We may collect personal information directly from you when you:

a. contact us by phone, email, website form, text message or other communication channel;
b. submit a maintenance request, building enquiry, complaint, incident report or application;
c. interact with our building managers, facilities managers, administration team or contractors;
d. use Active Hub, Onsite, Google Forms, or another platform used by us to manage building or facilities services;
e. attend a building, site meeting, inspection, event or appointment;
f. apply for a job or contract role with us;
g. provide information for health and safety, compliance, access control or contractor onboarding purposes; or
h. otherwise provide information to us in the course of our work.

We may also collect personal information from third parties where it is reasonable and lawful to do so, including:

a. body corporate committees, body corporate managers or property managers;
b. building owners, occupiers, tenants, residents or representatives;
c. contractors, consultants and professional advisers;
d. emergency services or regulatory authorities;
e. publicly available sources; and
f. digital systems used to manage buildings, security, access, compliance, maintenance or communications.

Where practicable, we will collect personal information directly from the individual concerned.

We collect and use personal information for purposes connected with our business and service delivery, including to:

a. provide building management, facilities management, maintenance, cleaning, grounds, compliance and after-hours services;
b. communicate with owners, residents, tenants, committees, contractors, suppliers, body corporate managers and other stakeholders;
c. manage maintenance requests, service tickets, contractor attendance, building access and resident enquiries;
d. administer building systems, including access control, keys, fobs, intercoms, CCTV request processes and security matters;
e. support health and safety obligations, contractor management, incident reporting and emergency response;
f. manage compliance, statutory obligations, insurance-related queries, building records and operational reporting;
g. prepare reports, proposals, service updates, committee papers and operational recommendations;
h. manage accounts, payments, invoicing and financial administration;
i. assess employment, contractor or supplier applications;
j. improve our services, systems, communications, website and customer experience;
k. respond to complaints, disputes, investigations or regulatory requests; and
l. comply with legal, regulatory, contractual and professional obligations.

We will not use personal information for purposes unrelated to our services unless permitted by law or authorised by the individual concerned.

When you visit our website, we may collect limited technical information such as your IP address, browser type, device information, pages visited, time spent on the website and general usage data.

We may use cookies, analytics tools or similar technologies to understand how visitors use our website, improve website performance and support future service improvements.

You can adjust your browser settings to disable cookies, although some website functionality may be affected.

We may send emails, text messages or other electronic communications for service-related, operational, administrative or commercial purposes.

Service-related communications may include building notices, maintenance updates, access instructions, compliance notifications, meeting information, resident communications, contractor updates, emergency communications and other messages connected with buildings or services we manage.

Where we send commercial electronic messages, we will comply with the Unsolicited Electronic Messages Act 2007. In New Zealand, unsolicited commercial electronic messages must not be sent where they have a New Zealand link, and commercial electronic messages must include accurate sender information and a functional unsubscribe facility. (New Zealand Legislation)

The Department of Internal Affairs explains that New Zealand’s anti-spam law applies to commercial electronic messages such as email, fax, instant messaging and TXT messages. (Department of Internal Affairs)

You may unsubscribe from marketing or promotional communications at any time by using the unsubscribe facility included in the message or by contacting us directly. Please note that unsubscribing from marketing communications will not prevent us from sending service-related, operational, compliance, safety or building-management communications where those communications are necessary for the services we provide.

We may disclose personal information where reasonably necessary for the purposes described in this policy, including to:

a. body corporate committees, body corporate managers, property managers, owners or authorised representatives;
b. contractors, suppliers, consultants and service providers engaged to support the operation, maintenance, management or compliance of a building;
c. IT providers, software platforms, cloud storage providers, website hosts, communication platforms and professional service providers;
d. insurers, brokers, lawyers, accountants, auditors or other professional advisers;
e. emergency services, regulatory authorities, councils, government agencies or law enforcement bodies where required or permitted by law;
f. debt collection, payment processing or financial administration providers where reasonably necessary; and
g. any other third party where you have authorised the disclosure or where disclosure is otherwise permitted by law.

