Privacy Policy

Last updated: 11th February 2021
Introduction
Introduction Care Patron Limited (referred to as “Care Patron”, “our”, “us” or "we") is committed to protecting the privacy of the personal information of our current, former and potential Service Users (referred to as “you” and “your”). This privacy policy sets out how we manage your personal information held by us, including how we collect, use, hold, disclose and otherwise process personal information. You will also find information about how to contact us if you have any questions about privacy issues, including how to update or access your personal information or make a complaint. If we are unable to collect sufficient personal information we may not be able to provide you with the full benefit of the Service. By providing us with your personal information, whether in person, over the phone, by email, via the Service, Website or otherwise or by authorising (either directly or indirectly) third parties to provide us with your personal information you are deemed to have read this privacy policy and you are accepting and consenting to the practices described in this privacy policy.

Privacy Act and Health Information Privacy Code
Where we handle health information, we ensure that we comply with all applicable requirements under the Health Information Privacy Code 1994 (“Code”). Nothing in this privacy policy affects your rights under the Code or the Privacy Act. Further information about the Act and how it protects the personal information of individuals in New Zealand is available from the Privacy Commissioner website at www.privacy.org.nz and further information about the Code can be found at https://privacy.org.nz/the-privacy-act-and-codes/codes-of-practice/health-information-privacy-code-1994/.

How is personal information collected?
We collect personal information in two ways: Directly: where we ask for personal information from you, or you otherwise provide personal information to us directly for the effective functioning of the Service and business; and Indirectly: where personal information is published on the Service by you or other Service Users. This information is not accessed or used by us (except for the reasons set out in this privacy policy) and is merely hosted on the Service. Where possible we will collect personal information that we will use for our own business purposes directly from you. However, given the nature of the Service, we will collect personal information in a variety of ways as a result of you using the Service. The most common ways we collect personal information are: information you provide us directly through the Service or through your use of our Website; information about you that is shared by other Service Users; where you are unable to provide health information directly (such as if you are lacking capacity due to illness, incapacity or if compliance would prejudice your interests), your health information may be collected from your Representative; and in certain circumstances we may also collect your personal information from other third parties, including our related entities, service providers, contractors, and agents.

What types of personal information do we collect?
Generally, the types of personal information that we collect from or about you depends on the circumstances in which the information is collected. We have described below examples of the types of personal information that may be collected, however this is not an exhaustive list. Information you provide: Service User information: We collect information from you when you create or update your account. The main type of personal information that we collect is your full name, preferred name, gender, nationality, ethnicity, and contact details, including physical and postal address, email addresses, phone numbers, mobile numbers, login name and password. Communications and phone calls: When you communicate with us or other Service Users in relation to the Service, we may collect information about your communication and any other information you provide. This includes when you call or message us, in which case we may retain your call for fraud prevention, internal training and quality assurance purposes. Automatically collected information: Device information: We may collect information about the devices you use to access the Service including the hardware model, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, and mobile network information. Location information: When you use certain features of the Service, we may collect different types of information about your general location or more specific location information (e.g. precise location from your mobile GPS). Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. Statistical information: We may collect non-personal information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies. Third-Party Information: Personal information uploaded and transferred to the Service by Service Users: We collect personal information about persons indirectly when Service Users use the Service, such as when a Service User shares content on the Service that contains: personal information; or personal information of another person. Other information: We may also collect other personal information as otherwise permitted or required by law, as well as any other information that you choose to provide us. We only collect and process personal information that we consider necessary for the effective functioning of the Service and business.

For what purposes do we collect, hold, use and disclose personal information?
We only collect, hold, use and disclose personal information for the purposes for which it was originally collected (and for related purposes which you would reasonably expect), unless required or authorised by or under law or if the individual concerned has consented to another use. Some of the specific purposes for which we collect, hold, use and disclose personal information include to: Create and update your account; Verify your identity; Enable us to correspond with you for reasons related to the Service; Enable communication on the Service between the Care Recipient, the Care Provider, the Representative, and Authorised Users for reasons related to the Service; Enable you to share information with other people; Allow us to effectively operate the Service and our business; Measure the effectiveness of the Service and understand how people use and interact with the Service; Contribute to anonymised and generalised data that we may use for our internal business purposes or that we may provide to third parties (for which we may collect a fee) for statistical and research purposes; Assist the Care Provider with any enquiries that it may have in regard to the Care Recipient, to the extent that this is permitted under the Code; Monitor Service User behaviour for the purpose of preventing breaches of our Terms and Conditions and ensuring the security of the Service; Conduct investigations relating to the Service and make risk assessments; Allow our business and Service to be audited; Advertise and market our business, such as to send you promotional messages, marketing or advertising (unless you opt out); Publish things on our Website; Ensure we comply with our obligations. We will use information to ensure we comply with the law, including disclosures authorised under the Privacy Act 1993, the Code and any other relevant legislation; Resolve disputes with or between any of our Service Users. We will seek your permission before disclosing your contact details to a third party involved in a dispute, unless this is permitted under the Privacy Act 1993 (e.g. we may disclose your information where the other party has sworn a statutory declaration regarding the dispute); and We may also process your personal information for other purposes which are disclosed to you, and to which you consent, whether expressly or by implication by providing us with your personal information with knowledge of how we intend to use it.

