Privacy policy

1. Introduction

1.1 Confidentiality of data relating to individual patients and visitors, including their identity, is respected by DermNet New Zealand Trust (“DermNet”), who is bound by the privacy principles set out in the New Zealand Privacy Act 1993, together with the requirements of the Health Information Privacy Code 1994.

1.2 In this Privacy Policy, “we”, “our” and “us” means DermNet New Zealand Trust.  By using our website and in your dealings with DermNet, you agree to this Privacy Policy and consent to the collection, use, disclosure, storage and retention of your personal information as described below.

1.3 We may amend this Privacy Policy from time to time by posting the revised version on our website and/or notifying you by email. If you do not agree to any amendments, you may no longer use our website after the date that any amendment takes effect and/or you may withdraw your consent or object to the processing of your personal information by DermNet in accordance with your applicable legal rights.

2. 2.What personal information may we collect and why?

2.1 The personal information we may collect includes your name, address, gender, profession or speciality, job title, organisation, telephone numbers, email address and credit card or billing information.

2.2 We collect personal information about you so that you can use our website, purchase or enquire about our images, and so that we can provide related services to you.

2.3 We may also collect health information provided by you, such as your medical history, symptoms, medication, and health services you are currently being or have been provided. We use this information to correctly classify skin conditions on our image library, to provide information about skin conditions in our topic pages (in an anonymous way). We will only process health information in accordance with your explicit consent.

2.4 In some situations, we may collect someone else’s health information from you. For example, if you are a health care provider or dermatologist, we may collect medical information about your patient from you for the reasons set out above. Before providing us any personal or health information about an identifiable individual you must ensure you receive their (or in the case of a minor or a person unable to provide informed consent, their parent’s, guardian’s or attorney’s) explicit prior consent to the collection, use, disclosure, storage and retention of their personal or health information in accordance with this Privacy Policy, and ensure that you have met all other applicable legal obligations in relation to the disclosure of personal or health information to us (including, where applicable, providing the individual with all information required under Article 14 of the GDPR).

3. How we may use that personal information

3.1 The personal information that we collect will be used by us to provide our goods and services to you, including:

(a) enabling you to register your information on our database or subscribe to our monthly newsletter;
(b) to correctly classify conditions on our image library;
(c) enabling you to purchase images from us, or submit images to us;
(d) responding to requests, enquiries, complaints and other customer care related activities;
(e) for administrative purposes such as creating orders, transaction records, receipts and invoices;
(f) subject to you providing your consent (in accordance with the Unsolicited Electronic Messages Act 2007) sending you messages to promote and market our goods and services, including special offers and events which might interest you; and
(g) any other purposes required by law.

4. Sharing your personal information

4.1 We will only disclose personal information in accordance with this Privacy Policy, your specific instructions or authorisation, and the law.  We may disclose your personal information to:

(a) our suppliers in order to provide you with any goods you purchase;
(b) any service providers that are providing a service to you or us in relation to our goods or services (such as third party payment providers or IT service providers); and
(c) any other third party where disclosure is necessary in order for us to meet your request for goods or services.

4.2 Personal information that you provide to us may be transferred, processed, used or stored by us and/or our third party service providers in countries other than New Zealand, including the United States of America.

4.3 Where we engage third party service providers to carry out certain processing activities on our behalf, we will ensure that appropriate technical and organisational measures are in place to ensure such third party is bound by substantially similar obligations as those set out in the Privacy Act and this Privacy Policy.

4.4 We may share de-identified, aggregate and/or anonymous data with third parties in New Zealand and overseas, including the United Kingdom, the U.S.A and Canada, for research, development, statistical or other business related purposes.

4.5 If you have any concerns regarding the transfer or disclosure of your personal information overseas, or if at any time you wish to withdraw your consent to such transfer and/or disclosure, please contact us using the details below. However, please note that if you withdraw your consent we may not be able to provide the services you have requested in whole or in part.

5. Cookies and Google Analytics

5.1 Our website is using cookies and web server logs to collect information about how our website is used. We may serve third-party advertisements that use cookies and web beacons in the course of ads being served on our website. You have the ability to accept or decline cookies by modifying your web browser.

5.2 We are using Google Analytics to analyse the audience of the website and improve our content. Information gathered through cookies and web server logs may include your IP address, the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. For further information on Google Analytics, please visit http://www.google.com/analytics/learn/privacy.html.

6. Security and storage of  personal information

6.1 We strive to ensure the security, integrity and privacy of all personal information you provide to us.  We will take reasonable steps to ensure that the personal information that we hold is accurate, complete, up-to date, stored in a secure environment, and protected from unauthorised access, modification or disclosure.  However, we will not be held responsible for events arising from unauthorised access to your personal information.

7. Third party websites

7.1 Please be aware that our website may contain links or references to third-party websites, and our Privacy Policy does not apply to those websites. We are not responsible for the content or information collection practices of those pages an take no responsibility for the privacy practices or security of other websites. We encourage you to review and understand their privacy practices before providing them with any information.

8. Application of overseas privacy laws

8.1 DermNet’s website and services can be accessed by people all over the world, in countries that may have different privacy laws to New Zealand. By visiting the our website, accessing our services, or otherwise providing us with personal information, you acknowledge and agree that your personal information may be processed for the purposes set out in this Privacy Policy and otherwise in accordance with New Zealand law.

8.2 If you are located in a European Union Member State, to the extent that we are subject to the EU General Data Protection Regulation 2016/679 (“GDPR”), we will comply with our obligations under the GDPR in relation to the processing of any personal data that we hold about you.

9. Opting out

9.1 If at any time you no longer wish to receive our newsletter or wish to withdraw your consent or object to the processing of your personal information in accordance with this Privacy Policy, please contact us using the details below and we will remove your details and/or image from our database and/or image library.  Alternatively, you can opt-out of receiving further communications from us by using the functional unsubscribe facility in any electronic communication sent from us or on our behalf.

10. How to access and correct your personal information

10.1 You agree that any information you give to us will be accurate, correct and up to date, and that when acting on behalf of a business or another person, you are authorised to give such information to us.

10.2 You can request access to or correction of your personal information by contacting us using the details listed below.  You may also request the source of any personal information we collect from a third party. 

10.3 If you are located in a European Union Member State in which we offer goods or services, to the extent we are subject to the GDPR, you may request that we delete certain personal information or transfer your personal information to another organisation.

10.4 We will retain your personal information only for as long as it is required to achieve the purposes set out in this Privacy Policy. When the personal information we collect is no longer required, we will remove or de-identify it as soon as reasonably practicable.

11. How to contact us

11.1 If you have any queries or concerns about this Privacy Policy or our handling of your personal information please contact us or email [email protected]

11.2 If you would like more information about your privacy rights or wish to make complaint about our privacy practices, you may contact the Office of the Privacy Commissioner at www.privacy.org.nz or by post to PO Box 10 094, The Terrace, Wellington 6143, New Zealand.