Privacy & Data Rights¶
| Domain ID | D10 |
| Owner | Data Protection Officer / Privacy Officer |
| Jurisdiction | NZ + AU |
| Applicability | Platform — Platform handles PII governance, consent management (MOD-049), and data retention enforcement across SD07. In Track 2 the platform processes tenant customer data under data processing agreements. |
Collection, use, storage, and disclosure of personal information under NZ and AU privacy legislation.
Data breach notification¶
AU: Eligible data breach must be reported to OAIC and affected individuals as soon as practicable (Notifiable Data Breaches scheme). NZ: Privacy Act 2020 requires notification of privacy breaches that cause or are likely to cause serious harm.
Policies¶
| Code | Policy name | Status |
|---|---|---|
| PRI-001 | Privacy Policy | Draft |
| PRI-002 | Data Breach Response Policy | Draft |
| PRI-003 | Personal Information Retention & Destruction Policy | Draft |
| PRI-004 | FATCA & CRS Compliance Policy | Draft |
| PRI-005 | Privacy Impact Assessment Policy | Draft |
| PRI-006 | Customer Data Access & Correction Policy | Draft |
Policies in this domain¶
| Code | Title | Status | Owner |
|---|---|---|---|
| PRI-001 | Privacy Policy | Draft | Privacy Officer |
| PRI-002 | Data Breach Response Policy | Draft | Privacy Officer |
| PRI-003 | Personal Information Retention & Destruction Policy | Draft | Privacy Officer |
| PRI-004 | FATCA & CRS Compliance Policy | Draft | Chief Financial Officer |
| PRI-005 | Privacy Impact Assessment Policy | Draft | Privacy Officer |
| PRI-006 | Customer Data Access & Correction Policy | Draft | Privacy Officer |
Compiled 2026-05-22 from source/entities/risk-domains/D10.yaml