Privacy Act and Health Information Privacy Code
How is personal information collected?
What types of personal information do we collect?
Generally, the types of personal information that we collect from or about you depends on the circumstances in which the information is collected. We have described below examples of the types of personal information that may be collected, however this is not an exhaustive list. Information you provide: Service User information: We collect information from you when you create or update your account. The main type of personal information that we collect is your full name, preferred name, gender, nationality, ethnicity, and contact details, including physical and postal address, email addresses, phone numbers, mobile numbers, login name and password. Communications and phone calls: When you communicate with us or other Service Users in relation to the Service, we may collect information about your communication and any other information you provide. This includes when you call or message us, in which case we may retain your call for fraud prevention, internal training and quality assurance purposes. Automatically collected information: Device information: We may collect information about the devices you use to access the Service including the hardware model, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, and mobile network information. Location information: When you use certain features of the Service, we may collect different types of information about your general location or more specific location information (e.g. precise location from your mobile GPS). Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. Statistical information: We may collect non-personal information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies. Third-Party Information: Personal information uploaded and transferred to the Service by Service Users: We collect personal information about persons indirectly when Service Users use the Service, such as when a Service User shares content on the Service that contains: personal information; or personal information of another person. Other information: We may also collect other personal information as otherwise permitted or required by law, as well as any other information that you choose to provide us. We only collect and process personal information that we consider necessary for the effective functioning of the Service and business.
For what purposes do we collect, hold, use and disclose personal information?
We only collect, hold, use and disclose personal information for the purposes for which it was originally collected (and for related purposes which you would reasonably expect), unless required or authorised by or under law or if the individual concerned has consented to another use. Some of the specific purposes for which we collect, hold, use and disclose personal information include to: Create and update your account; Verify your identity; Enable us to correspond with you for reasons related to the Service; Enable communication on the Service between the Care Recipient, the Care Provider, the Representative, and Authorised Users for reasons related to the Service; Enable you to share information with other people; Allow us to effectively operate the Service and our business; Measure the effectiveness of the Service and understand how people use and interact with the Service; Contribute to anonymised and generalised data that we may use for our internal business purposes or that we may provide to third parties (for which we may collect a fee) for statistical and research purposes; Assist the Care Provider with any enquiries that it may have in regard to the Care Recipient, to the extent that this is permitted under the Code; Monitor Service User behaviour for the purpose of preventing breaches of our Terms and Conditions and ensuring the security of the Service; Conduct investigations relating to the Service and make risk assessments; Allow our business and Service to be audited; Advertise and market our business, such as to send you promotional messages, marketing or advertising (unless you opt out); Publish things on our Website; Ensure we comply with our obligations. We will use information to ensure we comply with the law, including disclosures authorised under the Privacy Act 1993, the Code and any other relevant legislation; Resolve disputes with or between any of our Service Users. We will seek your permission before disclosing your contact details to a third party involved in a dispute, unless this is permitted under the Privacy Act 1993 (e.g. we may disclose your information where the other party has sworn a statutory declaration regarding the dispute); and We may also process your personal information for other purposes which are disclosed to you, and to which you consent, whether expressly or by implication by providing us with your personal information with knowledge of how we intend to use it.
Who has access to your personal information?
Disclosure of personal information offshore
Some of the third parties to whom we disclose personal information may be located outside New Zealand. In addition, our cloud storage provider, websites and systems may also be based on servers located outside of New Zealand. If we disclose personal information to third parties based offshore, we will comply with the requirements of the Act that relate to the transfer of personal information offshore.
Storage and Security
How long do we retain your personal information?
We will keep your personal information for as long as it is required for the purposes for which it was collected, taking into consideration our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements. When the personal information that we collect is no longer required or is not required to be retained by law, we destroy, delete or permanently anonymise it (except for any personal information located on an off-site server or which is stored as electronic back-up data that cannot be readily accessed). Under the Health (Retention of Health Information) Regulations 1996, we are required to hold on to health information for a minimum retention period of 10 years from the last date that you enter health information into the Service.
Email and other electronic communications
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007. By using the Service and Website you consent to receiving communications from us or from third parties on our behalf using the contact details you have provided (including, without limitation, via direct mailing, email, SMS, telephone call, and other phone number based messaging) which promote and market our Service from time to time. You can opt out of those communications at any stage by contacting us using the contact details set out below at paragraph 11 or by utilising the "unsubscribe" facility included on all such communications. Once you have unsubscribed from these communications, we will remove you from the corresponding marketing list as soon as is reasonably practicable. If you wish to unsubscribe from marketing material you receive from us, please contact us directly.
Your rights to access and correct personal information
You may obtain confirmation from us as to whether or not we hold personal information about you. You may also request a copy of the personal information and/or request that corrections or changes are made to it. You can make such requests in relation to your personal information by contacting our Privacy Officer using the details set out below. Please quote your name and address and, if possible, provide brief details of what information you want a copy of (this helps us to more readily locate your information). We will provide you with access to your personal information unless we are required or authorised to refuse such access by law. In some cases, there may be a charge associated with retrieving and providing a copy of your personal information to you. If so, we will advise you of this prior to sending your information. All such enquiries should be directed to: Privacy Officer Care Patron Limited C/- Sharp Tudhope Lawyers, 152 Devonport Road, Tauranga, Tauranga, 3110, New Zealand Jamiefrew@carepatron.com 022 466 7868
At all times we will strive to ensure that your personal information is treated confidentially and in accordance with the Act. However, if you have any questions or complaints about the handling of your personal information, please contact our Privacy Officer in the first instance using the contact details set out in paragraph 11 above and we will do our best to assist. If you are still not satisfied, you can make a complaint to the Privacy Commissioner. Further details on how to do this are available on the Privacy Commissioner website at www.privacy.org.nz.
Links to other websites
By accessing and using the Service to upload and transfer other people’s personal information, you agree that you: Will comply with your obligations under the Act and all other applicable privacy laws; Have obtained all consents necessary for us to process the personal information through the Service and that such consent is obtained from the correct person; and Will inform us if any consent in regard to that person is withdrawn. Where the personal information is “health information” for the purposes of the Code and the Care Recipient is unable to consent to the sharing of the information, you warrant that you are that person’s Representative or have the consent of that individuals Representative.
“Act” means the Privacy Act 1993 including any amendments, re-enactments or replacements of that Act. “Authorised User” means a person who has been authorised by a Care Recipient, that Care Recipient’s Representative or Family Administrator to use the Service for the purpose of accessing that Care Recipient’s e-portfolio. “Care Provider” means the entity with whom Care Patron enters into an agreement for the purposes of providing access to the Service to the Care Recipient or any of its employees, contractors or other agents. “Care Recipient” means the person undergoing care with the Care Provider. “Family Administrator” means an Authorised User who has the power to appoint and remove other Authorised Users. “Representative” means the representative of the Care Recipient as the term is defined in the Code. “Service” means the service relating to the aged healthcare e-portfolio accessed through our App and/or Website. “Service User” means the end-user of the Service including (but not limited to) any Care Provider, Care Recipient, Representative or Authorised User. “Website” means the online medium of the domain of “www.carepatron.com”, which operates the business of Care Patron. This term includes website operations performed on “www.carepatron.com”. “App” means the progressive web application accessed on a smart phone, computer, tablet, or any other device capable of running the progressive web application, available for download, which operates the business of Care Patron.