Privacy Policy

WorkTheory Co. (“we”, “our”, “us”) is committed to protecting your privacy in accordance with the New Zealand Privacy Act 2020 and the Information Privacy Principles. This policy explains how we collect, use, store, and protect your personal information when you use our website or engage our services.

 

1. Who are we

1.1  WorkTheory Co. is a trading name operated by Phillipa Gimmillaro, a sole trader based in Auckland, New Zealand. We provide fractional HR, people strategy, coaching, and consulting services to New Zealand organisations.

1.2 For the purposes of the Privacy Act 2020 (NZ), we are the agency responsible for the personal information we collect. Our Privacy Officer can be contacted at hello@worktheory.co.nz.

 

2. What This Policy Covers
2.1 This policy applies to personal information collected through: (a) our website at worktheoryco.online / worktheory.co.nz; (b) direct enquiries, email, or phone contact; (c) the delivery of our consulting and advisory services; and (d) any other interactions you have with WorkTheory Co.

 

3. Personal Information We Collect
3.1 We collect personal information only where it is reasonably necessary, including: (a) Contact details — name, email, phone, job title, and organisation; (b) Business information — details about your organisation, team structure, or HR challenges; (c) Sensitive information — where relevant to an engagement, including employment history, performance matters, or health and safety matters; (d) Website usage data — including IP address and pages visited; and (e) Communications — records of correspondence and meeting notes.
3.2 We collect personal information directly from individuals where practicable, in accordance with Information Privacy Principle 2 of the Privacy Act 2020.
3.3 We will not collect personal information by unlawful or unfair means.

 

4. How We Use Your Personal Information

4.1  We use personal information for the purposes for which it was collected, including: (a) delivering our consulting, advisory, and coaching services; (b) communicating with you about our services; (c) sending relevant service updates or resources (with your consent where required); (d) maintaining business and financial records; and (e) meeting our obligations under applicable NZ law.

4.2  We will not use personal information for any purpose incompatible with the purpose for which it was collected without your consent.

 

5. Disclosure of Personal Information

5.1  We treat your personal information with confidentiality. We do not sell or rent personal information to third parties.

5.2  We may share personal information with trusted third parties who assist us, including cloud service providers, professional advisers, and government agencies where required by law.

5.3  Where we share personal information with third parties, we take reasonable steps to ensure those parties protect it consistently with the Privacy Act 2020.

5.4  Trans-border disclosure. Where personal information is transferred offshore, we take reasonable steps to ensure it receives comparable protections to those required under the Privacy Act 2020, in accordance with Information Privacy Principle 12.

 

6. Cookies and Website Analytics
6.1 Our website may use cookies and similar tracking technologies to improve your browsing experience and help us understand how the site is used.
6.2 You can control or disable cookies through your browser settings.
6.3 We may use third-party analytics tools (such as Google Analytics) to collect aggregated, anonymised data about site usage.

 

7. Storage and Security

7.1  We take reasonable security measures to protect personal information from unauthorised access, disclosure, alteration, or destruction.

7.2  No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7.3  As a general guide: client contact and business records are retained for 7 years following the end of an engagement; website analytics data is retained for up to 26 months; and other personal information is reviewed annually and deleted or de-identified when no longer needed.

 

8. Notifiable Privacy Breaches

8.1  Under the Privacy Act 2020, we are required to notify the Privacy Commissioner and affected individuals of any privacy breach that is likely to cause serious harm.

8.2  If you believe a privacy breach has occurred involving your information, please contact us immediately at hello@worktheory.co.nz.

 

9. Your Rights

9.1  Under the Privacy Act 2020, you have the right to: (a) Access the personal information we hold about you (Information Privacy Principle 6); (b) Correct any personal information that is inaccurate or not current (IPP 7); and (c) Request deletion of personal information in certain circumstances.

9.2  To exercise these rights, contact our Privacy Officer at hello@worktheory.co.nz  We will respond within 20 working days as required by law.

9.3  If you are not satisfied with our response, you may make a complaint to the Office of the Privacy Commissioner at www.privacy.org.nz or on freephone 0800 803 909.

 

10. Marketing Communications

10.1  We may send you information about our services where you have opted in or where we have a legitimate interest under the Unsolicited Electronic Messages Act 2007.

10.2  You can unsubscribe at any time by contacting us at hello@worktheory.co.nz.

 

11. Updates to This Policy

11.1  We may update this Privacy Policy from time to time. The current version is always available at www.worktheoryco.online / www.worktheory.co.nz   

 

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

Privacy Officer WorkTheory Co.
Email: hello@worktheory.co.nz 
Website: www.worktheory.co.nz   
Location: Auckland, New Zealand