What is this? This is the privacy policy (“Privacy Policy”) for Centrik, a digital health platform operated by Webtools Health Limited (company number 6994456) (“we”, “us” or “our”) based in Christchurch, New Zealand. It applies to our mobile applications and web-based platform (together, the “Platform”) that connects users with healthcare providers.
What information do we collect? We collect personal information such as your name, mobile number, date of birth, email address and National Health Index (“NHI”) number, as well as information about the healthcare providers you connect with and services you access through the Platform, including appointments, prescription or medication requests, payment information, messages, attachments and documents shared through the Platform. We may also collect technical and usage data relating to your use of the Platform.
Why do we collect it? We collect and use personal information to enable you to access and manage healthcare information made available through the Platform by your healthcare providers, and to provide and support healthcare services through the Platform, including appointment booking, secure messaging, prescription management and payment processing. We also use this information to operate, maintain, improve and secure the Platform.
Who do we share it with? We primarily share information with your healthcare providers so they can provide healthcare services to you. We may also share information with third-party service providers and technology partners who support the operation, security and functionality of the Platform.
How is information kept secure? We use technical and organisational safeguards designed to protect personal information, including encryption, multi-factor authentication, regular security testing, and secure cloud storage.
How long is information retained? We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, or as required by law. Certain information may continue to be retained to support healthcare services, legal obligations, audit requirements and platform security.
Healthcare providers and health information: Health information displayed through the Platform is retrieved from systems operated by healthcare providers or third-party healthcare systems. Healthcare providers remain responsible for the clinical records and health information they maintain within their own systems.
Your rights: You have rights under the Privacy Act 2020 to request access to, and correction of, your personal information. Further information about these rights is set out in the “Your Privacy Rights” section below.
Contact: If you have questions about this Privacy Policy or your personal information, you can contact us using the details set out in the “Contact Us” section below.
Webtools Health Limited operates the Platform.
We take privacy seriously and are committed to protecting your personal information. In this Privacy Policy, “Personal Information” means any information about an identifiable individual, as defined in the Privacy Act 2020.
This Privacy Policy describes how we collect, use, store, and disclose your Personal Information in connection with your use of the Platform.
We comply with the Privacy Act 2020 (including regulations and codes issued under that Act, including the Health Information Privacy Code 2020 and, where applicable, the Privacy (Biometric Information) Code 2024) when handling Personal Information. Nothing in this Privacy Policy limits your rights under those laws.
By creating an account, accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy, and agree to its terms, including the collection, use, storage and disclosure of your information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you should not access or use the Platform. We may require you to actively accept this Privacy Policy when creating an account, onboarding to the Platform, or when material updates are made to this Privacy Policy. Existing users who do not accept material updates to this Privacy Policy may choose to stop using the Platform and request closure of their account.
The Platform consists of Centrik’s mobile and web-based applications, which enable you to:
Healthcare providers can also access the Platform and can view information relating to your account and the services you access via the Platform.
The Platform may connect to other software systems operated by your healthcare providers or third-party healthcare platforms to retrieve and display information and to support service delivery.
Where you add or share information via your account (including appointment bookings, prescription requests and messages), this information is securely transmitted to your healthcare provider. Your healthcare provider is responsible for determining how that information is used, stored and managed within their systems. We act as a technology service provider and process that information in accordance with our agreements with, and the instructions of, those healthcare providers.
You may use the Platform to access information sourced from healthcare provider systems, including elements of your medical record. In relation to health information made available through the Platform, your healthcare provider remains responsible for the clinical records and health information maintained within their own systems. This information may be processed and displayed through the Platform without being separately stored by us.
The Platform may also retrieve and display information from connected third-party healthcare platforms (such as specialist referral platforms) where you choose to connect to those services through the Platform.
Webtools provides the technology platform that supports access to and communication with those services. In providing the Platform, Webtools acts as a service provider to healthcare providers who use the Platform.
This Privacy Policy does not apply to clinical records maintained by your healthcare provider in their own systems. If you have questions about access to, use of, or the contents of those records, you should contact your healthcare provider directly.
We collect Personal Information only where it is necessary for a lawful purpose connected with the functions and activities of the Platform.
Personal Information will generally be collected directly from you when you create an account or use the Platform. Where we collect Personal Information from a third party, we will take reasonable steps to ensure you are aware that the information has been collected and how it will be used, disclosed and managed in accordance with this Privacy Policy. This may include collection from your healthcare providers in connection with services accessed through the Platform (for example, appointments booked or prescription requests).
We may collect Personal Information:
We also collect technical and usage data (including logging and analytics information) to monitor performance, diagnose issues, improve functionality, and protect against security threats.
In some cases, Personal Information may be collected automatically when you interact with the Platform, including through cookies, analytics tools, and system logs.
