Header background

Privacy Policy

1. Our Commitment to Privacy

Tribe Group respects your privacy and is committed to protecting your personal information in accordance with the Privacy Act 2020 (NZ). We are also committed to upholding Māori Data Sovereignty principles in accordance with Te Tiriti o Waitangi.

This policy outlines how we collect (both directly and indirectly), use, store, share, and protect your personal information, including how we use AI responsibly and how we notify you when information is collected about you from third-party sources.

2. Who We Are

We are a recruitment business. We collect personal data from:

Candidates (permanent, contract, or temporary)

Clients and prospective clients

Suppliers and service providers

Tribe Group employees and contractors.

Our contact details are: knowledge@tribegroup.com | +64 9 557 1385

3. What Personal Information We Collect

We collect information directly from you through interviews, application forms, our websites, emails, phone calls, and other direct interactions. This may include:

Contact information (name, email, phone, address)

CVs, work history, qualifications, and references

Immigration documents and confirmation of your right to work in New Zealand

Identification documents such as driver's licence or passport

Background checks (criminal, credit, education)

Professional online profiles (e.g. LinkedIn)

Financial information (if relevant to payment or contracts).

If you do not provide requested information, we may be unable to progress your application or deliver services.

Indirect Collection from Third Party Sources

In addition to information collected directly from you, we sometimes collect personal information about you from third-party sources. This happens where a third party has referred your details to us, or where we have sourced information about you from a publicly available or independent source.

Sources from which we may indirectly collect your personal information include:

Former employers and professional referees (for reference checks)

Background check and verification providers (criminal, credit, education)

Credit reporting agencies

Immigration and regulatory authorities (to verify your right to work)

Publicly available professional profiles (e.g. LinkedIn, company websites)

Clients who refer or introduce candidates to us

Your right to be informed

When we collect your personal information from a third-party source, we will take reasonable steps to ensure you are aware of:

• The fact that we are collecting your information and from whom

• The purpose for which we are collecting it

• Your right to access and correct your information

• Our identity as the collecting and holding agency

In many cases, this notification is provided through this Privacy Policy (for example, where a client has referred your details to us, or where we have sourced your public profile). Where you have authorised a collection yourself (for example, by providing a referee’s contact details), you will already be aware of it. Where required, we will also notify you directly.

When Information Is Not Provided

If you do not provide requested information, we may be unable to progress your application or deliver services to you.

4. How We Use Your Data

We use your data to:

Provide recruitment and career services

Match candidates to job opportunities

Fulfil contractual and legal obligations

Communicate job-related updates or events

Improve services through technology, including AI.

Our lawful bases for processing include legitimate interests, contractual necessity, consent, and legal obligations.

5. Māori Data Sovereignty

Tribe Group acknowledges Te Tiriti o Waitangi and upholds the principles of Māori Data Sovereignty. We recognise that Māori data is a taonga and that Māori have the right to exercise authority and control over data relating to Māori, as individuals and as collectives.

Where we collect or process data related to Māori candidates, clients, or communities, through our Tau Mai or Tribe brands. We commit to:

Consultation: Engaging with Māori stakeholders when designing or implementing data practices that significantly involve Māori data

Protection: Treating Māori personal and cultural data with care, recognising it may carry spiritual, cultural, and collective significance

Ownership and Control: Supporting the principle that Māori data should be governed by Māori and used in ways that benefit Māori communities

Transparency: Clearly communicating how Māori data will be collected, used, and stored

Access and Redress: Enabling Māori individuals to access their data and to raise concerns or objections where appropriate

Data Storage and Breach Response: Ensuring Māori data is stored securely, and that any breaches involving Māori data are addressed promptly, respectfully, and with consideration for both the individual and the collective impacted.

This approach aligns with the principles of Te Mana Raraunga and is consistent with our commitment to cultural respect, inclusion, and equity in recruitment.

6. Use of Artificial Intelligence (AI)

We use AI tools (e.g. CV parsing, candidate-job matching, communication assistants) to improve recruitment efficiency and experience. These tools:

Are used under human oversight

Do not make legally binding or automated decisions without review

Enhance, but do not replace, consultant judgment.

You have the right to object to the use of AI in your individual case, where appropriate.

Our legal basis for AI use is legitimate interest or contractual necessity, depending on context.

7. Sharing Your Information

We may share your personal information with:

Clients (for recruitment and interview purposes)

Compliance and background check partners (e.g. criminal record, credit history, or education verification services)

Payroll and financial service providers

IT and cloud storage service providers (e.g. email, CRM, or database platforms)

Marketing and event management partners

Legal, financial, and regulatory bodies where disclosure is required.

Data Processors vs. Independent Third-Party Sources

Some third parties act as data processors on our behalf — that is, they handle your data only under our instruction (for example, our CRM provider or email platform). Others are independent sources from whom we may collect information about you (for example, a credit reporting agency, a referee, or a former employer). For collections from independent third-party sources, our notification obligations as described in Section 3 above apply.

International Transfers

Where data is required to be shared internationally, we ensure safeguards are in place, including contractual protections and agreements with overseas recipients that offer comparable privacy safeguards to New Zealand law. Where specific or high-risk providers are used, we will name them in this policy or make that information available upon request.

8. Data Storage & Security

Your data is securely stored in cloud infrastructure located in Australia, using:

Encryption and access controls

Role-based permissions

Regular security reviews

We cannot guarantee online transmission security but use robust controls once data is received.

If we experience a data breach, we will act in line with our internal breach protocol and notify you and the Office of the Privacy Commissioner if required.

9. Data Retention

We only keep your data for as long as needed for the purpose for which it was collected. If we have had no contact with you for 5–7 years (depending on the context), we will securely delete your information. We may archive or pseudonymise your data in the interim, retain financial records separately as required by law, and avoid re-uploading data if you have requested erasure.

10. Cookies & Tracking

Our website may use cookies or analytics tools to understand site performance, improve user experience, and deliver relevant content. You can manage cookie settings through your browser preferences.

11. Spam & Impersonation

If you’re contacted by someone pretending to be from Tribe Group, report it to marketing@tribegroup.com. We maintain an internal process for managing impersonation and reporting fake accounts.

12. Your Rights

You have the right to:

Access your personal data (including data collected about you from third-party sources)

Request correction or deletion of your data

Restrict or object to processing (including marketing)

Withdraw consent (where applicable)

Request human intervention for AI-assisted processes.

Be informed when your personal information has been collected indirectly, and to know the source

To exercise your rights, contact knowledge@tribegroup.com.

13. Complaints

If you're unhappy with how your data has been handled, contact our Privacy Officer at the above email. Māori candidates or clients with data concerns relating to cultural sensitivity or Māori data governance may also contact us directly via the above email for culturally appropriate support. Tribe Group’s Privacy Officer is the Head of Technology, Enablement & Experience, who is responsible for overseeing compliance with this policy.

If unresolved, you may raise concerns with the Office of the Privacy Commissioner via www.privacy.org.nz.

14. Changes to This Policy

We may update this policy from time to time to reflect changes in law, technology, or our practices. Changes will be posted on our website and, if significant, communicated to you directly. Please check this policy periodically for updates.

15. Contact

For any questions or concerns about this policy or how we handle your personal information: knowledge@tribegroup.com

+64 9 557 1385

Last Updated: May 2026. Previous versions are available on request.