DATA
SECURITY
Policy

This policy explains how PeoplesReferendum.nz protects all personal data submitted via our website, including First Name, Last Name, Electorate, Country of Residence, and optional email addresses.

• All personal data is stored on secure servers located in New Zealand or on privacy-compliant cloud platforms according to the website host.

• Data is protected by encryption at rest and in transit (SSL/TLS).

• Backups are performed regularly and stored securely.

• Only authorised administrators may access personal data.

• Access logs are maintained to monitor and audit who accesses data.

• Admin accounts use strong passwords and, where possible, two-factor authentication (2FA).

• Personal data is retained only as long as necessary to verify participation in the People’s Referendum and to generate aggregated results.

• Data is deleted no later than 24 months after the close of the campaign.

• Use of firewalls, anti-malware, and regular system updates.

• Restricted physical and electronic access to servers.

• Regular security audits and monitoring.

In the unlikely event of a data breach:

​

• Affected individuals will be notified promptly.

• Authorities will be informed as required by the Privacy Act 2020.

Questions regarding this policy may be directed to privacy@peoplesreferendum.nz.