Where we engage third-party service providers, we will take reasonable steps to ensure they handle personal information appropriately, confidentially and in accordance with applicable privacy obligations.

Some of the software, cloud storage, communication, support or technology services we use may store or process information outside New Zealand.

Where personal information is disclosed or stored overseas, we will take reasonable steps to ensure that appropriate privacy and security protections apply. This may include using reputable service providers, contractual protections, access controls, data security measures and internal processes to limit unnecessary disclosure.

Under the Privacy Act 2020, New Zealand agencies must consider privacy requirements when disclosing personal information overseas, including whether the overseas recipient is subject to comparable safeguards or appropriate protections.

We may hold personal information in physical and electronic form, including in building records, email systems, cloud-based platforms, property management systems, maintenance systems, contractor management systems and internal business records.

We take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure. These steps may include:

a. password protection and user access controls;
b. multi-factor authentication where available and appropriate;
c. secure cloud platforms and reputable IT service providers;
d. internal policies and staff training;
e. physical security for paper records and site files;
f. limiting access to personal information to those who need it for their role;
g. secure disposal or deletion of information when no longer required; and
h. monitoring and improving our systems, processes and security practices over time.

No method of transmission or storage is completely secure. However, we will take reasonable precautions to protect the personal information we hold.

A privacy breach may occur where personal information is lost, accessed, disclosed, altered or destroyed without authorisation, or where an action prevents us from accessing personal information on either a temporary or permanent basis.

If we become aware of a privacy breach, we will assess the breach and take appropriate steps to contain it, understand its impact and reduce the risk of harm.

If a privacy breach has caused, or is likely to cause, serious harm, we are required to notify the Office of the Privacy Commissioner and any affected individuals as soon as practicable. The Office of the Privacy Commissioner states that organisations are legally required to notify serious privacy breaches and affected persons, with an expectation that notification should generally occur no later than 72 hours after becoming aware of a notifiable breach. (Privacy Commissioner)

You have the right to request access to the personal information we hold about you and to ask us to correct it if you believe it is inaccurate, incomplete, out of date or misleading.

To request access or correction, please contact us using the details below.

We may need to verify your identity before responding to a request. In some cases, we may be permitted or required by law to withhold certain information.

We will retain personal information for as long as reasonably necessary for the purposes for which it was collected, including to provide services, meet legal and contractual obligations, manage disputes, maintain business records, support compliance obligations and protect our legitimate interests.

When personal information is no longer required, we will take reasonable steps to securely delete, destroy or de-identify it.

Some buildings managed by Active may use CCTV, access control, intercom, key, fob, visitor management or other building technology systems. These systems may collect personal information such as images, access records, visitor details, vehicle details or incident-related information.

The ownership, operation and access arrangements for these systems may vary by building and may be controlled by the relevant body corporate, building owner, property manager, security provider or other authorised party.

Where Active has access to such information as part of our role, we will handle it responsibly and only use or disclose it for legitimate building management, safety, security, compliance, operational or legal purposes.

Our website, emails or digital platforms may contain links to third-party websites or services. We are not responsible for the privacy practices, security or content of those third-party websites or services.

We encourage you to review the privacy policies of any third-party platforms you use.

We may update this policy from time to time to reflect changes in our business, systems, services, legal obligations or privacy practices.

The latest version will be available on our website. The date at the top of this policy will indicate when it was last updated.

If you have any questions about this policy, would like to access or correct your personal information, or wish to make a privacy-related complaint, please contact us:

Active Building Management
Website: www.buildingmanagers.co.nz
Email: info@buildingmanagers.co.nz
Phone: (09) 377 8483
Address: 1E/29 Karaka Street, Eden Terrace, Auckland 1021

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner in New Zealand.