Privacy

Privacy

Your privacy is important to us. Here is what we do to protect you and your information:

All client-coach sessions are confidential. Notes are recorded to facilitate your journey. A copy of the information held about you is available by completing the Contact form here. Any information such as harm to anyone will be reported as required by law.

All information about you is securely stored with password-protection and is backed up on non-cloud based storage. Active records are held for one year, then stored in archive for an additional 6 years, after which the records are securely destroyed.

While specific cases are not shared in detail, your coach participates in regular professional supervisory sessions to maintain their ability to coach. These sessions are also confidential and thus all information is treated and handled as such.

Should you feel there has been a breach, please provide feedback here; alternately if you still haven’t found a satisfactory resolution, the privacy policy below has further information and provides next steps.

Full Privacy Policy

StepsToWellness

IMPORTANT: The Services are not intended as a substitute for medical or other professional advice, diagnosis or treatment, and the use of the Services does not create a healthcare professional/client relationship of any kind. 

IF YOU OR SOMEONE ELSE NEEDS URGENT HELP, CALL 111.

Introduction

1. StepsToWellness and its employees, officers and agents (“we“, “us” “our” or “STW“) respects privacy and is committed to protecting personal information. STW is bound by and complies with, the Privacy Act 2020 (“Act”) and the Health Information Privacy Code 2020 (Health Information Privacy Code).  If you wish to seek further information on the Act or the Health Information Privacy Code, see www.privacy.org.nz.
2. In this Privacy Policy:
   1. “Personal information” means any information that can identify you either directly or indirectly (i.e. by reference to other information we have access to).
   1. “Health information” includes information about the health of an individual. 
3. Please read this Privacy Policy carefully to understand the basis on which we collect, use and store personal information and health information. 
4. We only use your personal information for the purpose of providing and improving our services (Services), including via our websites stepstowellness.co.nz and wellnesscoaching.co.nz (Site).
5. If you do not consent to the collection, use, disclosure, storage and processing of your personal information in accordance with this Privacy Policy, please do not access our Site or accept or use any of our Services.

What information we collect about you

• We may process certain types of personal information about you as follows:
  • Health information.
  • Identity data that may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
  • Contact data that may include your billing address, delivery address, email address and telephone numbers.
  • Financial data that may include your bank account and payment card details.
  • Transaction data that may include details about payments between us and other details of purchases made by you.
  • Technical data that may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access the Site.
  • Usage data that may include information about how you use our Site and/or Services.
  • Marketing and communications data that may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
• We may also process aggregated data from your personal information but this data does not reveal your identity and as such in itself is not personal information. An example of this is where we review your usage data to work out the percentage of Site users using a specific feature of our Site. If we link the aggregated data with your personal information so that you can be identified from it, then it is treated as personal information.
• For certain Services, we may request that you provide us with sensitive data about you (which may include information about your health). To the extent that we collect information about your health, we will comply with the Health Information Privacy Code and the Act. 
• If you choose to not provide us with certain personal information, we may not be able to deliver certain Services to you and we may have to cancel, or refuse to provide, a Service. 

How we collect your personal information

1. We collect your personal information from you and other agencies in the following circumstances:
   1. When you visit our Site.  We may collect information relating to your use of our Site and the content you access. This may include your IP address and location data from your devices. We may use cookies and other software to collect this information. For further information on our use of cookies, please see below. 
   1. When you request a Service.  We may collect your personal information from you when you request a Service including your name, contact details and any other information reasonably required in connection with your request for a Service.
   1. When you use our Services.  We may collect three types of information from you when you use a Service:
      1. Information relating to the Services we provide to you including any information we reasonably require in performing the Services. 
      1. Information on how you use the Services or communicate with us including your activity and interactions on our Site, our software, your interactions with us in person, and any recordings (video, chat, voice or otherwise) we collect when you interact with us either on our Site, using our software/systems, over the phone or in person.
      1. Information you give us when you raise a query, sign up for communications (such as marketing emails) or give us feedback, or any information you give us to update, confirm or correct our records. This may include your name, email address, contact phone number, address and any other personal information included in your communication with us.
   1. When we work with third party agencies or use their information.  We may collect your personal information from third party agencies to enable us to deliver you a Service and to run our business efficiently including information provided to us by:
      1. an agency if you have requested that agency to provide such information (such as from a medical professional); and
      1. government agencies if required to comply with any laws and regulations.

How we use your personal information

1. We may use your personal information and health information for the following purposes:
   1. When you request a Service.  We may use your personal information and/or health information to confirm your identity, contact you and otherwise perform the Services. 
   1. When you use a Service.  We may use your personal information to communicate with you about a Service and otherwise take any action in relation to the provision of a Service including: 
      1. managing our business (including maintaining appropriate records so that we can contact you and otherwise provide appropriate Services to you);
      1. managing your account including communicating with you from time to time in relation to fees, payments and your general obligations to us;
      1. suggesting to you better ways to use a Service based on information relating to your usage of that Service;
      1. telling you about any other Service that may meet your requirements; and
      1. telling you when you need to take any action in relation to a Service, such as making a payment to us or sending us additional information.
   1. When we market a Service to you.  We may use your personal information to decide what marketing information to send to you and where to place adverts on websites and social media. Please see below for more information including how to opt-out of marketing communications. 
   1. When we manage our business.  We may use your personal information to run our day-to-day business operations including:
      1. preparing management reports and business plans;
      1. recovering money owed to us; and
      1. improving a Service (including improving and optimising the customer journey in relation to a Service). 
   1. When we must comply with the law.  We may need to use your personal information and/or health information to comply with our legal obligations, including to comply with New Zealand law and any obligations to regulatory agencies or appropriate third parties.
2. You can choose not to give us any of your personal information and/or medical information that we request. However, this may mean that we will be unable to properly provide you with the Services, and/or information that you require from us.

