new zealand health group logo

Privacy Statement


This privacy statement explains how New Zealand Health Group Limited (“NZ Health Group”), and its subsidiaries collects, stores, uses and shares your personal information. Openness and transparency are important to us. The Privacy Act 2020 requires us to tell you certain things about the personal information we need to operate our business. This is where we explain our privacy practices and why you can trust us to handle your information with care and respect.

We have categorised our services into three broad groups: Support Services, Professional Services, and General Engagement. This list is not exclusive and where the services we provide do not fit into one of these three categories, this policy still applies. Under these groups, we explain what personal information we collect and how we use or share it. We also explain the way we store and protect personal information, and your rights to access and correct it. At the end of this statement, we also provide information about our storage and security procedures, your privacy rights, and how to contact us, or lodge a complaint regarding our privacy practices.

In short, here are a few key privacy messages to note:

  • We only collect personal information where this is necessary to provide our services.
  • We may collect personal information about you either directly from you or from other people or organisations, and we may generate personal information about you when we provide our  services.
  • If you do not provide or allow us to collect the personal information that we request, we may not be able to provide our services to you and/or you may not be able to use some, or all, of our services.
  • We store all our data (including your personal information) on secure platforms including Microsoft Azure and AWS cloud platforms. We also use Microsoft Office 365. We protect our data with all reasonable technical and process controls including MFA, Data encryption (in transit and at rest), and other such technologies to keep the data safe and secure.
  • You can ask us for a copy of your personal information at any time.  We will be as open as we can with you.
  • We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law. We will not keep your personal information for longer than is necessary to achieve the purposes for which we may lawfully use it. We adhere to relevant health information legislations which may mandate us to hold data post-completion of services/engagements.

1. Professional Services

This section explains how we collect, use, and share personal information when we are providing professional services.

These include:

  • Support services
  • Training (including overviews and workshops)
  • Coaching
  • Supervision
  • Consulting

1.1. The personal information we collect about you

Our professional service delivery requires us to collect more personal information than any of our other functions. We may request, receive, and use significant amounts of sometimes sensitive personal information, including health information.

1.1.1. From you directly

Most of the personal information we collect is provided directly by you, or your authorised representative, when you engage with us and our services.

You do not have to voluntarily provide your personal information to us. However, we may not be able to effectively provide you with services (such as providing follow ups, reports, or responding to requests for information) if you do not provide us with the information we need.

The personal information we may collect from you directly includes:

  • Your name
  • Your contact details, including your address, email, or phone number
  • Information about your employment, such as your organisation, team, or role
  • Information about your business, service, or organisation
  • Your response to self-assessments, tests, or questionnaires
  • Any documents or other information you provide to us as part of our service delivery
  • Details of your general practitioner, health conditions, and emergency contacts (for clinical services)
  • Your responses to satisfaction/feedback/evaluation surveys we ask you to complete

1.1.2. From another person or agency

Our professional services related functions may also require us to receive or request personal information about you from your employer or contracting organisation.

We may collect personal information from the following people or agencies:

  • Our employer (or contracting organisation): this would include information such as your role and contact details. This enables us to begin to see where you fit in the organisation and contact you about the services we are providing to you
  • Other persons who you have nominated and provided permission during the informed consent process (clinical clients only).

We may also collect publicly available information about you (such as any media reports) where this is relevant to carrying out our professional service functions. For example, if we want to understand more about someone we are engaging with who has a public profile.

1.1.3. Generated by us as we carry out professional service-related functions.

In the course of providing our services, we may generate information about you. The personal information we may generate about you includes:

  • File notes, memorandum, meeting minutes or other records of observations or actions taken.
  • Professional assessments
  • Interpretation of test/assessment results
  • Reports provided to client organisations (more information on this below)

1.2. What we do with your personal information

1.2.1. How we use it

In order to carry out our professional service functions, we need to use your personal information in the ways set out below. Where we need to use your information in a way we have not anticipated in this Policy, or for which you have not been notified, we will only do so if required/permitted by law or with your authorisation.

We may use your personal information to:

  • Contact you about a concern for your welfare or the welfare of someone else.
  • Provide you with relevant reports, resources, and referrals.
  • Provide you with technical support, including to access information remotely/ digitally
  • Provide your employer (or contracting organisation) with relevant reports, resources (note that information and reporting identifying individuals is only provided with prior consent. Other reporting (non-individual) will be aggregate and anonymised)
  • Invite you to register for events or training
  • Measure, review, and improve the delivery of our services, including conducting satisfaction surveys
  • Conduct internal statistical analysis and reporting
  • Provide anonymised reporting of themes to our client organisations

1.3. When we share it

We may disclose your personal information to third parties which are providing services to us, including in the following circumstances:

  • An individual’s GP (with prior consent) for the purposes of guidance
  • Any other relevant individual or agency where we believe there is a risk to any person’s safety or where lawfully required
  • An individual’s employer/contracting organisation (with prior consent) for the purposes of providing a support services assessment.
  • An individual’s nominated person (with prior consent) for the purposes of assisting with or being informed about their assessment.
  • We may also share your information with New Zealand Qualifications Authority and the Tertiary Education Commission when related to training services.

We may share aggregated and anonymised personal information with:

  • Our client organisations for the purposes of understanding the wellbeing of their people.
  • Our staff and contractors for the purposes of research, analysis, quality control, and Development.
  • Our funders, such as Ministry of Health, District Health Boards, ACC, or other government and non-government agencies, to provide non-identifying data for the purposes of reporting which they may use for census, funding, and service demand/quality reporting.

