Te Tai Tokerau Party (“the Party”, “we”, “us”, “our”) is a registered New Zealand political party operating under the Electoral Act 1993. We are committed to protecting the privacy of all individuals who interact with us — including members, supporters, donors, volunteers, candidates, and visitors to our website at tetaitokerauparty.com.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 2020 (NZ) and all other applicable New Zealand legislation. It applies to all personal information we hold, whether collected online, in person, by telephone, or through any other means.

Please read this Policy carefully. By providing us with your personal information or by using our website, you acknowledge that you have read and understood this Policy.

Our collection and handling of personal information is governed by the following New Zealand legislation:

• Privacy Act 2020: The principal legislation governing the collection, use, storage, and disclosure of personal information in New Zealand. The Act sets out 13 Information Privacy Principles (IPPs) that we follow.
• Electoral Act 1993: Governs the registration of political parties, the maintenance of party membership rolls, candidate nominations, and associated record-keeping obligations.
• Electoral Finance Act 2010 and Part 6A of the Electoral Act 1993: Governs the disclosure of donations and loans to political parties, and the public reporting of party financial returns to the Electoral Commission.
• Unsolicited Electronic Messages Act 2007: Governs the sending of commercial electronic messages, including political campaign communications sent by electronic means.
• Human Rights Act 1993: Prohibits discrimination in the collection and use of personal information on grounds including race, sex, religion, and political opinion.
• Local Electoral Act 2001 and Local Government Official Information and Meetings Act 1987: May apply where the Party engages with local government electoral processes.

We may collect the following categories of personal information, depending on how you interact with us:

• Full legal name and preferred name (including te reo Māori name where provided)
• Residential and postal address
• Date of birth
• Contact details (email address, phone number)
• Iwi and hapū affiliation (where voluntarily provided)
• Electoral roll information (to confirm eligibility for membership under the Electoral Act 1993)
• Membership history and payment records

Under Part 6A of the Electoral Act 1993, we are required to record and in certain circumstances publicly disclose information about donors. This may include:

• Full name and address of donors who donate NZD $1,500 or more in a calendar year (or such threshold as prescribed by the Electoral Commission from time to time)
• The amount and date of each donation or loan
• Bank account details for the purpose of processing payments (held securely and not retained beyond transaction requirements)
• Records of in-kind donations and their estimated value

• Name, contact details, and biographical information
• Relevant professional, community, and iwi background
• Employment and referee details (for candidate vetting purposes)
• Police vetting information where required under our internal candidate selection policy
• Availability, skills, and role preferences (volunteers)
• Emergency contact details

• IP address and approximate geolocation
• Browser type, device type, and operating system
• Pages visited, time spent on pages, and referring URLs
• Information submitted through contact forms, petition sign-ups, event registrations, or subscription forms
• Cookie identifiers (see Section 9 — Cookies and Tracking)

• Emails, letters, and messages you send to us
• Records of phone conversations where we have informed you the call is being recorded
• Social media interactions with our official accounts
• Survey and feedback responses

Consistent with Information Privacy Principle 1 and IPP 3, we collect personal information directly from you wherever reasonably practicable. We collect information through:

• Online forms on our website (tetaitokerauparty.com), including membership, contact, donation, petition, and event registration forms
• In-person interactions at Party events, hui, canvassing activities, and public meetings
• Telephone calls and video conferences
• Written correspondence (including post and email)
• Social media platforms (Facebook, Instagram) where you interact with our official accounts
• Third-party payment processors used for donations and membership fees
• Publicly available sources, including the New Zealand Electoral Roll (for membership eligibility verification under the Electoral Act 1993)
• Referrals from existing members, candidates, or volunteers

Where we collect personal information from a source other than you directly, we will take reasonable steps to ensure you are made aware of this, consistent with IPP 3.

