Privacy Policy

Last updated: 12 December 2025

1. Purpose and Scope

1.1 About this Policy

This Privacy Policy explains how Bowel Cancer New Zealand Incorporated (BCNZ, we, us, our) collects, uses, stores, discloses, and protects personal information. This Policy applies to all users of our website at bowelcancernz.org.nz, our support services, fundraising platforms, events, digital tools including our chatbot, and any other interactions with BCNZ.

1.2 About BCNZ

BCNZ is a registered charitable organisation dedicated to reducing the incidence and impact of bowel cancer in New Zealand through awareness, advocacy, and support services. We are not a healthcare provider and do not provide medical treatment or diagnosis. Our support services, including our nurse support line, provide information, emotional support, and guidance — but are not a substitute for professional medical advice.

1.3 Our Commitment

BCNZ is committed to protecting your privacy and handling your personal information responsibly. We collect and use personal information only where we have a lawful basis to do so and in ways that are fair and transparent.

1.4 Legal Framework

We comply with the Privacy Act 2020 and its Information Privacy Principles, the Health Information Privacy Code 2020 (for health-related information), the Unsolicited Electronic Messages Act 2007, and any other applicable New Zealand privacy legislation.

For more information about privacy law in New Zealand, visit the Office of the Privacy Commissioner at privacy.org.nz.

2. Information We Collect

2.1 Browsing Without Disclosure

Some parts of our Website may be viewed without disclosing personal information. However, certain services (such as registering for events, making donations, requesting callbacks, or using our chatbot) may require you to provide personal information.

2.2 Personal Information

Depending on how you interact with us, we may collect:

  • Identity information: name, date of birth, gender, ethnicity
  • Contact information: postal address, email address, phone number
  • Financial information: donation dates and amounts, payment details (processed securely by our payment providers — we do not store full credit card numbers)
  • Health and medical information: diagnosis details, treatment information, and related personal circumstances (where you choose to share this with our support services)
  • Communications: records of correspondence, survey responses, feedback, and chatbot conversations
  • Event and volunteer information: participation records, emergency contacts, dietary requirements
  • Marketing preferences: communication opt-ins and subscription choices

2.3 Health and Medical Information

Important: BCNZ is a charitable support organisation, not a health agency or healthcare provider. You may share sensitive health information with us when accessing our support services, such as our nurse support line or chatbot.

Health information is treated with the highest level of care under the Health Information Privacy Code 2020. We will only collect it where necessary to provide support, keep it confidential and secure, and not share it without your consent (except where required by law) or use it for marketing.

Sharing health information is always voluntary. Our support nurses and chatbot are not providing medical treatment. If you have medical concerns, please consult your GP or healthcare provider.

2.4 Technical Information

When you visit our Website, we automatically collect IP address and approximate location, device and browser information, pages visited and time spent, and referring websites.

2.5 How We Collect Information

We collect information directly from you (via forms, phone calls, emails, chatbot, or in-person), through our Website and digital platforms, from our support team during services, from third parties you have authorised, and from publicly available sources.

3. How We Use Your Information

We use your personal information to:

  • Provide our support services, including our nurse support line and chatbot
  • Process donations and issue tax receipts
  • Respond to callback requests and enquiries
  • Communicate with you about our work, events, and campaigns
  • Manage event registrations and volunteer coordination
  • Improve our Website and services
  • Conduct research using de-identified data where possible
  • Comply with legal obligations
  • Protect the rights and safety of BCNZ, our staff, and users

4. Our Chatbot

4.1 How the Chatbot Works

Our website chatbot uses artificial intelligence to provide information, answer questions, and help connect you with appropriate support. The chatbot is designed to assist with general enquiries and direct you to resources — it is not a substitute for professional medical advice.

4.2 Information Collected via Chatbot

When you use our chatbot, we collect your conversation messages, session information, and any details you provide (such as callback requests).

Privacy protection: Our system automatically detects and masks personal information (such as email addresses, phone numbers, and health identifiers) before conversations are stored. This means we retain a record of your enquiry without storing sensitive personal details in plain text.

4.3 Session Continuity

Our chat widget stores a session identifier in your browser’s local storage for 24 hours to allow you to continue conversations. This is not used for tracking and is automatically cleared after 24 hours of inactivity.

