Privacy Policy
We respect the privacy of participants and Application users and developed the Kiasma Privacy Policy to demonstrate our commitment to protecting your privacy.
The Kiasma Privacy Policy is intended to describe for you, as a user of Kiasma, why we collect personal and health information (“information”) about you, how we collect and “process” (store, use, and share) it, and your choices about such uses and sharing.
The Kiasma Applications are created by Kiasma Health Ltd (also called "Kiasma", "we", "us", and "our" in this privacy policy), a New Zealand Company. The Application may be referred to as “tool”, “programme”, “services”, or “app” interchangeably.
We encourage you to read this Privacy Policy carefully when using Kiasma. The key points outlined in this policy are:
Identifiable information is collected from you in order to use the service.
Health information is kept for ten years under the law relating to health information, the Health (Retention of Health Information) Regulations 1996.
You have the right of access to and correction of your health information.
Information will only be shared with those you have agreed to or if we have to by law because of health and safety concerns.
We uphold your rights as outlined in the Privacy Act 2020, the Health Information Privacy Code 2020 and the Code of Health and Disability Services Consumers' Rights 1996.
Your consent
By signing up to Kiasma, you agree to this Privacy Policy. You consent to the collection and processing of your information as set out in this Privacy Policy now and as amended by us. We will email you to let you know when the Policy is updated.
Definitions
Personal information is information about a living person. It is any information that identifies you or is capable of identifying you and includes things like your name and the organisation you work for.
Health information is information relating to any past or present physical or mental health condition of an individual, or the provision of healthcare to an individual.
When we say ‘information’, we mean both your Personal and your Health Information.
Why do we collect information about you?
We collect information about you for the following purposes:
To provide our Services to you
To contact you for administrative or technical purposes
Personalise our Services to your particular circumstance
We use information that does not identify you to:
Improve our Services based on your use of them
Report on the outcome of our Services to promote and evaluate them
See the section below on “How is my information used?” to see more about what is done with your information.
Collection of information for our Services
What information does the Application collect, and how is it collected?
The Application obtains the information you provide when you register as a user. Registration with us is optional. However, please keep in mind that you may not be able to use any of the features offered by the Application unless you register with us.
When you register with us and use the Application, you generally provide:
· Your name, email address, username, password, and other registration information
· ‘Transaction-related information’, such as when you download or use the Application
· Information you enter into the Application during participation in a Programme
· Information you provide us when you contact us for help
See the section below on “How is my information used?” to see what is done with your information.
As a Visitor, you can browse our website (www.kiasmahealth.com) to learn more about our apps and other Services. You are not required to provide us with any personally identifiable information as a Visitor. See also the section below on Cookies.
Automatically collected information
The Application may collect certain information automatically, including, but not limited to:
The type of computer or mobile device you use
Your computer or mobile device's unique device ID, as created by the device manufacturer
The IP address of your computer or mobile device (following the Office of the Privacy Commissioner’s advice for privacy good practice, we treat this as personal information).
Your operating system
The type of internet browsers you use
Information about the way you use the Application.
We use the information we collect to help us continuously understand and optimise your experience, ensuring consistency across user devices. We only use information that does not personally identify you for the purpose of internal analytics to improve our Services.
See the section below on “How is my information used?” to see what is done with your information.
Cookies
Our website uses “Cookies” to identify the areas of our website that you have visited. A cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to personalise the Kiasma Content on our website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all. We never place personally identifiable information in Cookies.
Does the Application collect precise real-time location information of the device?
This Application does not collect precise information about the location of your device.
Children
We will not contact any person under 18 about special offers for marketing purposes or solicit data without a parent or guardian’s permission. If a parent or guardian becomes aware that their child has provided us with information without their consent, they should contact us at support@kiasma.health. We will delete such information from our files within a reasonable time.
How is my information used?
We use and disclose information that we collect about you in order to:
Provide our Services as part of Programmes
Improve and personalise your experience
Share your information with a health coach if you agree to work with one.
Manage your account and resolve technical issues with a Programme
Communicate with you by email and mobile devices about your use of Kiasma
Enforce the Terms and Conditions
Manage our business and perform functions as otherwise described to you at the time of collection
We use de-identified, aggregate data to:
Perform an analysis of your use of Kiasma and the outcomes achieved. See also the section below on Mixpanel
Report the outcomes of our Services to our partners as trends
Promote our Programmes/Services to potential clients.
Data collected by the Service will not be shared or processed for any other reason than outlined in this policy. If we intend to share your information for another purpose, we will gain your consent first. Reports to organisations paying for services always use de-identified data.
