MG Privacy Policy
Market Gardeners Limited, trading as MG Group, and the other members of the MG Group, (together MG or we, us, our), comply with all relevant laws, including the Privacy Act 2020 (the Act), when dealing with personal information. Personal information is information about an identifiable individual.
MG is committed to the protection of personal privacy and supports a work environment that abides by the Act and in particular the Information Privacy Principles contained in the Act.
This Privacy Policy describes how we treat personal information that we receive. The objective of this policy is to provide a fair, consistent and transparent guideline for handling personal information in compliance with the Act. As someone who deals with us and provides us with personal information, you agree to be bound by this policy.
This policy does not limit or exclude any of your rights under the Act. If you wish to seek further information on the Act, see www.privacy.org.nz.
Personal information of current MG employees, directors, and contractors is covered by MG’s internal privacy policy rather than this policy. Please see the MG intranet or contact MG’s privacy officer (see section 9) for a copy of the internal privacy policy if relevant to you.
1. Changes to this policy
We may change this policy at any time by posting an updated version of the policy on our website at www.mggroup.co.nz. Changes will apply from the date the revised policy is posted on our website.
2. Collecting your information
Types of information we collect
MG may collect and hold information from different people including (but not limited to):
• customers/buyers
• suppliers and growers (and their employees and contractors)
• business partners
• shareholders
• prospective employees, directors or contractors,
• service providers and other people who deal with MG from time to time.
Customers/buyers
If you are a current or prospective customer of MG or buyer through MG, we may collect:
• identifying information about you, such as your name, address, and contact details
• payment details and other financial information
• information you provide in relation to any application process, including a credit application
• information about your transactions with MG
• information relating to your purchase/use of our products and services
• biometric information, including facial recognition information, where necessary and proportionate for lawful access control, site security, health and safety, or other notified purposes, and only in accordance with the Privacy Act 2020 and any applicable biometric processing code; and
• information about you through AI models or tools (or similar) which may be used or implemented in MG’s business.
Growers/suppliers/shareholders
If you are a current or prospective grower, supplier and/or shareholder of MG, we may collect:
• personal information about you, including your name, address, job title and contact details
• payment details and other financial information
• information you provide in relation to any application process to become a grower, supplier, or shareholder of MG
• information about your property, including information relating to produce grown on your property
• other information about your business relationship with MG, including information about your transactions with MG which may be for the purpose of determining any rebates, other distributions, or bonus issues
• biometric information, including facial recognition information, where necessary and proportionate for lawful access control, site security, health and safety, or other notified purposes, and only in accordance with the Privacy Act 2020 and any applicable biometric processing code; and
• information about you through AI models or tools (or similar) which may be used or implemented in MG’s business.
Other
We may collect other personal information from time to time. As a general principle, we will only collect personal information where needed for the particular purpose the information was provided for or where required by law.
Providing your personal information is generally optional for you. However, if you do not provide information to us when requested, we may not be able to provide products and services to you.
In some cases, the information that we collect is business-related including, but not limited to:
• The name of the business /place of work
• Contact details for the business/place of work
• Information about the business relationship with MG
How we collect your information
We will generally collect personal information from you directly including:
• when you use our website and any related service
• through any registration, application, or subscription process (or similar)
• when you commence a business or service relationship with us
• through any contact or interactions with us (e.g. telephone call, email, face-to-face meetings, or interviews)
• when you buy or use our services and products
• through surveillance devices that may be situated on our premises
• through our facial recognition sign in system at MG’s premises
• through AI models or tools (or similar) which may be used or implemented in MG’s business
• while conducting customer satisfaction and market research surveys
• through promotions
We may also collect your personal information from third parties where you have authorised this, this is permitted by law or the information is publicly available.
Where MG collects personal information about you from a source other than you, MG will take reasonable steps to ensure you are notified of that collection and the matters required under IPP 3A of the Privacy Act 2020, unless an exception applies. This may include personal information collected from recruitment agencies, referees, service providers, credit agencies (current providers detailed in Appendix A), publicly available sources, related companies, insurers, or other third parties.
If you have provided us with information about another person, you must have that person’s permission to do so. As part of this you need to comply with your obligations under the Act. For example, you may need to tell that other person that you have done so, that they have a right to access their information and that we will handle their personal information in accordance with this policy.
MG recognises that biometric information is sensitive personal information. MG will only collect or use biometric information where it is lawful, necessary, proportionate, and reasonably justified for the relevant purpose. MG will comply with the Biometric Processing Privacy Code 2025.
Before collecting biometric information, MG will provide clear notice of the purpose of collection, the nature of the biometric processing, applicable retention arrangements, and any available alternative process.
MG will implement appropriate safeguards in relation to biometric information, including restricted access, secure storage, defined retention periods, and periodic review of whether less intrusive alternatives are reasonably available.
