Purpose

The purpose of this policy is to outline how Wool Alliance collects, stores, uses, discloses, and protects personal information. It ensures that the organisation meets its obligations under the Privacy Act 2020 and maintains trust with its stakeholders.

Scope

This policy applies to all personal information collected or held by Wool Alliance, whether in digital or physical form, and to all individuals who handle such data, including:

• Board members & staff

• Contractors

• Volunteers, ambassadors, supporters and speakers

• Third-party service providers (eg. web hosting, CRM platforms)

Personal Information definition

"Personal information" means any information about an identifiable individual. Examples include:

• Names, email addresses, phone numbers

• Donation or payment details

• Volunteer or speaker details

• Photos, videos, and event participation

• Feedback or survey responses

Collection of Personal Information

Wool Alliance collects personal information only when necessary to carry out its functions. This may include:

• Responding to enquiries

• Managing volunteers, supporters, and event attendees

• Sending newsletters or updates

• Processing donations or payments

• Complying with legal and contractual obligations

Information may be collected through:

• Website forms

• Email correspondence

• Surveys or event registration

• Social media interactions

• In-person engagement

Where practical, individuals will be informed why their information is being collected and how it will be used.

Use of Personal Information

Wool Alliance will use personal information only for the purpose it was collected, including:

• Communications and updates relevant to an individual's engagement

• Operational planning and reporting

• Promotion of events and campaigns (with consent)

• Evaluation and improvement of our services

• Legal or compliance-related matters

Storage and Security of Data

Wool Alliance takes reasonable steps to protect personal information from loss, misuse, unauthorised access, modification, or disclosure.

• Digital data is stored in secure, password-protected cloud systems (e.g. Google Workspace, Mailchimp).

• Access is restricted to staff or board members who need it for their role.

• Personal data on personal devices must be kept secure and deleted when no longer required.

Rights of Individuals

Under the Privacy Act, individuals have the right to:

• Request access to the personal information held about them

• Request correction of their information if it is inaccurate

• Withdraw consent for use or storage of their information (where applicable)

All requests must be submitted in writing to hello@woolalliance.co.nz and will be responded to within 20 working days.

Privacy Officer

The Wool Alliance team is designated as the Privacy Officer and is responsible for:

• Responding to privacy-related requests or complaints

• Ensuring compliance with this policy and relevant legislation

• Providing training or guidance on data protection

Data Breaches

Any actual or suspected privacy breach (e.g. lost data, unauthorised access) must be reported immediately to the Privacy Officer (GM).

Where a breach is likely to cause serious harm, Wool Alliance will:

• Inform affected individuals

• Investigate and document the incident

• Take corrective action to prevent recurrence