EAP Services Limited (EAP Services) provides a range of health and wellbeing services to organisations. These include Employee Assistance Programmes (EAP), Disruptive Event Management, HR Consulting, Health Risk Assessments, and Organisational Development (coaching, training and facilitation).

Purpose of the Privacy Statement

EAP Services is concerned with managing the personal information we collect from you in a fair and transparent manner. We actively comply with the requirements of the Privacy Act 2020 ("Privacy Act"), other relevant legislation and the Information Privacy Principles ("IPP") in relation to the collection, storage, use and disclosure of records containing your personal Information.

EAP services may collect, use, and disclose personal information relating to its customers, clients, contractors, and employees in the performance of its business activities. This statement sets out the standards that will enable personal and health information in our care to be managed as carefully and respectfully as if it were our own.

Scope

This privacy statement applies to all of EAP Services Ltd (or a person acting on behalf of EAP Services Ltd). It serves to clarify how we collect, use, store, disclose, update and destroy individual's personal information in New Zealand.

EAP services Ltd is a subsidiary business of Habit Holdings Ltd, New Zealand Company Number 5748387.

Anyone who collects Personal Information on behalf of EAP Services Ltd must also comply with this statement and the requirements of the Privacy Act.

Definitions

Personal Information means information about an identifiable individual. 

Collection of Personal and Sensitive Information

As part of providing counselling and other related services, EAP Services Professionals obtain from you, with your consent, personal information that is relevant to your current situation and which is of assistance in providing a professional service.

We will only collect personal information where it is necessary for us to perform one or more of our functions or activities. We collect the personal information we need to provide counselling services and to satisfy our legal, counselling, and other services and professional obligations as professionals. In addition, in accordance with our contractual obligations to your employer, we also collect your personal information to enable the provision of confidential and de-identified reporting in relation to organisational trends relating to the health and wellbeing services we provide.

The type of information EAP Services collects and holds varies depending on the type of product or service we provide to you. For example, EAP Services will hold different information about you if you are being provided counselling services after a crisis event than if you are receiving counselling under an Employee Assistance Program or health coaching. This information may include information about a disability or medical condition that you have or health information in general.

If you contact us by telephone, these calls may be recorded for training, quality, and business purposes.

How we collect personal information

Personal information may be collected through the following means: 

• Face to face and over the phone from you 
• When you complete a form on our website or online (via mobile APP)
• When you enquire about a service through our website 
• When you send an email or enquiry to us 
• When your organisation sends your information through to us as part of the formal manager referral process
• The Privacy commissioner has authorised the collection of information in this manner.  

 

Please also refer to section below related to Use of Cookies, and Call Recording.

In addition to collecting and storing necessary information to communicate with our clients, EAP services also store names, addresses and contact details of contractors, employees and other parties we interact with related to business activities. The same privacy statement applies to this information. 

We only collect personal information when users of EAP Services Ltd agree to our terms of service or our end user licence agreement.

By engaging with EAP services Ltd, you consent to this privacy statement.

How we use personal information

Collecting personal information allows us to confirm the identity of our clients and people we communicate with for business. This information allows our clients to securely access our online services, book services with ease and communicate. This information is used to assist in the provision of EAP counselling and professional services and is intended to satisfy our legal and professional obligations.

When the services are being accessed as part of an Employee Assistance Program (the program), some of the information collected will also be used to compile non-identifying statistical reports to the relevant customer organisation regarding usage of the program. All reasonable steps will be taken by us to ensure that this information does not allow for the identification of any persons.

Who we will share or disclose personal information with

Information obtained by us will remain confidential and will only be released when one of the following applies:

• The disclosure is in connection with, or directly related to, one of the purposes for which it was obtained; or
• You have provided written approval of informed consent for access to your own information;
• The information is health information, and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety, and;
• The use or disclosure is conducted in accordance with guidelines approved by the Privacy Commissioner under section 54 of the Privacy Act;
• The use or disclosure is required or authorised by law;
• Disclosure is necessary to facilitate the sale of a business as a going concern;
• EAP Services reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and/or imminent threat to any person; and
• Disclosure is authorised by the Privacy Commissioner;
• In the case of disclosure, EAP Services reasonably believes that the recipient of the health information will not disclose any such personal information. 

Other People’s Information which you Provide to Us

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use, and disclose such information for the purposes described above. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this policy as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our information disclosures practices, the individual’s right to obtain access to the information and the consequences for the individual if the information is not provided.

How we keep your information safe and secure

EAP Services views the security of your information as paramount to the integrity of our work. We will take all reasonable steps to ensure that data is secure. All personal information is kept securely in specialised software and on a secure computer server. Only authorised personnel have access to both systems for the purposes related to the services provided or anonymised reporting.

EAP Services Ltd take all reasonable steps to implement and maintain generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration, or destruction.

EAP services Ltd are governed by various legislations that mandate certain time periods that we must hold your information for. e.g., The Health (Retention of Health Information) Regulations 1996 say that health agencies must keep any health records they hold for a client for 10 years from the last time they provided services to that client. 

How we make sure the information we have is correct and up to date

EAP Services will take all reasonable steps to ensure that the information we collect, use or disclose is accurate. If we hold personal information about you, we will comply with legislative obligations to let you know what information we have on record. If you want us to change or update personal information about you, in some cases, we may require evidence that the information we have is inaccurate, incomplete or out-of-date.

How you can contact us to find out more about the personal information we hold

If EAP Services Ltd holds personal information about an individual, we will comply with legislative obligations to provide the individual with access to the information on request by the individual.

