Privacy Statement

The Network for Learning (N4L) recognises the importance of protecting your privacy.

This Privacy Statement was last updated with effect from 25th March 2024.

1. Introduction

Overview

1.1 This Privacy Statement explains how N4L may collect, hold, use and disclose information that identifies, or is capable of identifying an individual (referred to as personal information).

2. Who does this Privacy Statement apply to?

2.1 This Privacy Statement applies to you if you use any of N4L’s Services. This may be at a school, through arrangements between N4L and a School or in any other circumstances For example, this Privacy Statement applies to students, teachers, guests, kaitiaki and guardians that use N4L’s services (End Users).
2.2 This Privacy Statement also applies to you if you are a representative of a school or any other organisation (such as a principal, teacher or IT technician) (Organisation Representative) and you provide any personal information to N4L.

3. Does this Privacy Statement apply to schools?

3.1 When personal information is collected by N4L for the sole purpose of providing our Services to a School, N4L only collects personal information about End Users as a custodian on behalf of their School. Accordingly, each School is responsible for ensuring that it complies with the Privacy Act in connection with the collection of personal information about its End Users.
3.2 For example, each School that uses N4L’s Services must ensure that it has obtained authorisation from each End User (or their kaitiaki, parent or guardian) to the collection, use and disclosure of their personal information in accordance with:
  • Part A of this Privacy Statement – Part A applies to all N4L Services; and
  • Part B of this Privacy Statement – Part B only applies if your School uses N4L’s Reporting Services (including reporting via email or MyN4L)
3.3 A School may obtain this authorisation pursuant to its Acceptable Use or ICT Policy. Schools will also collect other personal information, which is unrelated to N4L’s Services and is not covered by this Privacy Statement.

4. What is a custodian?

4.1 In this Privacy Statement, we refer to N4L collecting personal information about End Users as a custodian. This means that, if you are an End User, N4L collects your personal information on behalf of:
  • you, if we are collecting personal information to provide Services directly to you;
  • your School, if we are collecting personal information in order to provide our Services to you and your School; and
  • the Ministry of Education, if you communicate with our Helpdesk about products and services provided by or on behalf of the Ministry of Education.
We will only use your personal information for the purpose of providing our Services (or products and services provided by or on behalf of the Ministry of Education) to you and, if applicable, to your School. In addition, we will only disclose your personal information when we are directed to do so by you (or, if applicable, by your School or by the Ministry of Education). There are some limited exceptions to this, which we have outlined in this Privacy Statement.

5. Any questions?

5.1 Please read this Privacy Statement carefully. By providing N4L with personal information or using our Services, you authorise N4L to collect, hold, use and disclose your personal information in accordance with this Privacy Statement.
5.2 If you have any questions about this Privacy Statement, please email us at the details set out in the Contact Us section below.

6. Updates to this Privacy Statement

6.1 N4L may update this Privacy Statement at any time by posting an updated version of this Privacy Statement on our website. The updated version of this Privacy Statement will take effect immediately after it is posted as the current Privacy Statement (and will then automatically apply to all information that we hold that is subject to this Privacy Statement). We will also take additional steps (or ask your school to take additional steps) to make you aware of the changes, including notifying you directly, if the update is likely to be material to you. You are responsible for reviewing the Privacy Statement published on our website regularly to ensure that you are aware of any updates.

7. Additional rights and obligations

7.1 This Privacy Statement applies in addition to and does not limit, our rights and obligations under the Privacy Act 2020 (as amended or replaced from time to time) (Privacy Act) or any specific authorisation that you provide to us when you interact with us or use our services.
7.2 You don’t have to provide us with any personal information that we ask for. However, if you don’t, we may not be able to provide you with our services.

