MainPower (New Zealand) Limited (MainPower) is committed to protecting our customers' personal information. We have created this Privacy Statement to help you understand how we collect, use and protect your information when you visit our websites and use our products and services.
MainPower (we, us, our) complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This Privacy Statement covers the following topics:
What information do we collect?
How do we use your information?
Sharing your information;
Storage of your personal information;
Protecting your information;
Accessing and updating your information;
Destruction of your information;
Changes to our Privacy Statement; and
This Privacy Statement is provided for your information and doesn't limit or exclude your rights under the Act. If you wish to seek further information on the Act, please see the Privacy Act website.
2. What information does MainPower collect?
We collect information relating to you that:
You have provided to us (for example, on a services application or registration form, or through the way you use our products and services); or
That we may have obtained from another source (such as your electricity provider or District Health board in the case of medically dependent consumers).
The information we collect may include your:
Postal or residential address;
Copies of identification such as drivers’ licence or passport;
Bank account details;
Installation Control Point (ICP) number (identifies your connection point);
Whether you have notified MainPower or your retailer that you are medically dependent;
Information regarding your website use, including registration details and profiling, particulars of use, regularity of access and content viewed;
Notes and recordings regarding contact with you or about you;
Information on how you use our products and services; and
Anything we need to provide products or services to you.
3. How does MainPower use personal information?
MainPower may use your personal information in accordance with the Privacy Act for the following purposes:
1. To verify your identity;
2. To market our goods and services to you;
3. To provide goods or services you have requested;
4. To improve those goods and services we provide you;
5. To maintain your shareholder information;
6. To bill you and to collect money that you owe us, including authorising and processing credit card transactions;
7. To respond to communications from you, including a complaint made by you;
8. To conduct research and statistical analysis (on an anonymised basis);
9. For recruitment purposes if you are applying for a job at MainPower.
10. Where you have expressly consented to us collecting and using that information, e.g. when you apply for an account with MainPower or enter a competition or promotion run by us;
11. As necessary to protect or enforce our legal rights or interests (including to protect our IT systems or to improve cyber security), or to defend any claims made against us by any person (including you); or
12. For any other purpose authorised by you or permitted by law.
Where possible, we will collect the information directly from you. We may collect your information via phone, written correspondence, email, our website, social networking websites or forms.
Personal information may also be gathered through third parties including your electricity retailer, electrical contractor or your representatives, market research service providers, social networking sites (such as Facebook, Twitter and Youtube), publicly available sources and from our transaction records.
We also use CCTV cameras to record footage at some of our sites for the purposes of ensuring the security of our sites and property. This footage may constitute ‘personal information' as defined in the Privacy Act, and by entering our monitored sites you acknowledge, and consent to, the collection of any footage.
We may collect meter data provided by your electricity retailer or metering equipment provider. This will be used either for network planning purposes or to help us assess the impact of pricing. Wherever possible we will agree a process with the data provider to aggregate the data so that you cannot be identified.
In the event that we use an independent third party to aggregate the data we will ensure that appropriate non-disclosure arrangements are in place.
We will hold meter data securely in accordance with best industry practice. Meter data will only be held for only as long as is necessary to achieve the purpose for which it has been collected, unless an exception applies, as required by the Privacy Act 2020.
4. Sharing your information
There may be times when we need to disclose your personal information to third parties. We will disclose your personal information only in accordance with this Policy and the Act. We may provide personal information to third parties where necessary or appropriate to facilitate the purpose for which information was collected pursuant to the Policy. You authorise us to disclose your information to:
1. Other parts of our company group who may use and disclose your information for the same purposes as us;
2. Those who provide us with products or services that support the services that we provide, such as (but not limited to) our suppliers, field service providers and contractors;
3. Credit reference agencies (unless we have agreed otherwise), who may share your information with other organisations and who may keep a record of the searches we make against your name;
4. Marketing, market research and website development and usage services. There are specific rules that govern the use of personal information for direct marketing. If your personal information is used for direct marketing purposes, we will always give you the choice to opt out of being part of any future direct marketing activities.
