together with the relevant Personal Information.
22.4 To protect your privacy and security, we may also take reasonable steps to verify your identity before granting access or making corrections. We may refuse access to or correction of your Personal Information for any reason of refusal permitted by law.
22.5 If you have any questions about privacy related issues or wish to complain about the handling of your Personal Information by us, please contact our Privacy Officer at: firstname.lastname@example.org. We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Privacy Officer and you will be notified of the decision in relation to your complaint as soon as practicable after it is made, usually within 20 working days.
22.6 If we are unable to satisfactorily resolve your concerns about our handling of your Personal Information, you can contact the Office of the Privacy Commissioner at: PO Box 10-094, The Terrace, Wellington 6143, phone 0800 803 909, http://privacy.org.nz/.
23. EU Data Subject Rights
23.1 If you are an EU resident, you may have certain rights in relation to the Personal Information we hold about you. We set out these rights and how to exercise them below. Some of these rights only apply in certain circumstances.
23.2 These rights include:
(d) restriction of processing;
(e) data portability; and
How to exercise your rights
23.3 Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please send the following details to email@example.com:
(a) proof of identity (one of the following: passport, driving licence, national identity card or birth certificate. The documents must include your full name and date of birth, nationality, and include proof of any name change). If you exercising rights on behalf of another EU resident (the data subject), please include both your proof of identity and the proof of identity of the data subject. You will also need a signed consent from the data subject, authorising you to exercise these rights on their behalf. If the data subject is a minor, you will not need signed consent, but will require proof of your status as the data subject’s parent or guardian;
(b) contact details;
(c) details of country of residence;
(d) details of the data right(s) you wish to exercise, including any relevant details; and
(e) confirmation that you understand that JacksonStone may require further details from you in order to confirm your identity and/or process your request.
23.4 Please note, if you make a request in relation to your data rights and we do not hold information in a form that allows us to identify you, we will inform you of that. We will not be obliged to comply with those data rights unless you provide additional information that allows us to identify what information we hold about you. If we do not take action on your request in relation to your data subject rights, we will advise you within one month of the reasons we will not be taking action. You may make a complaint to us or to your data protection authority, and you may seek a judicial remedy in accordance with the provisions of the GDPR.
23.5 We will communicate any correction or erasure of Personal Information or restriction of processing that we undertake in accordance with your instructions to any third parties who have received that Personal Information, unless that notification is impossible or involves a disproportionate effort. If you request, we will provide you with details of those third parties that have received your Personal Information.
23.6 In the event that you wish to make a complaint about how we process your Personal Information or respond to any request by you in relation to your data rights, please contact us and we will endeavour to deal with your request as soon as possible. You also have the right to launch a claim with your data protection authority.
Legal basis for using your Personal Information
23.7 The GDPR requires us to tell you the legal basis for processing your Personal Information.
23.8 The principal bases on which we process your Personal Information are:
(a) Consent: Applies where you have freely given an informed, specific and unambiguous indication that we are permitted to collect and process your Personal Information. At any time, you may revoke your consent to the processing of some or all of your Personal Information by:
(i) emailing us or
(ii) using the “unsubscribe” function in any communication that we send to you.
If you revoke your consent, we may need to stop providing you with products, services, funding or support if consent is the only legal basis for our processing of your Personal Information. The withdrawal of consent will not affect processing of Personal Information that occurs before you notify us that you have withdrawn your consent.
(b) Contract: Applies if processing your Personal Information is necessary for the performance of a contract you are a party to. For example:
(i) if we are providing services to you as a client or candidate, we will need to use your Personal Information to carry out those services and any related activities (such as billing you);
(ii) if you are providing services to us, we will need to store and use certain Personal Information (such as bank account details) in order to pay you.
(c) Legitimate interests: Applies if the processing is necessary for our legitimate interests or the legitimate interests pursued by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Information.
23.9 You have the right to know whether we process Personal Information about you, and if we do, to access Personal Information we hold about you and certain information about how we use it and who we share it with.
23.10 We may not provide you with certain Personal Information if providing it would interfere with another’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
23.11 You have the right to one copy of the information set out above. If you request further copies of that information, we may charge a reasonable fee for our administrative costs.
23.12 You have the right to correct any Personal Information we hold about you that is inaccurate. You may have incomplete Personal Information we hold about you completed, including by means of a supplementary statement (taking into account the purposes of processing of the relevant Personal Information). During the period while we assess whether the Personal Information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
23.13 You may request that we erase the Personal Information we hold about you in the following circumstances:
(a) you believe that it is no longer necessary for us to hold the Personal Information we hold about you;
(b) we are processing the Personal Information we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the Personal Information;
(c) you have exercised your right of objection and there are no overriding legitimate grounds for the processing;
(d) you no longer wish us to use the Personal Information we hold about you in order to send you information about JacksonStone and our services; or
(e) you believe the Personal Information we hold about you is being unlawfully processed by us.
23.14 During the period while we consider your request for erasure, you may exercise your right to restrict our processing of the Personal Information as described below.
23.15 Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. After deleting the Personal Information, we may not be able to provide services to you, or the same level of service that we were previously able to provide.
23.16 Where you have requested that we erase Personal Information that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Personal Information or providing links to the Personal Information to erase that Personal Information.
Restriction of Processing to Storage Only
23.17 You have a right to require us to stop processing the Personal Information we hold about you other than for storage purposes, in certain circumstances. Please note, however, that if we stop processing the Personal Information, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another individual’s protection).
23.18 You may request we stop processing and just store the Personal Information we hold about you where:
(a) you believe the Personal Information is not accurate, for the period it takes for us to verify whether the Personal Information is accurate;
(b) the processing we are doing is unlawful and we wish to erase the Personal Information, but you require us to store the Personal Information instead;
(c) the Personal Information is no longer necessary for our purposes and we wish to erase it, but you require us to store that personal information for the establishment, exercise or defence of legal claims; or
(d) you have exercised your right to object, pending the verification of whether our legitimate grounds of processing override your interests, rights and freedoms.
23.19 If you have obtained a restriction on processing, we will inform you before that processing restriction is lifted.
23.20 You have the right to receive a certain parts of the Personal Information that we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Information to another party.
23.21 The Personal Information that you can request under this “portability” right is data that you have provided us with your consent, or that you provided for the purposes of performing our contract with you, and the processing of that Personal Information is carried out by automated means.
23.22 If you wish for us to transfer the Personal Information to another party, please ensure you provide the details that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Personal Information or its processing once received by the third party. We also may not provide you with certain Personal Information if providing it would interfere with another individual’s rights, for instance where providing the Personal Information we hold about you would reveal information about another person.
23.23 At any time you have the right to object to our processing of Personal Information about you in order to send you information about JacksonStone and our services, and any marketing messages, including where we build profiles for such purposes. If you object to this processing of your Personal Information, we will stop processing the Personal Information for that purpose.
23.24 You may also object where we are processing the Personal Information we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
23.25 Please provide as much detail as possible on your reasons for the request to assist us in determining whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. You may exercise your right to request that we stop processing the Personal Information during the period while we make the assessment on an overriding interest. Please advise us if you would like to make that processing restriction request at the time you provide the details of your objection to processing.
24. Privacy questions
PO Box 25177, Wellington 6146, New Zealand
Or email firstname.lastname@example.org.
EU Resident means an individual who is in the European Union at the time their Personal Information is processed;
GDPR means the European General Data Protection Regulation;
Social Media means LinkedIn
Personal Information means information relating to an identified or identifiable natural person.