Privacy Policy

Centrik Platform
Last Updated 
June 2026

Summary

What is this? This is the privacy policy (“Privacy Policy”) for Centrik, a digital health platform operated by Webtools Health Limited (company number 6994456) (“we”, “us” or “our”) based in Christchurch, New Zealand. It applies to our mobile applications and web-based platform (together, the “Platform”) that connects users with healthcare providers.

What information do we collect? We collect personal information such as your name, mobile number, date of birth, email address and National Health Index (“NHI”) number, as well as information about the healthcare providers you connect with and services you access through the Platform, including appointments, prescription or medication requests, payment information, messages, attachments and documents shared through the Platform. We may also collect technical and usage data relating to your use of the Platform.

Why do we collect it? We collect and use personal information to enable you to access and manage healthcare information made available through the Platform by your healthcare providers, and to provide and support healthcare services through the Platform, including appointment booking, secure messaging, prescription management and payment processing. We also use this information to operate, maintain, improve and secure the Platform.

Who do we share it with? We primarily share information with your healthcare providers so they can provide healthcare services to you. We may also share information with third-party service providers and technology partners who support the operation, security and functionality of the Platform.

How is information kept secure? We use technical and organisational safeguards designed to protect personal information, including encryption, multi-factor authentication, regular security testing, and secure cloud storage.

How long is information retained? We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, or as required by law. Certain information may continue to be retained to support healthcare services, legal obligations, audit requirements and platform security.

Healthcare providers and health information: Health information displayed through the Platform is retrieved from systems operated by healthcare providers or third-party healthcare systems. Healthcare providers remain responsible for the clinical records and health information they maintain within their own systems.

Your rights: You have rights under the Privacy Act 2020 to request access to, and correction of, your personal information. Further information about these rights is set out in the “Your Privacy Rights” section below.

Contact: If you have questions about this Privacy Policy or your personal information, you can contact us using the details set out in the “Contact Us” section below.

Introduction

Webtools Health Limited operates the Platform.

We take privacy seriously and are committed to protecting your personal information. In this Privacy Policy, “Personal Information” means any information about an identifiable individual, as defined in the Privacy Act 2020.

This Privacy Policy describes how we collect, use, store, and disclose your Personal Information in connection with your use of the Platform.

We comply with the Privacy Act 2020 (including regulations and codes issued under that Act, including the Health Information Privacy Code 2020 and, where applicable, the Privacy (Biometric Information) Code 2024) when handling Personal Information. Nothing in this Privacy Policy limits your rights under those laws.

By creating an account, accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy, and agree to its terms, including the collection, use, storage and disclosure of your information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you should not access or use the Platform. We may require you to actively accept this Privacy Policy when creating an account, onboarding to the Platform, or when material updates are made to this Privacy Policy. Existing users who do not accept material updates to this Privacy Policy may choose to stop using the Platform and request closure of their account.

The Platform

The Platform consists of Centrik’s mobile and web-based applications, which enable you to:

  • Connect and communicate securely with healthcare providers;
  • View information relating to your healthcare;
  • Access healthcare services and Platform features; and
  • Use your account to access and interact with healthcare providers.

Healthcare providers can also access the Platform and can view information relating to your account and the services you access via the Platform.

The Platform may connect to other software systems operated by your healthcare providers or third-party healthcare platforms to retrieve and display information and to support service delivery.

Healthcare Providers and Medical Records

Where you add or share information via your account (including appointment bookings, prescription requests and messages), this information is securely transmitted to your healthcare provider. Your healthcare provider is responsible for determining how that information is used, stored and managed within their systems. We act as a technology service provider and process that information in accordance with our agreements with, and the instructions of, those healthcare providers.

You may use the Platform to access information sourced from healthcare provider systems, including elements of your medical record. In relation to health information made available through the Platform, your healthcare provider remains responsible for the clinical records and health information maintained within their own systems. This information may be processed and displayed through the Platform without being separately stored by us.

The Platform may also retrieve and display information from connected third-party healthcare platforms (such as specialist referral platforms) where you choose to connect to those services through the Platform.

Webtools provides the technology platform that supports access to and communication with those services. In providing the Platform, Webtools acts as a service provider to healthcare providers who use the Platform.

This Privacy Policy does not apply to clinical records maintained by your healthcare provider in their own systems. If you have questions about access to, use of, or the contents of those records, you should contact your healthcare provider directly.

Collection of Personal Information

We collect Personal Information only where it is necessary for a lawful purpose connected with the functions and activities of the Platform.

Personal Information will generally be collected directly from you when you create an account or use the Platform. Where we collect Personal Information from a third party, we will take reasonable steps to ensure you are aware that the information has been collected and how it will be used, disclosed and managed in accordance with this Privacy Policy. This may include collection from your healthcare providers in connection with services accessed through the Platform (for example, appointments booked or prescription requests).

