MyTuition Limited is an education provider that connects students with tutors. We are a registered New Zealand Limited Company. Our company number is 4839720. Our NZBN number is 9429041024935.


The type of information we collect depends on your relationship with us, as follows:

1.1 Students: We collect information such as your name, address, phone number, education records, education goals and progress, email address, credit card and financial details for processing payments.

1.2 Tutors: we collect information such as your name, address, phone number, email address, education records, education goals and progress, residency status, employment records and details, tax file number and bank account details for processing payments. We may also collect sensitive information such as information about your health or memberships of professional associations and trade unions.

1.3 General public/user: if you submit a query via our online 'contact us' form, or otherwise email or call MyTuition, we may collect your name, email address, phone number, address and details related to the students' education records, and current challenges.


We collect your information as part of us offering or providing our services. This includes when you provide us your information via our website, during phone calls, by email, or otherwise via client enquiries. If you are a student, we may also collect information about your education records and education goals & progress via the tutors that we have connected you with.


We need your information to provide you with our services which includes informing you (such as via direct marketing) about our products and/or services, creating and updating our database(s), tailoring the content of lessons, connecting you with the right people, ensuring compliance with our contractual and other legal obligations to you and to other parties, and administering our relationship with you by responding to your enquiries (Main Purposes).

Providing personal information is optional, but if you choose not to enter personal information, we may be unable to:

  • Respond to your queries regarding our services.
  • Tailor our services to suit your requirements.
  • Connect you with the right people as part of our services.


By submitting your information to us, you consent to us using your information for the Main Purposes or any purpose that could reasonably be expected at the time your information was collected. This may include:

  • Providing you with or improving our services;
  • Sending you direct marketing about our products, services, deals or promotions;
  • Conducting client surveys;
  • Managing our relationship with you;
  • Monitoring how you interact with us on our website, or other contact points;
  • Helping you to complete an activity that you have chosen to undertake; or
  • Doing any other act that we are required or authorised to do by law.
  • Sending you direct marketing about third party products, services, deals or promotions.

We may also use your information:

  • For any purpose disclosed to you in an information collection statement at the point where we collect your information; or
  • For a purpose related to one of the Main Purposes.


We will not share your information with third parties except:

  • Anonymised aggregate data without personally identifiable information,
  • As required by law,
  • With service providers acting on our behalf who have agreed in writing to protect the confidentiality of the data, or,
  • In instances that you permit OR in accordance with your consent

We have contracted with third parties that have met industry-standards for security to take in necessary data, such as credit card information, to store, transmit and process this transaction securely.

We'll never sell your personal information to another organisation for marketing or advertising purposes.


We take all reasonable steps to keep the information we hold secure and to ensure it is protected against misuse, loss, unauthorised access, modification or inappropriate disclosure. We may hold information in both hard copy and electronic forms in secure systems accessible only to authorised personnel.


When you visit our website, the server may attach a “cookie” to your computer's memory. A “cookie” assists us to store information about how you use our website and to make assumptions about what information may be of most interest to you. This information is generally not linked to your identity. We may use knowledge of your user experience to better understand what products or services may be of interest to you and to collect statistical information.


This site may contain links to other websites. Unless the other website is one of our sites, we are not responsible for the privacy practices of the owners of those websites. We recommend that you read the privacy policy of any website that asks you to provide your information.


1. Purpose

We restrict access to confidential and sensitive data to protect it from being lost or compromised in order to avoid adversely impacting our customers, incurring penalties for non-compliance and suffering damage to our reputation. At the same time, we ensure users can access data as required for them to work effectively.

It is not anticipated that this policy can eliminate all malicious data theft. Rather, its primary objective is to increase user awareness and avoid accidental loss scenarios, so it outlines the requirements for data breach prevention.

2. Scope

2.1 In Scope

This data security policy applies to all customer data, personal data, or other company data defined as sensitive. Therefore, it applies to every server, database and IT system that handles such data, including any device that is regularly used for email, web access or other work-related tasks. Every user who interacts with company IT services is also subject to this policy.

2.2 Out of Scope

Information that is classified as Public is not subject to this policy. Other data is excluded from the policy by company management based on specific business needs, such as that protecting the data is too costly or too complex.

3. Policy

3.1 Principles

The company provides all employees and contracted third parties with access to the information they need to carry out their responsibilities as effectively and efficiently as possible.

3.2 General

  1. Each user shall be identified by a unique user ID so that individuals can be held accountable for their actions.
  2. The use of shared identities is permitted only where they are suitable, such as training accounts or service accounts.
  3. Records of user access may be used to provide evidence for security incident investigations.
  4. Access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their tasks.

3.3 Network Access

  1. All employees and contractors is given network access in accordance with the least-privilege principle.

3.4 User Responsibilities

  1. All users must lock their screens whenever they leave their desks to reduce the risk of unauthorised access.
  2. All users must keep their workplace clear of any sensitive or confidential information when they leave.
  3. All users must keep their passwords confidential and not share them.

3.5 Application and Information Access

  1. All company staff and contractors shall be granted access to the data and applications required for their job roles.
  2. All company staff and contractors shall access sensitive data and systems only if there is a business need to do so and they have approval from higher management.
  3. Sensitive systems shall be physically or logically isolated in order to restrict access to authorised personnel only.

3.6 Access to Confidential, Restricted information

  1. Access to data classified as ‘Confidential’ or ‘Restricted’ shall be limited to authorised persons whose job responsibilities require it, as determined by the Data Security Policy or higher management.
  2. The responsibility to implement access restrictions lies with the IT department.

4. Enforcement

Any user found in violation of this policy is subject to disciplinary action, up to and including termination of employment. Any third-party partner or contractor found in violation may have their network connection terminated.


In terms of the personal information that we have about you (such as names, addresses, education history, emails, phone numbers, call recordings), you have the right to ask for a copy of any personal information we hold about you. You can ask for it to be updated, transferred or deleted. If you'd like to ask for a copy of your information or to have it updated, transferred or deleted, please contact us at:


Phone: +64 9 2421566

Address: 1 Beresford Square, Auckland Central, Auckland, New Zealand.

We'll always do our best to keep any personal information (names, addresses, phone numbers, emails) we hold about you up to date before we use it.

In terms of the data we have about you that has been collected through cookies and the marketing software we use, please refer to the cookie control section of the privacy policy above.

This document was last updated on the 5th November, 2021.