1. Privacy Policy

Healthpoint Limited (NZBN 9429035586425) (Healthpoint, we, our, us) and its associated entities are committed to complying with the Privacy Laws in which it undertakes business.

This Privacy Policy sets out the way in which Healthpoint collects, uses, stores and discloses the Personal Information of its customers and the Personal Information of End Users as processed through our customer installations of our software.

This Privacy Policy may be updated from time to time. If practical, we will endeavour to notify End Users of any updates to this policy (eg through push notifications within our website or software products, or via email).

2. What is personal information?

Privacy Laws define personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not (Personal information).

Personal Information includes sensitive information, which is defined under the Privacy Act as  information or an opinion about a person’s race, ethnic origin, political opinions, membership of political associations and trade associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health information, genetic information about an individual that is not otherwise health information, biometric information that is used for the purpose of automated biometric verification or biometric identification and biometric templates.

3. Types of personal information we collect

The particular types of Personal Information that we collect will depend on the nature of our relationship with you, such as whether you have a general enquiry, are a customer, business partner, apply for a career opportunity with us, or if you are an End User of our customer’s software.

We collect various types of personal information, including:

(a) name, job title and organisation;

(b) email address and other contact details, including mailing address and telephone number;

(c) login credentials;

(d) information about your use of services, including interactions and device identifiers (e.g. IP address), which helps improve our service or personalise your experience; and

(e) if you are applying for a career opportunity with us: government identifiers (eg tax file number, driver’s licence information), education and employment history, and if relevant for the role to which you are applying, background check information, and health information.

4. How do we collect personal information?

We collect your personal information from:

(a) you directly, for example when you create an account on our products or services, or submit a query through our website;

(b) content provided through, or uploaded to, our software products and services by you or End Users of the products or services;

(c) our suppliers, contractors, related entities, related bodies corporate or associated entities; and

(d) from public records or other publicly accessible sources.

(e) indirectly, through Te Whatu Ora’s Health Provider Index, or any other third party source, to the extent your personal data is publicly available

Unless it is impracticable, we will provide you with the source of your personal information if requested. Not though that we cannot always control where your Personal Information is stored in ‘free text’ fields within our Software.

5. Anonymity and pseudo-anonymity

Due to the nature of our products and services, it is not practical for us to interact or communicate with you on an anonymous basis or using a pseudonym. We require your personal information in order to provide our products and services, or respond to any questions, concerns or inquiries.

6. Purpose of collecting personal information

6.1 General

We collect, use and hold Personal Information for the following purposes:

(a) to enable you or End Users to register to, and use, our website, software products or other products and services;
(b) to take and process payments;
(c) to carry out statistical analysis and improve or personalise our products and services;
(d) to respond to requests and inquiries;
(e) to comply with a law, regulation, court order or other legal process;
(f) to investigate or report suspected unlawful activity; and
(g) to protect, enforce or defend our rights.

We will not use sensitive information for direct marketing purposes.

6.2 Direct marketing

If you have provided your consent to receive direct marketing communications or it is otherwise within your reasonable expectation that we send you direct marketing communications in light of your interactions with us, we may use your personal information (but never your sensitive information) to provide you with information about our products or services that we believe may be of interest to you (including any newsletters, updates, offers, promotions or other benefits) via email, post, telephone or other direct contact methods. Note that this is specific to direct marketing from us and does not extend to anything conducted by our customers.

If you no longer wish to receive any marketing communications or material from us, or do not want your information used or disclosed for direct marketing purposes, you may opt out by contacting our Privacy Officer using the details below.

6.3 Job application

If you have applied for a job with us, we collect and process your personal information to assess your suitability for the role, including verification of your identity, qualifications, certifications, entitlement to work), and to conduct background or criminal history checks.

