FingerInk Limited NZ Company No. 3897416 (we, us, our, Finger-Ink) complies with the Privacy Act 1993 (New Zealand) (the NZ Privacy Act) and other applicable laws when dealing with personal information. Personal information is information about an identifiable individual (a natural person).
This policy sets out how we will collect, use, disclose and protect your personal information.
If you are based in the European Union and use our website, products and/or services the additional terms in the addendum to this policy apply to you.
This policy does not limit or exclude any of your rights under the NZ Privacy Act and other applicable laws. If you wish to seek further information on the NZ Privacy Act, see www.privacy.org.nz.
We may change this policy by uploading a revised policy onto our website (finger-ink.com) (the website). Unless stated otherwise, the change will apply from the date that we upload the revised policy.
We collect, hold and process two categories of personal information
Account and Marketing Data is personal information that we collect about you:
The Account and Marketing Data we collect may include company/personal names, usernames, phone numbers, email addresses, your location, billing information, information about how you use our website or the Services (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, and other information required to provide a service or information you have requested from us.
Patient or Client Data is personal information about a customer’s patients that is input into the Finger-Ink Service (as defined in the Finger-Ink Terms of Service). Patient or Client Data may include patients’ first and last names, titles, dates of birth, photographs, medicare numbers, email addresses, phone numbers, addresses, emergency contacts, and any other information that a customer decides to capture about its patients.
We will not disclose, move, access, process or use Patients Data except as provided in our Terms of Service (including, if applicable, the Finger-Ink Data Processing Addendum) and we require our customers to comply with applicable privacy and data protection laws.
We collect personal information about you from:
If possible, we will collect personal information from you directly.
When you visit or use our website or the Service, we may collect information about you:
Some provision of personal information is optional. However, if you do not provide us with certain types of personal information, you may be unable to enjoy the full functionality of our website or the Services.
We may also conduct user surveys to collect information about your preferences. These surveys are optional and if you choose to respond, your responses will be kept anonymous. Similarly, we may offer contests to qualifying users in which we ask for contact and demographic information such as name, email address and mailing address. None of this information is shared with third parties, except in summary form, if at all. Information we gather through a contest may also be disclosed to third parties as necessary for prize fulfillment and other aspects of any contest or similar offering.
We will use your personal information:
We may disclose your personal information to:
A business that supports our services and products may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.
Protecting your personal information
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse.
Subject to certain grounds for refusal set out in the NZ Privacy Act or other applicable law, you have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
For the purposes of the GDPR:
We will not process Patient or Client Data except as provided in our Terms of Service (including, if applicable, the Finger-Ink Data Processing Addendum) and we require our customers to comply with applicable privacy and data protection laws.
The remainder of this GDPR Addendum applies to Account and Marketing Data only, and does not apply to Patient or Client Data.
This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to email@example.com.
The legal basis for our processing of Account and Marketing Data is your consent and, for certain Account and Marketing Data, processing is necessary for the performance of a contract to which you are a party.
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
You do not have to provide us with your name or contact information to access and use the website. However, you must provide us with your name and contact information when using the Service and some of our other services. The consequence of not providing your name and contact information is that we will not be able to provide all of our services to you.
Your rights in relation to your personal data under the GDPR include:
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at firstname.lastname@example.org, or our nominated Representative. If you are not satisfied by the way your query is dealt with by our data protection officer, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
The nominated Representative for data protection matters within the European Union, pursuant to Art. 27 of Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR), is:
Adaptant Solutions AG
Rosenheimer Str. 139
Inquiries may also be submitted through Adaptant’s contact form at: https://www.adaptant.io/contacts-locations.
We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please contact us at email@example.com
The Account and Marketing Data may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
Some of the Account and Marketing Data we collect is processed in New Zealand (where our registered office is located). New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision in transferring personal data to New Zealand.
Some of the Account and Marketing Data we collect is processed by third party data processors in other countries, including the United States. These countries are not subject to an adequacy decision by the European Commission and instead, in transferring your personal data to these countries, we take other appropriate safeguards as prescribed by the GDPR. We have verified that our data processors in the United States have self-certified under the EU-US Privacy Shield framework.
Account and Marketing Data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
You can contact us at firstname.lastname@example.org.