The purpose of this document is to set out our policies in relation to the collection, holding, use and disclosure of personal information relating to an individual.
Personal information as defined in the Privacy Act 2020 (“Act”), means information about an identifiable individual.
From time to time and in line with customer expectations and any relevant legislative changes, our Privacy Policies and procedures will be reviewed and, if appropriate, updated. This policy was last updated April 2021.
Your privacy and the law
We recognise that your personal information is important to you and we share your concerns about how and what personal information is collected, used and shared. Your rights to privacy are protected by law, and this policy does not limit those rights.
We are committed to safeguarding your personal information and will always handle your personal information securely and carefully. We comply with all applicable data protection and privacy legislation and codes affecting your personal information.
What personal information do we collect?
The personal information we collect is in most cases supplied by you when you send us an enquiry. Personal information may include:
- full name;
- date of birth;
- drivers licence number and/or passport number;
- postal or residential address;
- email address and/or telephone number;
- bank account details;
- details about your preferred consultation appointment (e.g. day, time of day etc.);
- your enquiry and/or additional information given by you in relation to a procedure or treatment;
identification of the page you are using, such as the page the form you’re contacting us from;
date and time of access; and
- the IP address of the computer you are using.
We also collect information from you automatically – please see Information collected automatically below for more information about how we collect your information in this way.
Why do we collect your personal information?
KM Surgical will use and disclose your personal information in accordance with applicable privacy laws. KM Surgical collects your personal information for the purposes of:
- verifying your identity;
- providing you with services;
- marketing our services to you, in accordance with applicable law;
- gathering statistical information, conducting research and statistical analysis (on an anonymised basis);
- complying with statutory requirements;
- protecting and/or enforcing our legal rights and interests, including defending any claim;
- purposes directly related to, or incidental to, the above; and
- for any other purpose authorised by you or permitted by law, including in accordance with the Act and/or Health Information Privacy Code 2020.
We will not:
- contact you to discuss a product or service unless you have expressly requested that we contact you; or
- collect from you any sensitive information relating to the prohibited grounds of discrimination set out in the Human Rights Act 1993 (namely, sex, marital status, religious or ethical belief, colour, race, ethnic or national origins, disability, age, political opinion, employment or family status, sexual orientation), other than with your express consent, or where collection is either authorised by law or is reasonably necessary to perform our obligations or to establish or defend a legal claim.
KM Surgical takes care to ensure that it adheres to the provisions of the Unsolicited Electronic Messages Act 2007 (“UEMA”) and will not use your personal information in a manner that breaches the UEMA.
Data Quality and Correction
KM Surgical takes reasonable steps to ensure that the personal information it collects is accurate, up to date, and complete.
You have the right to request correction of any of your personal information held by KM Surgical in accordance with the Act. In circumstances where your personal information has changed, or you find the information to be inaccurate, please contact us to request correction.
Information collected automatically
Whenever you visit our website, our servers automatically record information about your usage of our website through cookies.
Cookies are small pieces of information stored by your browser on your computer or mobile device. Cookies are used to maintain session information between your browser and our website and identify things related to your use of the website such as the time, date and URL of the pages you visit, your IP address, your location and browser software.
Most browsers can notify you when a new cookie is received, or let you turn off cookies or geo-location services altogether. However, turning off these services may mean some features on our website are not available to you.
We use information obtained this way in order to learn about your preferences so that we may improve our website and the service offered through it.
This information does not personally identify you. We may analyse this non-personal information:
- for certain trends and statistics, such as which parts of the website users are visiting, which features or services are most popular and to measure the effectiveness of advertising; and
- to improve the functionality, structure and performance of our website. We analyse non-identifiable web traffic data to improve our services and the use which visitors make of this website.
We do not disclose information about individuals except for the reasons set out above.
We use a tool called Google Analytics to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site.
We only use the information we get from Google Analytics to improve this site.
Google Analytics collects the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google.
You can prevent Google Analytics from recognising you on return visits to this site by disabling cookies on your browser.
Service providers to KM Surgical
We use the following third party cookies:
- Google Analytics (see Analytics above and Google’s Safeguarding your Data).
Your privacy on the Internet
While we take care to provide reasonable protection to information in our care, users of the website are advised that there are inherent risks when information is transmitted over the Internet. KM Surgical does not guarantee the safety of any personal information submitted over the Internet.
Our website may have links to external websites operated by other organisations. We cannot guarantee the content or privacy practices of external websites and do not accept responsibility for those websites.
Links to third party websites
You may be able to access external websites by clicking on links we have provided.
As noted above it is important to note that those other websites are not necessarily subject to our privacy standards, policies and procedures.
You will need to contact or review those websites directly to determine their privacy standards, policies and procedures.
When do we disclose your personal information to third parties
We will often need to pass your personal information to companies who perform part of our service delivery.
The relevant organisations include those:
- involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems;
involved in the payments system including financial institutions, merchants and payment organisations;
- as required or authorised by law, for example, to government or regulatory bodies for purposes related to public health or safety, the prevention or detection of unlawful activities or to protect public revenue; or
- where you have given your consent.
Your personal information may be disclosed by us for a secondary purpose:
- where you have been asked and consented to the use or disclosure; and
- if you would reasonably expect us to use or disclose the information for a secondary purpose which is directly related to the primary purpose of collection; or
if required or permitted by law or by a court/tribunal;
- if we reasonably believe it is necessary for law enforcement related activities.
Because we operate in New Zealand, and as noted above because we use third parties to administer some of our service delivery, some of these uses and disclosures may occur outside of your country of residence.
We will take reasonable steps to ensure that any overseas recipient does not breach relevant privacy laws or principles.
Return to the menu Can I access my personal information?
You have a right to request access to your personal information that we hold. This is subject to some exceptions allowed by applicable law. Factors affecting a right to access include:
- access would pose a serious threat to the life or health or safety of any individual or to public health or safety;
- access would have an unreasonable impact on the privacy of others;
- a frivolous or vexatious request;
- access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process;
access would be unlawful;
- access would prejudice enforcement activities conducted by an enforcement body;
- legal dispute resolution proceedings with you where the information would not be accessible in the process of discovery in those proceedings;
- denying access as required or authorised by or under law or court/tribunal order.
We will give you reasons if we deny access (except to the extent that having regard to the grounds for the refusal, it would be unreasonable to do so).
Requests regarding your personal information must be made in writing.
We take all reasonable steps to protect all personal or company information from misuse, loss, interference, unauthorised access, modification or disclosure.
Your information is stored securely whether in an electronic or physical form. Only authorised personnel requiring access to the information are allowed access.
All personal, company or confidential information is stored in secured premises and/or in electronic databases requiring logins and passwords.
Some information is kept for several years to comply with any applicable legal requirements.
Contacting us or making a complaint