Freephone (0800) 53 00 00
Family StoresDonate
Family StoresDonate

About Us

Privacy Policy

Contents

Privacy Principles and Responsibilities

The Salvation Army (TSA) is committed to promoting and protecting individual privacy in relation to the collection, storage, use, access to, correction, and disclosure of personal information, in accordance with the Privacy Act 2020.

The protection of personal privacy is integral to The Salvation Army in fulfilling its role as an employer and providing good client service, and it is the responsibility of all staff who hold or work with personal information about staff and clients.

Personal Information

Information (no matter how it is stored) is personal information if the individual can be identified from that information. The information does not need to name the individual, as long as they are identifiable in other ways, such as their home address. The format can include notes, emails, recordings, photos and scans (soft and hard copy).

Principle 1: Purpose for Collection of personal information

Organisations must only collect personal information if it is for a lawful purpose connected with their functions or activities, and the information is necessary for that purpose.

Principle 2: Source of personal information

Personal information should be collected directly from the person it is about. The best source of information about a person is usually the person themselves. Collecting information from the person concerned means they know what is going on and have some control over their information.

It won’t always be possible to collect information directly from the person concerned, so organisations can collect it from other people in certain situations. For instance:

  • if the person concerned authorises collection from someone else
  • if it’s necessary to uphold or enforce the law
  • if the information is collected from a publicly available source
  • if collecting information from the person directly would undermine the purpose of collection.

Principle 3: What to tell an individual

Organisations should be open about why they are collecting personal information and what they will do with it.

When an organisation collects personal information, it must take reasonable steps to make sure that the person knows:

  • why it’s being collected
  • who will receive it?
  • whether giving it is compulsory or voluntary
  • what will happen if the information isn’t provided.

Sometimes there may be good reasons for not letting a person know about the collection – for example, if it would undermine the purpose of the collection, or it’s just not possible to tell the person.

Principle 4: Manner of Collection of personal information

Personal information must not be collected by unlawful, unfair or unreasonably intrusive means. When an organisation collects information about a person, it has to do so in a way that is fair and legal.

What is fair depends a lot on the circumstances. Threatening, coercive, or misleading behaviour is likely to be considered unfair. If you break a law when collecting information, then you have collected information unlawfully.

What is reasonable also depends on the circumstances, such as the purpose for collection, the degree to which the collection intrudes on privacy, and the time and place it was collected. 

You need to take particular care when collecting information from children and young people. It may not be fair to collect information from children in the same manner as you would from an adult.

Principle 5: Storage and Security

Organisations must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse, or disclosure of personal information.

Principle 6: Access to personal information

People have a right to ask for access to their own personal information.

Generally, an organisation must provide access to the personal information it holds about someone if the person in question asks to see it.

People can only ask for information about themselves. The Privacy Act does not allow you to request information about another person unless you are acting on that person’s behalf and have written permission.

Principle 7: Correction of personal information

Principle 7 states that a person has a right to ask an organisation or business to correct information about them if they think it is wrong.

If an organisation does not agree that the information needs correcting, an individual can ask that an agency attach a statement of correction to its records, and, if reasonable, the agency should do so.

Principle 8: Accuracy of personal information

An organisation must check before using or disclosing personal information that it is accurate, up to date, complete, relevant, and not misleading.

Principle 9: Retention of personal information

An organisation should not keep personal information for longer than it is required for the purpose it may lawfully be used.

Principle 10: Limits on use of personal information

Organisations can generally only use personal information for the purpose it was collected, and there are limits on using personal information for different purposes.

Sometimes other uses will be allowed, such as if the new use is directly related to the original purpose, or if the person in question gives their permission for their information to be used in a different way.

Principle 11: Disclosure of personal information

An organisation may generally only disclose personal information for the purpose for which it was originally collected or obtained. Sometimes other reasons for disclosure are allowed, such as disclosure for a directly related purpose, or if the person in question gives their permission for the disclosure.

For instance, an organisation may disclose personal information when:

  • disclosure is one of the purposes for which the organisation got the information
  • the person concerned authorises the disclosure
  • the information is to be used in a way that does not identify the person concerned
  • disclosure is necessary to avoid endangering someone’s health or safety
  • disclosure is necessary to uphold or enforce the law.

Principle 12: Cross-border disclosure

Principle 12 sets rules around sending personal information to organisations or people outside New Zealand (cross-border disclosure).

A business or organisation may only disclose personal information to another organisation outside New Zealand if the receiving organisation:

  • is subject to the Privacy Act because they do business in New Zealand
  • is subject to privacy laws that provide comparable safeguards to the Privacy Act
  • agrees to adequately protect the information, e.g. by using model contract clauses.
  • is covered by a binding scheme or is subject to the privacy laws of a country prescribed by the New Zealand Government.

If none of the above criteria apply, a business or organisation may only make a cross-border disclosure with the permission of the person concerned. The person must be expressly informed that their information may not be given the same protection as provided by the New Zealand Privacy Act.

