Health Navigator Charitable Trust Privacy Policy

Your privacy is important to us. Our new privacy policy is designed to help you understand what information we collect and how we use, disclose, transfer, store and safeguard that information. It will also assist you in making informed decisions when using our web services.

We understand that protecting your privacy is essential to building a trusting relationship with you, and we're committed to doing the right thing with the information you entrust us with. By accessing this privacy policy and our web services, you accept our privacy policy and terms and conditions, and you consent to our collection, storage, use and disclosure of your personal information as described in this privacy policy.

Web privacy policy protection officer

Our data protection officer is the Health Navigator website manager, Susie Hill, susie@healthnavigator.org.nz

Definitions

For the purposes of this agreement, “privacy policy” refers to Health Navigator Charitable Trusts’ digital privacy policy.

“Service” refers to Health Navigator Charitable Trusts’ web services, in which users can visit and use the Health Navigator website, give online feedback via the website, follow our social media channels, and sign up to and receive our electronic newsletters.

The terms “we,” “us,” and “our” refer to the Health Navigator Charitable Trust. “You” refers to you, as a user of our privacy policy or our web service.

Purpose of and legal basis for collecting information

Health Navigator Charitable Trust operates this web privacy policy as directed by the Privacy Act 1993, the Health Information Privacy Code 1994, and the European General Data Protection Regulation (GDPR). The Privacy Act 1993 regulates us as to how we collect, use, hold, disclose, access, correct, manage and dispose of your personal information. For more information: Office of the Privacy Commissioner website.

Information we collect and how we collect it

When you use our site and services, we use various technologies to collect information indirectly – such as your IP address. This enables the investigation of issues such as service availability and malicious use. This information is kept in our internet access logs. We also collect some personal information directly, eg, when you actively submit details.

What we collect

Personal information
Includes your first name, last name, email address, postcode, and other personal information you provide.

Non-personal information
Includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit, and preferences that are generated based on the data you submit and number of clicks.

How we collect it

We collect information through third party tools, surveys and feedback forms, email subscription forms, and a variety of other interfaces.

Analytics

Third party analytics tools track navigation data, such as referring site, exit pages, browser/device characteristics, and number of visits in services provided by Health Navigator Charitable Trust and third parties. For more information, see our Cookie Policy.

To improve the quality of our services, we track information provided to us by your browser or by our software application when you view or use services, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the service, the time and date of access, and other information that does not personally identify you.

QuestionPro

When you respond to a survey, it captures your IP address.

AddThis

When you use Add This, it collects data that may indirectly identify you, such as a cookie ID on your browser, IP address, browser/device characteristics, date and time when you used the toolbar, and the sites you shared to.

Hotjar

When you submit feedback on our website using the HotJar tool, it captures your contact details, personal information, and feedback.

E-Newsletters

When you subscribe, the mail manager program records your first name, last name/surname, and email address.

Video services

Whether viewed in emails or embedded on our web pages, videos are streamed by a third party company, including but not limited to YouTube. The third party video provider may set cookies on your browser to track user behavior.

Surveys and feedback forms

You may choose to supply feedback to the web service with or without identifying information, ie, your name, contact details, and any other information you choose to submit. 

Social media platforms (Twitter, LinkedIn and Facebook)

When you interact with our content, our social media tools may capture some personally identifiable data about you, such as your account name, location history, profile image, and interactions with our content (likes, comments, and shares).

We will process and store your data in accordance with the terms and conditions and privacy policy of the platform in question. You should be aware that your use of these platforms is governed by the terms and conditions agreed between you and the platform, rather than Health Navigator Charitable Trust.

We may use social media management tools (eg, Hootsuite) to help deliver elements of our service to you. Any personally identifiable data processed using these tools is supplied by the platforms we use, in accordance with their terms and conditions.

We will not remove, duplicate, or transfer your personal data from or between any of the social platforms that we use, except for:

  • when you give us explicit permission to do so
  • when we believe that we need to in order to respond to an urgent risk to health, eg, if you interact with us in a way that raises serious concerns about your mental health, we may share your personal details with local services to ensure that you are offered appropriate support.

You should be aware that social networks may control some of the data associated with interactions between you and us on their platforms. For example, we will be able to delete our own records of a private message conversation if you request us to do so, but social networks may store a copy of this conversation that we are unable to access. We would recommend using the privacy tools built into the social networks in question to ensure you are able to exercise your rights appropriately.