You are responsible for ensuring that any Personal Information you provide to us is accurate, complete, and up to date. You must not provide Personal Information about another individual unless you have their authority to do so and have made them aware of this Privacy Policy.
If you provide Personal Information about another individual (for example, a dependant), you confirm that you are authorised to do so and that you have informed them of this Privacy Policy.
The Personal Information we collect or process depends on how you use the Platform. Where you have linked dependant patients to your account, this may also include Personal Information relating to those dependants. This may include:
We may collect, use and disclose health information you submit through the Platform where necessary to provide the Platform and support healthcare services, including appointment bookings, prescription or medication requests, secure messaging and related administrative processes, and making that information available to you and, where applicable and authorised by you, to your healthcare providers or other third parties, or as otherwise permitted by applicable law. The Platform may also process and display health information sourced from healthcare providers without separately storing that information.
If you choose not to provide certain health information, or restrict access to it, some features or functionality of the Platform may not be available or may not operate as intended.
Where biometric authentication features are used (such as Face ID, Touch ID or fingerprint login), biometric authentication is generally managed by your device provider or operating system. We do not collect or store biometric templates or biometric authentication data directly unless otherwise stated.
We may use Personal Information for the following purposes.
We may use Personal Information to:
We may use Personal Information to:
We may use Personal Information to:
We may use Personal Information to:
We will only use your Personal Information for the purposes outlined above except where you have otherwise consented to use of your Personal Information, or we are required or permitted by law to use your Personal Information.
If we collect, hold, or process Personal Information in ways other than stated in this Privacy Policy, we will do so in accordance with the requirements of the Privacy Act 2020.
We may disclose Personal Information for the purposes for which it was collected, for directly related purposes, or as otherwise permitted or required by law.
We may disclose Personal Information to healthcare providers to enable the delivery of healthcare services through the Platform. Healthcare providers are responsible for the healthcare services they provide and for the clinical information they maintain within their own systems.
We may disclose Personal Information to third-party service providers and technology partners who support the operation and functionality of the Platform, including:
We may disclose Personal Information to related companies and business partners where this is relevant to the operation, development or delivery of services provided through the Platform, including:
We may disclose Personal Information:
Where you choose to share information with healthcare providers or other users through the Platform, you are responsible for the information you choose to disclose.
To provide the Platform, we use third-party service providers to store and process data.
Personal information may be stored or processed outside New Zealand using overseas service providers, including cloud infrastructure providers located in Australia such as Amazon Web Services (AWS).
Where Personal Information is transferred outside New Zealand, we take reasonable steps to ensure that the recipient is subject to comparable privacy protections or agrees to protect the information in a way that provides comparable safeguards. By using the Platform, you acknowledge that your Personal Information may be transferred to and processed in countries outside New Zealand.
We take the security of your Personal Information seriously and take reasonable steps to protect it against loss, unauthorised access, use, modification, disclosure, or other misuse.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any Personal Information we process.
Our security measures include:
We take steps to minimise the use of identifiable information in system logs and analytics data. Where practicable, analytical and diagnostic information is anonymised or de-identified.
You are responsible for maintaining the confidentiality of your account credentials, including passwords and authentication methods, and for ensuring your devices are appropriately secured.
While we take reasonable steps to protect Personal Information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Accordingly, we cannot guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly access, collect, use, steal, or modify your information.
You have the right to request access to the Personal Information we hold about you and to request correction of that information.
You may update certain Personal Information directly within the Platform or request correction by contacting us using the details below.
We may require verification of your identity before responding to a request. If we do not agree to a requested correction, we will note your request where required by law.
If your request relates to medical records, prescriptions or other clinical or health information maintained by your healthcare provider, you will need to contact that provider directly, as they control that information.
We take reasonable steps to ensure that the Personal Information we hold and use is accurate, up to date, complete, relevant, and not misleading. Where information is provided by your healthcare provider, they are responsible for ensuring its accuracy.
We retain your Personal Information only for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
In many cases, retention periods for health information may be determined by healthcare providers and applicable legal or professional requirements relating to health records.
When we no longer have a legitimate need to process your Personal Information, we will delete it or anonymise it where possible. If this is not possible (for example, where information is stored in backup archives), we will securely store the information and isolate it from any further use until deletion is possible.
You can close your account at any time via the account settings in the Platform or by contacting us. If you close your account, certain information may still be retained where necessary to support ongoing services provided by your healthcare provider through the Platform, including appointment history, medication requests, payment information, messaging records, and to meet legal, regulatory and healthcare record and business continuity requirements.
We may also retain technical logs, audit records and security-related information to support the ongoing audit, integrity and security of the Platform.
Where we retain information on behalf of a healthcare provider, that information will generally be deleted when the relevant healthcare provider ceases to use the Platform, unless further retention is required by law.
