Orcon (we, us, our) is committed to dealing with personal information in a way that meets or exceeds its privacy obligations, including under the Privacy Act 2020 (Act) and the Telecommunications Information Privacy Code 2020 (Code)
We may review and revise this policy from time to time, and may notify you about any changes to it by uploading a revised version on our website. Any changes will apply from the time we upload the revised policy.
What is personal information?
Personal information is information about an identifiable individual (a living, natural person). It includes information such as a name, address, phone number and date of birth, but does not include information about a business.
Who do we collect personal information about?
We collect personal information about individuals who interact (or might interact) with our business (you). This includes:
- Our customers (and other end users), including current, prospective, and past customers. We may also collect personal information about associates of our customers, such as family members, employees, or agents. For example, we may collect personal information about nominated or authorised representatives, the holder of a credit card that is used to pay a customer’s account, a person who acts as a secondary account holder, a person who acts as guarantor for a contract, the landlord of a tenanted property or the nominated contact on a business account
- Our suppliers, service providers and business partners, including their staff, agents, and affiliates
- Our staff, including staff of our related companies
- Visitors to our websites, social media pages and premises
If you supply us with personal information about another individual, you must have their consent to do so and should refer that person to this policy.
What types of personal information do we collect?
The types of personal information we collect depends on the nature of your interaction with us, and may include:
- Name, date of birth, email address, phone number(s) and residential address. For corporate and business customers, we may also collect information about nominated contacts including name and title or position, date of birth, phone number(s) and email and business addresses
- Purchasing patterns, consumer preferences and attitudes for marketing purposes, including to analyse markets, develop marketing strategies and to identify and develop products and services that may be of interest to our customers
- Payment details (such as credit or debit card, or direct debit details) provided when purchasing our products and services
- Employment applications from people applying for jobs with us
When you become (or apply to become) a customer, we collect a range of information to assess your application and manage your account(s). This may include:
- Proof of identity information, including passport number, driver licence number, or other government identifiers. We need this information to ensure you are who you say you are, and to keep our customer records accurate and up to date. We may also be required to obtain proof of identity information by law
- Financial and credit information, including credit history, employment history, remuneration details, bank account and credit card information, information about assets and income and details of relevant court judgments and bankruptcies. We need this information to assess your creditworthiness and financial suitability
- Information about your vulnerability or medical dependency. It’s important that you let us know if you (or anyone in your household) rely on power for critical medical support or are at particular risk of needing to contact emergency services. In these cases, we may require you to provide evidence of your vulnerability or medical dependency. For example, in the case of telecommunications, we may require supporting evidence that you are (or will become) at particular risk of requiring the 111 emergency service. Or, in the case of electricity, we may need information about medical conditions to ensure secure power supply for medical devices
- Information relating to occupancy. We may need information to establish your right to occupy the property to which we provide services, and for this purpose may request copies of tenancy agreements, mortgage records or utility bills or supply records
- Information relating to change of name or status, which may include marriage certificates, death certificates and other official documentation. We may need this information where we are asked to close or transfer an account
- Employment information, including information about your employment history (e.g. current and past employers). We may need this information to assess your financial position when you are applying to become our customer
- Insurance information, including information relating to the persons or items to be insured, claims history and previous insurance
If you choose not to provide any of this information to us, we may not be able to provide our products or services to you (or only provide them to you on a limited or restricted basis).
We also collect information about the way you use our products and services. This includes information about:
- service usage (including energy consumption patterns, use of communications services, internet usage etc)
- responses to offers made and/or promotions run by us or our related companies
- payment patterns and history
- inquiries and complaints, including notes and recordings from your calls or other interactions with our customer service team
If you enter our premises, we may require you to provide information to verify you meet any relevant government health requirements or company policies (e.g. evidence of your vaccination status and/or negative test results). If you choose not to provide this information, you may not be able to enter our premises.
How do we collect personal information?
We collect information directly from you (where possible) and indirectly from our related companies, agents, service providers and other third parties. We may collect this information:
- through our websites, apps and customer support platforms (including through cookies and other analytics tools)
- Through social media platforms and third-party login providers such as Twitter, Facebook, Instagram and LinkedIn, including when you interact with our social media accounts or use third-party login providers to sign in to our online services (information we collect may include your email address, profile photo and a login token, but never your password – you can contact the Privacy Officer if you would like to request deletion of this information
- through our call centres
- through our door to door sales activities
- through our network equipment (e.g. through electricity smart meters)
- from our wholesale service providers (e.g. local fibre companies and electricity distributors) and our wholesale customers and partners (e.g. other retail service providers who resell our services to end users)
- from your other service providers, when you transfer (port) your services to us;
- when you visit our premises (e.g. electronic sign in systems)
- when you make an inquiry at a kiosk, dealer, or event, which is operated by or on behalf of us
- from other customers or third parties who refer your details to us
- through the purchase of marketing lists, databases and data aggregation services
- from other public sources (including public registers)
When you apply to become our customer, we may ask you to consent to us collecting information from particular third parties. We will only collect personal information from those parties if you consent. If you do not consent, we may not be able to provide the product or service you require. In some cases, we may be authorised to collect some personal information from third parties by law.
We also handle any unsolicited personal information we receive from you in accordance with our obligations under the Act.
How do we use personal information?