We may collect Personal Information:

  • Directly from you (including your name, phone number, email address, and date of birth);
  • Through your use of the Platform (including services accessed, healthcare providers connected to, messages, attachments, documents, and payments);
  • From healthcare providers you connect with (such as your NHI number and service-related information);
  • From connected third-party platforms (such as specialist referral platforms), where you choose to connect to those platforms through the Platform; and
  • From third-party service providers where required to operate and support the Platform.

We also collect technical and usage data (including logging and analytics information) to monitor performance, diagnose issues, improve functionality, and protect against security threats.

In some cases, Personal Information may be collected automatically when you interact with the Platform, including through cookies, analytics tools, and system logs.

You are responsible for ensuring that any Personal Information you provide to us is accurate, complete, and up to date. You must not provide Personal Information about another individual unless you have their authority to do so and have made them aware of this Privacy Policy.

If you provide Personal Information about another individual (for example, a dependant), you confirm that you are authorised to do so and that you have informed them of this Privacy Policy.

Personal Information

The Personal Information we collect or process depends on how you use the Platform. Where you have linked dependant patients to your account, this may also include Personal Information relating to those dependants. This may include:

  • Personal details, including name, phone number, email address, date of birth, NHI number, username and password to create and manage your account;
  • Information about healthcare providers you are registered with and connected to via the Platform;
  • Information you provide when using the Platform and managing your account, or which you have authorised us to collect or share. This may include health information generated through your use of the Platform such as appointments booked, prescription or medication requests made through the Platform, specialist referrals connected by you through the Platform, and messages exchanged with healthcare providers through the Platform. The Platform may also display health information sourced from your healthcare provider systems. This information is processed and displayed through the Platform without being separately stored by us;
  • Information about dependant patients linked to your account, including their personal and health information where provided by you or their healthcare provider;
  • Details of services you access via the Platform, such as appointments booked and medications requested, including any payments processed;
  • Messages and attachments you send and receive through the Platform;
  • Documents you upload to your account;
  • Information provided in response to feedback forms, surveys or requests for information which we may send to you from time to time, or any communication and marketing preferences you may provide;
  • Technical, logging and analytics data to support the operation, performance and security of the Platform;
  • Device information, including the type of device you use, unique device identifiers, mobile network information, operating system, time zone setting, and details of your use of the Platform and the resources you access; and
  • Information you provide when you contact us for support or make enquiries.

Sensitive Information

We may collect, use and disclose health information you submit through the Platform where necessary to provide the Platform and support healthcare services, including appointment bookings, prescription or medication requests, secure messaging and related administrative processes, and making that information available to you and, where applicable and authorised by you, to your healthcare providers or other third parties, or as otherwise permitted by applicable law. The Platform may also process and display health information sourced from healthcare providers without separately storing that information.

If you choose not to provide certain health information, or restrict access to it, some features or functionality of the Platform may not be available or may not operate as intended.

Where biometric authentication features are used (such as Face ID, Touch ID or fingerprint login), biometric authentication is generally managed by your device provider or operating system. We do not collect or store biometric templates or biometric authentication data directly unless otherwise stated.

Use of Personal Information

We may use Personal Information for the following purposes.

Providing and operating the Platform

We may use Personal Information to:

  • Provide, operate and manage the services available through the Platform, including making your health information available to you and, where authorised by you, to third parties (including your healthcare providers) as requested from time to time;
  • Support healthcare services accessed through the Platform, including appointments, prescriptions and payments;
  • Manage your account and your use of the Platform; and
  • Enable secure communication between you and your healthcare providers.

Communicating with you

We may use Personal Information to:

  • Communicate with you about the Platform, including sending administrative updates about the Platform, our terms and policies;
  • Respond to your enquiries and provide support;
  • Request feedback, send surveys and improve our services; and
  • Send marketing and promotional communications where permitted by law and, where required, with your consent and the ability to opt out.

Maintaining and improving the Platform

We may use Personal Information to:

  • Operate, maintain, improve and secure the Platform;
  • Monitor, detect and investigate suspected misuse of the Platform, including breaches of our terms or security incidents;
  • Analyse usage trends and enhance the functionality and performance of the Platform;
  • Verify your identity and help ensure that information is made available to the correct individual; and
  • Use de-identified or aggregated information for analytics, service improvement, performance monitoring and security purposes.

Legal and safety purposes

We may use Personal Information to:

  • Protect the life, health, safety and security of users and other individuals, including where necessary to prevent or lessen a serious threat to life, health or safety; and
  • Comply with our legal obligations and enforce our legal rights.

We will only use your Personal Information for the purposes outlined above except where you have otherwise consented to use of your Personal Information, or we are required or permitted by law to use your Personal Information.

If we collect, hold, or process Personal Information in ways other than stated in this Privacy Policy, we will do so in accordance with the requirements of the Privacy Act 2020.