You can request access to your personal information. Such requests will be acknowledged promptly (typically within 5 working days). We may recover from you our reasonable cost of providing you with access.  If charges are applicable for providing access, we will disclose these charges to you prior to providing you with the information.

You can contact us to request access by:  

All information requests should be emailed to our Clinical Services Team at  cst@eapservices.co.nz

You will be asked to submit the below form with photo identification:

• Request to Access Personal Records Form. 

We must be able to verify your identity to be able to provide you access to your information.

In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial of or limitation on access and information on how to complain about the refusal. Note: access may only be denied in the circumstances set out in the New Zealand Privacy Principles, including:

• Where providing access will pose a serious threat to life or health of any individual or pose an unreasonable impact on the privacy or an individual;
• your request for access is frivolous or vexatious;
• where the information relates to existing legal proceedings between EAP Services Ltd and you and the information would not be discoverable in the process of those legal proceedings;
• where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law.

Identifiers

EAP Services will use a Client Identification Numbering System which allows for privacy and security of your information, and which is not related to any other identifier system.

How you can contact us to correct your information

If you believe the personal information, EAP Services Ltd hold on file is incorrect, you can request us to change it by:

All correction requests should be emailed to our Clinical Services Team at  cst@eapservices.co.nz

We will respond and check our information.  If the information we’re holding is factually incorrect we will: 

• Update the information on your file. 
• Send the corrected information to any third party who may have received the incorrect information. 
• Let you know we’ve made the change.  

Sometimes we may not be able to make the change you’ve requested. This is typically because it relates to opinion-based information (i.e., clinical opinion). In this instance we will: 

• Provide you with written explanation why we can’t make the change and provide you with information on how to complain. 
• You can choose to provide a written statement of correction which we will attach to your file. This will record your request for correction, but that we haven’t made the change. 

Privacy concerns or complaints

• EAP Services is happy to discuss with you any concerns or complaints regarding the management of personal information or if you would like to discuss any issues about our Privacy Statement.
• If you think we have breached the Privacy Act, Information Privacy Principles or Health Information Privacy Code 2020 you are entitled to complain to EAP Services Ltd below.
• We have a complaints process including external dispute resolution.

Let us know of your concerns or complaint by:

• Phoning us on 0800 327 669 or emailing feedback@eapservices.co.nz – you will be sent a Feedback and authority to disclose information form to complete and return to feedback@eapservices.co.nz.
• Providing anonymous feedback via our counsellor feedback form here.

EAP Services Ltd will provide written acknowledgement of your complaint within 5 working days. We will investigate the complaint and attempt to resolve it within 10 working days after the complaint was received. If we cannot conclude the complaint within this timeframe, we will provide you with information on how long we think it will take to investigate and respond to and keep you updated regularly.

If you are not satisfied with the response or the outcome of the complaint, you can appeal to the Privacy Commissioner.

Alternatively, you can lodge a complaint with the Office of the Privacy Commissioner here.

For further information on our External complaints management process please see here.

For information on our Whistle-blower program please see here.

Openness

EAP Services is open about its management of personal information. This Privacy Statement will be made available to anyone who asks for it.

On request by a person, EAP Services will take reasonable steps to inform you of the personal Information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

Use of Cookies

Online Appointment

Our online appointment system uses an in-memory cookie, which is set to last no longer than 30 minutes. The cookie itself doesn't collect any personal information about you (it is used to hold basic authentication-related information) and the content is encrypted.

Information you provide as part of the appointment process is retained on a secure site so we can contact you regarding your booking and maintain and manage your booking.

Your information will not be passed onto any third parties.

Google Analytics

EAP Services websites also use Google Analytics, a web analytics service provided by Google Inc.

Google Analytics also uses cookies. The information generated by the cookie about your use of the site is transmitted to and stored by Google on servers in the United States. Google uses this information for the purpose of evaluating how you use this site, compiling reports on site activity, and providing other services relating to site activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Google will not associate your IP address with any other data held by Google.

A "cookie" is a file which allows us to track and target the interests of people who use our website. In addition, our website uses third party cookies from Google Analytics, including the following features:

Cookies are used to analyse your use when you visit our website. The information we collect and share with third parties through cookies is aggregated and therefore anonymous (it does not include personal information which is likely to identify you). The information may be used to serve you advertising in relation to our products when you visit our website and third-party websites. You can access information about Google's Privacy Policy here.

While we recommend that users enable cookies on their browsers in order to enjoy all the features of our website, you can disable them should you wish to. Most browsers allow you to manage use of cookies, this will be different depending on each user's PC - refer to your browser help menu for further information. Should you wish to opt-out of the Google Analytics you can download the Google Analytics opt-out browser add-on or alternatively manage.

Call Recording Privacy Statement

As part of our commitment to providing the best possible service to our clients and customers, we record telephone calls made to and from our National Support Centre.

We record calls:

• for staff training purposes, to help us improve our service and to ensure the information we provide is consistent and accurate;
• for reporting on the types and numbers of enquiries we receive;
• to ensure we have an accurate record of your call, which may be needed to support any services requirement.

We understand your personal information is important, and we are committed to protecting your privacy. Recordings will be securely stored.

Transborder Data Flow

EAP Services does not store any personal data or individual’s information outside New Zealand.

Where an individual requests us to provide services through Partners located outside New Zealand, the individual’s information will be provided to that Partner, located outside New Zealand, In that circumstance, security of information is covered by New Zealand Privacy Principle 11.

Updates to EAP Services Ltd Privacy Statement

EAP Services may amend or update this Privacy Statement from time to time with or without notice to you.