We value privacy
At HiDoq we take the protection of personal information very seriously. This policy is designed to describe the personal information we collect, how we protect it and what we do with it.
From time to time, we may need to change this policy. If we do so, we will post the updated version on our website (at hidoq.co.nz/privacy) and it will apply to all of your information held by us at the time.
What personal information do we collect?
The type of information we collect from you depends on our relationship with you – for example, whether you are a healthcare professional, a recipient of healthcare, a guardian or friend or representative of a recipient of healthcare or have simply made enquiries about our services.
The types of information we may collect in relation to a healthcare professional include:
- contact details;
- registration details;
- payment details;
- account settings; and/or
- records of interactions with us.
The types of information we may collect in relation to a recipient of healthcare or a guardian or friend or representative of a recipient of healthcare, include:
- contact details; and/or
- records of interactions with us.
How do we collect personal information?
We collect personal information you provide to us directly.
We may also collect your personal information from publicly available sources, including professional registers.
If you are providing us information about another person on their behalf, you must ensure that you have their permission to do so and you should inform that person (where practicable) that we will handle their information in accordance with this policy.
See the section on ‘Our online services' below for more information about our collection of personal information online.
How do we hold and protect personal information?
We hold personal information electronically with the assistance of our service providers. All personal information is stored, encrypted-at-rest, in data centres located in Australia, which implement best practice security protocols.
Our website at hidoq.co.nz uses Secure Socket Layer (SSL) encryption to keep your interactions secure and private. SSL is the industry standard for data encryption. It provides a secure link between your browser and our server and scrambles your personal information to ensure it is kept private during transmission over the internet.
We use Twilio P2P Rooms (Twilio) to deliver audio/video media. With Twilio, media is encrypted end-to-end using WebRTC security protocols. Twilio does not mediate in the media exchange, which takes place through direct communication among participants. The only exception is when media exchange requires TURN (Traversal Using Relay NAT). In that case, a TURN server blindly relays the encrypted media bits to guarantee connectivity. The TURN server cannot decrypt or manipulate the media. Twilio conforms to the following standards: RFCs 5389, 5769, 5780, 5766, 6062, 6156, 5245, 5768, 6336, 6544, 5928 over UDP, TCP, TLS, and DTLS. See twilio.com for more information.
We keep information for as long as it is required to be able to provide our services or to meet legal and regulatory requirements. If we no longer require personal information for any purpose, we will take steps to permanently de-identify or securely destroy it.
Why do we collect personal information?
HiDoq provides an online platform designed to facilitate communications between healthcare professionals and healthcare recipients.
We collect, hold, use and disclose personal information to provide our services.
- providing, administering, improving and personalising our services;
- contacting you in relation to our services;
- verifying your identity and personal information;
- maintaining and updating our records;
- recruiting, training and managing staff;
- conducting quality assurance activities to maintain the quality of our services;
- carrying out internal functions like administration, finance, information technology, training and audit;
- conduct marketing and promotional activities;
- meeting our legal obligations; and
- practising effective risk management.
We may not be able to do these things without your personal information. For example, we may not be able to communicate with you.
We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (eg email), online (including websites and mobile apps) and other means, unless you opt out or we are subject to legal restrictions. See the marketing materials for details of how to opt out or contact us as set out below.
Who do we disclose personal information to?
We will disclose your personal information where required in order to provide you with our services.
In some instances, we may disclose personal information to third parties, including to:
- anyone engaged on our behalf to provide products and services, such as contractors or service providers;
- government and regulatory bodies;
- on a confidential basis, with our related companies; and
- where disclosure is permitted or required by law.
Our online services
This section applies to our website at hidoq.co.nz and to our other online services including our apps, email communications and social media profiles (together, ‘Online Services').
If you use our Online Services our system may record information such as the date and time of your interaction, the forms or pages accessed, and any information entered or downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.
Like many other websites, our website may use ‘cookies' from time to time. A cookie is a piece of information that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our website may not have full functionality in that case.
Our Online Services may also use, from time to time, third party services including, among others: Google Analytics, Firebase Analytics, and HubSpot. These services help us understand: (1) how you use and interact with our Online Services; and (2) the effectiveness of our marketing strategies.
The Online Services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.
How can you access and update your personal information?
Please contact us if you wish to seek access to or correct any personal information we may hold about you. We aim to respond within a reasonable time and may need to verify your identity. Please provide as much detail as you can about the particular information you seek, in order to help us locate it. We may deny some requests for access to or correction of personal information where the law allows us to do so.
Attention: Privacy Officer
If you contact us with any concerns about how we have handled your personal information, we may request additional details from you regarding your concerns, and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution.
Last updated: March 24, 2020