Who has access to your personal information?
We respect the privacy of your personal information and will take all reasonable steps to keep it strictly confidential. However, we may disclose your personal information to third parties if required in connection with the purposes described in this privacy policy. This may include disclosure to the following persons: our employees, officers, contractors, third party service providers, agents, and partners; our related or affiliated companies and their respective employees, officers, contractors, service providers and agents (and our related or affiliated companies may disclose the personal information directly to their contractors, service providers and agents); your respective Care Recipient, Representative, Authorised Users (as at your discretion, or failing that, your Representative’s discretion) and Care Provider (to the extent that this is permitted under the Code), as is applicable; our accountants, insurers, lawyers, auditors and other professional advisors; any other third parties to whom you direct or permit us to disclose your personal information (e.g. third parties with whom we have directly or indirectly arranged services for your benefit); third parties that require the information for law enforcement or to prevent a serious threat to public safety; and as otherwise permitted or required by or under any applicable law. In the event that we sell a part of or the whole of our business, our records of personal information may be transferred to the new business owner or any of its related or affiliated companies (as the case may be). Any recipients of your personal information shall only be entitled to use your personal information as required for the purposes for which it was provided to them, which shall be consistent with the purposes described in this privacy policy. We will take reasonable steps to ensure that any third party to whom we disclose personal information is required to comply with the Act. Your provision of personal information to us (whether directly or indirectly) will constitute your consent for us to disclose this information in accordance with this privacy policy.

Disclosure of personal information offshore
Some of the third parties to whom we disclose personal information may be located outside New Zealand. In addition, our cloud storage provider, websites and systems may also be based on servers located outside of New Zealand. If we disclose personal information to third parties based offshore, we will comply with the requirements of the Act that relate to the transfer of personal information offshore.

Cookies
Our Service and Website use a technology called cookies to record the preferences of visitors and enable us to optimise the design of our website. A "cookie" is a small data element that a website transfers to your computer for record keeping and experience customisation purposes. The length of time that a user’s computer stores cookies is determined by the user’s browser settings. The use of "cookies" is an industry standard and helps show us how the Service is used. During normal usage the Service and Website "cookies" do not store your email address or other personal information about you unless you have given your consent, or if it is essential for technical reasons. We use this technology to generate statistics and measure website activity to improve the usefulness of the Service. Each time you access the Service or Website, our server may deliver certain customised information (such as advertisements) to you based on the data stored in your cookie. Third party vendors may utilise cookies to collect information about the content you view on the Service and/or Website and use that information to show our advertisements on websites and/or serve these advertisements based on your prior use of the Service or visits to our Website and other internet activity. We may also use analytics data supplied by third party vendors to inform and optimise our ad campaigns. Some of the tags that are used on the Service and Website include, but are not limited to, container tags (such as Google tag manager), which include retargeting tags and analytics tags. These tags provide us with aggregated knowledge and information on website behaviour and user preferences. By using the Service and Website you consent to the use and storage of cookies on your end device. You can also use the Service and Website without cookies. If you do not wish to receive any cookies you may set your browser to refuse cookies. Not all features of the Service and Website may be available if you do not enable cookies. We recommend you enable cookies in order to enjoy the Service.

Storage and Security
Any personal information that falls within the scope of this privacy policy is collected and held by Care Patron Limited or trusted third parties we may engage to store information on our behalf (such as cloud hosting service providers). We will take reasonable steps to protect your personal information from misuse, interference, corruption, loss or unauthorised access, modification or disclosure, including through physical, electronic and procedural safeguards. For example, we only use cloud storage providers that represent to us that they are compliant with the United States’ Health Insurance Portability and Accountability Act (HIPAA), an internationally recognized standard of protecting health information. However, to the extent permitted by law, we will not be responsible for and exclude all liability arising in relation to any misuse, interference, corruption, loss or unauthorised access, modification or disclosure of your personal information. If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. You should notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information. If we become aware of any breach involving your personal information we will comply with the requirements of the Act relating to the reporting of privacy breaches.

