This privacy statement explains how New Zealand Health Group Limited (“NZ Health Group”), and its subsidiaries collects, stores, uses and shares your personal information.Openness and transparency are important to us. The Privacy Act 2020 requires us to tell you certain things about the personal information we need to operate our business. This is where we explain our privacy practices and why you can trust us to handle your information with care and respect.
We have categorised our services into three broad groups: Support Services, Professional Services, and General Engagement. This list is not exclusive and where the services we provide do not fit into one of these three categories, this policy still applies. Under these groups, we explain what personal information we collect and how we use or share it. We also explain the way we store and protect personal information and your rights to access and correct it. At the end of this statement, we also provide information about our storage and security procedures, your privacy rights and how to contact us, or lodge a complaint regarding our privacy practices.
In short, here are a few key privacy messages to note:
- We only collect personal information where this is necessary to provide our services
- We may collect personal information about you either directly from you or from other people or organisations, and we may generate personal information about you when we provide our
- If you do not provide, or allow us to collect the personal information that we request, we may not be able to provide our services to you and/or you may not be able to use some or all of our services.
- We store all our data (including your personal information) on secure platforms including Microsoft Azure and AWS cloud platforms and we use Microsoft Office 365 We protect our data with all reasonable technical and process controls including MFA, Data encryption in transit and at rest, and other such technologies to keep the data safe and secure.
- You can ask us for a copy of your personal information at any We will be as open as we can with you.
- We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required by law.We will not keep your personal information for longer than is necessary to achieve the purposes for which we may lawfully use it. We adhere to relevant health information legislations which may mandate us to hold data post-completion of services/engagements.
If you cannot find the information you need below, or you have concerns about the way we are managing your personal information, then please contact us at any time on [email protected]
We may update this privacy statement from time to time, for example to reflect changes to the Privacy Act, so feel free to check in again occasionally to see what might have changed. This statement was last updated in [July] 2021.
1. Professional Services
This section explains how we collect, use and share personal information when we are providing professional services.
- Support services,
- training (including overviews and workshops),
- supervision, and
1.1.The personal information we collect about you
Our professional service delivery requires us to collect more personal information than our other functions. We may request, receive and use significant amounts of sometimes sensitive personal information, including health information.
1.1.1.From you directly
Most of the personal information we collect is provided directly by you, or your authorised representative, when you engage with us and our services.
You do not have to voluntarily provide your personal information to us. However, we may not be able to effectively provide you with services (such as providing follow ups, reports or responding to requests for information) if you do not provide us with the information we need.
The personal information we may collect from you directly includes:
- your name
- your contact details, including your address, email address or phone number
- information about your employment, such as your organisation, team or role
- information about your business, service or organisation
- your response to self-assessments, tests or questionnaires
- any documents or other information you provide to us as part of our service delivery
- details of your general practitioner, health conditions and emergency contacts (for clinical services)
- your responses to satisfaction/feedback/evaluation surveys we ask you to complete
- any other personal information required to provide you with our professional services
1.1.2.From another person or agency
Our professional services related functions may also require us to receive or request personal information about you from your employer or contracting organisation.
We may collect personal information from the following people or agencies:
- our employer (or contracting organisation): this would include information such as your role and contact details. This enables us to begin to see where you fit in the organisation and contact you about the services we are providing to your
- Other persons who you have nominated and provided permission during the informed consent process (clinic clients only).
We may also collect publicly available information about you – such as any media reports – where this is relevant to carrying out our professional service functions, for example if we want to understand more about someone we are engaging with who has a public profile.
1.1.3. Generated by us as we carry out professional service related functions
In the course of providing our services we may generate information about you. The personal information we may generate about you includes:
- file notes, memoranda, meeting minutes or other records of observations or actions taken
- professional assessments
- interpretation of test/assessment results
- reports provided to client organisations (more information on this below)
1.2. What we do with your personal information
1.2.1. How we use it
In order to carry out our professional service functions, we need to use your personal information in the ways set out below. Where we need to use information in a way we have not anticipated in this Policy or for which you have not been notified, we will only do so if required or permitted by law or with your authorisation.
We may use your personal information to:
- contact you about a concern for your welfare or the welfare of someone else
- provide you with relevant reports, resources and referrals
- provide you with technical support including access information for remotely / digitally provided
- provide your employer (or contracting organisation) with relevant reports, resources and Note that information and reporting identifying individuals is only provided with prior consent. Other reporting (non individual) will be aggregate and anonymised.
- invite you to register for events or training
- measure, review and improve the delivery of our services, including conducting satisfaction surveys
- conduct internal statistical analysis and reporting
- provide anonymised reporting of themes to our client organisations
1.3. When we share it
We may disclose your personal information to third parties which are providing services to us includingin the following circumstances:
- An individual’s GP (with prior consent) for the purposes of providing clinical
- Any other relevant individual or agency where we believe there is a risk to any person’s safety or where required to do so by
- An individual’s employer/contracting organisation (with prior consent) for the purposes of providing a support services, assessments, or
- An individual’s nominated person (with prior consent) for the purposes of assisting with or being informed about their assessment and
- We may also share your information with New Zealand Qualifications Authority and the Tertiary Education Commission when related to training services.
We may share aggregated and anonymised personal information with:
- Our client organisations for the purposes of understanding the wellbeing of their
- Our staff and contractors for the purposes of research, analysis, quality control and program
Our funders such as Ministry of Health, District Health Boards, ACC, or other government and non-government agencies to provide non-identifying data for purposes of reporting that they may use for census, funding and service demand/quality reporting.