2. General Engagement

This section explains how we collect, use, and share personal information when we are engaging with the public and with organisations. This includes managing our enquiries function, delivering e-learning services, and engaging with the community through our website or communications activities (such as events, surveys, and newsletters).

2.1. The personal information we collect about you

Effectively engaging with the public requires us to collect and use some personal information. However, we only collect the personal information you choose to give us (for example, you decide how much detail to provide us as background to an enquiry). You can opt out of our communications activities, such as receiving our newsletter, at any time.

The information we may collect when you engage with us includes:

  • Your name (if you choose to provide it)
  • Your contact details, including your address, email, or phone number
  • Your organisation and role
  • The content of your enquiry
  • Any questions or comments you submit via our website or social media
  • Details of any events you have registered for, including dietary or other specific requirements
  • Your responses to surveys or focus group discussions (usually these will be captured in an unidentifiable form)
  • Your e-learning results
  • Information about your use of our website (explained further below)

Where your browser settings permit, we collect the following information about your use of our website (though please note we make no efforts to associate this with your identity):

  • Your IP address
  • The search terms you used
  • The pages you accessed on our website and the links you clicked on
  • The date and time you visited the site
  • The referring site or medium (if any) through which you clicked to our website
  • Your operating system (such as Windows 10)
  • The type of web browser you use (such as Mozilla Firefox)
  • Your usage location and type of device/operating system
  • Other anonymised information provided through Google Analytics and other website analytics platforms

2.2. Links to social networking services

We use social networking services such as LinkedIn and YouTube to communicate with the public about our work. When you communicate with us using these services, the social networking service may collect your personal information for its own purposes.

These services may track your use of our website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using our site, their tracking will be associated with your profile with them.

These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.

Unless expressly stated otherwise, these websites or social networking services have not been developed by and are not controlled by us. We do not check, endorse, approve, or agree with the privacy practices of the third-party websites or services. We encourage you to be aware when you are not using our website and to read the privacy statements of every third-party website you visit.

2.3. What we do with your personal information

2.3.1. How we use it

We will only use the personal information you provide to us for the purposes of delivering the services you have requested (such as registering you for an event, responding to an enquiry, or sending you our newsletter).

We may use your personal information to:

  • Contact you about your request, query, or registration
  • Let you know about new services you may be interested in
  • Send follow-up information to people attending our events
  • Consider and respond to your enquiry
  • Improve our website and the delivery of our online services
  • Conduct internal statistical analysis and reporting
  • Any other specific purpose that we notify you of at the time your personal information is collected, or which may be authorised by you

2.3.2. When we share it

We may share your personal information, if necessary, to appropriately respond to your enquiry. We may also share your personal information with third parties which are providing services to us.

We may share personal information with the Police or another government agency, if required by law (such as assisting with the investigation of a criminal offence), to report significant misconduct or breach of duty, or where there is a serious threat to health or safety. If our staff are threatened or abused, we may refer this to the Police.

2.4. Third Party Providers

We use some third-party providers to manage some of our processes and services, such as newsletters, events registration, video conferencing and e-learning. Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use can protect the personal information they process for us.

3. Storage and security

3.1. Storage and retention

We use third party providers to store and process our data.

We store most of the personal information we collect and generate electronically on our email and other office productivity applications.  Wellbeing Assessment data is collected and held at Amazon web services, and email delivery for the Wellbeing Assessment uses Amazon SES.  This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand.

We also use Microsoft Teams, and you can view their privacy statement here.

We retain personal information in compliance with the requirements of the Public Records Act 2005.

3.2.  Security

We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access, and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage, and disposal of any protectively marked or security classified information.

We endeavour to ensure that our third-party data processors can meet our privacy and security requirements (as above). We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf. You can read more about Microsoft’s privacy and security practices at trustcenter.

4. Your privacy rights and how to contact us

The Privacy Act 2020 gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also submit a complaint to us at any time if you think we have misused your personal information.

To exercise any of these rights, including the right to complain about our privacy practices, please contact us by:

  • Emailing us at [email protected]
  • Writing to us at PO Box 106 339, Auckland 1143, New Zealand

Please remember that you can make an information request to us in any form.

4.1. Requesting access to or correction of your information

You have the right to request a copy of the personal information we hold about you (subject to the provisions of the Privacy Act 2020). We will process your request as soon as possible, and respond no later than 20 working days after we receive it. We will be as open as we can with you.

You also have the right to ask us to correct your personal information. If you request a correction to your personal information and we agree that your personal information needs correcting, an amended record of your personal information will be provided back to you. If we do not agree to your request for a correction, you may request that we take reasonable steps to attach to the information a statement of correction sought but not made.

4.2. Opting out of certain uses of your information

4.2.1. Engagement information

You can opt out of receiving our newsletter or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting us.

You can opt out of our cookies when you use our website by changing your browser security settings.

5. Complaints regarding our privacy practices

We want to know if you have concerns about our privacy practices, as this allows us to review our systems and processes to help us identify where improvements can be made.


If you cannot find the information you need on this page, or you have concerns about the way we are managing your personal information, please contact us at any time on [email protected]

Changes to this privacy statement 

We may need to update or amend this privacy statement from time to time to reflect changes in our business or the law and we will post any updated version on our website.