Winsborough provides leadership solutions for use in individual, team and organisational selection, development and leadership activities. We design and use leadership assessment tools (including, but not restricted to, the assessment of individuals' behaviour, preferences and abilities by themselves and others) to meet our clients' needs and (once anonymised) for our own research purposes.
We are committed to protecting privacy and ensuring that we handle any personal information with care and respect. We act in accordance with the principles of the New Zealand Privacy Act (1993), the European Union General Data Protection Regulation (GDPR) (2018), the Health Information Privacy Code (1994) and the New Zealand Psychologists Board Code of Ethics to safeguard personal information. As many Winsborough staff are registered psychologists, the information collected by Winsborough is deemed “Health Information”, hereby referred to as “personal information”.
This policy explains:
If you have any questions regarding our policy, wish to exercise your rights or to make a complaint, please contact our Privacy Officer.
The GDPR outlines additional obligations for organisations, as outlined below:
Health Information Privacy Code
The Health Information Privacy Code recognises that people have the following expectations about their personal information:
When do we collect personal information?
We will take all reasonable steps to ensure that you are aware that we are collecting personal information from you, or in some cases from others about you. We collect personal information directly from you, or from others or your employer when part of a selection, development or team process. This can include when:
When collecting your personal information, we will always ensure we first gain your consent. When gaining consent we will advise you of the following:
Information being collected from you
The personal information we collect about you may include your name, title/occupation, employer, business contact details, personal email address, your opinions, behaviours, reputation, individual preferences, skills and work history.
In some instances, you may enter your personal information directly into one of our partner systems, for example Hogan Assessments. If this is the case, we will let you know their contact details.
The Purpose - how we will be using your personal information
In our initial email correspondence and within our Winsborough survey platform, we ensure that you are aware of the purposes that your personal information will be used for, such as development, selection, development of aggregates and ongoing research for our client organisations. All personal information may also be anonymised, and used for research purposes by Winsborough, for example in the development of the New Zealand norm group against which we compare your results.
Who will have access to your personal information
We will clearly state who will have access to your information, ensuring that it is only those individuals who need to know for the purposes which the information was gathered. For example, in a selection context, within the client organisation your information will be shared with all individuals who are part of the selection process. Additionally only those Winsborough staff or associates who are working on the project will have access to your information. Consultants may share details of some assignments with peers or their supervisor as part of professional and ethical supervision.
We will not disclose your personal information to another party unless we first have your written consent to share it, or unless we are required to do so either legally or to comply with the Board Code of Ethics for Psychologists working in Aotearoa/New Zealand (for example in order to prevent harm to yourself or others).
Your rights regarding your personal information
It is not compulsory to complete our assessments or provide us with any personal information. At any time, you can withdraw your consent by contacting the Winsborough Support team or object to how your information is being processed. You will be able to do this. If you choose not to consent to us collecting your personal information we will let you know the implications of your decision. Generally, this will mean that we will advise the client organisation of your decision.
You have the right to access, correct or have deleted any or all personal information we hold on you, and be forgotten. We will respond to these requests without undue delay within one month of receiving your request. In some situations, we may charge a fee for our costs in providing the information to you. There are exceptions where we may not comply with your request, including:
In these cases, we will notify you of our decision in writing and explain why and how you can complain if you are not satisfied with our decision.
Storage of personal information
In accordance with the Health Information Privacy Code we will store all personal information securely. We also recognise that government organisations have other legal obligations regarding storage of personal information, such as the Official Information Act, and we will ensure compliance when working with these agencies.
All personal information will be stored in a way that protects your privacy and confidentiality. We store personal information with the following sub-processors servers within and outside of New Zealand, Google, BPM Online, Webdrive and Xero. As part of working with us you may also enter personal information directly into one of our partner systems, including Hogan Assessments, Assessio, PSI Services and Kaiser Leadership Solutions. We conduct risk assessments of these providers to ensure they are processing your data in accordance with the GDPR and other applicable privacy and data protection laws.
Please let us know immediately if you believe that any personal information we hold about you may be compromised by a data security breach, so we can investigate the incident.
We may need to retain certain personal information after a customer or supplier account has been closed or deleted to enforce our terms, to identify, issue or resolve legal claims and/or for proper record keeping purposes. To ensure we can respect your wishes we may also retain a record of: any stated objection by you to receiving our marketing and not to contact you further or any other request you make when you exercise your rights.
Privacy concerns and complaints
If you believe we have not handled your personal information in accordance with this policy and our privacy obligations, please contact our Privacy Officer on the contact details below so we can investigate and address your concerns.
We may need to seek further information from you and will aim to respond to your complaint within 14 days.
If you are not satisfied with our proposal to resolve your complaint, and reside in New Zealand you may contact the:
Office of the New Zealand Privacy Commissioner
PO Box 10094
If you are a European Union resident and consider you rights have been violated by us, you also have the right to lodge a complaint with the relevant European authority.
Our contact details:
Telephone: +64 (09) 909 7154
Level 9, Fujitsu Tower
141 The Terrace
PO Box 10497