The Platform may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications.
Accordingly, we do not make any guarantee regarding such third parties, and we are not responsible for any loss or damage arising from your use of those websites, services, or applications.
The inclusion of a link to a third-party website, service, or application does not imply our endorsement. We cannot guarantee the safety and privacy of any information you provide to third-party websites.
Any data collected by third parties is not covered by this Privacy Policy. We are not responsible for the content or privacy and security practices of any third parties, including those that may be linked to or from the Platform. You should review the policies of those third parties and contact them directly if you have any questions.
Cookies are small text files placed on your device to collect standard Internet log information and visitor behaviour information. Cookies do not collect any identifiable information about you but will identify your device.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Platform. Some online tracking technologies help us maintain the security of our Platform and your account, prevent crashes, fix bugs, save your preferences, and assist with basic Platform functions.
You can disable cookies by setting your browser to not accept them. If you disable cookies, you may not be able to use all of the features of the Platform.
To provide you with the best experience and enable the features of our Platform, we may request access to certain features and information on your device. These permissions are used for the following purposes:
Calendar
Used to save appointments booked in the Platform to your device calendar.
Camera
Used to scan QR codes for quick check-in at healthcare providers, capture images for consultations, and take photos of prescriptions or other documents you wish to share with your healthcare provider.
Photo Library
Allows you to select and upload photos or documents from your device to share with your healthcare provider or attach to messages.
Notifications
Enables us to send you important updates, including appointment reminders, messages from your healthcare provider, prescription updates, and other time-sensitive information.
Location Services
Used to help you find nearby healthcare providers or pharmacies, where this functionality is available.
Microphone
Used for voice or video consultations with your healthcare provider, where this functionality is available.
Biometric Authentication
Biometric authentication features such as Face ID, Touch ID or fingerprint recognition may be used to provide a secure way to access your account. Biometric authentication data is handled by your device operating system or device provider, and we do not collect, access or store biometric information unless otherwise stated.
You can manage these permissions at any time through your device settings. If you choose not to grant certain permissions, some features of the Platform may not function as intended, although core functionality will remain available.
We do not access or collect information from your device without your permission, and we only use the information for the purposes described in this Privacy Policy.
The Platform may be used by individuals aged 13 years and over. Users under the age of 16 cannot connect to their health records but may be able to access other functions of the app.
We may rely on the authority of a parent or legal guardian to provide consent on behalf of a child in accordance with applicable law.
We collect only the minimum Personal Information necessary to support your healthcare provider in delivering healthcare services to children and to enable the functionality of the Platform. We do not use children's Personal Information for marketing purposes.
With the prior approval of the relevant healthcare provider, a parent, guardian or caregiver may be granted access to act on behalf of a dependant (such as a child or other family member). The dependant feature allows a parent, guardian or caregiver to view and act on a person's record under their own account.
Access is controlled by the relevant healthcare provider in accordance with their own policies and procedures.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Policy and will apply from the date of publication.
Where we make material changes that affect how Personal Information is collected, used, stored or disclosed, we will take reasonable steps to notify users, including by posting a notification on the Platform, requiring acceptance of updated terms within the Platform, or contacting users directly where appropriate.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. If you do not agree with any aspects of this Privacy Policy as updated from time to time, you must immediately stop accessing or using the Platform.
If your Personal Information is involved in a privacy breach which we reasonably believe has caused or is likely to cause serious harm to you (“a Notifiable Privacy Breach”), we will inform you in accordance with our obligations under the Privacy Act. We will also report a Notifiable Privacy Breach to the Office of the Privacy Commissioner.
If you have any questions, concerns, or requests in relation to this Privacy Policy or your Personal Information, you can contact us at:
Email: privacy@centrik.co.nz
Post:
Privacy Officer
Webtools Health Limited
146a Lichfield Street
Christchurch Central
Christchurch, Canterbury 8011
New Zealand
Under the Privacy Act 2020, you have the right to request access to the Personal Information we hold about you, request details about how it has been used, and request correction of any inaccuracies.
In some circumstances, you may request deletion of Personal Information we hold about you, although we may be required to retain certain information to comply with legal, regulatory, healthcare or record-keeping obligations.
You also have the right to make a complaint about how we handle your Personal Information. You can contact us using the details above, and we will investigate and respond within a reasonable timeframe. If you are not satisfied with our response, you may make a complaint to the Office of the Privacy Commissioner.
We will comply with the Privacy Act 2020 when responding to your request. These rights may be limited in some circumstances as permitted by law.
You will not be charged for making a request to access your Personal Information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
To request access to, update, or delete your Personal Information, please contact us by email using the details provided above.
We will respond to requests as soon as reasonably practicable and no later than 20 working days, in accordance with the Privacy Act 2020. We may respond to your request earlier where appropriate.