7. Who do we share your personal information with?

We may share or disclose your personal information to:
(a) our related entities and bodies corporate, and associated entities who provide corporate administration and oversight;

(b) our service providers and partners who assist us to deliver or support our software or services, such as IT or storage service providers, marketing service providers, membership service providers, or direct debit service providers;

(c) our professional advisers, eg lawyers and accountants;

(d) law enforcement officers, regulators, courts and government agencies, if permitted or required:
(i) by law, regulation, court order or other legal process;
(ii) to assist in the prevention or detection of crime;
(iii) to improve the safety of our website or software products;
(iv) in order to protect our or any user’s rights; or
(v) to prevent a threat to any person’s life, health or safety; and
(e) any purchaser or prospective purchaser of our business, including in thecase of bankruptcy, a merger, acquisition, reorganisation, sale of assets or assignments, or due diligence in respect of any such transactions.

8. Overseas disclosure of personal information

As we are part of a global organisation, we may disclose personal information to our related entities and bodies corporate, associated entities and service providers that are located outside of New Zealand, including Canada, the United States, Australia, South Africa, Malaysia and the European Union.

By submitting your personal information to us, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of New Zealand. In providing this consent, you understand and acknowledge that:
countries outside of New Zealand do not always have the same privacy protection obligations as New Zealand in relation to personal information.

However, we take reasonable steps to ensure that any third parties based outside Australia to whom we disclose your personal information, uses and holds your personal information in a secure manner.

If you do not agree to the disclosure of your Personal Information outside Australia, do not submit personal information to us.

9. Third-party websites

Our website or Software may include links to other websites, applications, payment pages, portals or services operated by third parties. This privacy policy does not apply to the data processed by such third-party websites or services, and we have no control over the actions of those third parties in respect of your personal information.

10. Cookies

When you use our website or Software, we may use “cookies”, traffic measurement software or other similar technologies to personalise or improve your user experience, including:
(a) Functionality. These cookies allow us to recognise you when you access our website or Software, and remember your selected preference.
(b) Analytics and customisation. These cookies help us understand how you use our website or Software, how effective our marketing campaigns are, or to help us customise our website or Software for you.
(c) Advertising. These cookies allow us to collect information about your activities on our website or Software (including the content you viewed and links you clicked), so we can present advertisements based on your activities.
In using cookies, we may collect data including:
(d) your username;
(e) IP address;
(f) device information;
(g) your Personal Data;

If you do not want your information to be collected through the use of cookies or traffic measurement software, your device and/or browser may enable you to delete or “turn off” cookies or some of the measurement software features. However, some or all parts of our Software or website may not function properly if these features are disabled. For instance, our use of Google Analytics for website performance will not function unless you enable cookies.

We use Google Analytics website measurement software and systems to assist in tracking traffic patterns to and from our Website, aggregating anonymous information about visits to our Website, and randomly and anonymously surveying users of our Website. The system is used to collect information on our network such as the number of page views, the number of unique visitors, how long these visitors spend on the Website when they do visit, and common entry and exit points into and from the Website. Random anonymous surveys are also used to collect further information about you. This non-personal information is aggregated using Google Analytics and then used by us in our analysis of the Website and. The Google Analytics data is also accessible by media organisations and research companies for the purpose of conducting industry comparisons with other websites. All our pages are coded with a small piece of Google Analytics code that is transparent to you when you read that page. The software stores a cookie in your browser (if you have enabled cookies) which contains a unique identifier to allow us to track the number of unique visitors to the Website. This information is collected and aggregated by Google Analytics and in no way can you be identified personally and no personal information is stored about you. For details of Google Analytics’ privacy policy, click here.

11. De-identified data

We may use de-identified and aggregated forms of information for any purpose, including without limitation, statistical analysis, product or service development or any other commercial purpose. We take reasonable steps to remove or deidentify your personal information so that this data cannot be associated to you.

12. Data retention

We will store your personal information for so long as is required to provide you with our products and services or some other purpose for which your information was collected, as set out in this privacy policy.

When we no longer require your personal information to carry out any such purpose or if required by law, we will remove or de-identify your personal information as soon as reasonably possible.

However, we may retain your personal information for another period to comply with any applicable law, for the prevention of fraud, to resolve disputes or for other legitimate purposes.

13. Data security

We take commercially reasonable steps to implement and maintain technical and organisational measures to protect your personal information (such as, data encryption and pseudonymisation measures) in our custody or control.

