Privacy Policy

Introduction

Welcome to Health Screening NZ. This Privacy Policy outlines how we collect, use, and protect your personal information when you visit or schedule an appointment through or our Customer’s websites with links to Health Screening Websites or related platforms (the “Website”) or use our cardiovascular health screening services that utilise the CardiAction product.

Health Screening NZ Ltd NZBN 9429048682619 (“HSNZ”, “we”, “us” or “our”) is committed to safeguarding your personal information in compliance with both the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 (Cth). This policy explains how your information is collected, processed, and stored, including any personal health information processed using the CardiAction platform. By using our services or Website, you agree to the collection and use of your personal information as outlined in this policy.

 

Personal Information We Collect

We collect personal information in the following contexts:

  • Contact Information: Name, email address, phone number, and address.

  • Health Screening Information: Cardiovascular health data, results from the CardiAction screening, and any other health-related information you provide.

  • Device and Browser Information: Information about your web browser, IP address, time zone, and cookies that track your interactions with our Website.

We only collect the personal information necessary to provide our services and to comply with legal obligations. Sensitive health data is collected and processed only with your explicit consent.

 

How We Collect Personal Information

We collect your personal information through the following means:

  • When you book an appointment or use our screening services.

  • When you provide health information during the screening process.

  • Through cookies and tracking technologies on our Website.

 

Use of the CardiAction Product

As part of our cardiovascular screening services, we use the CardiAction product provided by 3P Healthcare Pty Ltd (an Australian company). When you undergo a CardiAction screening, the health data collected (e.g., biometrics and cardiovascular risk assessments) is securely transmitted and stored on the CardiAction platform, which is hosted by Amazon Web Services (AWS) in Australia. AWS adheres to robust security measures to protect your data. The information stored may include health data and personal information relevant to your cardiovascular screening.

Health Screening NZ is the data controller for all personal information collected during the provision of our services, and 3P Healthcare Pty Ltd acts as a data processor for health data stored on the CardiAction platform. Both entities adhere to stringent security protocols to protect your data.

 

Purpose of Collecting Personal Information

We use the personal information we collect for the following purposes:

  • To provide you with health screening services, including using the CardiAction platform to assess cardiovascular risk.

  • To communicate with you about upcoming appointments, results, and account-related matters.

  • To comply with legal and regulatory requirements under New Zealand and Australian law.

  • To improve the security, functionality, and performance of our Website and services.

You may withdraw your consent for us to process your personal information at any time. However, this may affect our ability to provide you with certain services.

 

Cross-Border Data Transfers

As your personal health information is stored in Australia through the CardiAction platform, it is subject to both New Zealand and Australian privacy regulations. By using our services, you explicitly consent to the transfer of your data to Australia for storage and processing on secure AWS servers. AWS complies with stringent data protection standards, ensuring your information is handled securely and in accordance with privacy laws.

Any cross-border transfer of your personal data between New Zealand and Australia is conducted in compliance with international privacy standards and laws, ensuring equivalent levels of protection in both jurisdictions.

 

Cookies and Tracking Technologies

We use cookies and similar technologies to improve functionality, provide analytics, and enhance user experience. Cookies are small text files that are stored on your device when you visit our Website. We may use both functional cookies (necessary for the site to function properly) and analytics cookies (to track user behaviour).

You can manage cookies through your browser settings. For further details on our use of cookies, please visit our Cookies Policy.

 

Payment Information

Health Screening NZ does not collect or store credit card or other payment details via the Website. All appointment fees are processed at the time of service using a compliant point-of-sale (POS) device. These transactions are securely handled through external payment systems, which are fully compliant with New Zealand payment standards.

 

Sharing Your Personal Information

We share your personal information with third parties where necessary to provide our services, including:

  • 3P Healthcare Pty Ltd: Personal health data is processed and stored via the CardiAction platform in Australia to deliver cardiovascular screening results.

  • Website and Hosting Providers: We use Squarespace to host our Website and AWS for cloud data storage.

  • Analytics Providers: We use Google Analytics to gather insights about Website usage. You can learn more about how Google uses your data by reviewing their privacy policy. You can opt out of Google Analytics here.

We may integrate with services like Facebook for marketing and advertising purposes. You can learn more about Facebook’s data handling practices by reviewing its privacy policy.

For more information on how third-party services handle your data, please refer to their respective privacy policies:

•                     Amazon AWS Privacy Policy

•                     Google Analytics Privacy Policy

•                     Facebook Privacy Policy

We may also disclose your information to comply with legal obligations, such as court orders or regulatory requests, or to protect our rights and interests.

 

Marketing and Analytics

We may use your personal information for marketing purposes, in line with your preferences, to keep you informed about new services or promotions. You may opt out of receiving marketing communications at any time by following the unsubscribe link in emails or by contacting us directly.

 

Your Rights

If you are a New Zealand or Australian resident, you have the following rights:

  • Access: You can request access to the personal information we hold about you.

  • Correction: You can request corrections if your personal information is inaccurate or incomplete.

  • Deletion: You can request that we delete your personal information, subject to legal obligations.

  • Cross-Border Data: You have the right to request information about how your data is handled in cross-border transfers, including the storage and security measures in place when your data is transferred to the CardiAction platform in Australia.

To exercise any of these rights, please contact us at the details below.

 

Data Security

We take the protection of your personal information seriously and implement appropriate technical and organizational measures to secure it. All personal and health data is encrypted in transit and at rest using industry-standard encryption methods to protect your information. However, please note that no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

 

Data Breach Procedures

In the unlikely event of a data breach involving your personal information, we will take immediate steps to mitigate the breach, notify affected individuals as soon as possible, and report the breach to relevant authorities in accordance with New Zealand and Australian data protection laws.

 

Data Retention

We will retain your personal information only for as long as necessary to provide you with services, comply with legal obligations, or resolve disputes. Health information collected during the screening process will be retained for a period of 7 years in accordance with medical record-keeping requirements under New Zealand law. After this period, it will be securely deleted or anonymized. If you wish to have your personal information deleted, please contact us using the details below.

 

Children’s Privacy

Our services are intended for individuals 18 years and older. If we become aware that personal information has been collected from individuals under the age of 18 without parental consent, we will delete that information.

 

Automated Decision-Making

Some aspects of our cardiovascular screening service may involve automated decision-making. We ensure that any such decisions are based on accurate data and are overseen by qualified health professionals where applicable.

 

Complaints and Further Information

If you believe your privacy rights have been violated, you can file a complaint with the New Zealand Privacy Commissioner by visiting www.privacy.org.nz or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. We encourage you to contact us first to resolve any concerns.

 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. Any updates will be posted on our Website, and the latest version will be dated accordingly.

 

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

 

Health Screening NZ

Email: info@healthscreening.nz

Last updated: October 2024