Privacy Policy

Tristar Performance Limited

About this policy

At Tristar Performance Limited (‘We’, ‘Us’, ‘Our’), we take privacy seriously. We comply with the Privacy Act 2020 and, where we collect, hold, use or disclose health information, the Health Information Privacy Code 2020. This policy explains how we collect, use, hold, disclose and protect personal information and health information, and how individuals may exercise their rights of access and correction.

In this policy:

  • personal information means information about an identifiable individual; and

  • health information includes information about an individual’s health, medical history, disabilities, health services provided to them, and information collected before or in the course of providing health services.

This policy applies to our website, our services, and any related products or platforms we use in connection with our services. We will refer to them all as our “Services” in this policy. 

We may update this policy from time to time. The most recent version will be published on our website (Tristar Performance (www.tristarperformance.co.nz)). Any changes apply from the date the updated version is published.

What information we collect

We may collect personal information and health information including:

  • name;

  • contact details, including email address, phone number, residential address and postal address;

  • date of birth;

  • sex and/or gender;

  • billing and financial information;

  • IP address and website usage information;

  • photographs and video images;

  • biometric information;

  • feedback, opinions and communications;

  • medical and health information, including PAR-Q responses, medical history, medications, GP details and information provided on intake and screening forms;

  • testing and assessment data, including physiological test results, metabolic data, INSCYD outputs, health screening results and assessment reports;

  • programme participation records, including attendance, session notes and coaching communications; and

  • National Health Index or other health-related identifier information where applicable.

We will only collect information where the collection is for a lawful purpose connected with our functions or activities and where the collection is necessary for that purpose. If our purpose does not require identifying information, we will not require it.

How we collect information

Where possible, we collect information directly from the individual concerned.

We may also collect information:

  • from a representative, parent, guardian or person lawfully acting on the individual’s behalf where appropriate;

  • from another person or agency where the individual has authorised this;

  • from a referring practitioner, GP or other health professional where authorised;

  • from publicly available sources where lawful; and

  • automatically through our website or systems, including through cookies and similar technologies.

If we collect health information directly from an individual, or from their representative, we will take reasonable steps to ensure they are aware of:

  • the fact that the information is being collected;

  • the purpose of collection;

  • the intended recipients;

  • our name and address, and the name and address of the agency that will hold the information;

  • whether providing the information is voluntary or mandatory, and if mandatory, the legal basis for that requirement;

  • the consequences of not providing the information; and

  • the rights of access and correction.

If we collect health information from someone other than the individual or their representative, we will take reasonable steps, as soon as reasonably practicable, to make the individual or their representative aware of the matters required by the Health Information Privacy Code 2020, unless an exception applies.

Why we collect information

We collect and use personal information and health information for purposes including:

  • providing Services and goods to the individual;

  • assessing suitability for Services, training, testing or programmes;

  • communicating about appointments, results, recommendations and Services;

  • preparing reports, summaries and records;

  • maintaining longitudinal records to compare results over time;

  • billing and debt recovery;

  • improving our Services;

  • providing relevant marketing and advertising for our Services;

  • complying with legal and regulatory obligations;

  • protecting our legal rights and business interests;

  • carrying out authorised administrative, quality assurance and audit functions; and

  • with appropriate authority or where lawful, using de-identified information for statistical, research or educational purposes.

We will not use health information for a purpose other than the purpose for which it was obtained unless a permitted ground under the Health Information Privacy Code 2020 applies, including where the individual has authorised the use, the new purpose is directly related, the information is used in a non-identifying form, or another lawful exception applies.

We will not use personal or health information for academic related research, presentations and/or publication purposes unless a specific research case study consent form has been obtained from the Individual or the Individual’s authorised representative. 

If requested information is not provided, we may be unable to provide some or all of our Services.

Who we disclose information to

We may disclose personal information and health information to:

  • payment processors and accounting software providers;

  • booking, client management, website hosting and IT service providers;

  • marketing service providers;

  • regulators, law enforcement agencies, government agencies, dispute resolution bodies and professional advisers where disclosure is required or permitted by law or necessary to protect legal rights; and

  • GPs, referring practitioners, other health professionals, representatives or support persons where authorised or otherwise permitted by law.

We will not disclose health information unless a permitted ground under the Health Information Privacy Code 2020 applies. This may include where:

  • the disclosure is to the individual concerned;

  • the individual or their representative has authorised the disclosure;

  • the disclosure is for a purpose connected with the purpose for which the information was obtained;

  • the disclosure is directly related to that purpose and it is not desirable or practicable to obtain authorisation in the circumstances;

  • the disclosure is necessary to prevent or lessen a serious threat to public health or safety or to the life or health of any person; or

  • another lawful exception applies.

Where health information is disclosed, we will only disclose what is reasonably necessary for the relevant purpose.

