Rako Science Limited (we, us, our) complies with the Privacy Act 2020 (Act) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
We will hold your personal information in accordance with the Act and the Health Information Privacy Code 2020 (or any replacement code of practice or other regulation issued under the Act) (Code). The Act regulates us through the Information Privacy Principles as to how we collect, use, hold, disclose, access, correct, manage and dispose of your personal information. The Code regulates how we collect, use, hold, disclose, access, correct, manage and dispose of your personal health information For more information visit the Office of the Privacy Commissioner website.
Changes to this Policy
Information we collect and use
We collect personal information from you in order to provide you with our services. We may request other optional information necessary for our lawful purpose connected to our functions, but we clearly indicate that such information is optional.
The information about you that we collect and use includes:
· Information about who you are e.g. your name and contact details;
· Information about your contact with us e.g. forms, applications, phone recordings, enabled cookies setting and IP address when navigating our site;
· Information that is automatically collected e.g. via cookies when you visit our websites;
· Personal information, e.g. biological gender, date of birth, employer. This information will only be collected and used where it’s needed to provide the product or service you have requested, or to comply with our legal obligations; and
· health information, such as lab results.
If we have indicated that requested personal information is required and you do not provide it, we may not be able to provide services to you.
Who do we collect your personal information from
We collect personal information about you from:
· you, when you provide that personal information to us, including via the website and any related service, through any registration or subscription process, through any contact with us (e.g. telephone call or email), or when you buy or use our services and products; and
· third parties (such as your health provider or employer), where you have authorised this, or where the information is publicly available.
If possible, we will collect personal information from you directly.
In some situations, we may collect someone else’s personal information from you, for example we may collect a child’s details from the parent or authorised caregiver.
How we use your personal information
We may use your personal information:
· to verify your identity;
· to provide services and products to you;
· to contact you electronically (e.g. by text or email for this purpose);
· to inform your employer (and/or any other owner or operator of a premises at which you work) about whether you have undergone a test at one of our facilities (where such test is undertaken for employment related purposes);
· to improve the services and products that we provide to you;
· to respond to communications from you, including a complaint;
· to conduct research and statistical analysis (on an anonymised basis);
· to protect and/or enforce our legal rights and interests, including defending any claim; or
· for any other purpose authorised by you, the Act, or otherwise by law.
We will not use personal information for purposes other than described above, unless:
· we have your consent (or consent of the person whose personal information you have provided); or
· we are permitted or required to do so by law.
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our services.
Disclosing your personal information
· any business that supports our services and products, such as laboratory and health service providers;
· any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services
· other third parties (for anonymised statistical information);
· a person who can require us to supply your personal information, or to whom we are required to supply your personal information (e.g. a regulatory authority);
· your health provider;
· your employer and any nominated personnel of your employer (which may include your employer’s nominated medical officer) if you undergo a test for employment related purposes, and any secondary employer or operator of a testing facility or site at which you present for a test for employment related purposes;
· any other person authorised by the Act, the Code or another law; or
· any other person authorised by you.
If you present at any of our facilities or testing sites for an employment related test and scan your QR testing code, you acknowledge and agree that any personal information collected about you (including test results) may be made available to your registered employer and the owner or operator of the premises at which the test was undertaken for employment and health and safety purposes.
We may also disclose personal information if we believe on reasonable grounds that such disclosure is necessary to:
· comply with a judicial proceeding, court order, or legal processes; served on us or any related party;
· protect and defend our rights or property of us or the rights or property of any related party;
· meet our legal obligations; or
· is otherwise required or permitted by law.
Transfer of information overseas
We generally manage your information in New Zealand. To the extent we disclose personal information to third parties outside of New Zealand, we will take reasonable steps to ensure such third party is subject to comparable privacy laws as those in the Act, the Code or is otherwise required to protect the information in a way that, overall, provides comparable safeguards to those under the Act and/or the Code.
How long we keep your information
· We will keep your personal information only where it is necessary to provide our services to you.
· We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically.
Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.
Accessing and correcting your personal information
Subject to certain grounds for refusal set out in the Act, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
De-identified data, aggregate information and statistics
We may use aggregated information from your use of our services for the purpose of improving the quality of our services, marketing our services or for the purpose of research and analysis relating to our services. This aggregated information will never identify an individual.
We may use de-identified usage data (de-identified data refers to data from which all personally identifiable information has been removed) from our website or App to report on usage statistics and usage analysis of various features for the purpose of improving the quality of the website or App, marketing the usefulness of the website or App or for the purpose of research and analysis of our services. This de-identified usage data will never identify or be associated with any individual user of the website or App.
The primary unique identifier used within our systems is an email address, which you have authorised us to use to communicate with you. In the case of children, we may allow the use of a parent’s email address. Once an individual becomes 16 years old they become responsible for maintaining their account access by other persons such as their parents.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.