Privacy Policy

Last updated: 5 May 2026

1. Introduction

CharityData NZ ("we", "us", "our") is a charity transparency platform that aggregates publicly-available information about registered New Zealand charities and the named individuals who serve as their trustees, officers, and executives. This page explains how we handle that information under the New Zealand Privacy Act 2020.

The full editorial floor — including our source authority, tier-aware remuneration visibility, search-engine indexing rules, and right-of-reply pathways — is set out on our Data Principles page. This privacy policy is the legal companion to that document.

2. Information we publish about charity trustees, officers and executives

We publish profile information about named individuals who serve in registered-charity governance and management roles. This is personal information under the Privacy Act 2020, and our publication of it is subject to the Act. The information is sourced from the New Zealand Charities Register and other publicly-available publications, and our republication relies on the "publicly available publication" exception in Privacy Act 2020 sections 7 and 22 (IPP 11(e)(iii) / IPP 12(d)). The Charities Register is a public register established under Charities Act 2005 §25, and key-management remuneration disclosure is required by PBE IPSAS 1 (Tier 1/2) and PBE SFR-A (Tier 3).

The categories we publish include name, role, charity, appointment and resignation dates, biographical material voluntarily published by the charity, executive remuneration (subject to tier-aware visibility — see Data Principles), board-meeting attendance, and cross-platform governance roles. We do not publish home addresses, personal email addresses, personal phone numbers, dates of birth, or photographs of minors. The full list of categories we always remove on request is on the Data Principles page.

3. Information we collect about visitors and account holders

3.1 Information you provide

Separately from the published-subject information above, we may collect personal information that you voluntarily provide, including:

  • Account information (email address, display name) when you sign in
  • Subscription information (Stripe customer ID, subscription status) when you take a paid plan; payment details are processed directly by Stripe and not stored on our servers
  • Any feedback, dispute, or correspondence you send to us

3.2 Automatically collected information

When you visit our website, we may automatically collect:

  • Device and browser information
  • IP address and approximate location
  • Pages visited and time spent on site
  • Referring website or search terms

This information is collected through cookies and similar technologies to help us understand how our Service is used and to improve user experience.

4. How we use information

We use the information we collect to:

  • Operate, maintain and improve the Service
  • Maintain the public charity transparency record described in section 2
  • Respond to your enquiries, support requests, and dispute / right-of-reply submissions
  • Analyse usage patterns to improve our Service
  • Detect and prevent technical issues or abuse
  • Comply with legal obligations

5. Disclosure of information

We may share visitor and account-holder information in the following circumstances:

  • With your consent
  • To service providers (Supabase, Stripe, Netlify, Sentry, Anthropic) who assist us in operating the Service, subject to confidentiality obligations
  • To comply with legal obligations or valid legal process
  • To protect our rights, privacy, safety, or property

We do not sell visitor personal information to third parties.

Note:the published-subject information described in section 2 is itself published to the public via charitydata.co.nz; that publication is the purpose for which the information was collected, and is the "disclosure" permitted by IPP 11(e)(iii).

6. Data security

We implement reasonable security measures to protect personal information from unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure.

7. Your rights under the Privacy Act 2020

Under the Privacy Act 2020 you have the right to:

  • Access the personal information we hold about you (IPP 6)
  • Correct inaccurate personal information (IPP 7)
  • Submit a right-of-reply for any data point we have published about you
  • Request removal of personal data that is not statutorily-public-by-design
  • Complain to the Office of the Privacy Commissioner if you believe we have breached your privacy

The fastest way to exercise these rights is the public dispute & right-of-reply form, which goes to our editorial review queue with a 5-business-day response target. Alternatively, email hello@charitydata.co.nz.

8. Third-party links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

9. Cookies

We use cookies and similar tracking technologies to enhance your experience on our Service. Essential cookies are required for authentication and basic functionality. Analytics cookies (Google Analytics with IP anonymisation) are loaded only after consent. You can control cookies through your browser settings.

10. Children’s privacy

Our Service is not directed at children under 16. We do not knowingly collect personal information from children under 16, and we do not knowingly publish profile information about minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with an updated "Last updated" date.

12. Contact us

Privacy and data-protection enquiries: hello@charitydata.co.nz

General contact: hello@charitydata.co.nz

You may also contact the Office of the Privacy Commissioner:
Website: privacy.org.nz
Phone: 0800 803 909

Indirect-collection notice (Information Privacy Principle 3A)

Required disclosure under the Privacy Act 2020, in force from 1 May 2026.

This notice satisfies the indirect-collection disclosure duty in IPP 3A for personal information we collect about registered-charity officers, executives, trustees and grant recipients from public registers and other publicly-available publications. Where the source information is publicly available, the IPP 3A "publicly available information" exception also applies; we publish this notice in addition, so that every data subject knows what we hold and how to access or correct it.

(1) The fact of collection

CharityData NZ collects personal information about the individuals named above and republishes it on CharityData (charitydata.co.nz) for the purpose described in (2) below.

(2) Purpose of the collection

To provide a searchable, cross-referenced governance and transparency record for journalists, funders, regulators, researchers, and the wider public; to support the regulatory and statutory disclosure regimes listed in (5) below; and to operate the commercial subscription products described on the site.

(3) Intended recipients

The general public via CharityData (charitydata.co.nz); verified researchers and Pro-tier subscribers via gated access for higher-detail disclosures; the Office of the Privacy Commissioner, Charities Services, the Financial Markets Authority, the Companies Office, and other regulators on lawful request; our service providers (Supabase, Netlify, Stripe, Sentry, Anthropic) acting under confidentiality obligations.

(4) Agency name and address

CharityData NZ, publisher of CharityData (charitydata.co.nz). Privacy contact: hello@charitydata.co.nz.

(5) Lawful authority for collection

We rely on the "publicly available publication" exception in sections 7 and 22 of the Privacy Act 2020 (IPP 11(e)(iii) and IPP 12(d)) for republication of information that is already on a statutory public register or has been voluntarily published by the data subject or their organisation. The specific source registers and statutory regimes are:

  • Charities Register (Charities Services / Department of Internal Affairs)
    Charities Act 2005 §25
  • Charity annual returns and audited statutory accounts
    Charities Act 2005 §41–42; PBE IPSAS / SFR-A / SFR-C reporting standards
  • Companies Office (NZBN, director and shareholder records, beneficial-ownership data)
    Companies Act 1993 §215; NZBN Act 2016
  • Department of Internal Affairs Class 4 gaming-trust grant disclosures
    Gambling Act 2003 §111
  • Government Electronic Tenders Service (GETS) and government contract registers
    Government Procurement Rules 2019
  • MFAT, Ministry of Justice and FIU sanctions and regulatory-action lists
    United Nations (Sanctions) Acts; AML/CFT Act 2009
  • Charity websites, leadership pages and other publications voluntarily published by the charity
    Voluntary publication by the data subject or their organisation
(6) Your right to access and correct

Under IPP 6 you may request access to the personal information we hold about you, and under IPP 7 you may request correction. The fastest route is the public dispute & right-of-reply form, which goes to our editorial review queue with a 5-business-day response target. Alternatively, email hello@charitydata.co.nz. The full editorial floor — including categories of personal data we always remove on request, the search-engine indexing policy, and the right-of-reply pathway for disputed inferences — is set out on our Data Principles page.

If you believe our handling of your personal information falls short of the Privacy Act 2020, you may also raise a complaint directly with the Office of the Privacy Commissioner at privacy.org.nz or 0800 803 909.