Welcome to the Prader-Willi Syndrome Association of New Zealand
Freephone PWS Helpline: 0800 4PWS HELP | 0800 4797 4357

Privacy Policy

Privacy Statement
This statement applies to any personal information collected on www.pws.org.nz
Through online forms we collect personal information from you which includes your name, contact information, and may include a date of birth or an organisation you represent and your role.
We collect this information to keep you informed and updated on matters that may be relevant to you regarding PWS, PWSA(NZ), or general disability information. We might also use this information to help us plan and provide advocacy, education and support services.
Your personal information will only be accessed for operations or administrative purposes by our staff, or a committee officer or volunteer who requires access to data in the capacity of an assigned role. We use administrative software, Infoodle Ltd (CRM) and Xero.com (accounting), but your personal information will not be shared with other third parties without permission. We take reasonable steps to keep your information secure.
You have the right to ask for a copy of personal information held, for information to be corrected, and to unsubscribe from communications.
Please contact our Privacy Officer: enquiries@pws.org.nz

PWSA(NZ) Privacy Policy

This policy sets out what we do with personal information that we collect or is provided to us. PWSA(NZ) is committed to respecting confidentiality, upholding privacy, and ensuring that we comply with our obligations under current privacy legislation (Privacy Act 2020).

1. Why do we collect personal information?

We collect or record personal information in order to:

a) Keep in touch with members and subscribers on matters and updates related to PWS, PWSA(NZ), or relevant disability issues.

b) Keep in touch with service and support providers from disability, education and health sectors about updates and issues relevant to supporting people living with PWS and/or their families.

c) Build and maintain a database of people living with PWS in New Zealand as currently no statistical data is collected by government agencies and no relevant coding or registry exists.

d) Apply data that aids the planning and provision of advocacy, education and support services, i.e. calculating the number of people diagnosed with PWS in a particular age range, with a particular support need, or using a particular support service.

e) Keep records of our support provision to quantify our outputs and meet our reporting requirements. (Reports only contain classified data such as support method used, or materials provided. No identifiable details are included in reports.) Our staff records may contain brief support detail if relevant to future support provision, but any information shared with us in confidence or sensitive in nature is not recorded.

f) Raise awareness of PWS, to fundraise, or promote our services through the sharing of images, video or audio. (We will always seek permission before events when media may be captured.)

2. What personal information do we collect?

The types of information we collect or record might include:

  • names and contact details
  • date of birth (persons with PWS)
  • support providers used
  • data such as specialists seen and supports accessed / declined
  • images / visual / audio material
  • PWSA(NZ) support notes (see 1.e)
  • role and organisation represented

3. How do we collect personal information?

Information is generally collected directly from families / whānau when they join our Association via a membership form. Records may be updated when new information is shared. Information is also collected when people contact us, access services, or submit online forms requesting resources or other enquiries.

Information about persons with PWS is usually collected indirectly from parents / legal guardians, but when the person with PWS becomes an adult, we endeavour to ensure they are involved in information updates and consents where practical or possible without undermining their access to support.

Private information is generally not disclosed to us by third parties because it would not be appropriate or in-line with their privacy policies to do so, but if necessary information is disclosed to us, we check the validity and authorisation for it being shared.

Sometimes we collect contact information from publicly available sources that have relevance to our purpose, such as service providers, hospitals, research groups, and government agencies, but we provide a clear and easy way for contacts to opt out of communications.

Collection of information online and via our website

Personal information is collected through enquiry forms on our website. We also sometimes use Google and Infoodle (CRM) forms to collect information.

Our website and social media collect data for analytical purposes. When users visit our website which uses Google Analytics, a web browser automatically sends information to Google, including the URL of the page visited and the browser’s IP address. Google may also set cookies on a browser or read cookies already present. These identifiers measure browser interaction, but no personally identifiable information is sent to Google Analytics. Nevertheless, users are informed that we collect and store information using Google Analytics and that they can visit Google Help Center to opt-out of data collection.

Collection of visual media

We may collect images and video provided to us or captured during events. Media recordings may capture you inadvertently at group events but will not be used without permission – we will always seek permissions about the use of any collected media prior to an event.

Collection of financial information

PWSA(NZ) does not collect credit card details. For products and services sold directly by us, we invoice customers requesting payment via bank transfer. All other sales and donations are managed through accounts with external platforms such as Givealittle, Trybooking and Digitees (click for privacy policies).
We respect the privacy of customers and donors and do not collect, store or use personal information gathered by these accounts, unless it has been explicitly set out that contact details will be collected for a specific purpose, i.e. registered conference attendees could be added to a mailing list to receive information about future similar events, or donors could be informed about an upcoming fundraising event. Platform users can opt out of their information being used in this way at any time.

Donations are not publicly announced unless a donor has indicated otherwise or given permission to do so.

We might collect an account number to pay a reimbursement or travel subsidy for an event, but we do not store account numbers.

What happens if we do not have permission to collect information?

Providing information to us is optional. However, if we cannot collect contact details, we will be unable to keep in touch. Without some information, we may be unable to provide services.

