Our DRAFT Privacy Policy

DRAFT Digital Reef Privacy Policy

About the Digital Reef: Digital Reef Charitable Trust provides a secure, independent digital platform for local community and environmental groups to protect and enhance their place-based projects. Inspired by artificial coral reefs, the Trust acts like a “Marine Reserve” for data – shielding projects from external influence and safeguarding collaborators’ data sovereignty. This platform supports recreation, environmental, cultural, and well-being organizations by giving them tools and infrastructure to thrive in their own way (mapping, collaboration, alerts, etc.).

What Data Is Collected

Digital Reef gathers several categories of data to power the platform’s features. These include user profile details, location-based information, and metadata about events and system usage. Key categories are:

  • User profiles: Personal account details that you enter (names, email addresses, etc.).
  • Location and place data: Geographic coordinates and place-based information for projects (e.g. map points and areas).
  • Event and API metadata: Contextual details like event dates, times, device or system info, and technical interface logs.
  • Contributed datasets: Data shared by partner organizations (e.g. reports, images, measurements). Importantly, the original (“master”) datasets remain with the contributing organization rather than stored centrally; the platform uses references or aggregated queries without copying sensitive details.

How Data Is Collected

  • User input: Data you provide via forms and interactions (e.g. when creating a profile or reporting an event).
  • API integrations: Automatic feeds from trusted services and partners (e.g. map providers, service databases) that synchronize selected data.
  • Mapping tools: Information added through our GIS features (drawing shapes, marking locations, etc.).
  • Crowdsourced uploads: Content submitted by community members (photos, surveys, observations) to enrich place-based data.

Use of Data

  • Platform functionality: Collected data enables core features like interactive maps, site alerts/notifications, subscription lists, event coordination, and other collaboration tools.
  • Anonymized insights: We analyze aggregated, de-identified information (e.g. counts, trends) to improve the platform and generate general insights. Any published or shared analysis is anonymized so individuals cannot be identified.
  • Contributor control: You retain full ownership of your data. We use data only to provide platform services and analytics, but we do not take ownership of original data or use it for unrelated purposes without permission.

Data Sharing

  • Authorized providers: We share data only with trusted service providers who support the platform (for example, mapping/hosting services like ESRI or Microsoft, specialized analytics partners such as Agentic AI, and our own in-house team). These parties are bound to use data only as directed by Digital Reef and to uphold confidentiality.
  • Not sold: We will never sell or trade your personal data. Data is shared only to deliver and improve our services.
  • Anonymous reuse: Whenever data is reused for research or analysis beyond its original purpose, we first remove personal identifiers and aggregate it. This ensures privacy and aligns with privacy best practices.

Data Sovereignty and Ethics

We recognize that data is a taonga (treasure), especially for Māori communities. Contributors are treated as kaitiaki (guardians) of their own data. Our platform is built to follow Te Mana Raraunga (Māori Data Sovereignty) principles. In practice, this means data about Māori people or values is managed under Māori authority and tikanga. For example, we store and handle data in ways that enable Māori to exercise kaitiakitanga over it. We seek free, informed consent for collecting and using indigenous knowledge, and we ensure data use benefits the community and does not cause harm. Our design framework embeds these ethical guidelines so that Māori data is always used respectfully and in accordance with community expectations.

Retention and Deletion

We do not keep personal data longer than needed. Consistent with the Privacy Act, personal information is deleted when it no longer serves its purpose. Typically, we retain user profiles and metadata for up to three years, unless you ask for earlier removal. After that period (or sooner on request), we delete or anonymize the data. You may request deletion (erasure) of your personal data at any time; we will comply unless we are legally required to keep certain records. In summary, data is kept only for as long as necessary and is securely disposed of thereafter.

Website Tracking

Our website and app may use analytics tools and cookies to improve service quality. For example, we might use web analytics (similar to Matomo) to gather aggregated, anonymous visitor statistics for site optimization. These analytics collect usage data but do not track personal identities – the information is aggregated and cannot personally identify you. You can control cookies through your browser settings or app permissions. The mobile app may also ask permission to send push notifications, which you can enable or disable.

Your Rights

Under New Zealand’s Privacy Act, you have several rights regarding your personal information:

  • Access: You can ask to see the personal information we hold about you; we will provide a copy within a reasonable time.
  • Correction: If any of your data is inaccurate or incomplete, you may request that we update or correct it.
  • Deletion: You can ask us to delete your personal information (right to be forgotten); we will do so unless there is a legal requirement to retain it.

To exercise any of these rights or for any privacy queries, please contact us as below.

Contact

For any questions, concerns or privacy requests, please contact our Privacy Officer, Shayne, at [[email protected]]. We strive to respond promptly to all privacy inquiries.

Sources: This policy reflects New Zealand’s Privacy Act 2020 and Te Mana Raraunga Māori Data Sovereignty principles. We have cited relevant guidance and frameworks above to explain our approach.