Our Commitment to Managing Personal Information
Wells treats all relationships with clients and customers, whether they be corporate entities or individuals, as important. We aim to provide a positive service to you in all of our interactions, built on our core values of integrity, commitment and loyalty. Furthermore, we will communicate with you in a transparent and appropriate manner.
These core values are reflected in the way we manage your personal information. We drive a positive “privacy culture” in which Wells staff, contractors and third parties are supported and encouraged to adopt sound personal information management practices. We recognise that treating your personal information responsibly contributes to a positive service experience and the level of confidence you have in us. Our staff are encouraged to provide a service that includes:
• ensuring there are clear purposes for collecting your information;
• being transparent about our handling of your information;
• managing risks to your information by limiting the potential for security or data breaches;
• enabling you to access and correct your information where necessary;
• ensuring accuracy of your information; and
• using and disclosing your information diligently; and
We are also aware of our obligations under the Privacy Act 1993 and build those expectations into our policy and practice.
Our business operates across New Zealand providing services ranging from electrical field services and inspection services, extensive electricity and gas meter reading activities and electrical, instrumentation and automation installation, commissioning and maintenance.
Your personal information enables us to provide electrical services to you or in relation to your energy consumption we are able to supply information to our many energy retailer clients. Our field services teams visit s significant number of residential and business customers every month across New Zealand. We endeavour to provide a respectful service to all our customers and also recognise that the information that we gather about you is important to our business and important to you as well. We don’t always have a direct relationship with all of you and some of the personal information that we hold is supplied to us by energy providers. Where we collect or acquire your personal information, we use it solely to enable us to provide these services.
What sort of personal information do we collect, and how?
An essential part of our services is the receipt of information from energy retailers, meter equipment providers and others to enable us to provide a number of specific services. Typically, this information will be contact details and your address. We may also collect potentially sensitive details such as health information about someone in your home that has a medical dependency that may impact on your power usage or your connection requirements and the property access details.
When we directly provide services to you it will usually be obvious what personal information we collect from you and why. In providing services to you whether through a direct relationship or on behalf of a third party we may also collect information about your property so as keep our staff safe. For example, that you have a dog or a difficult pathway or driveway.
Where we have a direct relationship with you we will collect contact details for you and your property and may also collect credit card and bank account numbers in order to manage billing and payment options that you agree have agreed to.
All of the personal information that we collect enables us to deliver a service to you directly or indirectly and we do not use it for any other purpose unless that further use is permitted by law.
Personal information means any information about an identifiable individual, whether electronic or hard copy. It includes information about our client’s customers, information about our own clients and information about our staff and our contractors who work for us. For example, it may include contact information, demographic and health information, information we generate and acquire in providing our services, such as CCTV footage, photographs, emails and other correspondence.
Automated collection from our website
When you visit our website, we may use automated tools and methods (such as cookies, sessions and website statistics software) to collect certain information about your visit, including:
• the internet protocol address and host name used by your computer to connect to this website;
• the operating system and the browser your computer uses;
• the search engine or inbound hyperlink you used to reach this website;
• the date, time and duration of your visit;
• the pages viewed by you;
We may gather more extensive information if we are concerned, for example, about abnormal website usage patterns or website security breaches.
• personalise your visits to our website;
• enable us to improve the content, reliability and functionality of our website;
• enable you to use certain services or functionality;
• evaluate the effectiveness of the advertising on our website;
• track website usage patterns;
Accepting a cookie will not give us access to any data on your computer other than the data stored in the cookie. You may configure your web browser to not accept cookies, but you may experience a loss of functionality as a result.
Unsubscribing from electronic messages
Where you have requested or authorised us to send you electronic messages (for example, newsletters and information concerning products and services which may be of interest to you) you can request us to stop sending you such messages by taking any one of the following steps:
• using the unsubscribe feature (if present) in any such message;
• contacting us directly on 06 753 0333;
Once we have received your request we will, as soon as is practicable, comply with that request.
How do we use and share your personal information?