Disclosure of Personal Information

We may disclose Personal Information for the purposes for which it was collected, for directly related purposes, or as otherwise permitted or required by law.

Healthcare Providers

We may disclose Personal Information to healthcare providers to enable the delivery of healthcare services through the Platform. Healthcare providers are responsible for the healthcare services they provide and for the clinical information they maintain within their own systems.

Service Providers and Technology Partners

We may disclose Personal Information to third-party service providers and technology partners who support the operation and functionality of the Platform, including:

  • Healthcare integration partners, such as providers of patient management systems, customer relationship management (CRM) systems, pharmacy dispensary systems, loyalty programme providers and referral platforms;
  • Payment processing providers, such as Stripe, which collects and processes payment information directly in accordance with their own privacy policy at https://stripe.com/privacy. We do not collect or store any payment card details;
  • Infrastructure and operational providers, including cloud storage providers, identity management providers, analytics providers and logging providers;
  • Connected third-party platforms, such as specialist referral platforms, from which information may be retrieved and displayed through the Platform where you have chosen to connect to those platforms.

Related Companies and Business Partners

We may disclose Personal Information to related companies and business partners where this is relevant to the operation, development or delivery of services provided through the Platform, including:

  • Where reasonably necessary to ensure continuity of services to users in connection with a reorganisation of our business or changes to our corporate structure; and
  • To offer additional services or features to users where permitted by law.

Other users and Authorised Disclosures

We may disclose Personal Information:

  • To other users where you choose to share information or interact through the Platform, including through messaging or dependant features; and
  • To any other person authorised by you, or where disclosure is otherwise required or permitted by law.

Where you choose to share information with healthcare providers or other users through the Platform, you are responsible for the information you choose to disclose.

Storage and Cross-Border Disclosure

To provide the Platform, we use third-party service providers to store and process data.

Personal information may be stored or processed outside New Zealand using overseas service providers, including cloud infrastructure providers located in Australia such as Amazon Web Services (AWS).

Where Personal Information is transferred outside New Zealand, we take reasonable steps to ensure that the recipient is subject to comparable privacy protections or agrees to protect the information in a way that provides comparable safeguards. By using the Platform, you acknowledge that your Personal Information may be transferred to and processed in countries outside New Zealand.

Security Measures

We take the security of your Personal Information seriously and take reasonable steps to protect it against loss, unauthorised access, use, modification, disclosure, or other misuse.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any Personal Information we process.

Our security measures include:

  • Multi-factor authentication support;
  • Industry standard encryption;
  • Regular security testing; and
  • Secure cloud storage with provider agreements.

We take steps to minimise the use of identifiable information in system logs and analytics data. Where practicable, analytical and diagnostic information is anonymised or de-identified.

Your Responsibilities and Security Limitations

You are responsible for maintaining the confidentiality of your account credentials, including passwords and authentication methods, and for ensuring your devices are appropriately secured.

While we take reasonable steps to protect Personal Information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Accordingly, we cannot guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly access, collect, use, steal, or modify your information.

Access, Correction and Accuracy of Personal Information

You have the right to request access to the Personal Information we hold about you and to request correction of that information.

You may update certain Personal Information directly within the Platform or request correction by contacting us using the details below.

We may require verification of your identity before responding to a request. If we do not agree to a requested correction, we will note your request where required by law.

If your request relates to medical records, prescriptions or other clinical or health information maintained by your healthcare provider, you will need to contact that provider directly, as they control that information.

We take reasonable steps to ensure that the Personal Information we hold and use is accurate, up to date, complete, relevant, and not misleading. Where information is provided by your healthcare provider, they are responsible for ensuring its accuracy.

Retention and Deletion

We retain your Personal Information only for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

In many cases, retention periods for health information may be determined by healthcare providers and applicable legal or professional requirements relating to health records.

When we no longer have a legitimate need to process your Personal Information, we will delete it or anonymise it where possible. If this is not possible (for example, where information is stored in backup archives), we will securely store the information and isolate it from any further use until deletion is possible.

You can close your account at any time via the account settings in the Platform or by contacting us. If you close your account, certain information may still be retained where necessary to support ongoing services provided by your healthcare provider through the Platform, including appointment history, medication requests, payment information, messaging records, and to meet legal, regulatory and healthcare record and business continuity requirements.

We may also retain technical logs, audit records and security-related information to support the ongoing audit, integrity and security of the Platform.

Where we retain information on behalf of a healthcare provider, that information will generally be deleted when the relevant healthcare provider ceases to use the Platform, unless further retention is required by law.

Third-Party Websites

The Platform may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications.

Accordingly, we do not make any guarantee regarding such third parties, and we are not responsible for any loss or damage arising from your use of those websites, services, or applications.

