Relevant Legislation
• Health Information Privacy Code 1994
• Privacy Act 1993
• Privacy Act 2020
• Public Records Act 2005
1.The CMRF database is housed on the CMRF Kindful system, a cloud based, globally recognised, supplier of database services for charities. The database is accessed by CMRF staff via individual username and password protection
2. All Canterbury Medical Research Foundation/ New Zealand Brain Research Institute (BRI) staff computers are password protected.
3. Individual records may be viewed by the individual concerned at any time, upon written request
4. No information is given out to third parties without the permission of the donor concerned
5. The General Manager is the Officer responsible for Privacy. The Administration Manager, and Marketing Manager are responsible for the maintenance of up to date donor information and the deletion of obsolete records – all requests for changes are forwarded to these staff. There are written Procedures that cover how information will be stored and maintained.
6. BRI Research Participants are the responsibility of that organisation and their Privacy is covered in the BRI Policy.
7. The database and it’s stored information is used for marketing purposes including managing events and fundraising. Information is only collected and stored for these purposes.
8. CMRF Staff are trained on the importance of Privacy and on how to manage cyber risk
9. In the event of a Privacy Breach the CMRF Crisis Management Policy will be actioned. If the breach has the potential to cause serious harm to individuals then the Privacy Commissioner will be notified.
10. Individuals who provide information through our website or by other means, consent to us storing and using this information outlined in the policy. CMRF does not collect data relating to people who browse our website but we do analyse nonidentifiable web traffic data to help us improve our services
11. Any complaints or reports relating to Privacy are encouraged and should be sent to the CMRF General Manager
12. People have the right to have their information amended or removed and can dothis by emailing us at: [email protected]