Privacy Policy

Winsborough Confidentiality and Privacy Policy

Winsborough provides leadership solutions for use in individual, team and organisational selection, development and leadership activities. We design and use leadership assessment tools (including, but not restricted to, the assessment of individuals' behaviour, preferences and abilities by themselves and others) to meet our clients' needs and (once anonymised) for our own research purposes.



We are committed to protecting privacy and ensuring that we handle any personal information with care and respect. We act in accordance with the principles of the New Zealand Privacy Act (1993), the European Union General Data Protection Regulation (GDPR) (2018), the Health Information Privacy Code (1994) and the New Zealand Psychologists Board Code of Ethics to safeguard personal information. As many Winsborough staff are registered psychologists, the information collected by Winsborough is deemed “Health Information”, hereby referred to as “personal information”.


This policy explains:

  • when we collect information from you,
  • how we gain your consent,
  • the types of personal information we collect about you and why,
  • to whom we usually disclose it,
  • how we keep it secure and process it, and
  • your privacy choices and rights.

If you have any questions regarding our policy, wish to exercise your rights or to make a complaint, please contact our Privacy Officer.



The GDPR outlines additional obligations for organisations, as outlined below:

  1. Under the GDPR Winsborough is considered a Processor, as we process personal data for our clients (Controllers). We also use Sub-Processors to process data.


Health Information Privacy Code

The Health Information Privacy Code recognises that people have the following expectations about their personal information:

  1. It will be kept confidential, because it was probably collected in a situation of confidence and trust
  2. It will be treated as sensitive, because it may include details about body, lifestyle, emotions and behaviour
  3. It will be used for the purposes for which it was originally collected and people will be told about those purposes.


When do we collect personal information?

We will take all reasonable steps to ensure that you are aware that we are collecting personal information from you, or in some cases from others about you. We collect personal information directly from you, or from others or your employer when part of a selection, development or team process. This can include when:

  • we carry out profiling, interviewing, consulting, training and development,
  • you participate in an assessment or development process – for example, completing a survey, role play, development centre, team and/or individual coaching,
  • you visit our website or contact us via our website, email or by phone. For our website policy please click here, or
  • we conduct research.



When collecting your personal information, we will always ensure we first gain your consent. When gaining consent we will advise you of the following:


Information being collected from you

The personal information we collect about you may include your name, title/occupation, employer, business contact details, personal email address, your opinions, behaviours, reputation, individual preferences, skills and work history.


In some instances, you may enter your personal information directly into one of our partner systems, for example Hogan Assessments. If this is the case, we will let you know their contact details.


The Purpose - how we will be using your personal information

In our initial email correspondence and within our Winsborough survey platform, we ensure that you are aware of the purposes that your personal information will be used for, such as development, selection, development of aggregates and ongoing research for our client organisations. All personal information may also be anonymised, and used for research purposes by Winsborough, for example in the development of the New Zealand norm group against which we compare your results.

Who will have access to your personal information

We will clearly state who will have access to your information, ensuring that it is only those individuals who need to know for the purposes which the information was gathered. For example, in a selection context, within the client organisation your information will be shared with all individuals who are part of the selection process. Additionally only those Winsborough staff or associates who are working on the project will have access to your information. Consultants may share details of some assignments with peers or their supervisor as part of professional and ethical supervision.


We will not disclose your personal information to another party unless we first have your written consent to share it, or unless we are required to do so either legally or to comply with the Board Code of Ethics for Psychologists working in Aotearoa/New Zealand (for example in order to prevent harm to yourself or others).


Your rights regarding your personal information

It is not compulsory to complete our assessments or provide us with any personal information. At any time, you can withdraw your consent by contacting the Winsborough Support team or object to how your information is being processed. You will be able to do this. If you choose not to consent to us collecting your personal information we will let you know the implications of your decision. Generally, this will mean that we will advise the client organisation of your decision.


You have the right to access, correct or have deleted any or all personal information we hold on you, and be forgotten. We will respond to these requests without undue delay within one month of receiving your request. In some situations, we may charge a fee for our costs in providing the information to you.  There are exceptions where we may not comply with your request, including:


  • where processing is necessary to comply with a legal obligation or claim,
  • for exercising the right of freedom of expression and information,
  • for reasons in the area of public health or public interests.


In these cases, we will notify you of our decision in writing and explain why and how you can complain if you are not satisfied with our decision.


Storage of personal information

In accordance with the Health Information Privacy Code we will store all personal information securely. We also recognise that government organisations have other legal obligations regarding storage of personal information, such as the Official Information Act, and we will ensure compliance when working with these agencies. 


All personal information will be stored in a way that protects your privacy and confidentiality. We store personal information with the following sub-processors servers within and outside of New Zealand, Google, BPM Online, Webdrive and Xero. As part of working with us you may also enter personal information directly into one of our partner systems, including Hogan Assessments, Assessio, PSI Services and Kaiser Leadership Solutions. We conduct risk assessments of these providers to ensure they are processing your data in accordance with the GDPR and other applicable privacy and data protection laws.


Please let us know immediately if you believe that any personal information we hold about you may be compromised by a data security breach, so we can investigate the incident.

We may need to retain certain personal information after a customer or supplier account has been closed or deleted to enforce our terms, to identify, issue or resolve legal claims and/or for proper record keeping purposes. To ensure we can respect your wishes we may also retain a record of: any stated objection by you to receiving our marketing and not to contact you further or any other request you make when you exercise your rights.


Privacy concerns and complaints

If you believe we have not handled your personal information in accordance with this policy and our privacy obligations, please contact our Privacy Officer on the contact details below so we can investigate and address your concerns.

We may need to seek further information from you and will aim to respond to your complaint within 14 days.

If you are not satisfied with our proposal to resolve your complaint, and reside in New Zealand you may contact the:

Office of the New Zealand Privacy Commissioner

PO Box 10094

Wellington 6143

New Zealand



If you are a European Union resident and consider you rights have been violated by us, you also have the right to lodge a complaint with the relevant European authority.


Our contact details:

Privacy Officer
Telephone: 0880 222 061


Level 5, Chelsea House

85 Fort St

PO Box 106112

Auckland 1010