The Broken Movement Trust (Te Pou Awatea) is committed to protecting the privacy, dignity, and rights of all individuals who engage with our organisation. This Privacy Statement outlines how we collect, use, store, and safeguard your personal information across all our services, programmes, systems, and platforms.

We comply with the Privacy Act 2020 and all other applicable laws in Aotearoa New Zealand.

Our Commitment to Your Privacy

Te Pou Awatea | The Broken Movement Trust is committed to protecting your personal information and upholding your privacy in accordance with the New Zealand Privacy Act 2020. This policy outlines how we collect, use, share, and protect your information.

1. What We Collect

We may collect personal information directly from you or through your engagement with our services, including:

    • Your name and contact details
    • Demographic info (e.g. age, gender, ethnicity)
    • Whakapapa (iwi, hapū, marae associations)
    • Health, disability, and wellbeing information
    • Case notes and service history
    • Audio-visual content (photos, interviews, videos)
    • Info from forms, surveys, or funding reports

We also collect information through our website, social media, applications, referrals, or with consent from funders and partners.

2. Why We Collect This Information

We collect this information to:

    • Deliver health, wellbeing, and social support services
    • Communicate with you and your whānau
    • Improve our programmes and tailor support
    • Meet legal, reporting, and funding obligations
    • Keep you safe and support advocacy (with permission)
    • Conduct research, quality improvement, and evaluation

3. How We Use and Share Information

Your information is confidential. Only authorised staff, contractors, or board members can access it.

We may share information with:

    • Government agencies (e.g., MSD, MOJ) under contract
    • Partner services involved in your care (with consent)
    • Approved researchers or evaluators (anonymised where possible)
    • Legal authorities, if required by law
    • We will never sell or trade your information.

4. How You Are Identified

To protect your identity, we use secure codes instead of names. For example, you may be assigned a Whaiora Reference Code (WRC) — a unique identifier used for internal purposes and anonymous reporting.

5. Data Storage and Security

We use encrypted digital systems and secure physical storage to protect your information. Only authorised staff can access your data. All cloud-
based services we use comply with New Zealand’s privacy laws.

6. Data Retention and Disposal

We retain personal data for up to seven (7) years, unless required longer by law. After that, it is securely destroyed through:

    • Permanent digital deletion
    • Confidential shredding of paper records

7. Government Agency Reporting

For funding and evaluation purposes, we may share anonymised data with agencies like MSD, Oranga Tamariki, MOJ, DIA, and Corrections. Your
name and identity will not be included. This data supports service development, policy, and funding.

8. Your Rights

Under the Privacy Act 2020, you have the right to:

    • Access your personal information
    • Request corrections to any inaccurate details
    • Withdraw your consent (please note, this may limit the support we can offer)

To request access or make a correction, please contact our Privacy Officer (details below).

9. Your Responsibilities

Please ensure the information you provide is accurate and up to date. If you choose not to provide personal information, we may not be able to
fully support or engage with you.

10. Website and Online Use

When visiting our website, we may collect anonymous data like IP addresses or browsing behaviour to improve our digital services. Any information you submit via our website or social media (e.g., forms, surveys) will be handled according to this policy.

11. Privacy Officer

Te Pou Awatea has a designated Privacy Officer. All staff, contractors, and volunteers are trained in privacy and security best practices, including
how to:

    • Respond to privacy breaches
    • Handle cybersecurity risks
    • Respect personal boundaries and confidentiality

12. Contact Us

If you have any questions, feedback, or want to make a privacy request:

Privacy Officer

Te Pou Awatea | The Broken Movement Trust

PO Box 9066

Tower Junction, Christchurch 8419

   0800 664 775

   [email protected]