Data Protection and Confidentiality

CFEP is aware of its obligations and duties under the Data Protection Laws and Privacy Acts.

In relation to use of the Internet and other telecommunications services, ISPs and telephone service we comply with the privacy protection provisions of the Telecommunications Act 1997 (C'th) and the Telecommunications (Interception) Act 1979(C'th). We are also aware of and comply with The Privacy Amendment (Private Sector) Act 2000 (C'th).

  • Personal data is processed fairly and lawfully.
  • Personal data is obtained only for one or more specified and lawful purposes, and is not further processed in any manner incompatible with that purpose or those purposes.
  • Personal data is adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  • Personal data is accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.
  • Personal data is processed in accordance with the rights of the data subjects.
  • Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data is only transferred to countries or territories with adequate levels of data protection. On occasion we share data the CFEP’s UK arm, which uses the highest standards of information security management (ISO 27001 Certified).


All CFEP staff are informed and updated on their responsibilities in regards to Data Protection and Confidentiality by the following methods;

  • Induction training
  • Requirements within their Terms of Employment and Staff Handbook
  • Signing a Confidentiality Agreement
  • Staff meetings
  • Email