Privacy Policy

This policy explains how Cervin Limited collects, uses, discloses, and protects your personal information when you use our medical directory and referral services.

You may know our medical directory and referral service or platform as Healthpages or SR Referrals, but the legal entity behind Healthpages and SR Referrals is Cervin Limited. In this policy, when we say ‘we’, ‘us’ or ‘our’, we mean Cervin Limited (NZBN 9429039353238), which is responsible for collecting and storing your information. Our registered address is Level 2, 239 Ponsonby Road, Freemans Bay 1011 New Zealand. ‘You’ and ‘your’ means the patient, customer, medical professional, or other person whose personal information we collect and handle under this policy. If you give us information about another person, please make sure that you have their permission first. For children, consent must come from a parent or guardian.

1. WHAT WE MEAN IN THIS POLICY

To make this policy easy to follow, here’s what we mean when we use certain words

personal information has the meaning given in the Privacy Act.  In simple terms, it means any information that can identify you, or could be used to identify you. This includes things like your name, contact details, medical information, and other information about you;

health information is a type of personal information and includes information about your health or disability. It can include your medical history, any conditions or disabilities, details of the health services you receive, test results, or information you give in connection with treatment or donation (like blood or tissue). It also covers information collected before or while you are receiving health services;

patient means any person whose personal information is included in a referral created or managed through our platform by a provider;

platform means our integrated software platform called SR Referrals;

provider means a person or an organisation, such as a medical referrer, a health and wellbeing service provider, a health organisation or other referrer, who uses our platform or our services to create, send, receive or track patient referrals;

Privacy Act means the Privacy Act 2020 and any laws that change or replace it; and

services means our directory and referral services, including the services provided by Healthpages and SR Referrals.

2. CHANGE TO POLICY

  • The most recent version of our privacy policy will always be available on our website.
  • We may update this policy if our services change or if the law requires us to. When we make changes, we will post a clear notice on our website with the updated policy. We will usually give at least 14 days’ notice before changes take effect. If urgent changes are needed to protect your information or to comply with the law, we may update the policy first and notify you straight afterwards.   

3. WHEN WE USE YOUR INFORMATION

  • We follow New Zealand law, including the Privacy Act, and any other health laws that apply to us. We may use your personal information when:
    1. you agree to it, for example, when you give us your details to use our referral service;
    2. we need it to provide our services, for example, to manage and send referrals between health professionals;
    3. we improve our services, for example, to understand how our platform is used so we can make it better
    4. we have to by law, for example, keeping health records for the required time under health regulations.

4. INFORMATION WE COLLECT

  • We will only collect personal information necessary for a lawful purpose in connection with the provision of our services and our platform.
  • The information usually includes your name, address, telephone numbers, email address, date of birth and information about your use of our services.
  • If you are a patient, we may also collect health information, including your NHI number, your medical history and referral notes. A referral may also include other personal information that is not health information, such as insurance details, information about your lifestyle or habits, and details about your personal relationships or family connections based on the information included in the referral created by your provider. By using this referral service, we may have access to this information.  
  • You may choose to not provide us with your personal information or not to consent to your provider accessing or using our platform or our services in respect of your personal information but not doing so may affect our ability to provide you or your provider with our platform or our services

5. HOW WE COLLECT YOUR INFORMATION

  •   We will collect your personal information directly from you when you:
    1. sign up to use our platform or services;
    2. use or access our platform or services; or
    3. contact us by email, telephone, social media or in any other way.

You are required to let us know if your details change so we can keep our records up to date.

  • If you are a provider, we may also collect information about you from your representatives or from information you have made public (for example, in directories or on social media).
  • Sometimes we collect information from others, for example:
    1. if you are a patient, from your provider, or from another provider they refer you to;
    2. if you are a provider, we may receive information from:
      1. other providers you send or receive referrals to/from;
      2. credit reference or fraud prevention agencies;
      3. emergency services, law enforcement agencies, medical and legal practices;
      4. publicly available sources, such as government websites;
      5. professional registers, such as the Medical Council Registers; or
      6. professional associations.

6. INFORMATION THAT DOESN’T IDENTIFY YOU

  • We never sell anonymised or aggregated information.
  • We may also collect information that does not identify you personally. This may include anonymised or aggregated data about how our platform and services are used.
  • We use this kind of information to improve our services, understand usage trends, check how our platform is performing, and (for providers) to give related reports.

7. COOKIES

  • Our websites and web applications use server logs and web analytics tools (such as “cookies”). Cookies are small text files that are downloaded to your device by websites that you visit.  They collect information such as your browser type, operating system, IP address, search terms, location, and the pages you view. We use cookies to keep sessions secure, check how our systems are performing, and make our website easier to use.
  • You can set your browser to block cookies or to tell you when a cookie is being placed.  If you block cookies, some parts of our platform or services may not work properly

8. HOW WE USE YOUR INFORMATION

  • We never sell personal information.
  • If you are a patient, we use your information to manage referrals between providers and to let you access your own referrals.
  • If you are a provider, we may use your information to:
    1. confirm your identity and keep your account is secure;
    2. provide our platform or our services to you including managing referrals with other providers;
    3. communicate with you, including direct marketing;
    4. manage our relationship with you, including invoicing and payments;
    5. run our business, such as maintaining your account, planning, training, product/services improvement and development, research and analysis;
    6. include in our print and web directories (if you agree);
    7. enforce our agreement with you;
    8. meet our legal requirements (for example, disclosure to law enforcement agencies or the courts);
    9. do things that are directly connected to the above purposes.
  • We may use any information that we collect from you that is not personal information for our business purposes, including:
    1. understanding how our services are used;
    2. improving our services; and
    3. marketing and promotions.

