Purpose of this policy
The purpose of this policy is to explain how Trust Democracy takes steps to respect your privacy. This policy details what information we collect, how we use it, and how you may access the personal information you share with us, including amending or deleting your contact or payment details.
Context
Trust Democracy is an incorporated society constituted around the question: ‘what does it take to make democracy work as it should?’
We want to strengthen public discourse, education and research on democracy in Aotearoa New Zealand. We do this by promoting and participating in public dialogue about democracy with our members as well as interested individuals and organisations in the course of communicative, educational and research activities.
Trust Democracy’s rules are set out in its Constitution.
Information
We collect the following types of personal information:
- Name
- Contact information
- How people interact with us
- Billing (payment) information
Collections
We get this personal information by:
- Asking people directly
- Using public sources of information
Applicable Laws
We’re required to collect some of this information by law.
Trust Democracy is an incorporated society and is required under s.22 of the Incorporated Societies Act 1908 to keep a register of its members that contains each member’s name, address and date of membership. Anyone applying to become a member of Trust Democracy must supply their name and address. If the Registrar of Incorporated Societies requests the names and addresses of its members, Trust Democracy must provide them.
Trust Democracy is required to keep financial records which include information about the identity of people and organisations that make payments to Trust Democracy or receive payments from Trust Democracy.
Purpose for collecting personal information
We collect personal information in order to enrol you as a member of Trust Democracy Incorporated and/or to be able to contact you about our work, which may include communications, research, education, events and projects. We also collect personal information for financial recordkeeping. We only collect information that relates to these purposes.
Sharing
Besides our governing executive committee, we share this information as described under the Applicable Laws section above.
Upon request, we may share information from Trust Democracy’s membership register with other Trust Democracy members as provided for in Rule 19 of the Trust Democracy Constitution.
Contact
People can contact us to view or correct information we hold about them at contact@trustdemocracy.nz.
Optional Information
People have a choice about whether to provide us with some types of personal information.
If you choose not to give us information to support your application for membership or to be communicated with or to take part in an event or project, we may not be able to make you a member or to include you in a Trust Democracy event, project or communications.
Data security
We keep the personal information we hold safe by storing it using applications in our Google Workspace including Mail, a Shared Google Drive, Forms and spreadsheets. These are only accessible by Trust Democracy committee members.
We use some other third party services that we believe store personal information securely including:
Our WordPress website is hosted by https://www.crazydomains.co.nz. See the sections below regarding the personal data we collect via the website and the reason we collect it.
Retention
We keep people’s personal information for varying periods depending on the purpose for which it was collected.
We retain personal information relating to membership for up to 13 months after a person’s membership has ended, so that we can schedule deletion after each Annual General Meeting.
We retain personal information relating to participation in a Trust Democracy event or project for up to 13 months after it ended.
We retain personal information relating to financial transactions for a period of 7 years, in order to be able to comply with any request from IRD or other government institutions.
After these periods, we securely destroy personal information by erasing all relevant digital records. We delete relevant digital records annually after our Annual General Meeting.
Our website: What personal data we collect and why we collect it
Trust Democracy’s website address is https://trustdemocracy.nz.
Comments
When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact and membership application forms
The site does not use a contact form but provides our contact email address.
The site has a link to a Membership Application form that is part of our Google Workspace. We collect the information submitted to consider applications and to maintain our register of members.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on our site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Trust Democracy does not use a website analytics tool such as Google Analytics, Jetpack or Matomo Analytics.
Who we share your data with
Trust Democracy does not share data with third parties except as stated in the Applicable Laws and Sharing sections above.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
What data breach procedures we have in place
On becoming aware of a data breach, our four key steps in dealing with a data breach are:
- Contain the breach and make a first assessment
- Evaluate the risks
- Notify affected people if necessary, along with the Privacy Commissioner
- Prevent a repeat.