Consistent with IPP 1, we only collect personal information for lawful purposes directly connected with our functions as a registered New Zealand political party. Those purposes include:

• Party administration: Maintaining the Party membership roll as required by the Electoral Act 1993, processing membership applications and renewals, and communicating with members about Party business.
• Electoral activities: Selecting and supporting candidates for general and by-elections, managing our Party list, canvassing and engaging with enrolled voters, and complying with Electoral Commission requirements.
• Fundraising and financial compliance: Processing donations, maintaining donor records, preparing financial disclosure returns under Part 6A of the Electoral Act 1993, and submitting annual financial returns to the Electoral Commission.
• Communications and campaigning: Sending newsletters, policy updates, campaign material, and event invitations to members, supporters, and subscribers who have consented to receive such communications.
• Volunteer and staff management: Recruiting, coordinating, and supporting volunteers and party staff.
• Event management: Organising hui, public meetings, party conferences, and other events.
• Website operation: Operating, maintaining, and improving tetaitokerauparty.com and providing a secure user experience.
• Legal obligations: Complying with any legal obligation imposed on the Party by New Zealand law, including obligations under the Electoral Act 1993, the Privacy Act 2020, and applicable tax legislation.
• Dispute resolution: Investigating and resolving complaints, disciplinary matters, or disputes involving members, candidates, or volunteers in accordance with the Party constitution.

Consistent with IPP 11, we will not disclose personal information to any third party unless:

• The disclosure is for the same primary purpose for which the information was collected, or a directly related purpose, and you would reasonably expect the disclosure
• You have authorised the disclosure
• Disclosure is required or authorised by or under law (including the Electoral Act 1993, which requires public disclosure of certain donation and financial information)
• Disclosure is necessary to prevent or lessen a serious and imminent threat to public health, public safety, or to the life or health of an individual
• Disclosure is required for the maintenance of the law by a law enforcement agency

• Electoral Commission of New Zealand: As required under Part 6A of the Electoral Act 1993, including annual financial returns and donation disclosures. This information is publicly available once filed.
• Returning Officers and Electoral Officials: Candidate nomination papers and related electoral documentation as required by the Electoral Act 1993.
• Party office holders and authorised staff: Internal disclosure on a need-to-know basis for lawful Party purposes.
• Service providers: Third-party technology providers (including our website host, email platform, payment processor, and event management tools) who process personal information on our behalf under appropriate data processing agreements.
• Legal advisors and auditors: Where necessary for the discharge of legal obligations or for the conduct of the Party’s financial affairs.
• Law enforcement agencies: Where required or authorised by New Zealand law.

Some of our service providers may store or process personal information outside of New Zealand (for example, cloud-based services hosted in Australia or the United States). Where we disclose personal information to overseas recipients, we take reasonable steps to ensure that the overseas recipient does not breach the Information Privacy Principles in relation to that information, consistent with IPP 12.

Consistent with IPP 5, we take reasonable steps to protect personal information we hold from loss, unauthorised access, use, modification, disclosure, and other misuse. Our security measures include:

• Secure, password-protected systems and databases with restricted access controls
• Encrypted connections (SSL/TLS) on our website
• Secure third-party payment processing — we do not store full credit card details on our systems
• Regular review of our physical and electronic information security practices
• Staff and volunteer training on privacy and information security obligations
• Secure disposal of personal information that is no longer required

While we take all reasonable precautions, no system is completely secure. If you become aware of any security concern relating to your personal information held by us, please contact our Privacy Officer immediately (see Section 11).

Consistent with IPP 9, we do not retain personal information longer than is required for the purposes for which it was collected, or as required by law:

• Membership records: Retained for the duration of membership and for seven (7) years following cessation of membership, consistent with financial record-keeping obligations.
• Donation and financial records: Retained for a minimum of seven (7) years as required under Part 6A of the Electoral Act 1993.
• Electoral and candidate records: Retained as required by the Electoral Act 1993 and Electoral Commission guidance, typically a minimum of four (4) years following an election.
• Website and analytics data: Aggregated analytics data retained for up to two (2) years. Server logs typically retained for up to twelve (12) months.
• General correspondence: Retained for three (3) years unless a longer period is required for legal or administrative purposes.
• Volunteer and event records: Retained for two (2) years following the conclusion of the relevant activity.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in a secure manner.

Under the Privacy Act 2020, you have the following rights in relation to personal information we hold about you:

• Right of access IPP 6: You have the right to request access to personal information we hold about you. We will respond within twenty (20) working days.
• Right to correction IPP 7: If you believe personal information we hold is inaccurate, incomplete, out of date, or misleading, you have the right to request that we correct it. If we decline, we must note your request on the record.
• Right to be informed IPP 3: You have the right to be informed of the purpose for which we are collecting your personal information and the people or organisations to whom we may disclose it.
• Right to withdraw consent: Where we process your personal information on the basis of consent (for example, for marketing communications), you may withdraw your consent at any time.
• Right to unsubscribe: You may unsubscribe from our electronic communications at any time by clicking the unsubscribe link in any email we send, or by contacting us directly.