Use of cookies

1. When you visit our Site, you can browse and access information without revealing your identity. In order to improve our Site, we may use “cookies” to track your visit. A cookie is a small amount of data that is transferred to your browser by a web server and can only be read by the server that gave it to you. It functions as your identification card, and enables us to record your user journey. It cannot be executed as code or deliver viruses. Cookies help us to improve our Site and to deliver a better and more personalised service. Cookies enable us:
   1. to estimate our audience size and usage pattern;
   1. to store information about your preferences, and so allow us to customise our Site according to your individual interests;
   1. to speed up your searches; and
   1. to recognise you when you return to our Site.
2. Most browsers are initially set to accept cookies. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you log on to our Site.
3. Please note that our advertisers may also use cookies, over which we have no control.

Security

1. We will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with this Privacy Policy.
2. The transmission of information via the internet is not completely secure. Although we will do our best to protect personal information, we cannot guarantee the security of your data transmitted to our Site, through any third party sites or platforms that we use to provide the Services to you or through the Services that we provide to you.  Therefore, any transmission is at your own risk.  Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.

Privacy breaches 

1. A privacy breach occurs where there is unauthorised or accidental access to, or disclosure, alteration, loss (whether temporary or permanent), or destruction of, personal information and/or health information held by us or an action that prevents us from accessing personal information on either a temporary or permanent basis. 
2. If we learn of a privacy breach involving personal information and/or health information we hold, we will assess whether the privacy breach is likely to cause, or has caused, serious harm to an affected individual or individuals. If our assessment finds that the privacy breach has caused serious harm to an affected individual or individuals, or is likely to do so, we will take steps to minimise any harm, notify the affected individual or individuals (if required and permissible under the Act) and notify the Privacy Commissioner within the timeframes prescribed by the Act.  

Storage of data

• We use third party service providers to assist in storing and processing certain types of personal information for us, and some of these service providers may be located overseas, or use facilities located overseas to provide us with services. These third party service providers do not use the personal information for any purpose other than to enable us to provide our Services outlined in this policy.

How long do we keep your personal information for?

• We will retain your personal information for as long as it is needed to be able to provide Services to you. If we no longer provide any Service to you, we will only keep your personal information if it is necessary or required to meet legal or regulatory requirements, resolve disputes, or to prevent fraud or abuse. 

External sites

• Our Site may contain links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. You should check the privacy practices of those third party sites. Links from our Site to any of those third party sites does not amount to an endorsement by us of any of those other sites or their content.

Social media platforms

• Please be aware that if you share any of your personal information and/or health information on a third party social media website or app (e.g. Facebook, Instagram and LinkedIn), your personal information and/or health information may be collected or used by the third party website or app and/or the users of these platforms, and could result in you receiving unsolicited messages. We encourage you to review the privacy policies and settings of the social media platforms you interact with.   

Who we may share your personal information with 

• We may disclose or share your personal information with other agencies in the following circumstances:
  • Any agency with your consent.  We may share your personal information with agencies where you have consented or requested us to do so. 
  • A purchaser of our business.  If we propose to sell any business or assets, we may disclose your personal information to the prospective buyer of such business or assets. If substantially all of our assets are acquired, your personal information may be transferred to the purchaser.
  • Third party service providers.  We may share your personal information with third parties that support our Services, including any third party that hosts, maintains or provides any underlying IT system, software or data centre that we use to provide our Site, to allow payment by you to us for the provision of Services to you, or to deliver a Service to you. These third parties are not authorised to use your personal information for promotional purposes.    
  • Our advisers.  We may share your personal information with any of our advisers who help us to manage our business, including professional services advisers such as accountants and lawyers, marketing advisers, and any other adviser whose assistance we reasonably require to manage our business. 
  • Any agency where required to meet a legal obligation or to enforce our rights, manage risk, prevent fraud and for safety.  We may share your personal information with:
    • any agency if required to comply with any legal obligations, or to protect the rights, property, or safety of our employees, our customers, or others; and
    • the Privacy Commissioner in connection with the mandatory reporting of a notifiable privacy breach under the Act.
• We may also share your health information with third parties without your consent where a relevant exception under the Health Information Privacy Code (or the Privacy Act) applies, including to prevent or lessen a serious threat to your (or another individual’s) life or health.

Aggregated information

• We may share aggregated information, such as user statistics and other information which does not personally identify you, with our advertisers.

Communications with you

• You have the right to ask us not to use your personal information for marketing purposes. We will inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your information to any third party agency for such purposes. You can exercise your right to opt-out of our marketing communications by clicking “unsubscribe” when you receive a marketing email from us, calling us on 021 898 763 or contacting us at contact@stepstowellness.co.nz. If you do opt out, we may still need to send you operational communications (in connection with any request for, or use of, a Service) in accordance with this Privacy Policy.  

Access to, and correction of, information

• The Act gives you the right to access information held about you so that you can update or correct it. Your right of access can be exercised in accordance with the Act. Any access or correction request may be subject to a fee to meet our costs in providing you with your personal information or correcting that information (in which case, we will let you know the fee in advance). We will usually respond to you within 20 working days after receiving your request. 

Changes to our Privacy Policy

• Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. We are not obliged to give you advance notice if an immediate change to this Privacy Policy is deemed necessary. This page will always have the current version of this Privacy Policy. 

Law

• Our Privacy Policy is governed by the laws of New Zealand and you submit to the jurisdiction of the New Zealand courts.

Contact

• Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to the STW Privacy Officer by email at contact@stepstowellness.co.nz or phone 021 898 763.

Last updated 31 March 2023