Privacy and security
Information about the personal information we collect, our approach to privacy and security, and your rights.
On this page:
- Our governance and assurance framework
- Your privacy and our website
- Entering our physical premises
- Personal information use and disclosure
- Information we make public
- How we keep personal information safe and secure
- Access rights to information about you
- Feedback and complaints
Our privacy and transparency commitment
The Ministry for Primary Industries (MPI) collects, uses, and discloses information as part of its role to prevent, detect, investigate, respond to, and resolve non-compliance and offending.
We understand that the way we use and hold information is important to maintain the public’s trust and confidence.
We are committed to ensuring the privacy, security, and confidentiality of all the information we hold.
This Privacy and transparency statement has been developed and published to provide the public and those we engage with in the course of our work with information about the type of information gathering activities we undertake. It outlines the purpose of those activities, and the steps we take to manage and protect the information we collect.
Our privacy and transparency statement [PDF, 225 KB]
We collect, use, manage, and disclose personal information only as provided by the law and to meet our statutory obligations, which include activities covered by:
- the Privacy Act 2020
- the Search and Surveillance Act 2012
- the New Zealand Bill of Rights Act 1990
- MPI’s Code of Conduct
- the State Sector Code of Conduct.
We have internal authorisation processes and procedures to make sure we gather, use, share, and disclose information in a way that complies with the law and manages possible risks.
Our approach to managing data aims to support transparency and make it easier for the public to engage with government agencies. As data custodians, we also protect individual privacy, confidentiality, and trade sensitivity over accessibility.
We expect all our staff and contractors to meet the State Services Commission’s Code of Conduct and act with fairness, impartiality, responsibility and trust. We are also committed to adopting and complying with the State Sector’s Model Standards for information gathering associated with regulatory compliance, law enforcement and security functions. We strive for continuous improvement in the way we manage information, in accordance with the Government Chief Privacy Officer’s core expectations for privacy management and governance in the public sector.
Assurance for staff integrity and conduct within MPI, and for oversight of our regulatory compliance and law enforcement functions, is provided through a number of mechanisms, including through the work of the Security and Privacy Directorate, Human Resources, Procurement, the Assurance and Evaluation Directorate, the Compliance Directorate, the Professional Standards Unit, the Inspector-General for Regulatory Systems, and the Risk and Audit Committee.
You can browse our website without providing any personal information.
We do not try to identify people using our website through their browsing history.
To help us improve our website, we collect some basic, anonymous, technical information including:
- your domain name or IP (internet provider) address
- the resolution of your screen
- your web browser (for example, Internet Explorer, Google Chrome) and operating system (for example, Windows 10, Mac OS X)
- the date and time
- search terms
- the pages and links you visited, and any documents you downloaded
- the website you visited before you visited our website.
Cookies and statistical data collected for analytics
We use web cookies to temporarily store information to enhance your browsing experience and helps us improve our website.
Cookies are small text files on your computer’s hard drive to collect information about your use of our website. Cookies do not collect identifiable information about you.
You can disable and enable cookies at any time and can continue to view our website. But if you disable a cookie, you will not be able to subscribe to our updates, publications and alerts, fill out a feedback or enquiry form, and will have a reduced online experience.
To enable or disable a cookie:
- Google Chrome: Settings > Show advanced settings > Privacy > Site settings
- Mozilla Firefox: Options > Privacy > History (use custom settings)
- Safari: Edit > Preferences > Privacy
- Internet Explore: Tools > Internet options > Privacy
Personal information you can provide voluntarily
You can voluntarily provide personal information through our website to access our services and to engage with our staff. We will use the information we collect and share it with third parties only as specified.
When you fill out a feedback form, your message may be stored and analysed to improve our website or services.
The information you provide may be seen by staff, and by contracted or third party site administrators responsible for website administration, maintenance, or other related services. Information may also be stored in a secure database by a third party acting on our behalf. As of 13 June 2019, our service provider is Campaign Monitor.
Subscribing to an MPI email service
If you subscribe to our news and alerts, you are giving consent to receive emails from us as provided for in legislation.
We may ask for or need, some personal information to administer your subscription. You may be asked to confirm that the information is true and correct. We record this information securely and use it to update our databases, which are part of our records.
