Privacy Policy

1. General

1.1. The Pain Clinic is dedicated to ensuring that your privacy rights are protected at all times. In carrying out our services, you will need to provide Personal Information. Personal Information is any information which can be used to personally identify you.  This means information which is specific or unique to yourself, including but not limited to, your name, address, phone number, email address, gender, and date of birth. We also collect Health Information which is information that relates to your medical history.

1.2. This Privacy Policy sets out how we collect, use, store, and share your Personal Information. Your rights, and our obligations, are stated under the Privacy Act 2020 and the Health Information Privacy Code 2020, which we are obliged to comply with on an ongoing basis.  If you would like to learn more about your privacy rights, you can visit the website of the Privacy Commissioner.

1.3. We may periodically update or amend this privacy policy. Where this occurs, we will notify you of the update or amendment.

2. What Personal Information do we collect?

2.1. We only collect Personal Information which enables us to safely and efficiently provide our services to you. The specific Personal Information actually required to be provided by you will change depending on the services you wish to access.

2.2. Generally speaking, when you seek to access our services you will be required to create a user profile; this will have online functionality. In creating a user profile, we will collect Personal Information relating to your (but not limited to):

• 2.2.1. name
• 2.2.2. physical address
• 2.2.3. phone number
• 2.2.4. email address
• 2.2.5. gender
• 2.2.6. date of birth
• 2.2.7. occupation
• 2.2.8. name of registered GP
• 2.2.9. emergency contact details

2.3. If you do not provide us with the Personal Information that we have requested, we may not be able to provide you with our services and you will have to seek alternative health care arrangements.

2.4. We also require that you provide us with your Health Information. To enable us to access your Health Information you will be required to sign a specific release which will permit your registered GP (or local hospital) to send through your medical history. In requesting that your GP make available your Health Information to us, we may request that your GP provide us with your:

• 2.4.1. GP notes
• 2.4.2. NHI number
• 2.4.3. test results
• 2.4.4. diagnoses
• 2.4.5. treatments

2.5. When using the GP Video Consultation, the consulting GP will take notes on various matters relating to the consultation. These are then recorded and will form part of the Health Information we have on record for you.

2.6. When you visit our website, Personal Information is collected. This includes browser information and cookies (text files with small pieces of data which are used to identify your computer as you use our website).  We use cookies (including persistent and session cookies) to make a record of your preferences when interacting with our online services. You can disable cookies if you wish, although this will result in less streamlined interactions with our online services.

2.7. When you visit our website, Google Analytics will track how you are using our website. You can read Google Analytics’ privacy policy here. We are not responsible for how Google uses, stores, protects and shares your Personal Information.

3. How do we collect your Personal Information

3.1. Usually we collect your Personal Information through the use of the E-Registration Form. For onsite visits, that same information may be collected through the completion of a paper form. Otherwise, your Personal Information will be collected on every occasion upon which you supply us with it, including when you contact us by phone or email.

3.2. In all cases we will do our best to collect your Personal Information directly from you. We will not acquire your Personal Information through the use of third parties unless it is strictly necessary for us to do so because it is unreasonable or impractical for us to collect it directly from you. With regards to your Health Information, this usually means obtaining it from your registered GP.

3.3 Where your Personal Information is required to be collected from a third party, we will obtain your consent to such collection before obtaining such information. If you withhold your consent in this regard, we will not seek to obtain your Personal Information from a third party, although this may mean that you cannot access our services.

4. How do we use your Personal Information

4.1. We will only use your Personal Information in a manner which allows for the efficient and effective carrying out of our services.

4.2. To enable us to carry out the services you have requested we provide you with, we will need to communicate with you using the Personal Information you have shared with us. Primarily this will be via email, although we may also communicate with you via SMS or telephone. In particular, we will communicate with you on the following matters (but not limited to these):

• 4.2.1. Payment confirmation
• 4.2.2. Appointment times, including the time a GP Video Consultation is to occur
• 4.2.3. Responding to your enquiries
• 4.2.4. Consulting GP correspondence
• 4.2.5. Prescriptions

4.3. If you do not wish to have email notifications sent to you on these matters, you will need to contact us directly and arrange a suitable method of alternative communication.

4.4. From time to time, we will email you updates on our, or our business partners’, business operations and promotions. If you do not wish to receive such communication, please write to us and we will take you off our mailing list.

4.5. Occasionally, we will use your Personal Information to prepare statistics, trial data, staff training, research, and plan the health services we wish to provide to our users. Where possible, we will always anonymise your Personal Information to prevent you from actually being identified in this regard.

5. Why do we collect your personal information

5.1.We collect your Personal Information to enable us to efficiently and effectively carry out our services to ensure that you obtain the highest quality of health care we are capable of providing.  We cannot provide you with our services unless we are in possession of your Personal Information.

6. Disclosure of your personal information

6.1. The actual persons who have access to your Personal Information is limited, we keep access to your Personal Information on a strictly need to know basis, especially with regards to Health Information.

6.2. Where persons are granted access to your Personal Information (including Health Information), they are only granted access because it is required to properly allow for the running of our business and making the provision of our services to you. The types of persons who have access to your Personal Information, include:

• 6.2.1. Administrative staff
• 6.2.2. GPs and nurses
• 6.2.1. Parent company
• 6.2.1. IT providers

6.3. Despite the above, where the Personal Information concerned is Health Information, disclosure and use of this will only be made in circumstances permitted by the Health Information Privacy Code 2020.

6.4. Disclosure of your Personal Information to third parties will be made where disclosure is required to be made to properly discharge our obligations to you in terms of your care. As a matter of course, this means sharing your Personal Information with your registered GP, hospital, or specialist. If you do not want us to communicate with your registered GP or other health care provider, then you are required to advise us of this in writing.

6.5. We do not share, sell, or gift your Personal Information with any third parties unless we have received your written consent to do so.

6.6. Sometimes, as a result of law, we may be required to share your Personal Information with a third party.

6.7. Your Personal Information is held on both domestic and overseas servers.

7. How do we Protect and Store your Personal Information

7.1. Because there is a risk that you Personal Information will be subject to unwarranted access, misuse, loss, or damage, we have various measures in place which serve to protect against these factors. We will be enforcing two factor authentication for editors and run a suite of WordPress based security plugins and monitoring tools.

7.2. Personal Information, but not Health Information, is held on our local servers.

7.3. Health Information is not held on our local servers, it is at all times held on secure servers provided by MedTech and MyHealth. You can visit MedTech and MyHealth’s privacy policy by clicking on this link. We are not responsible for how either MedTech or MyHealth uses, stores, protects and shares your Personal Information.

7.4. Payment information is managed independently by Windcave. We do not have direct access to your payment details.

7.5. Our staff are trained to ensure that information is properly protected against unwarranted access, misuse, loss and damage.

7.6. We cannot always guarantee that the Personal Information you share with us will always be free from unwarranted access, misuse, loss, or damage. Whilst, as mentioned above, we have measures in place to protect your Personal Information from such scenarios, any Personal Information you share with us is shared at your risk. To the greatest extent permitted by law, we are not liable to you for any damage or loss in this context.

7.7. Your Personal Information will be stored for a period of 10 years beginning on the day after the date shown in our records as the most recent date on which we provided you with health care services.

8. Access to and Correction of your Personal Information

8.1. You are entitled to request access to the Personal Information we hold on your file. To make a request for access, simply write to info@thepainclinic.co.nz and one of our friendly customer service representatives will respond to your request within 20 working days.

8.2. Under limited circumstances, we may deny your request to access your Personal Information. We will only ever do this where we are permitted by law to do so, which includes the presence of a risk of harm to you or any other individual, or disclosure would result in disclosure of a third party’s Personal Information being made.

8.3. If you feel that the Personal Information we hold on you is incorrect, you can request that we correct it. In order for us to make a correction, you will need to supply us with the correct information and explain what aspects of the Personal Information we hold on you are incorrect. In some cases, we may require you to supply us with evidence which demonstrates that the Personal Information we hold on you is incorrect.

8.4. You must be able to prove your identity to us before we will provide you with access to your Personal Information, or perform a correction to the same.

8.5. If you feel that we have mistakenly refused to correct or grant you access to your Personal Information, then you are entitled to contact the Privacy Commissioner who can reached by clicking on this link.

8.6. We may charge you for the time it takes to access or correct Personal Information. We will only charge you for performing these functions where you have made such requests with unreasonable frequency.

9. Use of unique identifiers

9.1. When you create a user profile, or seek to access one of our services, we will create a unique identifier which is used to identify you. Your unique identifier is used only to allow for the efficient operation of the services we provide. The unique identifier which we assign to you is not the same as any unique identifier you may have with another company.

10. Miscellaneous

10.1. By using the services we provide, including by accessing our website, you are taken to have consented to the terms of this Privacy Policy, including permitting the collection, use, storage, and disclosure of your Personal Information in the manner contemplated by this policy.

10.2. If you feel as though your privacy rights have been breached, either due to a breach of this privacy policy, or of privacy legislation generally, we invite you to write to us at info@thepainclinic.co.nz. Alternatively, you can contact the Privacy Commissioner whose contact details can be found by clicking the following link.