Introduction
This Privacy Policy (“Policy”) applies to all “Personal Data” held by the Atlantis Healthcare Group (AHG) including its local affiliate companies. It has been developed to ensure our commitment to data protection is maintained to an extremely high standard and that both national and international requirements for the protection of Personal Data are met.
AHG designs and manages patient support programmes and delivers healthcare communication services to the world’s leading pharmaceutical companies, as well as government public health agencies. The main business purposes for the collection of Personal Data in line with our data protection policies include (a) care and treatment, (b) research and (c) administration.
This Policy is solely concerned with Personal Data defined as “any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
Collection and Use
Personal Data should always be collected directly from the individuals concerned. However, some exceptions apply, for example, if the information is publicly available.
The Personal Data must be solely used for the purpose for which it was collected. It must not be disclosed to anyone externally except in the restricted circumstances as permitted by law.
Accuracy – Data Quality and Integrity
AHG operates a global Data Quality Assurance Programme to safeguard data integrity of all Personal Data held on any AHG database.
Access, Correction and Deletion
Data Subjects have the right to (1) access, (2) correct, (3) limit the processing, use or disclosure of, and (4) delete any Personal Data held on them.
To ensure that Data Subjects have the ability to entertain all rights in relation to their Personal Data, AHG must at all times entertain the necessary infrastructure facilitating the exercise of such rights.
AHG is committed to ensuring that requests by Data Subjects in relation to their Personal Data are responded to in a prompt and efficient manner. AHG target a turnaround of 5 working days for any request. Where a response is not readily available, an AHG representative will inform the inquirer of the request status, action taken and expected time delay (if any). Reasons for any decision must be given.
Security
Technology and operational security measures are in place to protect Personal Data from loss, misuse, alteration, or destruction. External access to our systems is restricted through state of the art firewall applications securely managed by an external provider.
Internal access to Personal Data on the AHG computer network is restricted to those personnel who require access for the lawful purposes for which the Personal Data were given. AHG has measures in place to safeguard the physical security of the premises where the Personal Data are hosted. AHG maintains tightly managed approved and authorised access levels to the AHG computer network.
Full information security procedures are documented in AHG's Information Security Policies.
To secure and maintain our commitment to the protection of Personal Data, all employees are required to complete the AHG internal induction privacy training programme. Periodic refresher training is mandated. All employment and independent contractor agreements include a mandatory clause specifying an obligatory and contractual understanding of and adherence to the requirements of this Policy.
Retention
Personal Data must only be retained as long as reasonably necessary in light of the purpose for which it was collected. For certain types of data statutory retention periods may apply and must be observed. Confidential information specialists handle information requiring destruction. Further details are outlined in AHG’s Information Security Policies.
Privacy Contacts
AHG has appointed Privacy Officers/Officials in each location to ensure that all relevant privacy requirements, for example, the EU Data Protection Directive 95/46/EC, the NZ Privacy Act 1993 and Health Information Privacy Code 1994, the Australian Federal Privacy Act 1988, the UK Data Protection Act 1998, the German Bundesdatenschutzgesetz (BDSG), Spanish Law 15/1999 on the Protection of Personal Data (LOPD: Ley Organica 15/99 de 13 de Diciembre 1999 de Proteccion de Datos de Caracter Personal), and the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) are met.
New Zealand - Requests for information should be sent to the following contact:
Rebecca Brown
The Privacy Officer
Atlantis Healthcare
Level 1/435 Khyber Pass Road
Newmarket
Auckland 1023
Telephone +64 9 363 4838
Facsimile +64 9 363 4898
Email privacyNZ@atlantishealthcare.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
The New Zealand Privacy Commissioner can be contacted as follows:
The Privacy Commissioner
PO Box 10-094
The Terrace
Wellington 6143
+64 4 474 7595 or 0800 803 909
enquiries@privacy.org.nz This e-mail address is being protected from spambots. You need JavaScript enabled to view it.