This privacy statement explains how New Zealand Health Group Limited (“NZ Health Group”), and its subsidiaries collects, stores, uses and shares your personal information. Openness and transparency are important to us. The Privacy Act 2020 requires us to tell you certain things about the personal information we need to operate our business. This is where we explain our privacy practices and why you can trust us to handle your information with care and respect.
We have categorised our services into three broad groups: Support Services, Professional Services, and General Engagement. This list is not exclusive and where the services we provide do not fit into one of these three categories, this policy still applies. Under these groups, we explain what personal information we collect and how we use or share it. We also explain the way we store and protect personal information, and your rights to access and correct it. At the end of this statement, we also provide information about our storage and security procedures, your privacy rights, and how to contact us, or lodge a complaint regarding our privacy practices.
In short, here are a few key privacy messages to note:
If you cannot find the information you need below, or you have concerns about the way we are managing your personal information, please contact us at any time on [email protected]
We may update this privacy statement from time to time to reflect changes to the Privacy Act, so feel free to check in again occasionally to see what might have changed. This statement was last updated in [January] 2024.
This section explains how we collect, use, and share personal information when we are providing professional services.
These include:
1.1. The personal information we collect about you
Our professional service delivery requires us to collect more personal information than any of our other functions. We may request, receive, and use significant amounts of sometimes sensitive personal information, including health information.
1.1.1. From you directly
Most of the personal information we collect is provided directly by you, or your authorised representative, when you engage with us and our services.
You do not have to voluntarily provide your personal information to us. However, we may not be able to effectively provide you with services (such as providing follow ups, reports, or responding to requests for information) if you do not provide us with the information we need.
The personal information we may collect from you directly includes:
1.1.2. From another person or agency
Our professional services related functions may also require us to receive or request personal information about you from your employer or contracting organisation.
We may collect personal information from the following people or agencies:
We may also collect publicly available information about you (such as any media reports) where this is relevant to carrying out our professional service functions. For example, if we want to understand more about someone we are engaging with who has a public profile.
1.1.3. Generated by us as we carry out professional service-related functions.
In the course of providing our services, we may generate information about you. The personal information we may generate about you includes:
1.2. What we do with your personal information
1.2.1. How we use it
In order to carry out our professional service functions, we need to use your personal information in the ways set out below. Where we need to use your information in a way we have not anticipated in this Policy, or for which you have not been notified, we will only do so if required/permitted by law or with your authorisation.
We may use your personal information to:
1.3. When we share it
We may disclose your personal information to third parties which are providing services to us, including in the following circumstances:
We may share aggregated and anonymised personal information with:
This section explains how we collect, use, and share personal information when we are engaging with the public and with organisations. This includes managing our enquiries function, delivering e-learning services, and engaging with the community through our website or communications activities (such as events, surveys, and newsletters).
2.1. The personal information we collect about you
Effectively engaging with the public requires us to collect and use some personal information. However, we only collect the personal information you choose to give us (for example, you decide how much detail to provide us as background to an enquiry). You can opt out of our communications activities, such as receiving our newsletter, at any time.
The information we may collect when you engage with us includes:
Where your browser settings permit, we collect the following information about your use of our website (though please note we make no efforts to associate this with your identity):
2.2. Links to social networking services
We use social networking services such as LinkedIn and YouTube to communicate with the public about our work. When you communicate with us using these services, the social networking service may collect your personal information for its own purposes.
These services may track your use of our website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using our site, their tracking will be associated with your profile with them.
These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.
Unless expressly stated otherwise, these websites or social networking services have not been developed by and are not controlled by us. We do not check, endorse, approve, or agree with the privacy practices of the third-party websites or services. We encourage you to be aware when you are not using our website and to read the privacy statements of every third-party website you visit.
2.3. What we do with your personal information
2.3.1. How we use it
We will only use the personal information you provide to us for the purposes of delivering the services you have requested (such as registering you for an event, responding to an enquiry, or sending you our newsletter).
We may use your personal information to:
2.3.2. When we share it
We may share your personal information, if necessary, to appropriately respond to your enquiry. We may also share your personal information with third parties which are providing services to us.
We may share personal information with the Police or another government agency, if required by law (such as assisting with the investigation of a criminal offence), to report significant misconduct or breach of duty, or where there is a serious threat to health or safety. If our staff are threatened or abused, we may refer this to the Police.
2.4. Third Party Providers
We use some third-party providers to manage some of our processes and services, such as newsletters, events registration, video conferencing and e-learning. Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use can protect the personal information they process for us.
3.1. Storage and retention
We use third party providers to store and process our data.
We store most of the personal information we collect and generate electronically on our email and other office productivity applications. Wellbeing Assessment data is collected and held at Amazon web services, and email delivery for the Wellbeing Assessment uses Amazon SES. This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand.
We also use Microsoft Teams, and you can view their privacy statement here.
We retain personal information in compliance with the requirements of the Public Records Act 2005.
3.2. Security
We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access, and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage, and disposal of any protectively marked or security classified information.
We endeavour to ensure that our third-party data processors can meet our privacy and security requirements (as above). We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf. You can read more about Microsoft’s privacy and security practices at www.microsoft.com/en-us/ trustcenter.
The Privacy Act 2020 gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also submit a complaint to us at any time if you think we have misused your personal information.
To exercise any of these rights, including the right to complain about our privacy practices, please contact us by:
Please remember that you can make an information request to us in any form.
4.1. Requesting access to or correction of your information
You have the right to request a copy of the personal information we hold about you (subject to the provisions of the Privacy Act 2020). We will process your request as soon as possible, and respond no later than 20 working days after we receive it. We will be as open as we can with you.
You also have the right to ask us to correct your personal information. If you request a correction to your personal information and we agree that your personal information needs correcting, an amended record of your personal information will be provided back to you. If we do not agree to your request for a correction, you may request that we take reasonable steps to attach to the information a statement of correction sought but not made.
4.2. Opting out of certain uses of your information
4.2.1. Engagement information
You can opt out of receiving our newsletter or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting us.
You can opt out of our cookies when you use our website by changing your browser security settings.
We want to know if you have concerns about our privacy practices, as this allows us to review our systems and processes to help us identify where improvements can be made.