Policy
Blueprint for Learning (Blueprint) maintains the confidentiality of any personal information it collects. Personal information is collected, stored, and used in accordance with the Privacy Amendment Act 2025.
The Chief Executive is the Privacy Officer for Blueprint for Learning.
Procedure
Confidentiality for participants
Kaiwhakaako facilitators advise participants of confidentiality safeguards at the beginning of training. Personal information shared during training cannot be taken outside of that forum without the person’s permission, unless serious concerns about a person’s safety and welfare are raised.
Aggregating participants’ personal information into evaluation reports for clients or funders uses a format in which no individual can be identified. Evaluation forms advise of this.
Student information may be used to confirm or request National Student Numbers or report microcredential results with government agencies like the Ministry of Education and NZQA. Students agree to this when completing the Blueprint registration form.
The Blueprint website uses persistent cookies to collect information about people’s browser sessions and website usage. These do not collect personal information, and so this has no impact on the privacy of people visiting the website.
Confidentiality for others
Any Blueprint created information, photos or videos contained in training resources, promotional material, assessments, or shared during discussions maintain the anonymity of those involved. Consent is obtained from any person who can be identified in them.
With communications received through info@blueprint.co.nz, the email exchange is saved but no details of the person making the enquiry are collected.
Collecting personal information
People attending Blueprint workshops are advised how it complies with the Privacy Amendment Act 2025 at the point of registration, and also within the workshop confirmation email they receive.
Participant personal information is only collected as required by government agencies and to enable Blueprint to deliver training effectively. Participants mostly provide this information directly by registering through Blueprint’s website. Where an organisation provides participant details to Blueprint using a spreadsheet, the organisation will be supplied with a privacy information sheet to share with everyone who provides personal information. This sheet explains how participants’ information will be used by Blueprint.
Personal information will not be disclosed to any third party without the written permission of the individual concerned or where this is a legislated requirement. Anyone who requires information about their attendance, progress, conduct or other personal information to be provided to a third party must provide written consent for this to occur.
Blueprint’s Student Information Management Policy and Procedure outlines how personal information is retained, stored and destroyed as required by NZQA.
Personal information collected from kaiwhakaako facilitators is also protected by the Privacy Amendment Act 2025. This includes contact details, bank account details and professional information.
Third-party providers
Blueprint uses third-party providers to manage some of its engagement processes, such as newsletters, workshop evaluations, reporting and e-learning. Where it does this, personal information like email addresses may also be collected and stored by this provider. Blueprint takes steps to ensure providers it uses protect any personal information they collect in their processes.
These third-party providers are used:
- Mailchimp – to deliver newsletters
- Survey Monkey – to conduct research and evaluation activities
- Arlo – to manage registrations for workshops
- Moodle – to host e-learning for Blueprint programmes
- Microsoft Office 365 – for email and office applications.
Opting out of information use
People can opt out of receiving newsletters or being included on any other subscription list or news feed by using the unsubscribe link at the end of an email or contacting Blueprint directly.
Requesting information
The Privacy Amendment Act 2025 gives people the right to request access to and correction of the personal information Blueprint holds about them. This includes taking steps to control ways their information is used like opting out of receiving newsletters, or making a complaint if personal information may have been misused.
People can request a copy of the personal information Blueprint holds about them and to ask for it to be corrected if this information is wrong. Where the correction requested is not able to be made or Blueprint disputes the accuracy of the correction, it will make a note on the person’s personal information.
Any requests for access to, checking or correcting personal information must be made through info@blueprint.co.nz. The Privacy Officer will respond within 20 working days of receiving the request.
Blueprint may be unable to release personal information if it breaches another person’s right to privacy, is subject to national security legislation, is legally privileged, may result in serious threat to the health and safety of an individual or the public, or may result in significant risk of serious harassment or distress to the person affected. If after exploring all options this is the case, it will advise the person making the request of these circumstances, when applicable.
Blueprint is interested in any concerns about its privacy practices, whether relating to the way it collects or shares information about people or an individual response to a personal information access request. This allows it to improve its systems or processes. Any concerns should be raised through info@blueprint.co.nz.
Privacy breaches
All staff receive privacy training relevant to their role, to minimise the risk of a privacy breach.
Personal information is only used for the purposes Blueprint has declared it will be used for. If it is disclosed outside of the purpose, the Privacy Office is notified and any potential impact on the individuals affected is assessed. If the impact may cause serious harm or has done so, an internal investigation will be carried out and an Action Plan implemented.
If a breach of privacy occurs that is likely to or has caused the affected individuals serious harm, the Privacy Officer will notify the Privacy Commissioner and any affected individual, unless an exemption under the Privacy Amendment Act 2025 applies.
The Privacy Commissioner’s Notify Us tool is used to provide guidance of whether a breach should be notified or not. (www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/)
If the person’s concerns cannot be resolved, they will be advised of their right to complain to the Privacy Commissioner about Blueprint’s actions.
Definitions
Personal information – Factual information from which an individual could be identified. This includes names, contact details, financial information, health status, purchase records.
Associated documents
- Student Information Management Policy and Procedure
- Blueprint & Te Pou photo or video consent form
- Information sheet about Blueprint and the Privacy Act
| Version | Approval date | Revisions made |
| V2 | July 2019 | Revised structure and wording |
| V3 | September 2019 | Defined and clarified “personal information” |
| V4 | December 2020 | Updated to meet new Privacy Act requirements |
| V5 | August 2021 | More explicit wording about groups referred to in protecting personal information section |
| V6 | July 2022 | Adjustments to align with Wise template |
| V7 | November 2024 | Updating wording around evaluations and reporting formal results. |
| V8 | March 2026 | Revise wording for clarification and succinctness, add section about spreadsheet registration re Act 2025 amendment |