You can unsubscribe any time and your details will be deleted from the database.
Information you provide on any online discussion forums will be able to be seen by other forum users. We recommend you do not disclose any sensitive information through these types of forums.
Job applications to MPI
If you apply for a job with us, you will need to create an online profile that we will use to manage your application. Should your application for a job be unsuccessful, or should you wish to withdraw an application from consideration, your information will be disposed of when our administrative activities are completed.
Contact centres and hotlines
We collect personal information when you use our phone and email contact centres, such as the pest and disease hotline (to report possible cases of exotic pests or diseases), and our poacher hotline (to report illegal fishing activity).
We will not use your email address or other details to contact you or give them to anyone else unless we consider it necessary for a lawful purpose. In that situation, we would assess any relevant privacy considerations.
You can use our contact centre services anonymously if you wish.
Cybersecurity at MPI
We monitor, analyse and audit our online systems and information to maintain security.
We may use information about your use of our website or other IT (information technology) systems to prevent or resolve unauthorised access or attacks, even if you were not directly involved.
We may use third-party suppliers to do this.
If you enter an MPI building, or site you will be required to sign in with your contact details, and upon leaving, sign out. This information is stored securely on our building access software. We will use this information to manage our occupancy, which is required for evacuation procedures. During New Zealand’s COVID-19 response, this information may also be used for contact tracing if necessary.
In general, we do not share personal information, except in the following circumstances.
- It is necessary to do so for the reason you provided it, or we collected it.
- You have given your consent for us to share it.
- You would reasonably have expected the information to be passed on, such as to a supplier providing a specific service or acting on our behalf.
- It is necessary to prevent or respond to a crime.
- It is required or authorised by the Privacy Act or other law.
- It will be used or published without identifying you.
We collect information from a range of sources to undertake our statutory functions and to administer the laws we are responsible for. Some information we collect is provided voluntarily and some is mandatory.
We do not obtain approval to obtain information that is readily available to the public (such as through an online search engine).
Any proposed covert collection of information for regulatory, compliance or enforcement work is restricted to staff with specialist knowledge, experience and competence. Relevant senior staff determine this on a case by case basis and take a range of factors into account such as the severity of the harm we seek to prevent or address, the intended and possible outcomes, and the credibility and reliability of the information source.
We have certain legal powers to carry out our regulatory and enforcement functions. In some situations, this might require us to:
- receive a sworn statement or statutory declaration
- ask for an original copy of a document
- record an interview, either in person or by phone
- make a site inspection and take photographs.
We collect information directly from you
We collect information in a number of ways for a range of different reasons.
In most cases, we tell people why we are collecting the information and what it will be used for.
If there is a legal requirement to provide information, we will specify which law applies, why it is needed, if it is compulsory or voluntary to provide it, and the consequences if you choose not to provide it.
Information collected from a third party
Sometimes, we collect information about someone from another source, if this is permitted by law, including under the Privacy Act.
In this situation, someone may be unaware that we have obtained information about them from another individual or agency.
On occasions, we receive information that gives us reasonable cause to believe that a person or group may pose a threat to the public or to our staff. In such cases, we may take appropriate actions to protect people, information, or places.
Collecting and checking information before taking compliance action
We take all reasonable and practical steps to check the accuracy and reliability of information received from third parties.
We do not employ private investigators to conduct surveillance on individuals or as part of our compliance or enforcement activities.
However, if we received information of a direct threat or possibility of harm to anyone, we would collect information as part of our assessment and response. We may use a specialist third party to help us with this.
In some situations, it may be appropriate to collect information or undertake surveillance in a way that does not immediately identify us, as allowable under the Search and Surveillance Act 2012.
Enhanced levels of oversight and controls will be adopted in such situations.
We take care to exercise our information gathering powers lawfully and appropriately, and to meet our obligations under the Privacy Act 2020, State Sector Code of Conduct, and State Services Commissioner’s Information Gathering Model Standards at all times.
We protect information collected in these situations, and disclose only what we consider necessary to carry out our statutory responsibilities, and to support other government agencies to enforce the law and carry out regulatory compliance and security activities.
We may use and disclose information only in connection with our lawful purposes, functions and powers.