4.4 Human Support

You can request to speak with a member of our team at any time. Callback requests can be submitted through the chatbot, and our team will contact you during business hours. Our 0800 support line is also available during office hours. Please note we do not offer 24/7 human support.

4.5 Limitations

The chatbot provides general information only. AI systems may occasionally provide incomplete information. For medical concerns or urgent situations, please contact your healthcare provider, call 111, or reach out to our nurse support line directly.

5. Disclosure of Information

5.1 When We Share Information

We do not disclose personal information except as set out in this Policy or with your authorisation. We may share information with service providers who help us operate our services, healthcare providers (with your consent), fundraising partners, legal and regulatory bodies where required, and successor organisations in the event of restructure.

5.2 Service Providers

We work with trusted service providers including our CRM platform, payment processors, email and communication platforms, website hosting providers, and AI technology providers. All providers are contractually bound to protect your information and may only use it for the purposes we specify.

5.3 Overseas Disclosure

Some of our service providers are located overseas or use servers outside New Zealand, including in Australia and the United States. These providers support our:

  • Customer relationship management (CRM)
  • Website and database hosting
  • AI-powered chatbot services
  • Payment processing
  • Email communications

Before disclosing personal information overseas, we take reasonable steps to ensure recipients are subject to privacy laws or contractual obligations providing comparable protection to New Zealand’s Privacy Act 2020. A current list of our overseas service providers and their locations is available on request.

By using our services, you consent to this overseas disclosure where necessary for us to provide our services.

6. Data Security

We implement appropriate measures to protect your personal information, including encryption, access controls, security assessments, staff training, and vetting of third-party providers.

In the event of a privacy breach posing serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required under the Privacy Act 2020.

While we use reasonable safeguards, no internet transmission can be guaranteed completely secure.

7. Data Retention

We retain personal information only as long as necessary:

  • Donation records: 7 years (tax and audit purposes)
  • Health information: 10 years from last contact
  • Chatbot conversations: 180 days, then deleted
  • Callback and engagement requests: 365 days, then personal details removed (record kept for audit)
  • Marketing contacts: Until you unsubscribe
  • Event and volunteer records: 3 years from last activity
  • Website analytics: 26 months (anonymised)

When no longer required, information is securely deleted or anonymised.

8. Cookies and Local Storage

8.1 Cookies

Cookies are small text files placed on your device. We use essential cookies (for website functionality), analytics cookies (to understand usage via Google Analytics), preference cookies (to remember your settings), and marketing cookies (to measure campaign effectiveness).

8.2 Local Storage

Our chatbot uses local storage (not cookies) to maintain your session for 24 hours, allowing conversation continuity. This is cleared automatically after 24 hours of inactivity.

8.3 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. For more information, visit allaboutcookies.org.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

9. Your Rights

9.1 Access

You can request access to personal information we hold about you, including chatbot conversation records.

9.2 Correction

You can request correction of inaccurate or incomplete information.

9.3 Deletion

You can request deletion of your personal information. We will honour requests unless we are required to retain information for legal or operational purposes.

9.4 Opting Out

You can opt out of marketing by clicking unsubscribe in emails, replying STOP to texts, or contacting us directly.

9.5 Identity Verification

We may need to verify your identity before responding to access or deletion requests.

10. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect information from children under 16 without parental consent. If you believe a child has provided us with personal information, please contact us.

11. Third-Party Websites

Our Website may link to third-party sites. We are not responsible for their privacy practices and encourage you to read their policies.

12. Automated Decision-Making

We do not use solely automated decision-making that produces legal effects or significantly affects you. Our chatbot supports — rather than replaces — human decision-making. You can request human review of any decision affecting you.

13. Contact Us

If you have questions, wish to exercise your privacy rights, or have a concern:

Privacy Officer Bowel Cancer New Zealand PO Box 301517 Albany 0752 Auckland, New Zealand

Email: info@bowelcancernz.org.nz
Phone: 0800 226 901

We aim to respond within 20 working days.

14. Complaints

If not satisfied with our response, contact the Office of the Privacy Commissioner:

Office of the Privacy Commissioner PO Box 10-094 Wellington 6143, New Zealand

Phone: 0800 803 909
Website: privacy.org.nz

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified on our Website. The “Last updated” date indicates when it was last revised. Continued use of our services after changes constitutes acceptance of the revised Policy.