Privacy & Confidentiality
Policy (Privacy Statement)
Blueprint for Learning (Blueprint) maintains the confidentiality of personal information relating to its staff, external contractors, students, service clients and their whānau, and colleagues or staff encountered in the workplace.
Personal information relating to students and staff (including external contractors) will be collected, stored, and used in accordance with the Privacy Act 2020.
The Chief Executive is the Privacy Officer for Blueprint for Learning.
Confidentiality for students
Facilitators advise students of confidentiality safeguards at the beginning of a workshop or programme of study. Personal information shared during the course of training cannot be taken outside of that forum without the student’s permission.
Exceptions that exist within the training context are explained to students. These include:
- Where assessment or workplace learning will involve discussion, observation, or feedback from a workplace supervisor or host.
- When an employer has an agreement to receive information about the student’s progress.
- Aggregating student information into evaluation reports for clients, in which no individual can be identified. Evaluation forms advise of this and provide an opt-out box which a person can select if they do not wish their information to be included in reports.
- Sharing student information and results with government agencies including Ministry of Education, NZQA, Tertiary Education Commission, and standard setting bodies. Students agree to this when signing the Blueprint enrolment form.
The Blueprint website uses persistent cookies to collect information about people’s browser sessions and website usage. These do not collect personal information, and so this has no impact on the privacy of people visiting the website.
Confidentiality for others
Any information contained in training resources, promotional material, assessments, or shared during discussions must maintain the anonymity of those involved. Consent must be obtained prior to formally using information about service clients, their whānau, or mental health service staff.
Photographs or moving images of students and/or external contractors cannot be included in a publication, recording or digital platform without their written consent.
Protecting personal information
Student’s personal information is only collected as required by government agencies and to enable Blueprint to deliver training effectively. This information will not be disclosed to any third party without the written permission of the individual concerned or where this is a legislated requirement. Any student who requires information about their attendance, progress, conduct or other personal information to be provided to a third party must provide written consent for this to occur.
Blueprint’s Student Information Management Policy and Procedure outlines how student’s personal information is retained, stored and destroyed as required by NZQA.
Staff information is also protected by the Privacy Act 2020. This can only be released to a third party with their written permission or where there is a legislated requirement.
External contractors’ information, including facilitators, is also protected by the Privacy Act 2020. The personal information we collect from external contractors includes contact details, bank account details in order to make payments, invoices, and professional information.
Any training involving a partnership with an overseas education organisation must not involve sharing staff or students’ personal information with them. If this is required, a formal agreement will specify how this information will be protected to comply with New Zealand’s Privacy Act 2020.
Third party providers
Blueprint uses third-party providers to manage some of its engagement processes and services, such as newsletters, workshop evaluations, and e-learning. Where it does this, any personal information provided (such as email addresses) may also be collected and stored by this provider. Blueprint takes steps to ensure that providers it uses protect any personal information they process for it.
These third-party providers are used:
- Arlo – to manage registrations for workshops.
- MailChimp – to deliver newsletters.
- Moodle – to host e-learning modules.
- SendGrid – to send system-generated e-mails.
- Survey Monkey – to conduct research and evaluation activities.
Opting out of information use
People can opt out of receiving newsletters or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting Blueprint directly.
The Privacy Act 2020 gives people the right to request access to and correction of the personal information Blueprint holds about them. This includes taking steps to control ways their information is used (such as opting out of receiving newsletters) or making a complaint if personal information may have been misused.
People can request a copy of the personal information Blueprint holds about them and to ask for it to be corrected if this information is wrong. Where the correction requested is not able to be made or Blueprint disputes the accuracy of the correction, it will make a note on the person’s personal information.
Any requests for access to, checking or correcting personal information must be made in writing to the Privacy Officer through email@example.com. The Privacy Officer will respond within 20 working days of receiving the request. Where the correction requested is not able to be made or is disputed, a note will be made on the person’s personal information.
Blueprint may be unable to release personal information if it breaches another person’s right to privacy, is subject to national security legislation, is legally privileged, may result in serious threat to the health and safety of an individual or the public, or may result in significant risk of serious harassment or distress to the person affected. It will advise the person making the request of these circumstances, when applicable.
Blueprint wants to know of any concerns about its privacy practices, whether relating to the way it collects or shares information about people or an individual response to a personal information access request. This allows it to try and put things right, and to improve its systems or processes. Any concerns should be raised with the Privacy Officer through firstname.lastname@example.org.
All staff receive privacy training relevant to their role, to minimise the risk of a privacy breach.
Personal information is only used for the purposes Blueprint has declared it will be used for. If it is disclosed outside of the purpose, the Privacy Office is notified and any potential impact on the individuals affected is assessed. If the impact may cause serious harm or has done so, an internal investigation will be carried out and an Action Plan implemented.
If a breach of privacy occurs that is likely to or has caused the affected individuals serious harm, the Privacy Officer will notify the Privacy Commissioner and any affected individual, unless an exemption under the Privacy Act 2020 applies.
The Privacy Commissioner’s Notify Us tool is used to provide guidance of whether a breach should be notified or not. (www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/)
If the person’s concerns cannot be resolved, they will be advised of their right to complain to the Privacy Commissioner about Blueprint’s actions.