This policy sets out how Artilect Limited and therefore Pukeko Health, complies with the New Zealand Privacy Act 2020.
Artilect is a platform provider that supports healthcare practitioners, corporates, employers and public sector clients. The platform supports the delivery of continuous care services including Apps, customer data management, application development, data integrations and APIs. Artilect is fully committed to ensuring the proper, open and transparent management and use of all personal information and/or data it collects and handles, while staying compliant with applicable privacy laws.
WHAT PERSONAL INFORMATION DOES ARTILECT COLLECT, FROM WHOM AND FOR WHAT PURPOSE?
Artilect will only collect Personal Information that is necessary for its functions and activities. Artilect will only collect Personal Information by fair and lawful means. Artilect may collect and process personal information through a variety of means, including, as examples, access to Pukeko or Artilect websites or services, employment processes, correspondence with Artilect representatives, through purchase of products or services or in the course of an online service. Artilect collects and holds different categories of information depending on the services being provided to the client and the jurisdiction in which those services are being provided. The following types of Personal Information may be collected:
- a) Information about Artilect’s Contractors and Suppliers
Artilect collects Personal Information directly from our contractors and suppliers. This Personal Information includes their name, contact details and tax information which allows them to be contacted. For workplace health and safety reasons we may also collect certain Sensitive Information from contractors with their consent. For example, medical information a contractor has provided us about any injuries he or she may currently suffer.
From third parties, we may also collect feedback and information relating to our contractors and suppliers’ performance of services for Artilect. This information is collected for the purposes of monitoring the performance of services of our contractors and suppliers’ and to ensure that we are able to provide the highest quality products and services to our customers.
- b) Information about job applicants
Applicants for a position at Artilect will be asked to supply details relevant to the job application such as name, contact details, information contained in CVs, driver’s licence or passport. We may also collect Personal Information relating to the applicant from third parties identified as referees. We also perform a police criminal background check before employing a new person to work with us. This information is used for the purposes of determining suitability for the vacant role.
- c) Information about clients and their employees and stakeholders
Personal Information may be collected from clients such as name, contact details, bank account and invoicing details.
All customer Personal Information collected by Artilect is used for our business functions and activities. These include:
- for billing purposes and order fulfilment;
- to contact customers about our provision of services;
- to maintain account details;
- to provide technical support on systems we manage;
- to provide information on request about our products and services;
- to streamline and personalise customer experience while dealing with Artilect;
- to undertake customer satisfaction surveys and to tailor Artilect information, services or products in order to improve and enhance those services and products provided to our customers.
Artilect may also collect Personal Information from its customers relating to its employees and stakeholders; for example, contact information and job roles. This Personal Information is used to facilitate provision of the services our customers have requested.
Occasionally, Artilect may use aggregated Personal Information derived from our websites or service provision to provide Artilect with anonymous demographic and customer usage information. This information does not identify individuals. This anonymous, aggregated information is used to improve our website and services.
QUALITY OF PERSONAL INFORMATION
Artilect will ensure, to the extent reasonably possible, that Personal Information collected, used or disclosed is accurate, up-to-date, complete and relevant. If Artilect becomes aware that any of the Personal Information it holds is inaccurate it will take prompt steps to update its records so that those records are correct.
Artilect applies active measures and controls in accordance with the international ISO/IEC 27001 Information Security Standard to ensure the security of Personal Information it holds is protected from misuse, interference, loss and unauthorised access, modification or disclosure. All Artilect devices, storage and channels are subject to continuous monitoring, logging analysis and audit. Artilect may choose to contract a third party to perform those functions. All Personal Information is stored at secure premises using good quality security protocols including two-factor authentication where possible. Artilect security systems are regularly reviewed and updated to maintain the integrity of our security posture.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
Subject to verification of identity, any Personal Information held about an individual may be accessed, updated or corrected by application to the Artilect Privacy Officer (for contact details, see Privacy Issues section below). Artilect will endeavour to respond to access and correction of Personal Information within 15 business days after a written request is received by the Artilect Privacy Officer.
Artilect will only engage in direct marketing practices in accordance with the laws of New Zealand. At any time an individual or organisation may contact Artilect to request that they no longer receive any marketing material or information from Artilect. For email communications, Artilect provides a simple opt-out (unsubscribe) mechanism that individuals can easily submit at any time. If you feel at any stage we have incorrectly used your Personal Information for direct marketing, please contact us immediately (for contact details, see Privacy Issues section below).
DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
As part of providing services to a customer, Artilect may disclose limited Personal Information to third party suppliers or contractors as authorised by law, for example to facilitate client access to certain software tools. Artilect only retains Personal Information for as long as required by applicable law or as needed for our business functions and activities. If Personal Information is no longer needed it is then destroyed or disposed of in a secure manner.
INTERNATIONAL DATA TRANSFERS
As a provider and user of IT Services including cloud services, Artilect retains Personal Information on servers that may be located in a number of overseas countries. Artilect recognises and respects the varying national laws and obligations and their impact on cross-border data transfers when transferring or processing Personal Information outside of the country of collection for the purposes identified above. Artilect will take all reasonable steps to ensure that no person or entity breaches any relevant privacy and data protection laws using a variety of lawful data transfer mechanisms and contractual agreements for privacy and data protection.
Accessing Artilect or Pukeko Health website will result in some information being logged including the time of access, IP address and the pages that have been viewed or accessed. Artilect or Pukeko Health’s websites may contain links to external websites. Artilect is not responsible for the content or privacy policies that govern such external websites.
Email: [email protected]
Or write to:The Privacy Officer, Artilect Ltd, PO Box 301348, Albany, Auckland 0752
If you are not satisfied with Artilect’s response and the issue relates to a privacy concern or alleged breach by Artilect, you may take your complaint to the relevant government authority responsible for privacy and data protection.