Privacy Policy

Introduction

Skylight Trust complies with the New Zealand Privacy Act 2020 (the Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

Skylight appoints the Director of Operations as the Privacy Officer.

This policy sets out how we will collect, use, disclose, and protect your personal information. This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.

Changes to this Policy

We may change this policy by uploading a revised version onto the Skylight website. Any changes will apply from the date we upload the revised policy.

What Personal Information We Collect

We may collect the following personal information:

• Name

• Email and phone number

• Address

• Ethnicity

• Birthdate

• Professional unique identifiers

• Interactions with us

How We Use Your Personal Information

We use personal information to:

• Confirm your identity

• Provide the services or information you've requested

• Pay accounts or generate invoices

• Investigate and resolve complaints

• Comply with legislative and regulatory obligations

• Perform administrative functions (e.g. accounting, record keeping)

• Ensure data stored or transferred outside NZ meets compliance standards

• Review PCI compliance annually for payment handling

Why This Information Is Collected

• To provide and manage the services you've requested

• For charging, invoicing, and debt collection

• To improve service quality and infrastructure

• To conduct surveys and understand your needs

Disclosing Your Personal Information

We may disclose your personal information:

• For the purpose it was collected (or directly related purposes)

• Where you have authorised disclosure

• As required or permitted by law

Protecting Your Personal Information

We take reasonable steps to protect your information from loss, unauthorised access, or misuse.

Skylight staff receive training on privacy and confidentiality.

Accessing and Correcting Your Information

You have the right to access and request corrections to your personal information. We may require proof of identity before processing such requests.

To exercise these rights, email [email protected]. Reasonable costs may apply for copies or corrections.

Internet Use

We take reasonable steps to secure personal information transmitted online. Skylight provides cyber security training and alerts to staff.

Note: External websites linked from our site have their own privacy policies. We recommend reviewing them before submitting information.

Retention and Deletion of Information

We retain your information only as long as necessary. However, we may need to retain some information (e.g., for legal reasons) for up to 7 years.

Some information may not be deleted even upon request, where required by law.

Privacy Breaches

If we believe a privacy breach has occurred, we will:

• Identify and contain the issue

• Minimise harm

• Notify the Privacy Commissioner (if serious harm is likely)

• Contact affected individuals where appropriate

If you suspect a privacy breach, contact us as soon as possible.

Contacting Us

For questions about this policy or to request access or correction to your data:

Email: [email protected]

Not Satisfied with Our Process?

You can escalate a privacy complaint to:

Office of the New Zealand Privacy Commissioner

• privacy.org.nz

• Email: [email protected]

• Phone: 0800 803 909 (or +64 4 474 7590 from overseas)