2. General Engagement
This section explains how we collect, use and share personal information when we are engaging with the public and with organisations, including managing our enquiries function, delivering e-learning services, and otherwise engaging with the community through our website or communications activities (such as events, surveys, and newsletters ).
2.1. The personal information we collect about you
Effectively engaging with the public requires us to collect and use some personal information. However, we only collect the personal information you choose to give us (for example, you decide how much detail to provide
us as background to an enquiry), and you can opt out of our communications activities, such as receiving our newsletter, at any time.
The information we may collect when you engage with us includes:
- your name (if you choose to provide it)
- your contact details, including your address, email address or phone number
- your organisation and role
- the content of your enquiry
- any questions or comments you submit via our website or social media
- details of any events you have registered for, including dietary or other specific requirements
- your responses to surveys or focus group discussions (usually these will be captured in a de-identified form)
- your e-learning results
- information about your use of our website (explained further below)
Where your browser settings permit, we collect the following information about your use of our website (though please note we make no efforts to associate this with your identity):
- your IP address
- the search terms you used
- the pages you accessed on our website and the links you clicked on
- the date and time you visited the site
- the referring site or medium (if any) through which you clicked to our website
- your operating system (such as Windows 10)
- the type of web browser you use (such as Mozilla Firefox)
- your usage location and type of device/operating system
- and other anonymised information provided through Google Analytics and other website analytics platforms
2.2. Links to social networking services
We use social networking services such as LinkedIn and YouTube to communicate with the public about our work. When you communicate with us using these services, the social networking service may collect your personal information for its own purposes.
These services may track your use of our website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using our site, their tracking will be associated with your profile with them.
These services have their own privacy statements which are independent of ours. They do not have any access to the personal information we hold on our systems.
Unless expressly stated otherwise, these websites or social networking services have not been developed by and are not controlled by us. We do not check, endorse, approve or agree with the privacy practices of the third-party websites or services. We encourage you to be aware when you are not using our website and to read the privacy statements of each and every third-party website you visit.
2.3. What we do with your personal information
2.3.1. How we use it
We will only use the personal information you provide to us for the purposes of delivering the services you have requested (such as registering you for an event, responding to an enquiry or sending you our newsletter).
We may use your personal information to:
- contact you about your request, query or registration
- let you know about new services you may be interested in
- send follow-up information to people attending our events
- consider and respond to your enquiry
- improve our website and the delivery of our online services
- conduct internal statistical analysis and reporting
- any other specific purpose that we notify you of at the time your personal information is collected, or which may be authorised by you
2.3.2.When we share it
We may share your personal information, if necessary, to appropriately respond to your enquiry. We may also share your personal information with third parties which are providing services to us. .
We may share personal information with the Police or another government agency, if required by law (for example to assist with the investigation of a criminal offence), to report significant misconduct or breach of duty, or where there is a serious threat to health or safety. If our staff are threatened or abused, we may refer this to the Police.
2.4. Third Party Providers
We use some third-party providers to manage some of our processes and services, such as newsletters, events registration, video conferencing and e-learning. Where we do this, any personal information you provide (such as your email address) may also be collected and stored by this provider and you should also check their privacy statements when using those services. We take steps to ensure that any providers we use can protect the personal information they process for us.
3. Storage and security
3.1. Storage and retention
We use third party providers to store and process our data.
We store most of the personal information we collect and generate electronically on for our email and other office productivity applications. Wellbeing Assessment data is collected and hosted at Amazon web services and email delivery for the Wellbeing Assessment uses Amazon SES. This means that the personal information we hold may be transferred to, or accessed from, countries other than New Zealand. .
We also use Microsoft Teams and you can view their privacy statement here.
We retain personal information in compliance with the requirements of the Public Records Act 2005.
We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse, including meeting the requirements prescribed by the New Zealand government for the secure handling, storage and disposal of any protectively marked or security classified information.
We endeavour to ensure that our third-party data processors can meet our privacy and security requirements (as above). We are satisfied, for example, that Microsoft has adequate security and privacy safeguards in place to protect information it holds on our behalf. You can read more about Microsoft’s privacy and security practices at www.microsoft.com/en-us/ trustcenter.
4. Your privacy rights and how to contact us
The Privacy Act 2020 gives you rights to request access to and correction of the personal information we hold about you. You can take steps to control the ways we use your information (such as opting out of receiving newsletters). You can also submit a complaint to us at any time if you think we have misused your personal information.
To exercise any of these rights, including the right to complain about our privacy practices, please contact us by:
- emailing us at [email protected]
- writing to us at PO Box 106 339, Auckland 1143, New Zealand
Please remember that you can make an information request to us in any form.
4.1. Requesting access to or correction of your information
You have the right to request a copy of the personal information we hold about you (subject to the provisions of the Privacy Act 2020). We will process your request as soon as possible, and no later than 20 working days after we receive it. We will be as open as we can with you.
You also have the right to ask us to correct your personal information. If you request a correction to your personal information and we agree that your personal information needs correcting, an amended record of your personal information will be provided back to you. If we do not agree to your request for a correction, you may request that we take reasonable steps to attach to the information a statement of correction sought but not made.
4.2. Opting out of certain uses of your information
4.2.1. Engagement information
You can opt out of receiving our newsletter or being included on any other subscription list or news feed by following the unsubscribe link at the end of the email or contacting us.
You can opt out of our cookies when you use our website by changing your browser security settings.
5. Complaints regarding our privacy practices
We want to know if you have concerns about our privacy practices, as this allows us to review our systems and processes to help us identify where improvements can be made.
In the first instance, let us know about your concerns and we will try our best to resolve them by emailing [email protected]
If you are not happy with our response, or you’d like to escalate your complaint to the Privacy Commissioner, then you can visit their website for more information.