Privacy Policy

Introduction

We are committed to respecting your privacy and ensuring the security of any personal information you provide to us.

Unless we expressly agree otherwise, any personal information you provide to us, whether via this website or otherwise, will be processed by us in accordance with this policy and all applicable privacy laws, including the Privacy Act 2020 (NZ) (Privacy Act) and the Health Information Privacy Code 2020 (the “Code”).

Under the Privacy Act you have certain rights in connection with your personal information, including rights to request access to, and correction of, your personal information. If you wish to exercise any of the rights described below, please contact us.

If you are unsatisfied with the handling of your request, you may contact the Office of Privacy Commissioner for review of our handling of your request.

This policy explains:

·        when we might collect personal information from you and how we might collect that information;

·        how we may use your personal information;

·        how we will store your personal information;

·        our use of cookies and analytics tools in connection with our website;

·        your rights to request access to and correction of your personal information; and

·        how you can contact us if you have any other questions regarding our processing of your personal information.

In this policy:

·        applicable privacy laws means the Privacy Act and the Code, together with all other data privacy laws applicable to our processing of your personal information;

·        personal information means identifiable information about you, for example your name, email, address, telephone number, medical records, patient history and so on. If you cannot be identified (for example, when personal information has been aggregated and anonymised) then certain parts of this policy may not apply to that information; and

·        where we refer to processing your personal information, we mean all activities relating to our use of that personal information, from its collection through to its storage and disposal and everything in between.

In this policy, we, us, and our, refer to the Invercargill Skin Centre Limited. For more information about us please contact us directly.

We encourage you to read this policy carefully. If you have any questions, please contact us using the details set out at the bottom of this policy.

When and how we may collect your personal information

The ways we may collect your personal information can be categorised into:

·        Information you provide us directly.

·        Information we collect from third parties.

Information you provide to us directly

The information you may provide to us may include:

·        data allowing us to get in touch with you (contact data). This contact data may include your name, email address, telephone number, postal address, and/or communication preferences.

·        information contained in or relating to any communication that you send to us or that we send to you (communication data). The communication data may include the communication content and metadata associated with the communication.

·        website user account data (account data). This account data may include your name, email address, account creation and modification dates, website settings and marketing preferences.

·        data about your use of our website and services (usage data).

·        data about your treatments received, allergies, diagnoses or any other information in relation to your health or medical history (health data).

If you choose not to provide us with your personal information, then we may be unable to provide you with access to some services or prevent us from performing services in whole or in part and provide us with the right to suspend or cease our services at our sole discretion.

Information collected from, or disclosed to, third parties

We may collect personal information about you from third parties with your consent or where otherwise permitted by law (for example, where the source of the information is publicly available).

In accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020, you consent to the Clinic collecting, storing and using your personal and health information for:

·         Assessment, diagnosis, treatment, and ongoing management of health conditions;

·         Monitoring, responding to and/or keeping records of our e–mail communications and other correspondence with you;

·         Administrative, billing, and operational functions; and

·         Communication with other healthcare providers such as general practitioners, specialists, or laboratories to ensure continuity of care.

We will take all reasonable measures to maintain confidentiality and protect against unauthorised access or disclosure in compliance with the applicable privacy laws.

Where you provide us with any personal information about a third party, you must have that third party's consent to do so. By providing us any third party personal information, you warrant that you have that third party's permission to provide that information to us.

How we use your personal information

We will primarily use your personal information to provide you with any services you have requested and to support our relationship with you. We collect, store and use your personal and health information in accordance with the applicable privacy laws for the following purposes:

(a)  Assessment, diagnosis, treatment and ongoing management of health conditions;

(b)  Monitoring, responding to and/or keeping records of our e–mail communications and other correspondence with you;

(c)  Administrative, billing, and operational functions; and

(d)  Communication with other healthcare providers such as general practitioners, specialists, or laboratories to ensure continuity of care.

We may also use your personal information for:

·        communications – to monitor, respond to and/or keep records of our e–mail communications and other correspondence with you;

·        transactions – to provide our services, provide you with information in respect of our services, generate invoices and other payment–related documentation;

·        operations – to operate, improve and enhance our services. We may analyse the use of our website or services to ensure our website and services are provided in the most effective manner for you;

·        record keeping and reporting – to create and maintain our databases, back–up copies of our databases and business records generally. We may also use your personal information to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties;

·        security – in order to detect and/or prevent any illegal activity that may threaten us, or any of our services;

·        compliance – in order to comply with any applicable laws and/or regulations or in order to protect your vital interests or the vital interests of another natural person.

How we may share your personal information

Your personal and health information may be securely shared:

·         electronically through encrypted platforms with authorised health professionals or HealthOne (HealthOne’s privacy policy can be viewed at https://healthone.org.nz/assets/HealthOne-Information/Privacy/HealthOne-Privacy-Statement.pdf );

·         to regulators, law enforcement bodies, government agencies, courts or other third parties where it is necessary to comply with any applicable law or regulation, or to exercise, establish or defend our legal rights;

·         where the disclosure is otherwise required by law or in order to protect your vital interests or the vital interests of another natural person; or

·         to any other person you authorise us to release the information to.

The third parties to whom we disclose your personal information may be located within or outside New Zealand. Where any disclosure is to an overseas third party we will only make that disclosure in accordance with the requirements for overseas transfers of personal information as set out in the applicable privacy law.

You may request more information about the safeguards that we have put in place in respect of overseas transfers of your personal information by contacting our privacy officer using the details below.

How do we hold and protect your information?

We will not keep your personal information for longer than is reasonably necessary to fulfil the purposes outlined in this policy. We are committed to keeping your personal information as safe and secure as possible and we follow generally accepted industry standards to protect the personal information submitted to us.

While we continuously implement and update our administrative, technical, and physical security measures to help protect your personal information against unauthorised access, loss, destruction, or alteration, we cannot guarantee the security of the transmission or storage of your personal information.

We aim to take all reasonable measures to maintain the confidentiality of and protect against any unauthorised access or disclosure of your personal or health information held by us in compliance with the applicable privacy laws

Changes to this policy

We may need to update this policy from time to time, including when necessary to reflect changes to our website, updates to our services or to reflect any change in law.

When we update this policy, we will revise the “Last updated” at the top of this policy. Where the changes are material, we will use reasonable endeavours notify you – usually by prominently posting a notice of those changes on our website or by sending you an email.

Contact us

If you have any questions or concerns about this policy or our processing of your personal information, please contact us directly.