5. If someone else pays your bill, such as your landlord, that person;
6. Anyone we transfer our business to in respect of which you are a customer or a potential customer;
7. Anyone who hosts or maintains data centres, service platforms, cloud based solutions and other infrastructure and systems on behalf of MainPower, where your information is processed, hosted or stored; or,
8. Any person or organisation as authorised by the Privacy Act 2020. Otherwise, we will only disclose your personal information without your consent if doing so is:
9. The relevant authorities where necessary to protect or enforce our legal rights or interests, or to defend any claims made against us by any person (including you);
10. The relevant parties necessary in order to report a cyber incident or for cyber security purposes (including to prevent unauthorised access to, or attacks on, our systems);
11. To the relevant parties where necessary to lessen a serious threat to a person's health or safety; or,
12. Other persons, as required by law.
5. Security of your personal information
We will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up to date and securely protected against loss, unauthorised access and other misuse. This includes physical security, computer and network security, communications security, and personnel security.
We may retain all personal information that we collect (on our active systems and our archive systems) only for as long as necessary to carry out the purposes for which the information was collected (including for the purpose of providing services to you). CCTV footage will usually be retained for a period of 15 days, after which time it will be deleted.
We may provide your personal information to third parties contracted by us in order to perform data storage and data processing services on our behalf. We will take all reasonable steps to ensure that these third parties comply with our instructions and do not use your personal information for any other purpose. We may store your personal information on servers and services both within New Zealand and offshore (including third party cloud-based services and storage). We may access and use that personal information in and outside New Zealand. You acknowledge that some of the third party storage providers, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to New Zealand.
6. Accessing and updating your personal information
You may request access to the personal information we hold about you by sending an email to firstname.lastname@example.org. Please quote your name and address. We would be grateful if you could also provide brief details of what information you want a copy of (this helps us to more readily locate your data). We may also need you to confirm your identity, before providing information to you.
In accordance with the Act, in some cases, there may be a charge associated with providing copies of your personal information to you. If so, we will advise you of this prior to sending your information to you.
We will not be able to provide your personal information if we do not know or don't have reasonable grounds to believe it is personal information about you or if disclosing the information would involve the unwarranted disclosure of the affairs of another individual.
You can request correction or amendment of the information held by us at any time and as often as necessary by sending us an email to email@example.com and specifying the information that you require changed.
If it is reasonable in the circumstances for us to do so, we will make the requested change or correction, otherwise we'll take reasonable steps to mark that information as having been subject to a change or correction request.
If you are using the internet to access our services, remember to sign out of your account and close your browser window when you have finished. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place.
7. Internet use, including cookies
We make every effort to maintain the security of our internet connections; however, for reasons outside of our control, due to the public nature of the internet security risks may still arise.
Any personal information transmitted to us or from our online products or services will therefore be at your own risk, however we will use our best efforts to ensure that any such information remains secure.
1. Understand what you like and use about our website;
2. Understand what you do not like and do not use on our website;
3. Provide a more enjoyable, customised service and experience;
4. Enable you to use certain services on our website; and,
5. Help us develop and deliver better products and services tailored to our customers' interests and needs.
We also collect IP addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of the service of providing internet session management and for security purposes.
We may use a persistent cookie to record details such as a unique user identity and general registration details on your PC. This helps us recognise you on subsequent visits to this website so that you don't have to re-enter your registration details each time you visit us and allows us to carry out the activities mentioned above.
Most browser technology (such as Internet Explorer, Chrome etc.) allows you to choose whether to accept cookies or not – you can either refuse all cookies or you can set your browser to alert you each time that a website tries to set a cookie. You do not need to have cookies turned on to access our sites, but you may need them for customisable areas of the site that we may develop in the future, or to access and benefit from certain functionality offered by the site.
Our website may contain links to third party websites. These websites have not been prepared by and are not controlled by us. They are provided for your convenience only, and do not imply that we check, endorse, approve or agree with the privacy practices of the third-party websites our website links to. Accordingly, we are not liable to any person for any of the content contained on any third-party websites or the use of the same.
We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personal information.
8. Destruction of your information
We take all reasonable steps to ensure your personal information is appropriately disposed of once it is no longer needed for the purpose for which it was collected.
9. Data Breaches
In the event we become aware that personal information has been lost or subject to unauthorised access, misuse, interference, or disclosure, we will take steps to contain and rectify the data breach, as soon as practicable, prevent reoccurrence, and comply with any applicable notification obligations.
10. Changes to our Privacy StatementWe may change this Privacy
Statement from time to time and we will tell you about a change in the policy
by posting an updated Privacy Statement on our website. Any change we make
applies from the date we post it on the website.
Privacy is a sensitive issue and we value your feedback. If you believe we have not adhered to these privacy principles, please contact us at firstname.lastname@example.org. We will respond to your complaint within a reasonable time frame. If you are not satisfied with the outcome of your complaint, you may refer your complaint to the Office of the Privacy Commissioner; or telephone 0800 803 909.