Privacy Policy

Introduction

The Dunedin Medical Students' Association for ALM (DMSAA) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and disclose your information in compliance with the New Zealand Privacy Act 2020, the Incorporated Societies Act 2022, and our obligations as a registered charity.

1. Information We Collect

We collect personal information in the following situations:

1.1 Membership Registration

When you sign up as a member, we collect:

  • Name

  • Email address

  • Year group in the medical school

1.2 Event Ticket Purchases

When you purchase tickets for events, we collect:

  • Name

  • Email address

  • Emergency contact details

  • Dunedin-based address (if required for event purposes)

1.3 Store Purchases

When you buy merchandise or other items, we collect:

  • Name

  • Email address

  • Year group in the medical school

  • Delivery address (if shipping is requested)

1.4 Website Data

Our website, hosted on Squarespace, may collect certain data automatically (e.g., cookies or tracking technologies). This may include your IP address, browser type, and interaction with the site.

2. Purpose of Data Collection

We collect your personal information for the following reasons:

2.1 Membership Management

To maintain accurate member records, as required by the Incorporated Societies Act 2022.

2.2 Event Management

To manage event logistics, ensure attendee safety, and comply with venue requirements (e.g., providing attendee names to door security staff).

2.3 Store Transactions

To process and fulfill merchandise orders, including arranging delivery if requested.

2.4 Legal Compliance

To meet legal and administrative requirements as an incorporated society and registered charity.

3. Data Sharing

We do not share your personal information with third parties, except where necessary and reasonable for logistical operations of the association. For example, when hosting an event we may provide event attendee names to door security for them to carry out access control.

4. Data Storage and Security

We securely store personal information using the following systems:

  • SentryLogin: For membership registrations.

  • Stripe: For payment processing.

  • Private Google Drive: For internal records (e.g., membership lists), accessible only to key members of the DMSAA Executive Committee.

We take reasonable precautions to protect your data from unauthorised access, use, or disclosure. Data is retained only as long as necessary for the purposes outlined in this policy.

5. Your Rights

You have the right to:

  • Access the personal information we hold about you.

  • Request corrections to your data.

  • Request deletion of your personal information.

To exercise these rights, please contact us at vicepresident@dmsaa.org. In the event of a data breach, we will notify affected individuals promptly and take necessary remedial actions.

6. Cookies and Website Tracking

Our website may use cookies or tracking technologies as part of its default configuration in Squarespace. These tools help improve website functionality and user experience. For more details or to manage cookie preferences, please refer to Squarespace’s cookie policy.

7. Contact Us

If you have questions or concerns about this Privacy Policy or your personal information, please contact us:

  • Email: vicepresident@dmsaa.org

  • Contact Form: Available on our website

8. Policy Updates

This Privacy Policy is subject to periodic updates to reflect changes in our practices or legal obligations. The most recent version will always be available on our website.

Effective Date: 1st December 2024