Principle 13: Unique Identifiers

An organisation can only use unique identifiers when it is necessary and cannot assign a unique identifier to a person if that unique identifier has already been given to that person by another organisation.

Organisations must take reasonable steps to protect unique identifiers from misuse. 

Unique identifiers are individual numbers, references, or other forms of identification allocated to people by organisations, such as driver’s licence numbers, passport numbers, or IRD numbers. 

Compliance

The Salvation Army acknowledges and accepts the principles and responsibilities embodied in the Privacy Act 2020, and, in relation to its provision of health care services (for example, but not limited to, Addictions and Homecare Services), the Health Information Privacy Code 2020 and the Health (Retention of Health Information) Regulations 2020. (For more information regarding these services, refer to the Addictions and Homecare Privacy Policies, which are tailored to those respective services.)
 
The Salvation Army policy and procedures for responding to requests for personal information, dealing with complaints under the Privacy Act, and managing breaches of privacy are to be found in The Salvation Army Human Resources Manual.

Privacy information around donations and supporters

For Donors and Supporters of the work of The Salvation Army this information outlines how your details are kept and used for appeals and Salvation Army fundraising activities by the Supporter Engagement and Fundraising department.

Purpose of Collection

The Supporter Engagement Fundraising department of The Salvation Army is committed to upholding the principles of the Privacy Act 2020, particularly Privacy Principle 1 – Purpose of Collection. We collect personal information from supporters, donors, and stakeholders solely for purposes that are directly related to our charitable and fundraising activities.

These purposes include:

  • Managing donations and issuing tax receipts
    We collect personal details such as name, contact information, and donation history to process contributions, issue tax-deductible receipts, and maintain accurate financial records.
  • Engaging with supporters
    We use personal information to communicate with supporters about our mission, campaigns, events, and opportunities to contribute further. This includes newsletters, impact updates, and invitations to participate in fundraising initiatives.
  • Improving fundraising effectiveness
    Information may be used to analyse supporter engagement, tailor communications, and enhance the relevance and effectiveness of our fundraising strategies.
  • Compliance and accountability
    We collect and retain information to meet legal obligations under the Income Tax Act and other applicable legislation, and to ensure transparency and accountability in our fundraising operations.
  • Third-party service providers
    In some cases, personal information may be shared with trusted third-party providers who assist us in carrying out fundraising functions (e.g., mailing houses, payment processors). These providers are contractually bound to protect your information and use it only for the intended purpose. Any third-party partners used are bound by the Principles of the Privacy Act 2020, including Principle 12 Disclosure outside of New Zealand, along with a robust Privacy Impact Assessment conducted by The Salvation Army’s Privacy Officer.

We will not collect personal information unless it is necessary for one or more of these lawful purposes. Where practicable, we will collect information directly from the individual concerned and ensure they are informed of the purpose of collection, how the information will be used, and their rights under the Privacy Act.

If you have any questions or concerns about how your personal information is collected or used, please contact our Privacy Officer via the TSA Privacy SharePoint page or email privacy@salvationarmy.org.nz.

Gift in Wills / Legacy Planning

Purpose of Collection

The Salvation Army’s Supporter Engagement Fundraising team collects personal information from individuals who choose to leave a gift in their Will or make a bequest. This collection is guided by Privacy Principle 1 of the Privacy Act 2020, which requires that personal information be collected only for lawful purposes connected with our functions and activities, and only when necessary for those purposes.

We collect personal information for the following purposes:

  • Legacy Planning and Donor Engagement
    To facilitate and honour gifts in Wills, we collect contact details, donor intentions, and estate-related information. This enables us to engage meaningfully with supporters, provide guidance, and ensure their wishes are accurately recorded and respected.
  • Legal and Financial Administration
    Personal information is used to administer bequests, liaise with executors and legal representatives, and ensure compliance with legal obligations related to estate management and charitable giving.
  • Recognition and Stewardship
    Where consent is provided, we may acknowledge bequest donors publicly or privately and share updates on the impact of their legacy. This helps foster transparency and appreciation.
  • Service Delivery and Impact Reporting
    Gifts in Wills support a wide range of services including housing, foodbanks, financial mentoring and social work. We may use donor data to report on the outcomes and reach of these services, ensuring accountability and demonstrating the value of legacy giving.
  • Data Protection and Security
    All personal information is stored securely, including encrypted backups where applicable

We do not collect personal information unless it is necessary for one or more of these purposes. Where practicable, we collect information directly from the individual or their authorised representative, and we ensure they are informed of the purpose, use, and their rights under the Privacy Act.

If you have questions or wish to update your preferences, please email our Supporter Engagement and Fundraising department on sef@salvationarmy.org.nz to be put in touch with your local Gift in Wills Team member.

Useful link to other information about Gift in Wills can be found here: https://wordpressmu-1262268-4563380.cloudwaysapps.com/help-us/gift-your-will/

If you have any questions or concerns about how your personal information is collected or used, please contact our Privacy Officer via the TSA Privacy SharePoint page or email privacy@salvationarmy.org.nz.