Privacy policy

1. Purpose

This privacy policy outlines the personal information handling practices of New Zealand eScience Infrastructure (NeSI). It governs the collection, use, storage, disclosure and disposal of Personal Information held by NeSI. NeSI is committed to handling personal information in accordance with applicable privacy laws, and in line with the privacy principles outlined in the New Zealand Privacy Act 2020.

This Privacy Policy may be amended from time to time by NeSI. When this occurs, users will be notified, and use of NeSI services after the change will be taken as acceptance of the updated terms.

2. Collection of Information

NeSI processes (uses) personal data for a number of reasons. This includes for providing expertise and capability in computational and data intensive research, hosting and providing access to repository data, employing our staff, using this website, and organising conferences.

High Performance Computing (HPC) and data analytics services

We collect and process personal information about our users through registration and project request forms. This may include:

  • legal name along with (optionally) your preferred name

  • ORCID identifier

  • employer or tertiary institution

  • a contact telephone number

  • an email address issued by employer or tertiary institution (primary email address), along with (optionally) a preferred contact email address

  • user ID

  • if a student, course of study and main academic supervisor or course coordinator

  • projects, team memberships and allocations

  • grants and publications

  • support tickets and survey responses

We also gather certain information and store it in log files when you interact with our services. This information may include job history, file/directory ownership, as well as IP addresses, browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, and system configuration information.


NeSI also collects and processes personal information about users of our websites for the primary purposes of delivering any services or functionality requested by users and for improving the online experience for our users. We make use of "cookies” on to track usage patterns and to compile data in an aggregated and anonymised manner enabling us to improve our website for future visitors. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.

3. Storage and Security of Information

NeSI maintains robust information security management processes and confidentiality protocols to help ensure that it is protected against misuse, loss and unauthorised access, use, modification or disclosure. These include:

  • firewalls and modern encryption standards

  • use of two-factor authentication (2FA)

  • access to the personal information limited to those NeSI staff members who have a legitimate business requirement to use it

  • access is monitored and traceable via logs

  • Information is backed up regularly, and backups are held in secure storage facilities

A national or overseas third-party provider may be used to manage and store the personal and other information collected, and NeSI will ensure that any such provider has sufficient security measures in place to protect Personal Information.

NeSI will promptly notify customers if we become aware of a data breach that affects them, take all reasonable efforts to ascertain the nature, causes and effects of the incident, and share the results of those investigations. NeSI staff must ensure that any privacy breach they become aware of is reported to the Science Engagement Manager and the Business Operations Manager in line with the data breach procedure

4. Use of Information

NeSI may use Personal Information for the following purposes:

  • To provide services, including provisioning projects

  • To maintain services and improve, including user experience and capacity planning

  • To create and provide new services

  • For communication purposes, including news and service messages

  • For administering the NeSI Access Policy

  • To meet our obligations under the NeSI Crown Funding Agreement, NeSI Collaboration and Service Agreements and licensing/contractual compliance.

  • To implement and maintain security

  • To carry out maintenance and fault investigation of NeSI infrastructure

  • To manage data stored on NeSI infrastructure

We may publish the names of project owners and project team members along with their respective institutions in connection with particular projects through case studies. This is only done with the permission of those involved.

5. Disclosure of Information

NeSI uses third party providers for certain services, for example, Mailchimp, for sending newsletters. NeSI also has partner institutions for example, University of Auckland, in order to manage access to shared events and facilities or more generally to collaborate scientifically. NeSI takes all reasonable precautions to ensure that any third party contractor, service provider or partner institution who may access Personal Information on its behalf keeps this personal information secure and processes it lawfully and in accordance with our instructions. Some personal information is shared as part of using shared HPC facilities, for example, where jobs are processed via a common queue.

Personal Information will only be disclosed for the purposes for which users supplied it, or for directly related purposes that would be reasonably expected, or if the Privacy Act 2020 allows its disclosure, or if the user agrees.

6. Access to Information

Users have the right to request a copy of any Personal Information about them held by NeSI. Such requests or any questions about Personal Information may be directed initially to NeSI Support ( We will endeavour to respond to any such request within three working days and access will be provided free of charge. In limited circumstances, access to Personal Information may be declined in accordance with privacy laws. 

7. Correction of Information

NeSI will endeavour to ensure that all personal information is accurate, complete and up-to-date whenever it is used.  Users must assist with this by informing of any details change or errors or discrepancies in information held. If any Personal Information held is not accurate, or is incomplete or out-of-date, users may also update through MyNeSI portal or request that records be amended. 

8. Deletion of Information

NeSI will delete Personal Information on request, provided that, notwithstanding such request, this information may be retained for as long as the requestor maintains an account for NeSI Services, or as needed to provide NeSI services and manage assets, maintain integrity of records and logs, to comply with legal obligations, or resolve disputes.



Version History

VersionDateChange description
1.031 March 2021Initial release.
1.131 May 2022