3. What do we use personal information for?
MG collects personal information for a number of purposes/uses connected with our business, including:
• to conduct our business
• to verify your identity and any registration (such as NZGAP), application, or subscription details (or similar)
• to meet our legal obligations, including our reporting obligations
• to provide news and updates to you in the future
• for marketing, publicity, or market research that we might undertake
• to manage and improve our products and services
• to interact and communicate with you
• to identify you and register you as visiting MG’s premises, through our facial recognition sign in system at MG’s premises
• to use approved AI models or tools for lawful business purposes, provided that MG will not use personal information to train AI models unless the use has been approved, is necessary and proportionate, appropriate safeguards are in place and appropriate human oversight is maintained
• for other purposes for which you have given permission, or which is required or allowed by law
• Product Recall through GS1
• For food safety and product traceability requirements in the industry
• Industry bodies and levy organisations
Customers/buyers
If you are a customer of MG or buyer through MG, we may also use your personal information:
• to administer your account (including credit checks, processing, administering, and collecting payments from you)
• to provide and market our products and services, including contacting you electronically (e.g. by text or email for this purpose)
Growers/suppliers/shareholders
If you are a current or prospective grower, supplier and/or shareholder of MG, we may also use your personal information:
• to purchase products or services from you
• to administer your account (including administering and making payments to you)
• to process your application to become an MG shareholder, and for purposes connected with your shareholding in MG, including maintaining a share register through ComputerShare Registry Managers.
We may use surveillance footage, if required, for detecting and deterring inappropriate or criminal behaviour at our premises, and monitoring the safety and security of our customers, suppliers, staff, and property. We will collect, use and disclose this footage in accordance with our CCTV policy.
We may also use your information in an anonymised aggregated form, to carry out analysis of our products, services, and customer interactions.
Prior to using any personal information, MG will take reasonable steps to ensure that, having regard to the purpose for which the information is proposed to be used, it is accurate, up to date, complete, relevant and not misleading.
4. Disclosing your personal information
We may disclose your personal information to:
• our employees, directors, contractors, suppliers, customers, and agents
• affiliated and related companies (including MG group companies and associate and joint venture companies)
• any business that supports our services and products, including any person that hosts or maintains our IT system or data centre, or that we use to provide our website or other services and products
• other third parties to analyse traffic at our web site, which may involve the use of cookies
• other companies or individuals who assist in providing services or who perform functions on behalf of MG, such as mailing houses and specialist consultants
• our advisors
• credit risk assessment agencies and debt collection agencies
• any court, tribunal or regulatory authority where disclosure is required or allowed by law
• any other person authorised by you or by law
• GS1 for product recall purposes
• ComputerShare Registry Managers
• Industry bodies and levy organisations and
• NZGAP (through Horticulture NZ INC), GLOBAL GAP, SMETA, SEDEX, HAACP.
5. Storing and protecting your personal information
MG staff and MG directors are required to respect the confidentiality of personal information and the privacy of individuals.
We take reasonable steps to ensure your personal information is stored securely and to keep your personal information safe from loss, unauthorised access, modification, disclosure, or other misuse.
If a notifiable privacy breach occurs, which has caused or may cause serious harm to you, MG will notify you / affected individuals and the Privacy Commissioner directly as soon as practicable, subject to any exceptions in the Act. If this is not reasonably practicable, notification may be by way of public notice.
We may store personal information using a third-party service provider (including providers outside New Zealand) and so your personal information may be held outside New Zealand. Where personal information is stored or processed outside New Zealand, MG will take reasonable steps to ensure the overseas recipient is subject to comparable safeguards to those under the Privacy Act 2020, including through contractual obligations where appropriate.
MG retains personal information only for as long as reasonably required for the purpose for which it was collected, or as necessary to comply with legal, employment, health and safety, tax, accounting, insurance, or legitimate business requirements and will take reasonable steps to securely destroy or delete personal information where it is no longer required. We may be required by law to retain certain personal information.
6. Transfer of personal information outside New Zealand
We may from time to time transfer personal information to third parties outlined above who are located outside New Zealand. If we do so, we will ensure your personal information will be protected by comparable safeguards to those in New Zealand law. If your personal information will not be protected by comparable safeguards to those in New Zealand law, we will tell you that this is the case, and only transfer your personal information with your consent.
7. Accessing and correcting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to access or correct your personal information, email the MG Privacy Officer, at cosec@mggroup.co.nz. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
In some cases, there may be a charge associated with providing copies of your personal information to you. If so, we will let you know before sending your information to you.
MG’s privacy officer has the role of ensuring that MG complies with the principles of information privacy, addressing any enquiries about privacy and personal information made under the Act and working with the Privacy Commissioner as required on any complaints about privacy.
8. Internet use
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information to them or any other third party.
We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use all of the features of the website.
9. Contact details
If you have any questions about our privacy policy, or any other related matter, please feel free to contact us. You can reach us by contacting our privacy officer at MG, at cosec@mggroup.co.nz.
MG Privacy Policy as at 13 May 2026