However, data transfers made over the Internet are never 100% secure and if you send us any information, you acknowledge this is done at your own risk.

14. Access and correction

You may request access to your personal information or correct any inaccurate or out of date information by contacting us using the below details.
No fees apply to making a request for access or correction of your personal information. Before we grant you access to, or correct, your personal information, we will need to confirm your identity.

We may refuse your request to access or correct your personal information for legitimate reasons, including if we believe that granting you access will endanger the life, health or safety of any person, would adversely impact the privacy of other individuals, that the request is frivolous or vexatious, or if your personal information is part of ongoing or pending legal proceedings between you and Healthpoint.

15. GDPR compliance

15.1 Application to European Union or United Kingdom residents

If you are a resident of the European Union or United Kingdom, we are required to comply with the GDPR. In addition to the other sections of this Privacy Policy, this section 16 applies to our processing of your Personal Data.

For avoidance of doubt, where this section 16 applies, any reference to personal information in this Privacy Policy is a reference to Personal Data. This section will not apply if you reside outside the European Union or United Kingdom (as applicable).

15.2 Definitions

In this section 16:
“GDPR” means:
(a) when used in the context of United Kingdom residents, means the UK General Data Protection Regulation as implemented by the Data Protection Act 2018 (UK); and
(b) when used in the context of European Union residents, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

The terms “Controller“, “Data Subject“, “Personal Data“, “Processing“, and “Supervisory Authority” have the meaning given to those respective terms under the GDPR, and their corresponding terms will be construed accordingly.

15.3 Your rights as a Data Subject

As a Data Subject, you have the following additional rights:

(a) Access. You may request access to any Personal Data we hold about you and information regarding our Processing of your Personal Data (including the purpose of processing, data retention period, and categories of data involved).

(b) Rectification. You may ask us to correct or update any of the Personal Data we hold about you.

(c) Erasure. You may request for the deletion of your Personal Data if we no longer require your data for the purpose for which it was collected, or if you withdraw your consent to Processing of your Personal Data and we have Processed your Personal Data without legitimate grounds.

(d) Restriction. You may ask us to restrict the processing of your Personal Data, if:
(i) you are contesting the accuracy of the Personal Data and you enable the Controller to verify the accuracy of your data;
(ii) the Processing of your Personal Data is unlawful and you oppose the erasure of your data, but request a restriction instead;
(iii) the Controller no longer needs to process the Personal Data, but you require the Personal Data for legal proceedings; or
(iv) you have objected to Processing pursuant to Article 21(1) of the GDPR;

(e) Objection. You may object to our Processing of your Personal Data under certain conditions.

(f) Data Portability. You may request for us to:
(i) provide you your Personal Data in a machine-readable format; or
(ii) transfer any Personal Data we hold about you to you or a nominated third party.

15.4 How to exercise your Data Subject rights
If you wish to exercise any of your Data Subject Rights, please contact us using the details set out at section 16 below.

15.5 Complaints to a Supervisory Authority
If you have any concerns or complaints regarding our Processing of your Personal Data or the exercising of your Data Subject rights, you may contact a Supervisory Authority.

16. Complaints

Privacy Act: Under the New Zealand Privacy Act 2020, you have rights of access to and correction of personal information that we hold. For information about this Act and how it protects the personal information of individuals in New Zealand, click here.

You should contact us if:
(a) someone has gained unauthorised access to your Personal Information that is stored in our business systems, website or Software;
(b) you believe we have breached our privacy obligations (including under the Privacy Act) or your privacy rights in any way; or
(c) you wish to discuss any issues regarding our privacy policy or information handling processes.

You may contact us at:

Address:

Attn: Privacy Officer
Jonas Software AUS Pty Ltd (ACN 141 653 054)
Level 13, 348 Edward Street,
Brisbane City QLD 4000

Email: privacy@jonassoftware.com.au

If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Privacy Commissioner:

Office of the Privacy Commissioner, PO Box 10-094, Wellington 6143, New Zealand
Phone: +64 4 474 7590
Enquiries Line: 0800 803 909
Email: enquiries@privacy.org.nz