Understanding how social networks use your data

Social networks use information about your online activity to build a profile of you. This data is then used anonymously to send you targeted adverts across various digital platforms. You should be aware that interacting with health-related accounts may help build the profile of you that social networks maintain and could potentially result in you receiving adverts related to health issues. This process of collecting data for advertising purposes is not controlled by us, and we do not have access to the profiling data stored by social networks about you.

Cookies

Cookies are small text files that include an anonymous unique identifier. Cookies are sent to your browser from our servers and are stored on your computer’s hard drive.

Sending a cookie to your browser enables us to collect non-personal information about you and keep a record of your preferences when using our services, both on an individual and aggregate basis, eg, we may use cookies to track how visitors use the website so we can improve website content.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this privacy policy. For all other types of cookies, we need your permission. Please look at our separate Cookie Policy for more information.

Protecting children’s privacy

This privacy policy and the service are not directed to anyone under the age of 13. The privacy policy does not knowingly collect or solicit information from anyone under the age of 13 or allow anyone under the age of 13 to sign up for the service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible.

If you believe we have collected such information, please contact us at:

PO Box 87 414, Meadowbank, Auckland, New Zealand.

How we use, retain, and share information

Personal information

We strive to capture the minimal amount of personal data and only share with other organisations where the law permits us to do so or where we require and have gained your consent.

We do not sell, trade, rent or otherwise share for marketing purposes your personal information with third parties without your consent. The personal information you provide to us is used to help us communicate with you, eg, to contact you in response to questions, solicit feedback from you, provide technical support, and inform you about promotional offers.

We analyse information to see what is most effective about our service to help us identify ways to improve it. We may also use information for other purposes, which we would describe to you at the point when we collect the information.

We do share personal information with contractors who are performing services for Health Navigator, such as providing access to a user’s email address for the purposes of sending emails from us to a newsletter you subscribed to. Those contractors use your personal information only at our direction and in accordance with our privacy policy.

In addition, we may share personal information with outside parties if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable terms and conditions of service, including investigation of potential violations; to address fraud, security, or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this privacy policy, and that any acquirer of our assets may continue to process your personal information as set forth in this privacy policy.

Information related to your email subscriptions

To activate our e-news service, you do not need to submit any personal information other than your first name and email address. To receive the e-news thereafter or visit our website, you do not need to submit any personal information. We will hold the information for as long as we are providing you services. You can unsubscribe at any time from the email correspondence that you receive.

Should you choose to unsubscribe, we will remove all personal information we hold relating to you, which you registered with us, within six months of you unsubscribing. We hold this information as we may need to use it for statistical analysis or if you choose to resubscribe. If you unsubscribe you will not receive further information from us.

Information provided via contact form, information quality feedback, and email

After you make an enquiry, you may be contacted to provide feedback on how we managed your enquiry. You will be asked to provide your consent for this contact at the point you submit your enquiry data. We will hold the information you provide us for as long as necessary to support the service we are providing you, eg, so we can continue to provide assistance or resolve an ongoing issue. If no communication has been made in over 12 months and the information is not required to resolve an ongoing issue, then all communication and any personal information will be deleted.

Generic information, such as the duration your enquiry was opened for or the part of the web service you were using, will remain. This is to allow for reporting over a period greater than 12 months. Information is kept for 12 months to allow for trend analysis, identifying reoccurring issues and understanding common issues.

Exceptions include those currently following the complaints process, or when consent to keep information for longer has been obtained. Additionally, if we have determined that the information supplied contains personal information that we do not need to hold to provide assistance, we will endeavour to remove this information sooner.

Information provided via our web tools

Use of our tools on third party sites will be tracked. No personal data is collected by these tools. Information gathered by us includes the user's IP address, the webpage a tool is accessed from, and how many times it is accessed. In some cases, tracking is used to show user journeys through a tool. This information is the sole property of Health Navigator and will not be shared with third parties. All of our tools store the number of times you have used the tool. Some tools also store ‘state’ information so that when a user returns to a tool, it is in the ‘state’ they left it in.

Information provided via third party tools and social media services

We use information provided by third party tools and social media services primarily to improve the quality of our services and to track and understand the performance of our website and electronic communications content. 

Your comments and ratings

Your comments and ratings are moderated by Health Navigator’s medical writing team. They will receive details of your comment and the name and email address you submit.

Non-personal information

In general, we use non-personal information to help us improve the service and customise the user experience. We also aggregate non-personal information to track trends and analyse use patterns. This privacy policy does not limit in any way our use or disclosure of non-personal information, and we reserve the right to use and disclose such non-personal information to our partners, advertisers, and other third parties at our discretion.