For many of you we will share information about your energy consumption with energy retailers to enable accurate and regular billing. We may also share information about your meter status and your payment arrangements to provide continuity of your energy supply. In other relationships, particularly where we are providing electrical services directly to you, the information we hold about you is not routinely shared with others except where we have a regulatory obligation to certify equipment or connections.
The personal information is available to our staff directly delivering the services in all the work that we undertake. We have policies, guidance and training that informs all our employees about the responsibility they have when using your information. We do not tolerate behaviour by our employees that does not meet our expectations for the responsible use and management of your information.
There may be occasions when we share or disclose your information because the law permits or compels us to do so. In these circumstances, we will only share sufficient information that we believe is necessary to satisfy the nature of the request of us. For example,
• When law enforcement agencies serve a search warrant or production order on us.
• When law enforcement agencies request personal information from us when investigating criminal offences. We understand we have a discretion to provide information in these circumstances and we take great care to ensure that the required personal information is relevant and necessary to assist in a valid and ongoing criminal investigation. We realise that we can decline these sorts of requests and we can suggest that the agency acquire a court order in some cases.
• When it is necessary to share information to prevent or lessen a serious threat to the health or safety of any person.
• When we are required by other laws to disclose information.
How do we keep your personal information secure?
All Wells staff have a responsibility to protect the personal information they handle against loss, misuse, unauthorised access, modification or disclosure.
The personal information we collect and acquire may be stored within one or several databases depending on the type of personal information and the ways we need to use it. To compliment systems security, we recognise that our staff need to have strong guidance and training in both good privacy practice and information security. Key safeguards that we have in place include:
• All Wells staff must only access or use personal information – whether within an information system or in hard copy – if it is necessary for a legitimate business purpose connected with their role.
• Access to key systems holding personal information is restricted to only those users with a legitimate business need. This access is logged and monitored, and the access rights of all users are reviewed on a regular basis by the custodians of the system or information.
• We provide annual training and refresher training to our key staff on the management of personal information.
• Where personal information is only available in hard copy form it is stored in a secured location with controlled access.
• Encryption is used to protect personal information held in databases. Any encryption technology is also complemented by our ICT Security policy with access and password controls.
• We have many layers of defence (both physical and systems based) to detect, prevent, respond and recover from potential security breaches that align with industry best practice.
• We also take care to ensure that the personal information we collect is retained within our systems only for as long as we have a lawful purpose to use it. If we need to destroy personal information, we take all reasonable steps to ensure that this is done safely and securely
Can you review the personal information that we hold about you?
All individuals have the right to request a copy of the personal information Wells holds about them, and to ask Wells to correct their personal information if they think it is wrong (these are called “privacy requests”).
We will usually correct information that we hold about you if you point out it is wrong. If, for some reason we are unable to make the correction you ask for, we will let you know the reason why but instead will ask you for a statement of what you wanted to be corrected and we will make sure that statement sits alongside your information.
The easiest way to request a copy of or access to, or correct your personal information is to email us at firstname.lastname@example.org or write to us at PO box 379 New Plymouth. If your request is urgent you could ring us at 06 753 0333.
Please note that you can only request or correct personal information about yourself, unless you have the consent of another person to act on their behalf. We are also obliged to check that you’re who you say you are so that we don’t release information to the wrong persons. This might involve checking your identity documents or verifying your signature. Please understand that we must do this in order to protect your privacy and the privacy of other customers.
We’re required by the Privacy Act to make a decision on your request – and tell you what it is – within 20 working days. However, we’ll usually respond to you more quickly than this. Where we cannot make a decision within 20 working days, we’ll let you know and explain why.
We will be as open as we can with you but sometimes, we might need to withhold personal information, for example where the information is commercially sensitive, legally privileged or includes personal information about someone else. If we withhold information from you, we’ll tell you why.
If you have a concern or a question about your information or you wish to complain about something, we have done with your information please tell us. Our customer service representatives will try their best to assist you with your concerns. If they cannot resolve them for you, they may put you in touch with our Privacy Officer email: email@example.com.
If for some reason we have not been able to resolve your concerns, then you have the right to make a complaint to the Office of the Privacy Commissioner by:
• completing an online complaint form at www.privacy.org; or
• writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.