To exercise any of these rights, please contact our Privacy Officer using the details in Section 11. We may need to verify your identity before processing a request.

Our website uses cookies and similar tracking technologies to improve your experience and to help us understand how our website is used. A cookie is a small text file placed on your device when you visit our website.

• Strictly necessary cookies: Required for the website to function properly (e.g. session management, security, form submission). These cannot be disabled.
• Performance and analytics cookies: Help us understand how visitors interact with our site (e.g. pages visited, time on site). We may use tools such as Google Analytics for this purpose.
• Functionality cookies: Allow our website to remember your preferences (e.g. language settings).
• Marketing cookies: Used to deliver relevant content and campaign messages. We will only set these cookies with your consent.

You can control cookies through your browser settings and, where applicable, through our cookie consent banner. Disabling certain cookies may affect the functionality of our website. For more information visit www.allaboutcookies.org.

We comply with the Unsolicited Electronic Messages Act 2007. We will only send you electronic marketing communications where:

• You have expressly consented to receive such communications from us, or
• You are an existing member or donor and the communication relates directly to the purposes for which you engaged with us (inferred consent, as permitted under the Act), or
• The communication is otherwise permitted under applicable legislation

Every commercial electronic message we send will clearly identify Te Tai Tokerau Party as the sender, include our contact details, and include a functional unsubscribe mechanism. We will act on unsubscribe requests within five (5) working days.

Te Tai Tokerau Party has appointed a Privacy Officer as required under section 201 of the Privacy Act 2020. Our Privacy Officer is responsible for:

• Ensuring the Party complies with the Privacy Act 2020 and this Policy
• Receiving and responding to privacy enquiries and complaints
• Assessing and responding to suspected or actual privacy breaches
• Providing privacy guidance to Party staff and volunteers
• Maintaining and reviewing this Privacy Policy

Under the Privacy Act 2020, we are required to notify the Privacy Commissioner and any affected individuals of a privacy breach that has caused, or is likely to cause, serious harm. A privacy breach occurs when there is unauthorised or accidental access to, disclosure, alteration, loss, destruction, or use of personal information.

Our response to a suspected or confirmed privacy breach will include:

• Immediate steps to contain and mitigate the breach
• Assessment of the nature, scale, and likely harm of the breach
• Notification to the Privacy Commissioner as soon as practicable where required under section 114 of the Privacy Act 2020
• Direct notification to affected individuals where required or appropriate
• A review of our practices to prevent recurrence

If you believe your personal information has been compromised, please contact our Privacy Officer immediately.

If you have a concern or complaint about how we have handled your personal information, we encourage you to first contact our Privacy Officer. We will acknowledge your complaint within five (5) working days and aim to resolve it within twenty (20) working days.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner:

• Website: www.privacy.org.nz
• Phone: 0800 803 909
• Post: Office of the Privacy Commissioner, PO Box 10094, Wellington 6143
• Online complaint form: www.privacy.org.nz/your-rights/making-a-complaint

The Privacy Commissioner can investigate complaints, make recommendations, and refer matters to the Human Rights Review Tribunal where appropriate.

Our website and Party activities are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without the consent of a parent or legal guardian. If we become aware that we hold such information without appropriate consent, we will take steps to delete it. Please contact our Privacy Officer if you believe this applies.

Our website may contain links to third-party websites, including social media platforms. These websites operate independently of us and are not governed by this Privacy Policy. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal information to them.

Some personal information is considered particularly sensitive under the Privacy Act 2020 and the Human Rights Act 1993, including information about a person’s ethnicity, health, religious beliefs, or political opinion. Where we collect sensitive information — for example, iwi and hapū affiliation — we do so only with your explicit consent and strictly for the purposes for which it was provided. We apply additional care and security measures to sensitive information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legislative requirements, or operational needs. The current version will always be published on our website at tetaitokerauparty.com with the effective date clearly noted. Where we make material changes, we will take reasonable steps to notify members and subscribers.