If our information practices change at any time in the future, we will advertise changes to the privacy policy so that you may opt out of the new information practices. We suggest that you periodically check the privacy policy if you are concerned about how your information is used.

Service finders

The site provides a service finder to assist you in finding health services near you. While we do not capture any specific information about you as part of this service, the searches, including postcode, are saved in our logs and analytics tools. Ideally we would only use partial postcodes, but this renders the searches ineffectual in rural areas. 

How we keep your information secure

We implement security measures designed to protect your information from unauthorised access. Those security measures include encryption, firewalls and secure sockets layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our service, you acknowledge that you understand and agree to assume these risks.

We invest significant resources to protect your personal information, from loss, misuse, unauthorised access, modification, or disclosure. However, because no internet-based service can be 100% secure, we cannot be held responsible for unauthorised or unintended access beyond our control. 

Your rights regarding your personal information

You have the right to:

  • Request access to the information we hold about you, and request that we modify, update, or delete such information.
  • Object to the use of your information.
  • Withdraw consent for the processing of your information.
  • Ask us to remove your information.
  • Restrict processing of your information.
  • Rectify any inaccurate or incomplete information that we hold about you.
  • File a complaint.
  • Opt out of receiving promotional communications.

More information about each right is presented below.

Right to request data access

You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this. If we refuse your request for any legitimate reason, we will always tell you the reasons for doing so.

Right to object

  • If we are using your data because we have a legal basis to do so under the NZ Privacy Act 1993, and you do not agree, you have the right to object. We will respond to your request within the required time frame (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
  • This right enables you to object to us processing your personal data where we do so for one of the following reasons: (i) to enable us to perform a public task or exercise official authority (ii) to send you direct marketing communications and (iii) for research or analytical purposes.

Right to withdraw consent

Where we have obtained your consent to process your personal data, or consent to send you information, you may withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.

Right to remove

In certain situations, you have the right to request us to ‘remove’ your personal data. We will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on a register of individuals who would prefer not to be contacted. That way, we can minimise the chances of you being contacted in the future where your data may be collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Normally, the information must meet one of the following criteria:

  • the data is no longer necessary for the purpose for which we originally collected and/or processed it
  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
  • the data has been processed unlawfully (ie, in a manner that does not comply with existing data protection regulations)
  • it is necessary for the data to be deleted for us to comply with our legal obligations as a data controller.

We would only be entitled to refuse to comply with your request for one of the following reasons:

  • to exercise the right of freedom of expression and information
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority
  • for public health reasons in the public interest
  • for archival, research, or statistical purposes
  • to exercise or defend a legal claim.

When complying with a valid request for the removal of data, we will take all reasonably practicable steps to delete the relevant data.

Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved (ii) you consent or (iii) further processing is necessary for either the establishment, exercise, or defense of legal claims, the protection of the rights of another individual, or reasons of important public interest.

The circumstances in which you are entitled to request that we restrict the processing of your personal data are:

  • Where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified.
  • Where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data.
  • Where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it .
  • Where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims.

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

Right to rectification

You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Right to file a complaint

You also have the right to lodge a complaint with Office of the Privacy Commissioner.

Right to opt out

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to you, you can opt out of further communications by following the unsubscribe instructions provided in each email. Please note that notwithstanding the preferences you indicate by unsubscribing, we may continue to send you administrative emails including, eg, notices about periodic updates to our privacy policy.

How you can access, amend or withdraw the personal data you have given us

To access, amend, withdraw, or otherwise enquire about your data and your rights pertaining to them, please contact our data protection officer Susie Hill, susie@healthnavigator.org.nz

We will seek to deal with your request within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues that you raise.

Links to other websites

Our website and other electronic communications may provide links to third party websites, services, or tools. We are not responsible for the privacy practices of those third party platforms or the information or content those platforms contain. Once you click through to a third party platform, the privacy policy of that platform will apply.

Changes to our privacy policy

Health Navigator reserves the right to change this policy and our terms of service at any time. We will notify you of significant changes to our privacy policy by sending a notice to the primary email address specified in your e-news subscription or by placing a prominent notice on our website.

Contact us

If you have any questions regarding this privacy policy or the practices of this privacy policy, please contact us by sending an email to our data protection officer Susie Hill, susie@healthnavigator.org.nz

 

 Last updated: 26 July 2018