How long do we retain your personal information?
We will keep your personal information for as long as it is required for the purposes for which it was collected, taking into consideration our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements. When the personal information that we collect is no longer required or is not required to be retained by law, we destroy, delete or permanently anonymise it (except for any personal information located on an off-site server or which is stored as electronic back-up data that cannot be readily accessed). Under the Health (Retention of Health Information) Regulations 1996, we are required to hold on to health information for a minimum retention period of 10 years from the last date that you enter health information into the Service.

Email and other electronic communications
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007. By using the Service and Website you consent to receiving communications from us or from third parties on our behalf using the contact details you have provided (including, without limitation, via direct mailing, email, SMS, telephone call, and other phone number based messaging) which promote and market our Service from time to time. You can opt out of those communications at any stage by contacting us using the contact details set out below at paragraph 11 or by utilising the "unsubscribe" facility included on all such communications. Once you have unsubscribed from these communications, we will remove you from the corresponding marketing list as soon as is reasonably practicable. If you wish to unsubscribe from marketing material you receive from us, please contact us directly.

Your rights to access and correct personal information
You may obtain confirmation from us as to whether or not we hold personal information about you. You may also request a copy of the personal information and/or request that corrections or changes are made to it. You can make such requests in relation to your personal information by contacting our Privacy Officer using the details set out below. Please quote your name and address and, if possible, provide brief details of what information you want a copy of (this helps us to more readily locate your information). We will provide you with access to your personal information unless we are required or authorised to refuse such access by law. In some cases, there may be a charge associated with retrieving and providing a copy of your personal information to you. If so, we will advise you of this prior to sending your information. All such enquiries should be directed to: Privacy Officer Care Patron Limited C/- Sharp Tudhope Lawyers, 152 Devonport Road, Tauranga, Tauranga, 3110, New Zealand Jamiefrew@carepatron.com 022 466 7868

Complaints
At all times we will strive to ensure that your personal information is treated confidentially and in accordance with the Act. However, if you have any questions or complaints about the handling of your personal information, please contact our Privacy Officer in the first instance using the contact details set out in paragraph 11 above and we will do our best to assist. If you are still not satisfied, you can make a complaint to the Privacy Commissioner. Further details on how to do this are available on the Privacy Commissioner website at www.privacy.org.nz.

Links to other websites
Our Website may contain links to other sites and plugins that are owned or operated by third parties and which are therefore not under our control, including the websites and plugins of our third party service providers. We take no responsibility for linked websites or plugins and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness. Your disclosure of personal information to or in connection with third party websites and plugins is at your own risk. This privacy policy applies solely to our collection of personal information and not personal information collected by us.

Changes to this privacy policy
We reserve the right to amend this privacy policy from time to time by posting an updated privacy policy here on our Website. We will collect, use, hold and disclose your personal information in accordance with our most recently updated version of the privacy policy. We recommend that you regularly review this privacy policy when you visit our Website. If you do not agree with any aspect of the updated privacy policy, you must promptly notify us and you may be required to cease using our Service and Website. This privacy policy was last updated in October 2019.

Your responsibilities
By accessing and using the Service to upload and transfer other people’s personal information, you agree that you: Will comply with your obligations under the Act and all other applicable privacy laws; Have obtained all consents necessary for us to process the personal information through the Service and that such consent is obtained from the correct person; and Will inform us if any consent in regard to that person is withdrawn. Where the personal information is “health information” for the purposes of the Code and the Care Recipient is unable to consent to the sharing of the information, you warrant that you are that person’s Representative or have the consent of that individuals Representative.

Definitions
“Act” means the Privacy Act 1993 including any amendments, re-enactments or replacements of that Act. “Authorised User” means a person who has been authorised by a Care Recipient, that Care Recipient’s Representative or Family Administrator to use the Service for the purpose of accessing that Care Recipient’s e-portfolio. “Care Provider” means the entity with whom Care Patron enters into an agreement for the purposes of providing access to the Service to the Care Recipient or any of its employees, contractors or other agents. “Care Recipient” means the person undergoing care with the Care Provider. “Family Administrator” means an Authorised User who has the power to appoint and remove other Authorised Users. “Representative” means the representative of the Care Recipient as the term is defined in the Code. “Service” means the service relating to the aged healthcare e-portfolio accessed through our App and/or Website. “Service User” means the end-user of the Service including (but not limited to) any Care Provider, Care Recipient, Representative or Authorised User. “Website” means the online medium of the domain of “www.carepatron.com”, which operates the business of Care Patron. This term includes website operations performed on “www.carepatron.com”. “App” means the progressive web application accessed on a smart phone, computer, tablet, or any other device capable of running the progressive web application, available for download, which operates the business of Care Patron.