9. ADDITIONAL REQUIREMENTS

  • You may request that we take additional measures in relation to your personal information from time to time by emailing us at enquiries@cervin.co.nz or writing to us at Level 2, 239 Ponsonby Road, Freemans Bay 1011.
  • For example, you may request that we do not disclose or publish your personal information in certain circumstances or places, such as regarding business changes that are not yet public. If we agree to your request, you are required to keep us informed about any changes to such requirements.

10. MARKETING

  • If you are a provider, we may use your information to offer you services that we think may suit your needs. You can ask us to change your contact details or opt out of receiving these offers at any time by emailing us at enquiries@cervin.co.nz or writing to us at Level 2, 239 Ponsonby Road, Freemans Bay 1011. We will act promptly on any such request.

11. WHO WE SHARE YOUR INFORMATION WITH

  • We may share your information to the following:
    1. if you are a patient, with your provider, and with any provider they refer you to (or receive referrals from);
    2. if you are a provider, with:
      1. other of health service providers (for example, medical practices or medical specialists);
      2. our staff, contractors, and our related companies;
      3. service providers who support us (such as data storage, IT and software management providers);
      4. people managing your financial affairs (such as liquidators or administrators);
      5. debt collectors or credit reporting agencies; or
      6. agents of the above.
  • We share information with law enforcement agencies, government or regulatory bodies when the law requires us to. For example, the Police when someone commits an offence.
  • If we need to share your information with someone outside of New Zealand, we will only do so in accordance with the Privacy Act. This means we will:
    1. only disclose to recipients in countries that have privacy laws which, overall, provide comparable safeguards to those in New Zealand; or
    2. ensure appropriate contractual safeguards are in place to protect your information; or
    3. obtain your express consent to transfer or store the personal information outside New Zealand.

12. PROTECTING YOUR INFORMATION

  • We take reasonable steps, in line with the Privacy Act, to keep your personal information secure and confidential. This will, or may (where we decide it is appropriate), include the following:
    1. encrypting all patient data when it is stored or sent;
      1. Data in transit: Movement of data between the webserver and browser is secured with the latest HTTPS technology using RSA encrypted TLS (Transport Layer Security); and
      2. Data storage: All patient data is stored on secure servers. These servers conform to the ISO27001 standard ensuring data remains backed up and safe at all times;
    2. our staff and those who perform services on our behalf, have role-based access controls;
    3. training our staff to handle information safely and in line with the law and this privacy policy;
    4. access, use, modification and disclosure of information is secured by the use of firewalls and restricted access to databases; and
    5. annual independent penetration testing to ensure vulnerabilities and threats are detected and addressed promptly.
  • We don’t keep your personal information longer than we need to, unless the law requires it or you’ve agreed we can.

13. ADVERTISING AND THIRD PARTY LINKS

  • Our website may contain links to a variety of advertising and third-party website sources. Some of these links may request or record information from users or use cookies or other methods to collect information from you. We have no control over the content or privacy policy practices of those sites and encourage you to review the privacy policies of those sites before using them.

14. ACCESS TO AND CORRECTION OF YOUR INFORMATION

  • You may request access to and correction of the personal information we hold about you. This right is subject to some exceptions, for example you may not obtain access to information relating to existing or anticipated legal proceedings.
  • You may also request corrections to be made to published personal information (updated within a reasonable timeframe on the website or in the next edition of a printed publication).
  • You can request access to or correction of any of the personal information about you that we hold or have published by emailing us at enquiries@cervin.co.nz or writing to us at Level 2, 239 Ponsonby Road, Freemans Bay 1011. We may charge a reasonable fee for providing access or corrections, but we do not charge for updating basic provider details that we publish for free. We may ask for payment in advance if a fee applies.
  • Patient personal information that we collect and store is encrypted and largely contained in the referrals and other correspondence between providers. If you request access to or correction of this information, we may need to transfer the request to the relevant provider, in accordance with the Privacy Act and Health Information Privacy Code.

15. HEALTH INFORMATION PRIVACY CODE

16. IF YOU THINK WE HAVE MADE AND ERROR

  • We are committed to protecting your privacy and our policies, processes and systems have been developed with this in mind. However, if you think we have made an error, please email us at enquiries@cervin.co.nz, or write to us at Level 2, 239 Ponsonby Road, Freemans Bay 1011 to let us know. Where we have made an error, we will endeavour to correct the error as soon as reasonably practicable.

17. QUESTIONS AND COMPLAINTS

  • If you have a question or complaint about the way we have dealt with your personal information, please contact us by email or in writing at the addresses above. We will endeavour to respond promptly to your question or complaint.

18. BREACHES OF YOUR PRIVACY

  • We take our privacy responsibilities seriously. If there is a suspected or actual breach of your personal information, we will investigate. If we believe that the breach has caused, or is likely to cause, you serious harm, we will notify you (or give public notice if it is not reasonably practicable to notify you) and notify the Privacy Commissioner.