Last updated: JULY 2025

This Privacy Policy describes how Vensa Health Limited ("Vensa", "we", "us" or "our") collects, uses, discloses, stores, and protects personal information (including health information) in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020 ("HIPC").

By using our website, applications, products, or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any aspect of this Policy, please do not use our services or platforms.

 

1. OUR COMMITMENT TO PRIVACY

1.1 We are committed to safeguarding the privacy of all personal information, including health information, in accordance with the Privacy Act 2020 and the Health Information Privacy Code 2020.

1.2 We will only collect, use, disclose, and store your personal information as permitted by New Zealand law and in accordance with the principles of transparency, fairness, and security.

 

2. WHAT INFORMATION WE COLLECT

We may collect the following types of personal information:

• Your name, contact details, date of birth, gender, ethnicity, and National Health Index (NHI) number.
• Details about your use of our products or services.
• Information only if provided by your healthcare provider, such as appointment details, medical history, symptoms, prescriptions, and clinical notes.
• Health provider identifiers (e.g., PMS identifiers), enrolment details, billing and claims information.

2.2 We may collect personal information from:

• You directly when you use our services or contact us
• Your Health Provider, only if requested and necessary to deliver the a specific service.
• A legal guardian or authorised representative acting on your behalf (e.g. for a dependent or child as required by NZ law).

2.3 If you provide us with information about someone else, including a dependent, you must ensure you are authorised to do so and have informed them of this Privacy Policy.

2.4 We may collect aggregated and anonymised data for research, public health reporting, or service improvement, provided it cannot reasonably be used to identify any individual.

 

3. PURPOSES FOR USE OF PERSONAL INFORMATION

3.1 We use your information only for the following purposes:

• To provide our services and administer user accounts.
• To communicate your appointment reminders, prescription updates, or service alerts.
• To facilitate payment processing (we do not store payment card details).
• To support healthcare providers in delivering care through our platform.
• To improve and develop our services based on usage analytics.
• To comply with legal obligations or respond to lawful requests.
• To conduct ethically approved health research in accordance with Rule 11 of the HIPC (only in de-identified or approved contexts).

3.2 We will not use your personal information for unrelated purposes unless permitted or required by law, or with your express consent.

 

4. DISCLOSURE OF PERSONAL INFORMATION

4.1 We may disclose your personal information to:

• Healthcare providers involved in your care as required.
• Our trusted service providers (e.g. IT infrastructure, hosting, and communications providers), under strict contractual privacy obligations.
• Regulatory or enforcement agencies where required by law for research or analytics purposes, but only in anonymised and non-identifiable form.

4.2 We will not disclose personal information to overseas recipients unless we ensure that the recipient is subject to comparable privacy safeguards in accordance with Principle 12 of the Privacy Act 2020.

 

5. SECURITY AND STORAGE OF PERSONAL INFORMATION

5.1 We take all reasonable steps to protect personal information from loss, misuse, unauthorised access or disclosure, including:

• Role-based access controls.
• Encryption and secure storage.
• Regular security audits and monitoring.

5.2 In accordance with Health (Retention of Health Information) Regulations 1996, personal information will be held for a minimum of 10 years.

5.3 Offshore cloud services used (e.g., Microsoft Azure in Australia), are compliant with the NZ Ministry of Health requirements for health data storage.

 

6. YOUR RIGHTS

6.1 You have the right to:

• Request access to your personal information.
• Request correction of your information if it is inaccurate or incomplete.
• Withdraw your consent to optional communications.
• Lodge a complaint with the Office of the Privacy Commissioner if you believe your privacy has been breached.

6.2 To exercise your rights, please contact our Privacy Officer (see section 8).

 

7. NOTIFIABLE PRIVACY BREACHES

7.1 In the event of a notifiable privacy breach (i.e. where it is reasonable to believe the breach has caused or is likely to cause serious harm), we will notify:

• You as soon as practicable.
• The Office of the Privacy Commissioner, as required under section 114 of the Privacy Act 2020.

 

8. CONTACT US

For any questions, access or correction requests, or privacy concerns, please contact:

Privacy Officer
Vensa Health Limited
PO Box 8349, Symonds Street, Auckland, New Zealand
Phone: 0800 736 463
Email: support@vensa.com