In this policy we refer to Sprout as “we”, “us”, or “our”. By using our website and mobile site, you acknowledge and agree that your personal information will be treated as described in this policy.
1. Personal information
In this policy, “personal information” means the same as it does in the Privacy Act 2020 (“Privacy Act”). In general terms, this includes any information that can be used to personally identify you. This may include (but is not limited to) your name, age, gender, address and contact details (including phone numbers and email addresses). If the information we collect personally identifies you, or you are reasonably identifiable from it, then the information is considered personal information.
2. Types of personal information we collect
When you access our website or apply for a role with us, we may collect the following types of personal information:
mailing or street address;
age or birth date;
CV, academic transcripts, interview notes and test results;
personal information that is generally available online, including through social media; and
any additional personal information that you provide to us directly or indirectly, through our website, our representatives or otherwise.
3. Collection of personal information
We collect personal information in a variety of ways, including when you:
access and use our website, communications, including registration details and information relating to your use of the website and the services, such as the content you access (for example, the roles you have viewed, or the search queries you input);
call, email or interact with our team members; or
apply for a role with us.
You agree that we may also collect personal information from third parties, including:
third party agents such as the Ministry of Justice, Immigration New Zealand.
4. If we are not able to collect personal information
If you choose not to provide us with the personal information requested, then:
we may not be able to consider your application for the role you have applied for;
we may not be able to provide you with information you have requested; and
we may not be able to provide you with potential job opportunities.
5. Use of personal information
The primary purpose for which we collect information about you is to enable us to process your application for a role with us. We collect, hold, use and disclose your personal information for the following purposes:
to communicate with you and process your applications for roles with us;
to provide you with information about existing and new roles with us;
to verify your identity;
to provide to third parties if you have authorised us to do so;
to manage and enhance our careers services;
to conduct analysis across our business;
to conduct business processing functions, such as administrative, marketing, planning, quality control and research purposes; and
as required or permitted by any law (including the Privacy Act).
Your personal information will be stored in encrypted files and secure CRM systems which only employees of Sprout Group Limited have access to. It may also be held for us in the data centres, platforms and systems of our third-party service providers, some of which may be located outside of New Zealand.
We do not sell, trade, or otherwise transfer to any untrusted outside parties your personal information.
8. Disclosure of personal information
We may disclose your personal information:
to our team members, for the purposes of processing your application for a role with us;
to third parties, for the purposes of verifying information in your application and assessing your suitability for a role with us, such as referees, Immigration New Zealand and the Ministry of Justice;
for the operation of our website or our business;
for the specific purpose of fulfilling requests by you;
where we are permitted to under the Privacy Act; and
as otherwise detailed in this policy.
Where we engage third parties to undertake services, we may provide those third parties with some of your information if it is required to fulfil those services and only to the extent required to fulfil those services. Examples of such third-party providers may include, but not limited to:
service providers such as contract management providers, web hosting providers, IT systems administrators and professional advisers
software providers such as customer relationship management and accounting software
specific third parties authorised by you to receive information held by us, such as the Ministry of Justice.
We require any third party to protect your information against unauthorised use or disclosure.
In addition to the above, we release personal information only when it is permitted under the Privacy Act or required by law for legal compliance and law enforcement (including to government agencies with statutory law enforcement responsibilities, and/or to your Internet Service Provider or network administrator); or protect our or your rights, property, or safety, and where we reasonably believe that disclosure is necessary.
9. Disclosure of personal information outside of New Zealand
We may disclose personal information to external service providers or entities located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
If you are a citizen or resident of the European Union, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) will apply to your personal data.
We will keep your personal data only for as long as is reasonably necessary for the purpose that it has been processed and taking into account any legal requirements under the GDPR.
The GDPR defines certain information as ‘sensitive’ (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal proceedings and offences). If we ever deal with sensitive personal data we will only use this information to provide the service you require and we will ask for your explicit consent. As a customer, there may be times when you give us this sensitive information. We may share it with our Affiliates and our subcontractors to keep your records up to date.
11. Protection of personal information
We will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access or modification. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
12. Right to access or correct your personal information
You may request access to any personal information we hold about you at any time by contacting us at email@example.com or 0800 4 777688.
Your request will be processed in accordance with the Privacy Act.
If you make an access request, we will ask you to verify your identity. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, in most circumstances we will give you written reasons for any refusal.
We may charge a reasonable fee for making your personal information available to you or providing you with copies of it.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may ask us to amend it. We will consider if the information requires amendment and will not charge for making any amendments. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
13. Complaints about a breach of privacy
If you believe that we have breached this policy or the Privacy Act or you have any questions or concerns about this policy, please contact us using the contact information below and provide details of the incident so that we can investigate it.
We have a formal procedure for investigating and dealing with complaints. Once the Privacy Officer receives a complaint, they will commence an investigation. The investigator will endeavour to determine the nature of any breach and how it occurred.
We may contact you during the process to seek further clarification if necessary. If a breach is found, the Privacy Officer will escalate the matter to management so that the process can be rectified to prevent any further breaches from taking place. We will also contact you to inform you of the outcome of the investigation.
We will treat your requests or complaints confidentially.
You can contact our Privacy Officer by email at firstname.lastname@example.org or 0800 4 777688.
We may change this policy from time to time. Updated versions of this policy will be posted on our website. This policy was last updated in February 2021.