If we do not have permission to store and use media that you are captured in, you will be removed from the media file, or the file will be deleted.

When information is shared with us in confidence, it will not be recorded.

4. How do we store and secure personal information?

PWSA(NZ) works digitally and does not store any hard copy documents containing personal information.

PWSA(NZ) does not have a national office so staff, volunteers and committee officers are asked to take appropriate security precautions with any documents containing personal information that may be physically stored on home devices or in cloud-based storage systems used at home. This entails using 2FA where possible, password protecting documents or folders containing personal information, and using device or operating system encryption. Documents containing personal information will be limited.

Infoodle CRM

PWSA(NZ) maintains a database / client relationship management system (CRM) for storing collected information and for communications. Our CRM is a service provided by Infoodle Limited with secure 2 factor authentication login access. Infoodle Ltd use secure servers on data centres in New Zealand.

We store information on people living with PWS in our CRM system indefinitely because this helps with gathering statistics and monitoring the impact of living with PWS in New Zealand (see 1.c).

We limit who can access our CRM / database by only providing access to background checked staff or volunteers who require access for operations and administrative purposes, and sometimes to committee members who have taken on an assigned role where regular access to contact details is required.

Contact details are rarely transferred from Infoodle, but in the unusual circumstance that data needs to be transferred or contact information is uploaded to a shared drive, we use standard document encryption.

Google

PWSA(NZ) uses Google Workspace for email and for sharing documents in Drive apps, such as sheets, docs and forms. All PWSA(NZ) Workspace users have mandatory 2-step verification security set up.

Limited personal information is stored or shared in Drive very occasionally, but any files containing personal information will be encrypted, then deleted when no longer used. Sharing settings are restricted.

Anyone from PWSA(NZ) in email communication with families / whānau, adults living with PWS, or with agencies discussing confidential support matters, should include a privacy email clause alerting the reader to the potentially confidential nature of contents, stipulating that authorisation is required before sharing, and referencing this policy.

Google Accounts have built-in security designed to detect and block threats like spam, phishing and malware. Files are stored in secure data centres with data encryption. Google uses strong industry standards and practices. Google Security | Privacy Policy

Website Security

Our website is built on WordPress and hosted by Sunroom Web Design. It utilises industry-standard security protocols and measures such as SSL encryption, scans, and firewalls.

All user-submitted data via enquiry forms is securely stored on our website servers and sent directly to a designated PWSA email account.

Our website contains links to other websites that are not under our control. These websites will have their own privacy policies which you may wish to review.

Xero

PWSA(NZ) also uses Xero for accounts management where contact details may be stored for invoicing purposes. Our Xero account has multi factor login and is only accessible by our Treasurer and by staff whose role includes financial administration. Xero encrypts all business information, uses monitored and secure AWS servers in the USA, regularly conducts data security audits, and is GDPR compliant.

DISCLAIMER: The Committee of PWSA(NZ), the CEO, and all staff and volunteers are responsible for maintaining confidentiality and privacy in accordance with this policy, but if we have taken every precaution to ensure the security of personal information, we cannot accept responsibility for any unauthorised access, loss, misuse or disclosure directly resulting from breaches associated with any third party services mentioned above. In the event of a data breach, affected individuals would be notified as soon as possible.

5. Do we share or disclose personal information?

As outlined above, only limited people in our organisation have access to personal information, or to our systems where personal information is stored. Some examples of access granted on a needs basis are:

  • The Treasurer – for managing accounts and invoicing.
  • The CEO – for running reports and strategic planning.
  • The Operations Manager – for communications, database administration, and record keeping.
  • The Training Manager – for contact with providers, families, and record keeping.
  • The Young Families Support Coordinator – for contact with families and providing support.
  • A Regional Coordinator – for contacting local families.

Apart from the third parties used to perform specific services for us (see section 4), we do not share personal information with others outside our organisation without explicit permission from the individual concerned. The only exceptions to this would be to prevent or reduce a serious threat to someone’s health and safety. We may also disclose personal information if disclosure is required by law.

We may provide others with statistics about our membership with personal identifiers removed, but we do not consider aggregated and anonymised information to be subject to this policy.

6.   Access to and correction of personal information.

We endeavour to maintain records which are accurate and up to date. Individuals can update or correct their personal information at any time. Please notify us of any changes to your personal details as soon as possible by asking a member of staff to update them, or by emailing us: enquiries@pws.org.nz

Individuals also have the right to access or request a copy of personal information which we hold about them. We will respond to a request to access personal information within 20 working days. Information held will be provided unless we have good reason to refuse or redact information (i.e. the information would involve an unwarranted breach of someone else’s privacy, it would cause prejudice, or it would pose a threat to someone’s health or safety.) Individuals can also request data stored at third party sites such as Xero be provided to them, and this data can be rectified or erased.

Please direct any requests for personal information, requests to unsubscribe from communications, or any questions regarding privacy to our Privacy Officer: enquiries@pws.org.nz

Policy reviewed: 9th October 2024                           Next review due: October 2027.