We won’t ever use your email to spam you with marketing promotions not related to the Application or Programme.
Sharing of your information
Who can access my information?
By using the Services, you authorise Kiasma to disclose any or all of the collected personal or health information to:
A health coach
You can choose to work with a health coach. You will be asked about this in the App. If you agree, your information will be shared with the health coach. Health coaches work directly with individuals participating in the Kiasma programmes.
If you agree to work with a health coach as part of your Kiasma programme, the coach will use the Kiasma app to direct message you.
Authorised administrative Kiasma personnel
Access is for the sole purpose of providing our Services. This is very limited. For example, our customer support team do not see or have access to the information you enter in the App.
You may choose to share some information with Kiasma customer support should you require technical help. The Kiasma customer support and technical team cannot see your personal or health information.
We will only ever share your information with people you have consented to receive that information. These may include a person of your choice or your coach.
Please note that your coach may contact crisis and emergency services if there is concern for your safety.
We will otherwise only share information in accordance with the Privacy Act 2020.
Third-party Services we use and their access to your information
We employ third-party Services to provide functions on our behalf. We only provide the minimum necessary data to these third-party service providers and will not provide them with any health information.
Google Firebase
Google Firebase is a set of cloud based tools that we use to build and develop the Kiasma App. We use the following Firebase features to help us build and maintain our apps: Realtime Database, Crash Reporting, Cloud Messaging, Dynamic Links and Authenticator.
Mixpanel
We use Mixpanel to ensure App functionality and so that we can better understand how people use the App. Kiasma only provides limited information to Mixpanel about you (this includes your IP address), and Mixpanel does not have access to your information in the App.
Identity Providers
You can choose to sign into the App using the third party identity providers of Apple or Google. When you do so, we will create your account by taking certain personal information from these providers. This includes your email address and other personal information that your privacy settings allow us to access.
Other legal reasons for disclosure of information
We may disclose information under certain circumstances, including:
As required by law, such as to comply with a warrant or legal process.
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a third-party request, in accordance with the Privacy Act 2020.
Rights of access and correction
You can access and update your contact information and registration details online by logging into your account. Please note surveys and direct messages with your Health Coach are not editable once completed.
You have the right to access and to request correction of any of your information provided to us in connection with your use of the Programme.
If you would like to view the information relating to you that we have stored, or to request correction of such information, or if you have any concerns regarding your privacy, please contact us by emailing support@kiasma.health.
What are my opt-out rights?
You can stop all collection of information by the Application easily by deleting your account under ‘Settings’. As part of this process, we will prompt you to download all your data to your device. The transfer of your data means we will no longer store your personal or health information. Should you wish to rejoin Kiasma, none of this information will be on your profile.
To opt out of all analytics we use, you can uninstall the Application or stop using our Services.
Data retention policy, managing your information
If you do not delete your profile and do not download your information, we retain users’ health information for ten years after the last date of modification. This is in accordance with the Health (Retention of Health Information) Regulations 1996. If you wish to have a copy of this information please email support@kiasma.health
We retain Automatically-Collected information for up to 24 months; it is then stored in aggregate form.
Security
We take safeguarding the confidentiality of your information very seriously. We provide physical, electronic, and procedural safeguards to protect the information we process and maintain. We carry out regular audits, Privacy Impact Assessments and follow the best practice requirements to ensure our systems safeguard your information. All Kiasma staff regularly participate in privacy training and we limit access to information to authorised employees and contractors who need to know that information in order to operate, develop or improve our Application.
Please be aware that although we endeavour to provide reasonable security for the information we process and maintain, no security system can prevent all potential security breaches.
Your data is stored, encrypted, and protected using AWS servers in Sydney. This is the preferred data storage location for Manatū Hauora | Ministry of Health.
Links to other websites
Our Application may contain links to other websites that are not under our direct control. These websites may have their own policies regarding privacy. We have no control of, or responsibility for, linked websites and provide these links solely for the convenience and information of our visitors. You access such linked websites at your own risk. These websites are not subject to this Privacy Policy. You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilise your personal information. In addition, these websites may contain a link to websites of our affiliates. The websites of our affiliates are not subject to this Privacy Policy, and you should check their individual privacy policies to see how the operators of such websites will utilise your personal information.
Changes
This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via push notification in the App. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can check the history of this Policy by the revision numbers at the end of the Policy.
Contact us
If you have any questions regarding privacy while using the Application or have questions about our practices, please contact us via email support@kiasma.health
For any issues or questions regarding our Privacy policy please contact our designated privacy officer: Sam Rodney-Huson
Version
Version 2.0 January 2024