Privacy and Data Protection Policy.

This policy outlines how the New Zealand Farm Environment Trust collects, uses, stores, and protects personal information. It ensures compliance with the Privacy Act 2020 and reflects the Trust’s commitment to transparency, respect, and responsible data management.

This policy applies to all trustees, staff, contractors, volunteers, and third-party service providers who handle personal information on behalf of the Trust. It covers data collected from award entrants, alumni, event participants, partners, and website users.

• Lawfulness: Personal information will be collected and used only for lawful purposes.
• Transparency: Individuals will be informed about how their data is used.
• Security: Appropriate safeguards will be in place to protect data from loss, misuse, or unauthorised access.
• Access and Correction: Individuals have the right to access and correct their personal information.s

The Trust may collect personal information including:

• Contact details (e.g. name, email, phone number)
• Demographic information (e.g. region, farm type)
• Award entry details and supporting documentation
• Event registration and feedback
• Communications and correspondence

Personal information may be used for:

• Administering awards and programmes
• Communicating with participants and stakeholders
• Promoting Trust activities and events
• Reporting and impact evaluation
• Complying with legal obligations

The Trust will not use personal information for unrelated purposes without consent.

Personal information may be shared with:

• Judging panels and programme partners (with consent)
• Service providers (e.g. IT, communications) under confidentiality agreements
• Regulatory bodies if required by law

The Trust will not sell or rent personal information to third parties.

• Personal data will be stored securely using password-protected systems and encrypted platforms where appropriate.
• Physical records will be kept in locked storage with restricted access.
• Access to personal data is limited to authorised personnel only.

Individuals may request access to their personal information and ask for corrections if it is inaccurate, incomplete, or outdated. Requests should be directed to the Trust’s General Manager via email.

Personal information will be retained only as long as necessary for the purpose it was collected, or as required by law. Data no longer needed will be securely deleted or anonymised.

In the event of a privacy breach, the Trust will:

• Contain and assess the breach
• Notify affected individuals and the Office of the Privacy Commissioner if required
• Review and improve safeguards to prevent future breaches

This policy will be reviewed every five years or as required to ensure compliance with legislation and best practices.

Next Review: September 2030