We may share information with other agencies to carry out either of our responsibilities or comply with international obligations and commitments.
Information will be shared only in accordance with our statutory powers and with appropriate controls. We take all practicable steps to verify information before sharing it with a third party.
Where possible, we inform the person concerned at an appropriate time. However, there are some circumstances where there are legitimate reasons for us not to do this, such as if it would affect our ability to investigate possible offending or a crime or threat.
Our third party contracts may include service requirements to do with privacy, information security and commercial confidentiality.
We may also exchange information with agencies in other countries that we have a treaty or co-operation arrangement with.
Information may be used to audit or monitor our compliance activities.
We exchange information for statistical purposes with Statistics New Zealand.
Information sharing and use for data analytics
Information may be used for analysis, risk assessment, or auditing and monitoring.
We share information with New Zealand’s other border agencies to help us detect and prevent risks and to help people comply with their obligations.
We do not make decisions or take enforcement actions based solely on data models.
Information on public registers
We are responsible for maintaining and publishing a number of public registers related to specific laws.
Anyone who is concerned that information we make public on one of the public registers we administer may pose a risk to their own, or someone else’s safety should contact us as in certain circumstances we can take steps to limit the amount of identifying information made publicly available.
Public feedback on proposals
Submissions we receive from members of the public become official information, which can be requested under the Official Information Act 1982 (OIA).
The OIA requires us to make submissions available unless we have a good reason to withhold information. These reasons include the need to protect commercial or privacy interests.
We may also choose to proactively publish submissions to further public discussion and transparency of policy decisions.
Let us know if you would like to us to consider withholding specific information from public release when you provide feedback on proposals.
Withholding any information is at our discretion, however decisions can be reviewed by the Ombudsman.
We respect your privacy and aim to keep your information confidential unless we are lawfully required or allowed to disclose it.
We have secure environments to protect your personal information and business records. We use reasonable security safeguards to protect information – both digital and hard copy – from loss, unauthorised access, use or disclosure.
We have a role-based, needs-only, access approach, where possible. All staff are assigned unique passwords, and we have a range of measures to prevent unauthorised access to your personal or commercially sensitive information.
The security of our premises and information is managed according to the:
- New Zealand government’s Protective Security Requirements
- New Zealand Data and Information Management Principles
All information we hold is subject to the requirements of the Official Information Act 1982 (OIA) and the Privacy Act 2020.
Under these laws, you have the right to ask for certain information. Under the OIA, you have the right to request a wide range of official information. Under the Privacy Act, you have the right to ask for access to any information we hold about you, including information collected from a third party.
To request information under the OIA, email: email@example.com
To request information about you under the Privacy Act, email firstname.lastname@example.org
In your request, check that you have included:
- your name
- your contact details in case we need to check something or discuss your request
- any organisation you are representing
- a clear, specific outline of the information you would like.
For some requests, we may need to see a photo identification or other proof of identity, to verify that you have authority to access information or to act on someone’s behalf.
We aim to respond to all requests for information within 20 working days. Some requests may take longer, such as large or complex requests and those that require us to consult with other parties. We will let you know if we need an extension of time.
If we refuse your request, we will explain why and outline the steps you can take if you disagree with this decision.
Updating or amending your personal information
You have the right to ask us to correct the information we hold if you think it is not correct.
We may decline a request to update our records if we don’t consider it appropriate to do so. If this happens, you can ask for a statement to be added to your information that describes what your request was and explains why the change was not made.
How long we hold your personal information
We hold your personal information as long as necessary to achieve the purpose that it was collected for, or as required by law.
Information we collect may be classified as a public record and is kept according to our record retention and disposal policy, which is subject to the Public Records Act 2005.
We are committed to providing you with excellent and timely service, and welcome your feedback – whether positive or negative – on our service.
- Email us: email@example.com
- Email our chief privacy officer: CPO@mpi.govt.nz
- Post feedback to: PO Box 2526, Wellington 6140, New Zealand.
You can also lodge a complaint with the Ombudsman or Privacy Commissioner.
- Email firstname.lastname@example.org
- Phone 0800 00 83 33 (within New Zealand)
- Phone +64 4 830 1574 (outside New Zealand).