22 April 2022
The type of personal information we collect and hold largely depends on your engagement with us, but may include:
a) registration information, such as name, address, phone number, email address;
b) health information, including blood samples taken for the purpose of performing or using our testing services;
c) test results and associated recommendations and interpretative guidance generated through the processing of your samples by Orbis and/or our agents or contractors;
d) your purchase history and records of the products and services you have acquired from us;
e) on a voluntary basis, your age, vaccination status, and other health related information relevant to the service being provided (note that if you choose to provide this information, it will be anonymised and only used by Orbis for research, statistical and data analysis purposes, for example, to improve our services and identify any trends that may appear in its overall data sets);
f) details of any enquiries or requests made to us, and our responses;
g) information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and
h) any other personal information requested by us and/or provided by you or a third party in connection with our lawful functions.
Orbis only requires personal information to be provided to the extent necessary to perform our services. In some cases, if specific personal or health information we request is not provided, we may not be able to perform a service for you or you may not be entitled to use certain products and services. Any voluntary disclosure of additional, self-reported personal information is supplied entirely at your option and discretion.
Any blood sample provided for the purpose of receiving our testing services will be collected, tested and retained in accordance with the Human Tissue Act 2008.
a) to perform and provide you with our products and testing services (including informing you of test results);
b) to contact and communicate with you about our products and services;
c) for internal record keeping and administrative purposes;
d) to improve our products and services (in which case your personal and health information will be de-identified);
e) to undertake insights, analytics, and research and development purposes associated with our functions and areas of interest and produce publications (in which case your personal and health information will be de-identified);
f) to comply with any health related legal or regulatory obligations we may have (including notifying health officials of positive COVID test results or complying with Health Orders);
g) as otherwise permitted or required by the Privacy Act, Health Information Privacy Code 2020, and other laws and legal requirements to which we are subject; and
h) for any other purpose expressly authorised by you.
In carrying out the purposes set out above, we may disclose your personal information to:
(a) our third party agents or contractors that we partner with to provide services to you and/or who carry out services on our behalf (e.g. pharmacies);
(b) our third party service providers, who we have engaged to provide a service to us or to assist us in providing products and services to you, for example our IT service providers, cloud storage providers;
(c) courts, tribunals, and regulatory authorities where required by law; and/or
(d) any other person or organisation that you have expressly authorised us to disclose your information to.
If we need to disclose your personal information to third parties outside of New Zealand we will comply with our obligations under the Privacy Act in relation to offshore disclosures of personal information including, if necessary, ensuring that those third parties are subject to privacy obligations that overall provide comparable safeguards to those in the Privacy Act.
You agree that any personal and health information you give to us will be accurate, correct and up to date, and that when acting on behalf of a legal entity or another individual (e.g. a child), you are authorised to give such information to us.
You must inform us if any of your personal or health information changes, to ensure that the details we hold about you are up to date and correct.
You are entitled at any time to request access to, or correction of, the personal information we hold about you by contacting us at firstname.lastname@example.org.
Where we no longer require your personal information for any lawful purposes, we will comply with our legal obligations to securely de-identify, delete or destroy that information. We may retain and use de-identified information for research and statistical purposes, including scientific publications.
Any health information collected (including blood samples taken for the purpose of performing testing services) will be securely retained by Orbis in accordance with the Health (Retention of Health Information) Regulations 1996 for a period of 10 years from the date the service is completed.
We take reasonable steps to protect the security of personal information. However, we do not make any warranties in relation to the security of any information you disclose or transmit to us and we are not responsible for the theft, destruction, or inadvertent disclosure of your personal information where our security measures have been breached. We store all personal information that we hold in secure servers in Australia.