This privacy statement explains how the Ministry of Education’s Pourato resourcing application collects, stores, uses and shares your personal information.

Openness and transparency are important to us. The Privacy Act 2020 requires us – like any other New Zealand agency – to tell you certain things about the personal information we need to carry out our functions. This is where we explain our privacy practices and why you can trust us to handle your information with care and respect.

Here are the general privacy principles we apply in Pourato:

• We only collect personal information where this is necessary to carry out our functions under the Education and Training Act 2020
• We may collect personal information about you either directly from you or from other people or agencies, and we may generate personal information about you when we carry out our functions
• We store all our data (including your personal information) on a secure accredited cloud platform. We protect our data with all reasonable technical and process controls
• You can ask us for a copy of your personal information at any time. We will be as open as we can with you but must also ensure we meet our secrecy obligations
• We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law

If you cannot find the information you need, to request a copy of your personal information, or if you have concerns about the way we are managing your personal information, then please contact us at any time: pourato@education.govt.nz.

Ministry of Education: Protecting the privacy of individuals

Education providers are responsible for ensuring that information collected about individuals is kept private in accordance with the Privacy Act 2020. This includes information like names, date of birth and addresses. Education providers should make sure that any hard copies of a child, student, or teacher’s personal information are kept in a secure location.

Personal information is subject to extensive information privacy controls including vetting information storage providers, secure transmission of data, auditing of access to personal information, restricting access to personal information to only Ministry authorised users. Ministry staff must undertake training in the information privacy principles embedded in the Privacy Act 2020, are required to report privacy breaches to Ministry privacy officers and are subject to a strictly enforced Code of Conduct, which states that misuse or disclosure of official information, which includes all personal information, could result in disciplinary action.

You have the right to ask for a copy of any personal information we hold about you or your staff, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your or your staff’s information, or to have it corrected, please contact us pourato@education.govt.nz.

Ministry staff are authorised to have access to this information for the purpose of resourcing, and for educational research, statistics, monitoring, and reporting to Government and the public. 

Education Provider: Resourcing Requests

This section explains how we collect, use, and share personal information when we are carrying out our resourcing application processing functions.

The personal information we have already collected from you in other Ministry systems such as FIRST, ORS-V, ELI is used to establish eligibility for core funding and staffing entitlements. This can include

• Teacher/Student names
• Contact information
• Teacher employee numbers
• Student National Student Number
• ORS-V application information (including Student learning needs)

We collect additional information from education providers when education providers voluntarily request or apply for on demand or non-core funding, staffing and other resources from the Ministry.

This information supports the auditing, management, and operation of education resourcing functions in the Ministry of Education including the responsible use of public money and equitable distribution of government resources.

Besides our Ministry staff and organisations such as Educational Payroll Ltd, we do not share this personal information with other service providers or the public. If you choose not to provide any of the above information, we will be unable to assess or provide the required funding. 

We strongly advise that education providers put in place appropriate processes to ensure that the privacy of personal information within Pourato is maintained, and consent is obtained from individuals when you make resourcing applications in which private information is supplied with requests for funding and staffing.

Storage and Security

We use third party providers to store and process our data.

We store most of the personal information we collect and generate electronically on Microsoft Azure cloud servers located in Australia. We also use Microsoft Office 365 for our email and other office productivity applications. This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand. We may use other accredited service providers. Each provider has its own privacy statements. Contact us if you have any concerns.

We retain personal information in relation to core funding and staffing in compliance with the requirements of the Public Records Act 2005. 

This is typically eight years before it is destroyed.

We retain personal information related to education service provider funding and staffing requests for 2 years after the request is processed. After that the data is purged.

Security

We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage and disposal of any protectively marked or security classified information.

We ensure that our third-party data processors can meet our privacy and security requirements. We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf.