ONELINK PRIVACY POLICY
1
Introduction
1.1 Pharmacy
Retailing NZ Limited (Company No 49549) trading as Onelink New
Zealandand its related bodies corporate (Onelink, we, ourandus) are
committed to responsible privacy practices and to complying with
thePrivacy Act 2020 (NZ)(Privacy Act), the privacy principles
(Privacy Principles), Notifiable Privacy Breach contained in the
Privacy Act, and where relevant, all applicable health records
legislation and codes (Health Records Legislation) such as
theHealth Information Privacy Code 2020 (NZ).
1.2
Where applicable, Onelink will handle personal information relying
on the related bodies corporate exemption and the employee records
exemption in the Privacy Act and any other applicable exemptions in
the Privacy Act or other legislation.
1.3
This Privacy Policy sets out our policies on the management of
personal information including how we collect and hold personal
information, the purposes for which we use this information, and to
whom this information is disclosed. We may change our Privacy
Policy from time to time at our discretion. At any time, the latest
version of our Privacy Policy is available from our website at
https://www.onelink.co.nz/
1.4
Where it is practical for us to allow you to do so, you may deal
with us anonymously (for example when enquiring generally about our
products and services).
2
What is personal information?
2.1
In this Privacy Policy, 'personal information' has the meaning set
out in the Privacy Act. Essentially, personal information is
information or an opinion about an individual who is or can be
reasonably identifiable.
2.2
A reference to 'personal information' in this Privacy Policy
includes "health information", as defined in the Privacy Act and
applicable health records legislation. Essentially, health
information is information or an opinion relating to the health or
a disability of an individual who is reasonably
identifiable.
3
What types of personal information does Onelink
collect?
3.1
The types of personal information Onelink collects from you depends
on the circumstances in which the information is collected.
3.2
Onelink may collect contact details including your name,
occupation, address, email address, phone and fax numbers, your
date of birth, IRD number, and details of police checks and court
searches. We may collect answers you provide to questions we ask
and other information in relation to your dealings with Onelink. If
you purchase products or services from us, we may also collect
certain transactional information and financial details to process
the transaction.
3.3
If you are an individual contractor to Onelink, in addition to the
information referred to insection 3.2we may also collect
information relevant to your engagement with Onelink including
qualifications, resume, reference information from your nominated
referees, IRD number, bank details, feedback from supervisors and
training records.
3.4
When you use our websites, we may collect website usage information
such as the IP address you are using, the name of your Internet
service provider, your browser version, the web site that referred
you to us and the next website you go to, the pages you request,
the date and time of those requests and the country you are
in.
3.5
In certain circumstances we are required to collect government
identifiers such as IRD numbers. We only collect, use and
disclose such information as permitted or required by law.
3.6
In addition to the types of personal information identified above,
Onelink may collect personal information as otherwise permitted or
required by law.
4
How do we collect and hold your personal information?
4.1
Onelink collects personal information in a number of ways. The most
common ways we collect your personal information are:
(a)
directly from you when you provide it to us or our agents or
contractors;
(b)
via our website or when you deal with us online (including through
our social media pages);
(c)
if you are an individual contractor to Onelink, from your employer
or recruitment agency;
(d)
from publicly available sources;
(e)
from credit reporting agencies;
(f)
from our related companies; and
(g)
from third parties in connection with your employment (eg from your
referees), or in connection with your requirements (eg healthcare
professionals, doctors, Accident Compensation Corporation, or
insurance assessors) when providing products and service to
you.
4.2
Most of the information that we hold about you will usually be
stored electronically. We may store some of your information
in secure data centres that are located in New Zealand or in other
secure data centres of our contracted service providers (including
cloud storage providers) that may be located outside of New
Zealand. We may also store information that we hold about you
securely in paper files or other hardcopy formats.
5
For what purposes do we collect, use and disclose your personal
information?
5.1
The purposes for which we use and disclose your personal
information will depend on the circumstances in which we collect
it. Whenever practical we endeavour to inform you why we are
collecting your personal information, how we intend to use that
information and to whom we intend to disclose it at the time we
collect your personal information.
5.2
We may use or disclose your personal information:
(a)
for the purposes for which we collected it (and certain secondary
purposes where permitted by law);
(b)
for other purposes to which you have consented; and
(c)
as otherwise authorised or required by law.
5.3
In general we collect, use and disclose your personal information
so that we can do business together and for purposes connected with
our business operations.
5.4
Unless otherwise required or permitted by law, we will only collect
health information about you with your consent and we will only use
that information for the primary purpose for which it was
collected. In some circumstances, we may collect your health
information through third parties (e.g. from health care
professionals, such as pharmacists, or other health professionals
who are treating you). We will only do this if you have consented
or where otherwise permitted or required by law.
5.5
Some of the specific purposes for which we collect, use and
disclose personal information are:
(a)
to respond to you if you have requested information (including via
our websites or via an email or other correspondence you send to
us);
(b)
to provide goods or services to you, to assist a health
professional or service provider to provide you with certain
services (e.g. health services) or to receive goods or services
from you;
(c)
to administer and manage services, including charging, billing and
collecting debts;
(d)
to improve our products and services and keep you up to date on
such improvements;
(e)
to understand our customer base and help tailor our products and
services;
(f)
to allow performance reporting and benchmarking of your business,
if applicable;
(g)
to contact you (directly or through our service providers) to
obtain your feedback, to find out your level of satisfaction with
our products and services and for other market research
activities;
(h)
to verify your identity;
(i)
to address any issues or complaints that we or you have regarding
our relationship; and
(j)
to contact you regarding the above, including via electronic
messaging such as SMS and email, by mail, by phone, by fax or in
any other lawful manner.
5.6
We may also use and disclose your personal information for the
purpose of direct marketing to you where:
(a)
you have consented to us doing so; or
(b)
it is otherwise permitted by law.
6
What happens if you don't provide personal
information?
6.1
Generally, you have no obligation to provide any personal
information requested by us. However, if you choose to withhold
requested personal information, we may not be able to provide you
with products and services that depend on the collection of that
information.
7
To whom do we disclose personal information?
7.1
We may disclose your personal information to third parties in
connection with the purposes described insection5of this Privacy
Policy.
7.2
This may include disclosing your personal information to the
following types of third parties:
(a)
our related companies;
(b)
health service providers or treating health professionals (such as
your doctor, pharmacist or hospital), in connection with providing
health-related goods or services to you or as otherwise required or
authorised by law;
(c)
our contractors and other third parties that provide goods and
services to us (including suppliers, marketing agencies, data
analysis specialists, data processing organisations, billing and
debt recovery providers, website and data hosting providers, and
other IT suppliers);
(d)
our accountants, insurers, lawyers, auditors and other professional
advisers;
(e)
government and regulatory authorities, courts, tribunals and other
bodies as required or authorised by law;
(f)
in an emergency, to medical and health service providers;
(g)
any third parties to whom you have directed or permitted us to
disclose your personal information (e.g. referees);
(h)
in the event that we or our assets may be acquired or considered
for acquisition by a third party, that third party and its
advisors;
(i)
carefully selected third parties with whom we have data sharing
arrangements;
(j)
third parties that require the information for law enforcement or
to prevent a serious threat to public safety; and
(k)
otherwise as permitted or required by law.
7.3
Where we disclose your personal information to third parties we
will take reasonable steps to ensure that such third parties only
use your personal information as reasonably required for the
purpose we disclosed it to them and in a manner consistent with the
Privacy Principles and relevant health records legislation (e.g. by
(where commercially practical) including suitable privacy and
confidentiality clauses in our agreement with a third party service
provider to which we disclose your personal information).
7.4
If you post information to public parts of our websites or to our
social media pages, you acknowledge that such information
(including your personal information) may be available to be viewed
by the public. You should use discretion in deciding what
information you upload to such sites.
8
Disclosure of information outside the country of
collection
8.1
Some of the third parties to whom we disclose personal information
may be located outside New Zealand. The countries in which
such third parties are located will depend on the
circumstances. For example, we may disclose personal
information to our related companies overseas and to our overseas
service providers.
