This statement outlines our commitment to the Australian and New Zealand Privacy Act and Principles.
The following is a brief summary of how our privacy policy complies with and/or relates to the specific laws and privacy protection principles put forth by the governments of Australia and New Zealand.
You can download our ANZ Privacy Statement here.
1. Notice/Awareness
This Privacy Policy Statement is being placed as a link on MRI OnLocation (the ‘Service’) pages, a practice that is becoming an industry standard location for Web Service privacy policies.
2. Compliance with The Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles
In Australia, the key privacy legislation applying to the MRI OnLocation service is the Privacy Act 1988 (Cth). The Privacy Act applies to most private sector organizations operating in Australia and sets a national standard for the collection, use and disclosure, quality and security of “Personal Information”. In particular, the Privacy Act establishes the Australian Privacy Principles (APPs) (effective from 12 March 2014) that sets out these key obligations.
The APPs regulate the collection, use and disclosure of personal information, and also allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7) and cross-border disclosure of personal information (APP 8). Further information regarding the APPs are set out on the Australian Government website https://www.oaic.gov.au.
Our policy is compliant with the Australian Privacy Act and the Australian Privacy Principles.
The most significant of the APPs are summarized below:
- APP 1 (open and transparent management of personal information) provides that entities must take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs and publish their privacy policy;
- APP 5 (notification of collecting personal information) requires entities to ensure that at before, at the time of, or as soon as practicable after, an entity collects personal information from an individual the entity must take such steps as are reasonable in the circumstances to notify the individual of the collection of the personal information;
- APP 7 (direct marketing) restricts the use or disclosure of personal information for direct marketing unless an exception applies; and
- APP 8 (cross-border disclosure of personal information) requires that before an entity discloses personal information about an individual to a person or entity overseas, the entity must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Personal Information is defined as any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
This information can include customer name and contact information including postal address, email address and telephone number, billing information, credit or debit card information, and transaction information for any products that may have been purchased.
We adhere to the Australian Privacy Principles for all personal information that we collect from our customers (i.e., the companies that utilize and pay for our service) and from any other individuals that we may receive or collect personal information from. In particular:
- We only collect personal information of the individuals who have registered or signed up for our services (such as employee, contractor, and visitor profile information). MRI does not collect unsolicited information as defined under the APPs and our Privacy Policy;
- We only use personal information for the purposes set out in our Privacy Policy and we only disclose such personal information to third party vendors to whom customers link from our service; and
- Where it is reasonably practicable, we will give our customers access to their personal information, delete the personal information if requested, and retain it only as necessary to provide our services to our customers.
3. New Zealand’s Privacy Act (2020) and its 13 Information Privacy Principles (NZ IPPs)
Similar to the Australian privacy principles, New Zealand law lays out 13 information privacy principles (NZ IPPs) for the proper handling of personal information of New Zealand citizens, and these principles can be found at https://privacy.org.nz/privacy-act-2020/privacy-principles/.
Cross-border disclosures
Cross-border data flows are permissible where the receiving party only stores or processes the personal information on the instructions of the disclosing party, for example cloud storage services. In such circumstances, the information held by the recipient will still be treated as being held by the discloser.
If the criteria above does not apply (i.e. the recipient uses the personal information for its own purposes), then the cross-border data flow is permissible if the information will be adequately protected. For example:
- the receiving party is subject to the NZ Privacy Act because they do business in New Zealand;
- the information is going to a place with comparable privacy safeguards to New Zealand; or
- the receiving person has agreed to adequately protect the information – through model contract clauses, etc.
MRI will continue to take steps to ensure its third-party processor either use the personal information solely in accordance with our instructions or will otherwise adequately protect the personal information.
As is the case with Australian privacy laws, MRI acts as the processor, not collector of the data, of its New Zealand’s customers’ customers. In addition, MRI’s handling of personal information under its Privacy Policy is perfectly aligned with the 13 NZ IPPs, including those directing that personal information be collected for lawful purposes (e.g., for managing the presence of people in our customers duty of care like; employees, visitors, and contractors through our customers facilities), that data should be collected directly from individuals (e.g., end users using the MRI OnLocation platform), that notice of collection of data and purpose of the data collection is provided, that data be collected in a legal manner, or that individuals have right to access and correct their data.
Notifiable privacy breaches
If MRI becomes aware of a privacy breach that has caused anyone serious harm (or is likely to do so), we are legally required to notify the NZ Privacy Commissioner and any affected people as soon as possible.
MRI has systems in place to secure the personal information we hold, to identify and assess any actual or suspected privacy breach, and to report any breach that has or may cause serious harm. “Serious harm” is assessed by considering: the sensitivity of the information lost, actions taken to reduce the risk of harm, the nature of the harm that could arise, and any other relevant matters.
Contacting us
If you wish to make a complaint about the way we have handled your personal information (including if you think we have breached any applicable privacy laws), you may do so to our Privacy Officer in writing, by mail or email to the address or email address set out in the ‘Contact Us’ section of this Policy. Please include your full name, contact details and a detailed description of your complaint. Our Privacy Officer will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you consider that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
This Statement may be updated from time to time
MRI reserves the right to change this Statement at any time and any amended Statement is effective upon the posting on:
- The login screen message board
- Email to Customer Account Owners.
Please read our Master Subscription Agreement
Use of the Service is subject to MRI OnLocation’s Master Subscription Agreement and this ANZ Privacy Statement, along with our Privacy Policy and GDPR Statement (if applicable), should be read in conjunction with this. In the event of a conflict or disagreement between this ANZ Privacy Statement and our Privacy Policy, the Privacy Policy will prevail.
Contact for Questions about our ANZ Privacy Statement:
If you have any questions about the ANZ Privacy Statement, the practices of this Website Service, or your dealings with us, you may contact us by sending an email to: Email at support@whosonlocation.com or by writing to:
Attn: Privacy Policy MRI OnLocation
MRI OnLocation Customer Services
MRI New Zealand Holdings Limited
P.O. Box 27023
Marion Square, Wellington, New Zealand 6140
Last Updated on: 1 February 2023