The inclusion of a link to a third-party website, service, or application does not imply our endorsement. We cannot guarantee the safety and privacy of any information you provide to third-party websites.

Any data collected by third parties is not covered by this Privacy Policy. We are not responsible for the content or privacy and security practices of any third parties, including those that may be linked to or from the Platform. You should review the policies of those third parties and contact them directly if you have any questions.

Cookies and Tracking Technologies

Cookies are small text files placed on your device to collect standard Internet log information and visitor behaviour information. Cookies do not collect any identifiable information about you but will identify your device.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Platform. Some online tracking technologies help us maintain the security of our Platform and your account, prevent crashes, fix bugs, save your preferences, and assist with basic Platform functions.

You can disable cookies by setting your browser to not accept them. If you disable cookies, you may not be able to use all of the features of the Platform.

Device Permissions and Access

To provide you with the best experience and enable the features of our Platform, we may request access to certain features and information on your device. These permissions are used for the following purposes:

Calendar
Used to save appointments booked in the Platform to your device calendar.

Camera
Used to scan QR codes for quick check-in at healthcare providers, capture images for consultations, and take photos of prescriptions or other documents you wish to share with your healthcare provider.

Photo Library
Allows you to select and upload photos or documents from your device to share with your healthcare provider or attach to messages.

Notifications
Enables us to send you important updates, including appointment reminders, messages from your healthcare provider, prescription updates, and other time-sensitive information.

Location Services
Used to help you find nearby healthcare providers or pharmacies, where this functionality is available.

Microphone
Used for voice or video consultations with your healthcare provider, where this functionality is available.

Biometric Authentication
Biometric authentication features such as Face ID, Touch ID or fingerprint recognition may be used to provide a secure way to access your account. Biometric authentication data is handled by your device operating system or device provider, and we do not collect, access or store biometric information unless otherwise stated.

You can manage these permissions at any time through your device settings. If you choose not to grant certain permissions, some features of the Platform may not function as intended, although core functionality will remain available.

We do not access or collect information from your device without your permission, and we only use the information for the purposes described in this Privacy Policy.

Children's Privacy

The Platform may be used by individuals aged 13 years and over. Users under the age of 16 cannot connect to their health records but may be able to access other functions of the app.

We may rely on the authority of a parent or legal guardian to provide consent on behalf of a child in accordance with applicable law.

We collect only the minimum Personal Information necessary to support your healthcare provider in delivering healthcare services to children and to enable the functionality of the Platform. We do not use children's Personal Information for marketing purposes.

Access to Dependants' Health Information

With the prior approval of the relevant healthcare provider, a parent, guardian or caregiver may be granted access to act on behalf of a dependant (such as a child or other family member). The dependant feature allows a parent, guardian or caregiver to view and act on a person's record under their own account.

Access is controlled by the relevant healthcare provider in accordance with their own policies and procedures.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Policy and will apply from the date of publication.

Where we make material changes that affect how Personal Information is collected, used, stored or disclosed, we will take reasonable steps to notify users, including by posting a notification on the Platform, requiring acceptance of updated terms within the Platform, or contacting users directly where appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. If you do not agree with any aspects of this Privacy Policy as updated from time to time, you must immediately stop accessing or using the Platform.

Mandatory Reporting of Notifiable Privacy Breaches

If your Personal Information is involved in a privacy breach which we reasonably believe has caused or is likely to cause serious harm to you (“a Notifiable Privacy Breach”), we will inform you in accordance with our obligations under the Privacy Act. We will also report a Notifiable Privacy Breach to the Office of the Privacy Commissioner.

Contact Us

If you have any questions, concerns, or requests in relation to this Privacy Policy or your Personal Information, you can contact us at:

Email: privacy@centrik.co.nz

Post:
Privacy Officer
Webtools Health Limited
146a Lichfield Street
Christchurch Central
Christchurch, Canterbury 8011
New Zealand

Your Privacy Rights

Under the Privacy Act 2020, you have the right to request access to the Personal Information we hold about you, request details about how it has been used, and request correction of any inaccuracies.

In some circumstances, you may request deletion of Personal Information we hold about you, although we may be required to retain certain information to comply with legal, regulatory, healthcare or record-keeping obligations.

You also have the right to make a complaint about how we handle your Personal Information. You can contact us using the details above, and we will investigate and respond within a reasonable timeframe. If you are not satisfied with our response, you may make a complaint to the Office of the Privacy Commissioner.

We will comply with the Privacy Act 2020 when responding to your request. These rights may be limited in some circumstances as permitted by law.

You will not be charged for making a request to access your Personal Information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.

To request access to, update, or delete your Personal Information, please contact us by email using the details provided above.

We will respond to requests as soon as reasonably practicable and no later than 20 working days, in accordance with the Privacy Act 2020. We may respond to your request earlier where appropriate.

End of 
Privacy Policy