PART A: ALL SERVICES

1. Collection of personal information

Types of personal information we collect

1.1

The personal information we collect will vary depending on the Services that you use, and your interactions with us. For example, we may collect:

Network Information (relating to End Users)
  • your network user name, for example, your first and last name, school ID or email address
  • information about your device such as its type, browser, IP address, or unwanted programmes on it that communicate over the network such as viruses
  • information about the applications you use and websites you visit (including websites you have tried to visit but have been blocked by our filtering service for security or safety reasons)
Customer Information (relating to Organisation Representatives and End Users)
  • your name, address, telephone numbers, e-mail addresses
  • your job title (if interacting with us on behalf of a school or other organisation)
  • your school ID (if interacting with us on behalf of a school)
  • information relating to your relationship with us, for example, the name of your school or organisation
  • the feedback that you provide (for example, in calls to our helpdesk (see below) or when we visit your school)
Security Information (relating to known or potential Cybersecurity Events)
  • Network Information (as defined above)
  • Customer Information (as defined above)
  • Other types of information for the purposes of providing our Cybersecurity Service (e.g. login logs, email logs, email contents)
  • Security Information is information that pertains specifically to a Cybersecurity Event. It may contain other types of information (e.g. Network Information and Customer Information), but only to the extent that this information is relevant to the Cybersecurity Event.

    This information may only be collected, stored, used and disclosed in the context of dealing with or analysing a known or potential Cybersecurity Event.

1.2 We do not collect any personal information through your use of our website, other than when you actively subscribe to our blog or other publications.

How we collect personal information

1.3 Generally, we collect the personal information that we define as Network Information through End Users’ use of our Services, and we collect the personal information that we define as Customer Information directly from you. Security Information is collected from a variety of internal and external sources, in the process of monitoring for and managing Cybersecurity Events.
1.4 You must not provide us with any personal information about another person without their authorisation, including when you contact our Helpdesk.
1.5 N4L may also collect information through our website through cookies. Cookies are small pieces of information that are stored on a user’s computer. We use cookies to personalise your experience on the website, make it easier for you to navigate our website, and improve your experience by storing your search, posting and application history, and, if applicable, your login details. Cookies can be disabled via your web browser; however, doing so may limit your access to some of our website’s content and features. We may use cookies to track non-personally identifiable information such as usage and volume statistics, for research purposes in order to further develop our website.

2. Use of personal information

2.1 We will only use your personal information for purposes that relate to providing our Services to you and to Schools. For example, we may use your personal information:
  • for the general operation of N4L and our relationship with schools - including providing Schools and End Users with Services
  • to contact you if you need help with any Services that we provide directly to you
  • to manage and improve our Services
  • to coordinate joint services with partner organisations
  • to respond to or investigate incidents that could be harmful to users or that breach our terms of use
  • for any other purpose authorised by you or permitted by law (for example to avoid a serious threat).
2.2 If you have opted-in to communications from us, we may send you newsletters and other marketing information, including by email and other electronic communications.
2.3 If you are an Organisation Representative, we may communicate with you, including by email and other electronic communications, about our services.

3. Disclosure of personal information

We hold personal information as a custodian on behalf of End Users and Schools

3.1 If you are an End User, N4L will only collect and hold your personal information as a custodian on your behalf and if applicable, on behalf of your School. This means that we will only disclose (or enable access to) your personal information when we are directed to do so by you or your School (other than in the limited circumstances set out below). For example, we may provide (or enable access to):
  • information (which includes personal information) about your use of our services to your School, such as browsing activity
  • your personal information to you or your whanau if you request access to the personal information that we hold about you.

We may need to disclose your personal information to respond to a security threat or legal obligation

3.2 The only other circumstances where we may disclose personal information (about End Users and Organisation Representatives) are where we:
  • need to respond to or investigate a breach of our terms of use or a Cybersecurity Event – for example, we may need to share Security Information with The Ministry of Education or security agencies such as Netsafe and CERT NZ; or
  • are permitted or required to disclose information by law – for example, to the Police.

Helpdesk

3.3 If you communicate with our Helpdesk about products and services provided by or on behalf of the Ministry of Education (i.e. that are not covered in our Service Descriptions such as devices), we collect your information on behalf of the Ministry of Education and may disclose it to the Ministry of Education. Please refer to further information in section 5 below.

Aggregated information

3.4 N4L may also use and share information in an aggregated and anonymous form – we will ensure that this information does not identify you or any other individual.
3.5 For example, we may share aggregated and anonymous information with:
  • the Ministry of Education
  • other government departments or agencies
  • our partners, contractors and service providers (including IT services providers), to assist us with the operations of N4L.
3.6 We may share aggregated and anonymous information for the following purposes:
  • Māori data sovereignty – such as sharing information with Māori organisations to help with understanding how data about Māori students can best be used and communicated to tell their stories
  • statistical and research purposes – such as public good research projects by providing anonymised data to university or government researchers who are aiming to understand the impacts of digital technology on student learning
  • Open and Transparent Government Data – such as summarised information about activity across the whole or a part of the Managed Network, and a summary of activity by decile, region and ethnicity.