Where practical/possible we will obtain the Individual or their authorised representatives written consent to the disclosure of any physiological test results to third parties unless one of the permitted grounds under the Health Information Privacy Code 2020 applies. 

Where information and data is provided it will be provided in a usable format. 

Disclosure outside New Zealand

We may store or disclose personal information or health information outside New Zealand, including through third party service providers.

Where we disclose health information to a person or entity outside New Zealand in reliance on the grounds permitted by the Health Information Privacy Code 2020, we will only do so where one of the permitted safeguards applies, including where:

  • the individual or their representative authorises the disclosure after being expressly informed that the overseas recipient may not be required to protect the information in a way that provides comparable safeguards;

  • the overseas recipient is carrying on business in New Zealand and is subject to the Privacy Act 2020 and the Health Information Privacy Code 2020 in relation to that information;

  • we reasonably believe the overseas recipient is subject to privacy laws or binding arrangements that provide comparable safeguards; or

  • another lawful basis applies.

Storage and security

We take reasonable steps to protect personal information and health information against loss, unauthorised access, use, modification or disclosure, and other misuse. We use safeguards that are reasonable in the circumstances, including secure systems, password protection and other technical and organisational measures.

Where information is handled by third party service providers for storage, processing or destruction, we will do everything reasonably within our power to prevent unauthorised use or disclosure.

When information is no longer required to be kept, we will securely destroy or de-identify it in a manner that preserves privacy.

Cookies

We use cookies, log files and other technologies on our website. A cookie is a small data file that the website sends to the users browser, which may then be stored on your system for later retrieval by the website, and which are used to record how the user navigates our website on each visit. We use the information collected from cookies to enhance a user experience of our website and to develop and improve our product and Service offerings.

When you browse the website, the following information may be captured:

  • the users server address; 

  • top level domain name (for example .com, .gov, .nz, etc.); 

  • the date and time of the users website visit;

  • the pages the user looked at; 

  • the documents the user downloaded;

  • the previous site the user visited; and

  • the type of browser the user used. 

An individual does not have to accept cookies and can change their browser settings to prevent cookies being stored on the user’s computer. But if the user does turn cookies off this will limit the service that we are able to provide and may affect their visitor experience. For further information about cookies see www.allaboutcookies.org.

Retention

We will not keep health information for longer than is required for the purposes for which it may lawfully be used, although we may retain it where retention is necessary or desirable for the purposes of providing Services or where required or permitted by law.

Our current practice is to retain personal information and health information for at least seven years from the date of the last appointment, unless a longer retention period is required or justified by the nature of the Services, ongoing care, legal obligations or another lawful purpose.

Accuracy

Before we use or disclose health information, we will take reasonable steps in the circumstances to ensure it is accurate, up to date, complete, relevant and not misleading.

Individuals should promptly tell us if their details change or if they believe any information we hold is inaccurate.

Access and correction

Individuals have the right to request confirmation of whether we hold health information (including access to complete records of an Individual’s physiological test history) about them and to request access to that information, subject to the grounds for refusal permitted under the Privacy Act 2020.

Individuals may also request correction of their personal information or health information. If we do not agree to make a requested correction, the individual may provide a statement of correction and request that it be attached to the information so that it is read with it.

If we correct health information, or attach a statement of correction, we will take reasonable steps to inform other persons to whom we have disclosed that information where reasonably practicable.

When giving access to health information, we will advise the individual of their right to request correction.

Charges

We may charge for access to or correction requests only to the extent permitted by law. In relation to health information, any charge will comply with the Health Information Privacy Code 2020. In particular, charges must be reasonable and are limited in the circumstances permitted by that Code for example, if the same request has been made in the preceding twelve (12) months or for providing a copy of an x-ray, video recording, MRI, PET or CAT photograph. In all cases where the cost is greater than $30.00, we will provide an estimate prior to complying with the request. 

Unique identifiers

We may assign or collect unique identifiers, including health-related identifiers, only where necessary to carry out our functions efficiently and in accordance with applicable law. We will take reasonable steps to ensure any unique identifier is assigned only where identity is clearly established and to minimise the risk of misuse.

We will not require an individual to disclose a unique identifier unless that disclosure is for a purpose connected with the purpose for which the identifier was assigned, or a directly related purpose.

Complaints

We take privacy complaints seriously. We have procedures for receiving, documenting and responding to complaints about alleged breaches of privacy obligations. Complaints will be handled fairly, simply, speedily and efficiently.

Where the Health Information Privacy Code 2020 requires it to apply, our complaints process includes written acknowledgement within five (5) working days unless the complaint has already been resolved, and further response steps within the timeframes required by the Code.

Individuals may also complain to the Office of the Privacy Commissioner.

Contact details

To request access to or correction of personal information or health information, make a privacy complaint, or contact us about this policy, please contact:

Tristar Performance Limited

Email: tony@tristarperformance.co.nz

Phone: 027 421 1238

Post: 7/15-17 Southern Cross Road, Rangiora 7400