We ensure that all our staff comply with the following rules when collecting, using, storing, or disclosing information about clients’ information.
Data Protection – General
In order to facilitate your use of the website and the services, you may be required to provide VSA with personal information. We take the protection of your personal information seriously and we are honest and transparent about how we use your personal information. We are committed to protecting the privacy of individuals and complying with the Privacy Act 2020 and other applicable data privacy regulations.
Type of Personal Information
Personal information is any information about an identifiable individual. The personal information you submit is gathered only on a voluntary basis; you may choose not to provide personal information, but this may mean that we are unable to provide the services to you.
The type of personal information we may collect from you includes your:
- Contact information (including email address and physical address);
- Computer or network;
- Interactions with VSA; and
- Billing information.
Collecting personal information
We will collect personal information from you when you visit our websites or use our services. We may collect personal information in the following ways:
- Information you provide to us directly: This may be when you use a part of our website, complete a form or interact with a VSA employee. This might also include taking part in training or events, signing up for on online forum, or webinar / seminar, or contacting us for questions or support. We will collect the information directly from you, unless you have consented to us collecting the information from someone such as a referring vet or one of the other exceptions to this rule (discussed below) applies; and
- Information we collect automatically: We collect some information automatically when you visit our websites or use our services. This may include, for example, your IP address and device type. We also collect information when you navigate through our website, including which pages have been viewed or links clicked on. This information helps us to analyse how visitors are using our website and what is helpful so that we can continue to provide the best experience. Some of this information is collected using cookies and similar tracking technologies.
If you are a veterinary professional, you may have signed up to be a part of our mailing list. This allows us to share important news and information about our services, updates on industry and VSA events and other such industry information (including seminar and webinar information and information relating to new services offered by VSA). Individuals who receive these marketing materials can opt out at any time.
We use your personal information to operate our websites and to provide you with the services you have requested, and to manage our relationship with you. We also use your personal information for other purposes which may include the following:
- To Communicate with you. For example
• Providing you with information you’ve requested from us including training and educational materials or other information we need to send to you.
• Operational Communications such as changes to our website or services or to be able to provide assistance with using our services.
• Marketing Communications in accordance with your marketing preferences
• Asking you for feedback or to take part in any research we are conducting.
- To provide Services to you and your pet.
- Where you consent to it, we may share your information (including your pet’s medical record) with a referring vet and/or your insurance company.
- To Support you. This may include helping to resolve any support issues or any other issues relating to our services, whether by email, telephone or system-based support (rVetLink). In these circumstances, we may disclose your personal information to third parties.
When we have collected personal information from an individual for one purpose, it cannot used for any other purpose without the individual’s consent.
There are some exceptions to this principle. These exceptions include where the information is publicly available, or where we use the information in a way that does not identify the individual. A full list of the exceptions to this principle in the Privacy Act 2020.
Before using individuals’ personal information, we will do what is reasonable to make sure the information is accurate and up to date.
Use of Images and Video
VSA may from time-to-time record calls made to our clinics, and the calls that we make to clients, referring vets, insurance organisations, and other third parties. We record calls:
- For staff training purposes, and to help us to improve the quality of our Service; and
- To ensure we have an accurate record of the call, which may be needed to support any advice given over the phone, to protect our staff, and/or if there is a dispute.
We store the recordings securely for a minimum of 2 years after the date of the call and destroy them after this time. VSA reserves the right to terminate any call which we deem to be offensive or abusive.
We can store your information physically or electronically ourselves, or with third parties that we contract to hold information for us in New Zealand. We’ll act reasonably to ensure that your information is protected from unauthorised use or disclosure.
We may retain your information as long as we reasonably require it in order to provide you with products and services, and as required by law.
We will destroy client’s information in a way that ensures the confidentiality of the information by way of shredding or securely deleting online files.
Clients are entitled to ask us to confirm whether we hold information about them and to access the information unless we have lawful reasons for withholding the information.
Clients are also entitled to ask us to correct the information that we hold about them.
Staff must assist clients who ask to access their information.
We will not disclose personal information without the persons consent (or the consent of their representative) unless we reasonably believe:
- that the disclosure of the information is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained; or
- the disclosure is to the individual involved concerned; or
- that the disclosure is authorised by the individual concerned; or;
- that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to disclose the information; or;
- that the disclosure of the information is necessary—
- to avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences; or
- for the enforcement of a law that imposes a pecuniary penalty; or
- for the protection of public revenue; or
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
- that the disclosure of the information is necessary to prevent or lessen a serious threat to—
- public health or public safety; or
- the life or health of the individual concerned or another individual; or
- that the disclosure of the information is necessary to enable an intelligence and security agency to perform any of its functions; or that the information—
- is to be used in a form in which the individual concerned is not identified; or
- is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
- that the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern.
Agencies are now legally required to notify breaches in privacy if the breach poses a risk of serious harm or causes serious harm to an individual or group. There are three reasons why this is important:
- People cannot protect themselves from the impact of privacy breaches if they do not know a breach has occurred;
- The speed at which data can be transferred and copied means the potential for harm is much greater; and
Sharing the lessons from privacy breaches that have already occurred can help to prevent similar beaches in the future. If a notifiable privacy breach occurs VSA will notify the affected people. If the breach poses a risk of serious harm or causes serious harm to an individual or group, the Privacy Commissioner will also be notified.
Examples of likelihood of serious harm being caused by a breach include:
- Physical harm or intimidation
- Financial fraud including unauthorised credit card transactions or credit fraud
- Family violence
- Psychological, or emotional harm
When assessing whether a privacy breach is likely to cause serious harm and to decide whether the breach is a notifiable privacy breach, the following will be considered:
- any action taken by the agency to reduce the risk of harm following the breach;
- whether the personal information is sensitive in nature;
- the nature of the harm that may be caused to affected individuals;
- the person or body that has obtained or may obtain personal information as a result of the breach (if known);
- whether the personal information is protected by a security measure; and
- any other relevant matters.
Sharing information with overseas agencies
If VSA shares information with overseas agencies, we will ensure that the company complies with the NZ Privacy Act 2020 or comparable legislation.
If this is not the case, then we must inform the individuals whose information is being shared.
This notification doesn’t apply if practices are using cloud computing where the overseas agency is only holding the information of behalf of practice.
If you have any questions about how we handle or store your personal information, you can get in touch with our privacy officer:
Privacy Officer, VSA, 1 Te Apunga Place, Mt Wellington, Auckland 1060
Last updated: 25 May 2023