Privacy policy detailed

Information from other agencies

Plunket sometimes gets additional information about you or your child’s health from other agencies involved in the care of you or your children, if you’re registered as the enrolled child’s main caregiver. We do this when it is necessary to provide a better service or for you or your child’s physical or mental health or safety.

Limitations on use or sharing of information

Health information may be shared with other agencies but we will only use or share information:

that is relevant to the situation - we can do this under section 22C of the Health Act 1956
in the way(s) we have said we will when we collect the information
if you have authorised us to do so.

We will only use or share your information without your permission when:

a client’s health or safety is at risk
doing so is required by the Privacy Act or the Health Information Privacy Code
that information is already publicly available
it is being shared for research or statistical purposes
it is being shared between healthcare providers
the information being used is non-identifiable.

What we do with personal information

Plunket does not sell or rent your personal information to third parties. We will share personal information without your permission (which may include account information) only when we:

need to comply with the law or with the health information privacy code
need to enforce or apply our terms and conditions
believe you have agreed to share your personal information with specified third parties and relevant Plunket staff.

If your personal information changes (such as your address) we will endeavour to provide a way to correct or update your records. We are legally required to keep your health information on file for 10 years from the date of last contact - after which it can be destroyed.

Credit card security

We work diligently to protect the security of your personal information, including credit card information. We protect your credit card information during transmission by using the Secure Sockets Layer (SSL) protocol, which encrypts your information when transmitted over the internet.

When you make a donation via committed giving, your transaction is processed through ANZ Bank E-Gate Secure Payment Gateway, where we safely and securely use your credit card. Plunket only receives credit card information and details when you sign up to a regular payment.

When making a donation online, your credit card information is protected during transmission from the Givealittle Limited page using Secure Sockets Layer (SSL) protocol, which encrypts your information when transmitted over the internet. When you choose to make a donation online, you will be taken directly to the Plunket donation page, served by Givealittle Limited, where you can safely and securely use your credit card. Credit card donations are processed by DPS. Details may be held by Direct Payment Solutions (DPS) (please review their Privacy Policy). Givealittle Limited retains only a portion of your credit card information in order to identify your transaction if required post donation. This information is not complete and is not able to be used.

It is important for you to protect against unauthorised access to your password and to your computer.

Identifiers

Information about your computer and about your visits to and use of our website such as your IP address, location, browser type and user name will be recorded when you visit our website. This information may be used to identify you. However, we will treat this information as personal information and will only use it for the purposes stated in this privacy notice.

Cookies

Cookies are small pieces of information that are stored in a browser-related file on your computer's hard drive when you use our website. We use cookies to improve the member experience. We also use them to deliver information and fresh content specific to your interests. Cookies are widely used on most major websites.

A cookie tells us whether you've visited us before or if you are a new visitor. The cookie doesn't collect any personal information about you or provide us with any way to contact you. It doesn't extract any information from your computer. We use the cookie to help us track traffic patterns to our site and identify website features in which you have the greatest interest. That way we can give you more of what you like.

If you would rather we did not use cookies with you, you can turn them off in your browser and/or delete them from your hard drive. You will still be able to visit our site.

Security

Information transmitted over the Internet is inherently insecure. However, we have physical, electronic and managerial processes in place to protect the information we collect via our website or email. The information you send is passed through a secure server using encryption technology. All stored customer information is protected with secure passwords, user log-ons and other security procedures.

We will take all reasonable steps to maintain the security and integrity of your personal information including:

the use of computer access passwords
locked cabinets, storage and transport facilities
protocols for sending/receiving information by fax
personnel policies
firewalls.

PlunketLine

When you contact PlunketLine we may monitor or record calls for quality assurance. These are stored and destroyed securely as per all information collected and held.

Direct donation mailings

If you wish to make any changes to information we may have or you no longer wish to receive direct donation mailings, contact:

The Database Coordinator
Plunket National Office
PO Box 38299
Wellington 5045
New Zealand

Phone: 0800 20 55 55
Email: donations@plunket.org.nz

If our privacy notice changes

We will use information in accordance with the privacy policy under which the information was collected. If we need to make any changes to our privacy policy we will post those changes on our website. We will state what information we collect, how we use it, and under what circumstances, if any, we disclose it. Periodically review this page for the latest information on our privacy practices.

Legislation that applies, or is relevant, to Plunket’s Client Privacy Policy

The Privacy Act (1993)
The Health Information Privacy Code (1994) (modified a number of the rules of the Privacy Act to take into account specific aspects of the health sector)
Children, Young Persons, and Their Families Act 1989
Children, Young Persons, and Their Families Amendment Act 2001
Care of Children Act 2004
Coroners Act 2006
Health Act 1956
Health and Disability Commissioner Act 1994
Health (Retention of Health Information) Regulations 1996
Health Practitioners Competence Assurance Act 2003
Code of Health and Disability Services Consumer Rights 1996 (amended version July 2000)
Privacy Commissioner. 1999. On the Record: A Practical Guide to Health Information Privacy. Auckland
Ministry of Health. 1998. Consent in Child and Youth Health: Information for Practitioners. Wellington

Definitions used

Client

A Plunket client is defined as the child client and the adult client. The child client is the child enrolled to receive Plunket services.

There are 2 sorts of adult clients:

donors to Plunket
adults who are the legal representatives of the child client enrolled with Plunket

Guardian

A child’s guardian is the person with the legal duties, rights, responsibilities and powers that a parent has concerning their child. Guardians’ responsibilities include but are not limited to the day-to-day care of the child (such as a safe, secure home; loving care and attention).

Information

Most of the information collected by Plunket will be considered health information (eg any information collected during care delivery) and is subject to the Health Information Privacy Code 1994 (the Code), as well as the Privacy Act 1993. The NHI (National Health Index) number is also considered health information.

Some information collected is personal information such as details provided by a financial donor or when you contact us via email or the internet. This information is subject only to the Privacy Act 1993.

Defining health information – Part 1 (4)(1) of the Code

Health information is information about an identifiable individual that includes, but is not limited to:

information about the health of that individual
information about any disabilities that individual has or has had
information about any health services or disability services that are being provided, or have been provided, to that individual
information about that individual which is collected before, or in the course of, and incidental to, the provision of any health service or disability service to that individual
the individual’s National Health Index (NHI) number.

In practice, the categories listed above translate to, but are not restricted to:

medical history
birth information
health status
family health information
billing information
disability information
information around health determinants (social information) relating to transport, housing, access to services, etc.

Defining personal information – Part 1 of the Act

‘Personal Information’ is a wider concept than ‘health information’ as it is any information about an identifiable individual.

Personal information is not limited to, but may include the gender and name of baby, and the name, address, telephone number of the individual, or any other information about that individual or members of that individual’s - or the child’s – family.

How to make a privacy complaint if you feel your privacy has been breached

If you have a privacy complaint you should first contact your Plunket area manager.

If the complaint is about a manager, you should contact the operations general manager. If you are not satisfied with this process, you can then complain to the Privacy Commissioner.

Any privacy complaints will in most cases be handled within 15 working days. The reason for any required extensions of more than 20 working days will be advised.