EAP Services Limited (EAP Services) provides a range of health and wellbeing services to organisations. These include Employee Assistance Programs (EAP), Disruptive Event Management, HR Consulting, Health Risk Assessments, and Organisational Development (coaching, training and facilitation).
EAP Services is concerned with managing the personal information we collect from you in a fair and transparent manner, and we actively comply with the requirements and spirit of the New Zealand Privacy Principles under the Privacy Act 1993.
We will be fair in the way we collect information from you. We will tell you who we are, what type of information we hold about you and how we intend to use it.
This Policy will be reviewed at least annually, to ensure it remains up to date. It may be amended from time to time by posting the amended version on our website.
For further information on privacy in New Zealand, please visit the website of the Office of the Privacy Commissioner at https://www.privacy.org.nz/
Collection of Personal and Sensitive Information
As part of providing counselling and other related services, EAP Services Professionals obtain from you, with your consent, personal information that is relevant to your current situation and which is of assistance in providing a professional service.
We will only collect personal information where it is necessary for us to perform one or more of our functions or activities. We collect the personal information we need to provide counselling services and to satisfy our legal, counselling and other services and professional obligations as professionals. In addition, in accordance with our contractual obligations to your employer, we also collect your personal information to enable the provision of confidential and de-identified reporting in relation to organisational trends relating to the health and wellbeing services we provide.
The type of information EAP Services collects and holds varies depending on the type of product or service we provide to you. For example, EAP Services will hold different information about you if you are being provided counselling services after a crisis event than if you are receiving counselling under an Employee Assistance Program or health coaching. This information may include information about a disability or medical condition that you have or health information in general.
If you contact us by telephone, these calls may be recorded for training, quality and business purposes.
At or before the time EAP Services collects personal information about you, EAP Services will take reasonable steps to ensure that you are aware of:
- the identity of EAP Services and how to make contact;
- the fact that you are able to gain access to the information;
- the purposes for which the information is collected;
- any law that requires the particular information to be collected; and;
- the main consequences (if any) for you if all or part of the information is not provided.
This information is used to assist in the provision of counselling services and is intended to satisfy our legal and professional obligations as Professionals.
When the services are being accessed as part of an Employee Assistance Program (the program), some of the information collected will also be used to compile non-identifying statistical reports to the relevant host organisation regarding usage of the program. All reasonable steps will be taken by us to ensure that this information does not allow for the identification of any persons.
Information obtained by us will remain confidential and will only be released when:
- You have provided written approval of informed consent for access to your own case notes;
- The information is health information and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety, and;
- it is impractical for EAP Services to seek your consent before the use or disclosure;
- the use or disclosure is conducted in accordance with guidelines approved by the Privacy Commissioner under section 54 of the Privacy Act;
- in the case of disclosure, EAP Services reasonably believes that the recipient of the health information will not disclose any such personal information;
- The use or disclosure is required or authorised by law;
- EAP Services reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and/or imminent threat to any person.
Other People’s Information which you Provide to Us
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described above. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this policy as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our information disclosures practices, the individual’s right to obtain access to the information and the consequences for the individual if the information is not provided.
EAP Services will take all reasonable steps to ensure that the information obtained and stored is accurate. If any of the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us immediately and we will take reasonable steps to correct this information or, if necessary, we will discuss alternative access with you.
EAP Services views the security of your information as paramount to the integrity of our work. We will take all reasonable steps to ensure that data is secure. All personal information is kept in secure filing systems and on a secure computer server. Only authorised personnel have access to both systems.
EAP Services is open about its management of personal information. This document and all other relevant documents are available on request.
On request by you, EAP Services will take reasonable steps to inform you of the information it holds, the purpose of obtaining such information, how it collects, uses and discloses that information.
Gaining Access to and Correcting your Personal Information
You can request access to your personal information. Such requests will be responded to promptly (typically within 5 working days). We may recover from you our reasonable cost of providing you with access. If charges are applicable for providing access we will disclose these charges to you prior to providing you with the information.
To arrange access please contact us (see the Contacting Us section). All requests to access information should be in writing, marked to the attention of the Privacy Officer.
In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial of or limitation on access. Note: access may only be denied in the circumstances set out in the New Zealand Privacy Principles, including:
- where providing access will pose a serious threat to life or health of any individual or pose an unreasonable impact on the privacy or an individual;
- your request for access is frivolous or vexatious;
- where the information relates to existing legal proceedings between EAP Services and you and the information would not be discoverable in the process of those legal proceedings;
- where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law.
We will correct personal information if we discover, or you are able to show that the information is incorrect. If you seek correction and EAP Services disagrees that the information is incorrect, we will provide you with our reasons for taking that view and advise you on the further steps you may take.
EAP Services will use a Client Identification Numbering System which allows for privacy and security of your information and which is not related to any other identifier system.
Our online appointment system uses an in-memory cookie, which is set to last no longer than 30 minutes. The cookie itself doesn't collect any personal information about you (it is used to hold basic authentication-related information) and the content is encrypted.
Information you provide as part of the appointment process is retained on a secure site so we can contact you regarding your booking and maintain and manage your booking.
Your information will not be passed onto any third parties.
EAP Services websites also use Google Analytics, a web analytics service provided by Google Inc.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
Google will not associate your IP address with any other data held by Google.
A "cookie" is a file which allows us to track and target the interests of people who use our website. In addition, our website uses third party cookies from Google Analytics, including the following features:
Call Recording Privacy Statement
As part of our commitment to providing the best possible service to our clients and customers, we record telephone calls made to and from our National Support Centre.
We record calls:
- for staff training purposes, to help us improve our service and to ensure the information we provide is consistent and accurate;
- for reporting on the types and numbers of enquiries we receive;
- to ensure we have an accurate record of your call, which may be needed to support any services requirement.
We understand your personal information is important, and we are committed to protecting your privacy. Recordings will be securely stored.
Transborder Data Flow
EAP Services does not store any personal data or individual’s information outside New Zealand.
Where an individual requests us to provide services through Partners located outside New Zealand, the individuals information will be provided to that Partner, located outside New Zealand, In that circumstance, security of information is covered by New Zealand Privacy Principle 11.
Resolving your Privacy Issues
We also have a complaints process including external dispute resolution and a nominated Privacy Officer who can be contacted as detailed in the Contacting Us section.
In the first instance, a complaint should be made in writing, marked to the attention the Privacy Officer. The complaint will typically be responded to within 5 working days of receipt of the complaint; will be investigated within 21 working days and will be formally replied to within 28 working days.
If you are not satisfied with the response or the outcome of the complaint, you can appeal to the Privacy Commissioner.
Dealing with us Anonymously or under Pseudonym
You can deal with us anonymously or you may use a pseudonym where it is lawful and practicable to do so. For example, you may inquire about our products or receive generic information about how we may be able to provide support services to you. However, we regret that we will not be able to offer any of our products or services if we cannot identify you.