4. Storage of personal information

Storage and transfer outside New Zealand

4.1 Personal information that we collect is either held by us (refer to the Contact Us section below) or on our behalf. For example, some information we hold will be stored in “the cloud” in secure databases on our behalf by third parties based overseas. The use of these services and the transfer of information overseas (if applicable) will not relieve us of our obligations under the Privacy Act and this Privacy Statement.

Security

4.2 Security of your information is very important to us. We will take reasonable technical and organisational precautions to protect the personal information that we hold and we will only use “cloud” services if we are satisfied that they can meet our privacy and security requirements. However, due to the inherent nature of the internet, we can’t guarantee the security of any information that we collect or that you send to us.

Updates

4.3 We rely on you to update us if your contact details change (please refer to the Contact Us section below).

5. Communicating with our Helpdesk

5.1 If you communicate with our Helpdesk (0800 LEARNING (0800 532 764)), your call may be recorded for our quality, training and dispute resolution purposes.
5.2 If we are asking on the call for your consent to carry out work, the recording may be stored as evidence of that consent.
5.3 If you provide our Helpdesk with any personal information, we will only collect, use and disclose that information for the purpose of dealing with your issue and any future issues that you may have, for our internal quality and training purposes and for any other purpose authorised by you or permitted under the Privacy Act.
5.4 If you are an End User and your issue relates to a service being provided by N4L to your School, our Helpdesk will direct your enquiry to your School - this allows us to ensure that appropriate identity verification is undertaken and we can work with your School to assist them to respond to you.
5.5 If you are an End User and your issue relates to a service being provided by or on behalf of the Ministry of Education (such as devices), we will manage your issue on behalf of the Ministry of Education.

6. Your rights to access your personal information

6.1 Under the Privacy Act, you have the right to request access to and correction of any personal information that we hold about you.
6.2 If you are an End User and your issue relates to a service being provided by N4L to your School, please direct your request to your School - this allows us to ensure that appropriate identity verification is undertaken and that, as a custodian of data, we can work with your School to respond to your request.

7. Other websites

7.1 Our website may provide links to third party websites for your convenience and information. These websites are outside our control and are not covered by this Privacy Statement. If you access other websites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Statement. We are not responsible for the privacy policies or the content of any third party website.

8. Contact us

8.1 If you have any questions about this Privacy Statement, please contact us at:

The Network for Learning

Phone: 0800 LEARNING (0800 532 764)

E-mail: [email protected].

PART B: REPORTING SERVICES

1. About this Part B

1.1 If you are an End User and your School uses the N4L Reporting Services (including MyN4L), you authorise us to collect, use and disclose your personal information, as a custodian on behalf of your School, in accordance with this Part B and to enable your School’s authorised users to access your personal information, in accordance with this Part B. The use of personal information described in this Part B only applies to N4L Reporting Services and does not apply to any other Services provided by N4L.

2. Collection of personal information

2.1 If your School uses our Reporting Services, we may collect the personal information set out in Part A: General Services of this Privacy Statement. More of this data will be collected and it will be retained for longer than set out in Part A: All Services of this Privacy Statement.

3. Use of personal information

3.1 If your School uses our Reporting Services, we may use your personal information for the purposes set out in Part A: All Services of this Privacy Statement. We may also use your personal information to report on the usage of our Services by End Users (such as browsing activity) to authorised individuals within your School (e.g. School leadership and IT professionals who aid in the delivery of IT services at your School).

4. Disclosure of personal information

4.1 If your School uses our Reporting Services, we may disclose your personal information to the parties set out in Part A: All Services of this Privacy Statement.

5. Access to personal information

5.1 If your School uses our Reporting Services, authorised representatives (e.g. School leadership and IT professionals who aid in the delivery of IT services at your School) may be able to access other personal information as part of its management of your School’s online environment. Your School will notify you about its practices in its relevant policies (such as its Privacy, Acceptable Use or ICT Policy).