Orbis Diagnostics
Privacy Policy

Last updated:
22 April 2022

This privacy policy governs the collection, use and storage of your personal information by Orbis Diagnostics Limited (New Zealand company number 5894951) at 14 West Street, Auckland 1010 (“Orbis”).

Your privacy rights

Orbis is committed to complying with our obligations under the Privacy Act 2020 (Privacy Act) and the Health Information Privacy Code 2020 when dealing with your personal and health information. Any personal and health information you provide to us will be collected, stored, used and disclosed by Orbis in accordance with this Privacy Policy.  

If you have any questions regarding this Privacy Policy or wish to access or amend the personal information that we hold about you, please contact us at enquiry@orbisdiagnostics.com.

Acceptance of this privacy policy

By accessing or using any of our products or testing services, contacting us, visiting any of our websites, or otherwise providing us with your personal information, you are deemed to have accepted the terms of this Privacy Policy, including the collection, use, disclosure, storage and retention of your personal information by Orbis as described in this Privacy Policy. If you do not accept the terms of this Privacy Policy you are not permitted to use any of our services.

We may amend and update this Privacy Policy from time to time to give effect to changes in our products, services and processes or to reflect legal or business requirements. Any amendments will be effective immediately from the date the revised policy is posted on our website, unless we make any substantial amendments that may affect your privacy rights, in which case we will endeavour to provide you with at least 14 days’ notice by posting an advance notice of the revised policy on our website and/or notifying you by email (if practicable).    

What personal information does Orbis collect?

The type of personal information we collect and hold largely depends on your engagement with us, but may include:

a)        registration information, such as name, address, phone number, email address;

b)        health information, including blood samples taken for the purpose of performing or using our testing services;

c)         test results and associated recommendations and interpretative guidance generated through the processing of your samples by Orbis and/or our agents or contractors;

d)        your purchase history and records of the products and services you have acquired from us;

e)        on a voluntary basis, your age, vaccination status, and other health related information relevant to the service being provided (note that if you choose to provide this information, it will be anonymised and only used by Orbis for research, statistical and data analysis purposes, for example, to improve our services and identify any trends that may appear in its overall data sets);

f)          details of any enquiries or requests made to us, and our responses;

g)        information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and

h)        any other personal information requested by us and/or provided by you or a third party in connection with our lawful functions.

Orbis only requires personal information to be provided to the extent necessary to perform our services. In some cases, if specific personal or health information we request is not provided, we may not be able to perform a service for you or you may not be entitled to use certain products and services.  Any voluntary disclosure of additional, self-reported personal information is supplied entirely at your option and discretion.

Any blood sample provided for the purpose of receiving our testing services will be collected, tested and retained in accordance with the Human Tissue Act 2008.

How we use and disclose information that we collect about you

We may use and disclose your personal information in accordance with this Privacy Policy for the following purposes:

a)           to perform and provide you with our products and testing services (including informing you of test results);

b)        to contact and communicate with you about our products and services;

c)         for internal record keeping and administrative purposes;

d)        to improve our products and services (in which case your personal and health information will be de-identified);

e)        to undertake insights, analytics, and research and development purposes associated with our functions and areas of interest and produce publications (in which case your personal and health information will be de-identified);

f)          to comply with any health related legal or regulatory obligations we may have (including notifying health officials of positive COVID test results or complying with Health Orders);

g)        as otherwise permitted or required by the Privacy Act, Health Information Privacy Code 2020, and other laws and legal requirements to which we are subject; and

h)        for any other purpose expressly authorised by you.

Who we may disclose your personal information to

In carrying out the purposes set out above, we may disclose your personal information to:

(a)         our third party agents or contractors that we partner with to provide services to you and/or who carry out services on our behalf (e.g. pharmacies);

(b)         our third party service providers, who we have engaged to provide a service to us or to assist us in providing products and services to you, for example our IT service providers, cloud storage providers;

(c)          courts, tribunals, and regulatory authorities where required by law; and/or

(d)         any other person or organisation that you have expressly authorised us to disclose your information to.

If we need to disclose your personal information to third parties outside of New Zealand we will comply with our obligations under the Privacy Act in relation to offshore disclosures of personal information including, if necessary, ensuring that those third parties are subject to privacy obligations that overall provide comparable safeguards to those in the Privacy Act.

Access, correction and retention of your personal information

You agree that any personal and health information you give to us will be accurate, correct and up to date, and that when acting on behalf of a legal entity or another individual (e.g. a child), you are authorised to give such information to us.

You must inform us if any of your personal or health information changes, to ensure that the details we hold about you are up to date and correct.

You are entitled at any time to request access to, or correction of, the personal information we hold about you by contacting us at enquiry@orbisdiagnostics.com.

Where we no longer require your personal information for any lawful purposes, we will comply with our legal obligations to securely de-identify, delete or destroy that information. We may retain and use de-identified information for research and statistical purposes, including scientific publications.

Any health information collected (including blood samples taken for the purpose of performing testing services) will be securely retained by Orbis in accordance with the Health (Retention of Health Information) Regulations 1996 for a period of 10 years from the date the service is completed.

Security of information

We take reasonable steps to protect the security of personal information. However, we do not make any warranties in relation to the security of any information you disclose or transmit to us and we are not responsible for the theft, destruction, or inadvertent disclosure of your personal information where our security measures have been breached.  We store all personal information that we hold in secure servers in Australia.

Links to other sites

Our website may contain links or references to other third-party websites.  This Privacy Policy does not apply to those websites and Orbis takes no responsibility for the privacy practices of other third parties or their websites.