8.2
In the ordinary course of business we commonly disclose personal
information to third parties (for example, offshore data centres
located in Australia, the USA, Germany, Austria, South Korea and
Canada).
8.3
We will only disclose that information to a third party outside New
Zealand if we reasonably believe that the recipient of the
information is subject to comparable safeguards to those in the
Privacy Act. If your personal information will not be
protected by comparable safeguards to those in the Privacy Act, we
will tell you that this is the case, and only disclose your
personal information with your consent.
8.4
Except in some cases where we may rely on an exception under the
Privacy Act or other law, we will take reasonable steps to ensure
that such overseas recipients do not breach the Privacy Principles
in relation to such information.
8.5
In respect of health information covered by health records
legislation, unless otherwise required or permitted by law, we will
only disclose your health information to a third party outside the
state/territory of collection if we reasonably believe that the
recipient of the information is subject to a law, binding scheme or
contract which upholds principles for fair handling of the
information that are substantially similar to, or provides
comparable privacy safeguards to (as the case may be) those
in the applicable health records legislation or Privacy Act (as
applicable).
9
How do we protect personal information?
9.1
Onelink will take reasonable steps to keep any personal information
we hold about you secure. Please notify us immediately if you
become aware of any breach of security.
10
Accuracy of the personal information we hold
10.1 We try to
maintain your personal information as accurately as reasonably
possible. We rely on the accuracy of personal information as
provided to us both directly (from you) and indirectly.
10.2 You may
contact us if the personal information we hold about you is
incorrect or to notify us of a change in your personal information.
Our contact details are set out insection 14of this Privacy
Policy.
11
Links, cookies and use of Onelink websites and
applications
11.1 Onelink
websites may contain links to other sites. This Privacy Policy
applies to our websites and not any linked sites which are not
operated or controlled by Onelink. We encourage you to read the
privacy policy of each website that collects your personal
information.
11.2 Onelink
uses 'cookies' and similar technology on its websites and in other
technology applications. The use of such technologies is an
industry standard, and helps us monitor the effectiveness of our
advertising and how visitors use our websites/applications.
We use such technologies to generate statistics, measure your
activity, improve the usefulness of our websites/applications and
to enhance the 'customer' experience.
11.3 If you
prefer not to receive cookies you can adjust your Internet browser
to refuse cookies or to warn you when cookies are being used.
However, our websites may not function properly or optimally if
cookies have been turned off.
12
How can you access and correct personal information we hold about
you?
12.1 You may
seek access to personal information which Onelink holds about you
by contacting us as described insection 14of this Privacy
Policy. We will provide access to that information in
accordance with the Privacy Act and health records legislation,
subject to certain exemptions which may apply. We may require
that the person requesting access provide suitable identification
and where permitted by law we may charge an administration fee for
granting access to your personal information.
12.2 If you
become aware that any personal information we hold about you is
incorrect or if you wish to update your information, please contact
us (seesection 14of this Privacy Policy).
13
Queries, comments and complaints about our handling of personal
information
13.1 If you have
any questions, comments or complaints about our collection, use or
disclosure of personal information, or if you believe that we have
not complied with this Privacy Policy, the Privacy Act or
applicable health records legislation, please contact us
(seesection 14of this Privacy Policy).
13.2 When
contacting us please provide as much detail as possible in relation
to your question, comment or complaint.
13.3 Onelink
will take any privacy complaint seriously and any complaint will be
assessed by an appropriate person with the aim of resolving any
issue in a timely and efficient manner. We request that you
cooperate with us during this process and provide us with any
relevant information that we may need.
13.4 If you are
not satisfied with the outcome of our assessment of your complaint,
you may wish to contact the Office of the Australian Information
Commissioner (click
here for information) or other relevant
regulators.
14
How can you contact us?
14.1 Please
address all privacy complaints and requests to update or access
information to:
Attention: Privacy Officer
Onelink
(EBOS Group Ltd) Level 7
737 Bourke Street
Docklands, VIC 3008
OR
[email protected]
Any requests to access, update or correct your health
information should be made in writing.
14.2 To
unsubscribe from our direct marketing, you can also contact us at
[email protected] and set out the contact
details that you no longer want used for direct
marketing.