Section sec.36 - Information Privacy Act 2009 - Bound contracted service provider to comply with privacy principle requirements

sec.36Bound contracted service provider to comply with privacy principle requirements

Start here

Get a plain-English read of sec.36

Turn the raw legal text into a practical explanation grounded in Information Privacy Act 2009.

### sec.36 Bound contracted service provider to comply with privacy principle requirements A bound contracted service provider under a service arrangement must comply with parts 1 and 2 and section 41 in relation to the discharge of its obligations under the arrangement as if it were the entity that is the contracting agency. The requirement to comply under subsection (1) continues to apply to the bound contracted service provider in relation to personal information it continues to hold after its obligations under the service arrangement otherwise end. A bound contracted service provider’s compliance with the privacy principle requirements may be enforced under this Act as if it were an agency. Subsections (1) to (3) are not intended to prevent a service arrangement from including a requirement for the contracted service provider to comply with all or part of the privacy principles even though this part does not require that the service arrangement include the requirement. s 36 amd 2023 No. 32 ss 31 , 141 s ch 1 pt 2 amdt 4 (amdt could not be given effect) (sec.36-ssec.1) A bound contracted service provider under a service arrangement must comply with parts 1 and 2 and section 41 in relation to the discharge of its obligations under the arrangement as if it were the entity that is the contracting agency. (sec.36-ssec.2) The requirement to comply under subsection (1) continues to apply to the bound contracted service provider in relation to personal information it continues to hold after its obligations under the service arrangement otherwise end. (sec.36-ssec.3) A bound contracted service provider’s compliance with the privacy principle requirements may be enforced under this Act as if it were an agency. (sec.36-ssec.4) Subsections (1) to (3) are not intended to prevent a service arrangement from including a requirement for the contracted service provider to comply with all or part of the privacy principles even though this part does not require that the service arrangement include the requirement.