Who does this policy apply to?
This policy applies to, but may not be limited to:
-
Past and present VUWTC members
-
Attendees at VUWTC events
-
Visitors to the VUWTC website
-
People who have corresponded with VUWTC
Some parts of this policy are only relevant to some of these groups.
What information we collect and why
We collect personal information to provide VUWTC members software services, run events, administer memberships and club finances, provide information required by third parties to those parties, decide who gets our annual awards (e.g. most events attended), and to interact with and respond to club members and interested parties.
Examples of such personal information include information provided when you fill in forms on our website to register to use it, join our events, post material such as trip reports, make payments, hire gear, etc. If you contact us, we may keep a record of that correspondence. We will keep a record of the events you have attended or withdrawn from and a list of the payments and/or refunds you have received.
We take minutes at committee meetings, annual general meetings, and special general meetings – if you attend these meetings, the minutes may include your name, words, and/or actions. We take minutes to help us remember what we discussed and decided in the meeting.
We may collect, store, and share photos of you at our events for promotional purposes – please see below ‘who we share your information with’. We may collect these photos from you or from other people.
In addition, for the purpose of analysing user trends and internet traffic, we may collect details of your visit to our website, information about your computer, Internet Protocol (IP) address, operating system and browser, etc.
We may combine members’ data to learn more about our membership.
We reserve the right to notify members and our email list of news and other important information via email.
Who we share your information with
Club administrators and committee members have access to all the personal information we hold about you.
If you sign up for an event, event organisers will have access to your user profile, contact information, past events, event sign up information, and so on. Trip leaders will have access to a subset of this information. Either role may pass this information to the Police / Search and Rescue if warranted. This is essential so that the Police / Search and Rescue may respond with the fullest information possible in the event of an emergency.
Club members can see your name if you sign up for an event.
If you use our website’s hut bagging feature, club members can see your name and some general information about the huts you have been to.
If you add an event to our website, anyone including the general public can see your name. Club members can see your email address.
If you become a committee member, we will add your name and profile photo to our website where they can be seen by the public. We do not use your profile photo for any other purpose. You can request that your profile photo be removed.
We will share member information with the University. All member information is held securely within the University Clubs Team, in accordance with the University’s privacy notice. Personalised member information is used for allocation of University funding to clubs. The University also reports on statistical information to the University community, but only after anonymising and aggregating the data first – no individual members will be identified. There are some other circumstances where the University may use or share personalised member information, for example, responding to student health, safety or wellbeing events. These are all outlined in the University’s privacy notice. Additionally, VUWTC must supply the minutes of our Annual General Meetings to the university – if you attend these meetings, the minutes may include your words or actions.
The club often shares accounts of its activities, with photographs, on its website, social media, annual magazine, at its meetings, and through other media. This may include the names of participants. We do this to promote our club. Your membership is agreement to this, unless you advise the club in writing that you do not agree. You can request that your name and/or image be omitted from all publications by advising the Privacy Officer, or from individual articles by advising the trip organiser(s). In such cases, your first name may still be used in the article. An “all publications” opt out will expire unless explicitly renewed when you renew your annual subscription.
If you are a committee member, we may share your contact information with Federated Mountain Clubs.
Apart from the instances listed in this policy, we will not disclose your personal information to third parties unless:
-
you authorize us to, or
-
we are required to by law, or
-
we are required to do so to fulfil agreements with third parties that are essential for completing a process (e.g. payment processing).
Third party software
We offer third party authentication services via Google and Facebook login. If you decide to use these services to sign up or login, we receive and store your email and name from Google or Facebook. We also receive and store your profile image if specifically requested by you when updating your profile on this website. Your profile photo is only used for one thing: if you become a committee member, we put it on our committee page on our public website.
We have implemented Google’s reCAPTCHA v2 on our site to help protect our services from bots and spam. Our use of reCAPTCHA v2 is subject to Google’s Privacy Policy and Terms of Use. We do not use reCAPTCHA for any other purpose.
We use Stripe payment processing for all online card payments. Your card details are not stored on, nor transmitted via this site and are handled entirely over secure channels between Stripe and your browser. You are encouraged to read their privacy policy here and find out more about their security here.
We use Google Analytics and related tools to analyse how the VUWTC website is used. Google Analytics uses what are known as ‘cookies’: text files placed on users’ computers to collect standard internet log information and visitor behaviour information in an anonymous form. Cookie information is transmitted to Google and used to evaluate and to produce statistics about website activity.
We will not use (nor allow third parties to use) such tools to track or collect any Personally Identifiable Information (PII) of visitors to our website. We will not associate any data gathered from our site with any PII from other sources, unless you explicitly submit that information via a fill-in form on our website.
Links to other sites
In the event that VUWTC provide links to other websites, we take no responsibility for their content or privacy policies. Users are encouraged to read their terms of use and privacy policies before opening any links.
Your rights and who to contact
The club’s Privacy Officer is the Secretary. Please contact the Secretary if you have any concerns about our use of personal information.
You are encouraged to review and update your personal information, as appropriate, at any time. You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong.
To request deletion of your personal data, please email dev@vuwtc.org.nz from the email address associated with the account you wish to delete.
Data storage
We will store your personal information on servers located at approved locations. Data will be stored indefinitely and used for the purposes described in this policy.
We strive to keep users’ personal information as secure as possible. However, as it’s impossible for any exchange of data to be completely secure, all transmissions of data are at users’ own risk.
General Data Protection Regulation (GDPR)
The EC issued a formal decision recognizing New Zealand’s legal standards as being sufficient for Article 25(2) of European Union (EU) Directive 95/46/EC: that is that New Zealand’s law provides an “adequate level of data protection”. The shorthand often used is that New Zealand has “EU adequacy” or is “an adequate third country”. While VUWTC's compliance with New Zealand’s privacy legislation is therefore sufficient, it is expected that New Zealand’s privacy legislation will continue to be developed and align more and more closely with the GDPR. VUWTC will continue to improve its alignment with the principles of both New Zealand legislation and the GDPR.
Changes to this policy
We reserve the right to amend this privacy policy at our discretion at any time by displaying an amended version.