We use personal information for a variety of legitimate business purposes, including:
- to process customer applications (including to verify customers’ identities)
- to provide our products and services to customers
- to undertake credit checks
- to bill and collect money from customers, including authorising and processing credit card transactions
- to respond to customer communications (including inquiries and complaints) in relation to marketing our products and services, including contacting you electronically (e.g. text or email) unless you have unsubscribed from receiving electronic messages from us
- to improve our products and services (including our customer service)
- to manage and secure our systems and networks, including to monitor activity that may threaten network security or integrity
- to improve or personalise customers’ experience on our websites and third party websites, including through targeted advertising
- to conduct research and statistical analysis (on an anonymised basis)
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by the Act or the individual concerned
Who do we disclose personal information to?
We may disclose personal information to our related companies, and to a range of third party agents, service providers and partners who we engage in relation to our products and services. These may include:
- Sales & marketing agents, representatives and partners, including in relation to marketing our products and services
- Organisations that process banking and payment transactions, including for the purpose of processing your credit/debit card and direct debit payments
- Our wholesale service providers (e.g. telecommunications network operators, local fibre companies and electricity lines companies) including for service, account and network management, provisioning, interconnection, entitlement, safety, and fault management purposes
- Your other service providers, including for the purposes of verifying and completing any transfer (port) of services between us and those other service providers
- Printers, mail distributors, couriers and dispatch centres for the purposes of communicating with you and delivering products to you
- Third party call centres, where we have subcontracted any of our customer service or marketing operations
- IT service providers and data managers
- Public directories (e.g. White Pages)
- Credit reporting and debt collection agencies, including for the purposes of credit checking and reporting, and for recovering overdue debt
- Our professional advisors, including our legal, accounting, insurance and business advisory consultants
We may also disclose personal information to:
- Government agencies, including for the purposes of assisting in the government response to a national emergency, and for establishing or verifying eligibility for concessions and similar entitlements
- Dispute resolution agencies (e.g. TDR), for the purpose of complaint management and dispute resolution
- Emergency services, including for the purpose of assisting emergency services to more quickly locate people at risk of harm
- Law enforcement (e.g. Police), for law enforcement or security purposes
- in relation to any (actual or potential) merger, acquisition, reorganisation, bankruptcy or insolvency of our business;
- to assist with the prevention of fraud; and
- otherwise if allowed or required by law.
Some of the businesses that support our products and services may be located overseas, which means your personal information may be transferred to, or accessed from, countries other than New Zealand. We take reasonable steps to ensure that we only disclose personal information to an overseas person or entity if we believe, on reasonable grounds, that the overseas recipient is subject to privacy laws (or is otherwise required to protect the information in a way) that, overall, provide(s) comparable safeguards to those in the Act. The Act also provides other limited grounds for us to disclose personal information overseas.
How do we protect personal information?
We recognise the importance of protecting your personal information, and ensuring that it is complete, accurate, up-to-date and relevant.
When you call us in relation to your account or service, we complete an ID check to verify your identity and to check the details we hold about you are correct and to update them if required. For some safety critical information (e.g. medical information required to maintain secure power supply or ensure priority assistance) we initiate checks on a regular basis.
We have processes for verifying personal information collected for particular transactions, such as proof of occupancy, change of occupier and priority assistance. Our staff are trained to properly handle the different types of information they receive, particularly sensitive information. We have quality assurance measures in place to monitor calls to ensure that our processes are being followed.
While some of the personal information we collect is held in hardcopy form, most personal information is stored in electronic databases.
We have extensive security safeguards in place to ensure that our information systems and files are protected from loss, unauthorised access, use, modification or disclosure, or other misuse. We also have documented procedures governing our response in the event of an actual or suspected privacy breach.
How can you access and correct your personal information?
You have the right to request access to your readily retrievable personal information and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual the personal information relates to.
We generally respond to access/correction requests within 20 working days but will let you know if we expect the process to take longer than that. If we have justifiable grounds under the Act for refusing your request, we will tell you what those grounds are. For correction requests, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
We may charge you our reasonable costs of providing you copies of your personal information or correcting that information.
Internet use and cookies etc
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you post your personal information on a public area of our websites or social media pages, you acknowledge and agree that the information you post is publicly available.
We may also use:
- Cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. There are two types of cookies that may be stored locally on your device – “first party” (directly from our digital properties) and “third party” (from advertisers and analytics organisations). You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features on our websites;
- Testing tools to serve different content and advertising to visitors of our website(s). To do this we set a Google cookie and may also update information stored in our existing website cookies to allow us to display consistent content;
- Tracking and optimisation tools to help us understand how customers are interacting with our digital properties. This includes collecting information on clicks, mouse movements, time spent on a page and how customers interact with our various sign up forms and fields;
- Property data (based on the address you enter during the sign up process) from your local council, other authority or third party provider to attempt to determine certain characteristics (e.g. size, location) of the address you have selected for services to help confirm the availability of, and tailor, the services we offer to you.
When you are signing up to products or services on our digital platforms and add items to your cart, we may store this data locally in your browser’s local storage. This is used both to help complete the transaction and, in some cases, to allow you to resume your order where you had left off. This data may include the item(s) you had added to your cart and any selections you have made during the sign-up process. It can also be used for remarketing activity, which might include contacting you with a specific offer, offering assistance to complete our sign-up process, or to allow us to target specific digital advertising to you on other websites you visit.
Further information and complaints
If you have any privacy-related questions (including requests for access or correction to your personal data) or would like to make a complaint, you can contact us at:
Attention: Privacy Officer
Email: [email protected]
Address: Level 5, 34 Sale Street, Auckland 1010
If you are contacting us about a complaint, the Privacy Officer will investigate your complaint and notify you of the outcome in accordance with the Act.
If you disagree with our decision, you may refer your complaint to the Office of the Privacy Commissioner by visiting https://www.privacy.org.nz/your-rights/making-a-complaint/.