Medifab Limited, a New Zealand company, is part of the Medifab Global Group which includes Medifab Limited and Spex Limited.
We are committed to safeguarding the privacy of our customers and other users of our products and services.
What Personal Information and data do we collect?
During the course of your relationship with us, or your use of our websites or other services, we may collect, store and use the following kinds of Personal Information and data:
- information about any products or services that you order from us, or that you seek information about from us;
- your name and contact details, such as phone numbers, addresses and email addresses, as well as health and medical information about you. We will usually collect this information when you provide it to us, but we may also collect this information from third parties, such as disability service providers, health service organisations, health workers, funding agencies, and products distributors or resellers, where that information is being provided to enable us to provide or quote for products or services for your specific needs or for the specific needs of someone in your care;
- when you use our websites, data about your computer and about your visits to and use of our websites and other online services (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation and downloaded items);
- Personal Information and other data that you provide to us for the purpose of registering for any online services that we provide, or for any subscription or alert services that we provide (such as email notifications or newsletters);
- other Personal Information and data provided to us in the course or as a result of your relationship with us, including where necessary to enable us to provide products and services to you or someone in your care, or to respond to requests for further information;
- Personal Information and data are provided to us when users or customers voluntarily complete customer surveys or provide feedback on any of our web forms, via email, or by other means;
- Personal Information and data are provided to us when users or customers voluntarily provide information to us for use in case studies, staff training, or educational or promotional purposes; and
- payment details, including credit card or banking details, whenever you pay for any goods or services that we provide.
Members of the Medifab Global Group also share some administrative and technical services and systems, and they may collect Personal Information and data from each other where necessary for the administrative, technical support, and other legitimate business purposes of the Medifab Global Group.
Using Personal Information and data
We will use, disclose and hold Personal Information and data collected by us for the following purposes:
- to enable us and our agents, affiliates, resellers and distributors to provide any goods or services requested by you, or requested by others on your behalf;
- to enable us to operate our websites and other online services;
- to improve your browsing or user experience when you use our websites or other online services;
- to establish and maintain any user or customer account you hold with us;
- to complete sales transactions, including billing, credit card processing, payment, receipt, credit check and verification services;
- to respond to your queries or requests for additional information or support;
- to provide any after-sales service required by you;
- to maintain our records;
- to provide technical support and administration services in relation to our websites or other online services and any goods or services ordered by you or by someone on your behalf;
- for product development or research purposes; and
- to evaluate customer satisfaction and the performance of marketing activities.
If you have agreed to provide us with your Personal Information or data for the purposes of publicity or other publication, then we may use that Personal Information or data for such purposes, and you license us to use, copy and distribute that Personal Information or data for such purposes. We will ensure that any such use, copying and distribution is in accordance with the scope of any agreement we enter into with you at the time.
We will usually agree with you on a licence level, allowing us to use, copy and distribute that Personal Information or data for the purposes permitted under that licence level. The licence levels are:
- Level 1: Internal staff training use only
- Level 2: Clinical education for our dealers and wheelchair prescribers only
- Level 3: Conferences, exhibitions, symposiums, etc.
- Level 4: Website, print material, social media, marketing, webinars and healthcare publications.
We may use Personal Information and other data collected by us to send or email you marketing or promotional information about our services or products, but only if you have expressly given us permission to do so.
We will not provide any of your Personal Information or data to any third parties for the purpose of direct marketing unless you have expressly given us permission to do so.
Cookies are text files placed on computers, devices or browsers used to access websites, apps or other internet content. Cookies may be used to collect standard Internet log data and visitor behaviour data or to remember information about users’ personal preferences and user settings. When you visit our websites or use our online content, we may collect data from you automatically through cookies or similar technologies.
- allowing you to stay signed in; and
- understanding how you use our websites or online content.
In particular, we may use functionality cookies so that we recognise users on our websites or online content and remember their previously selected preferences. These could include what language the user prefers and their location. A mix of first-party and third-party cookies may be used.
We also use analytics software to analyse the use of our websites. We use Google Analytics, which generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our websites is used to create reports about the use of the websites. Google will store this data. You still have the option to prevent Google from collecting data generated by cookies and relating to your use of our websites (including your IP address) as well as from processing this data, by downloading and installing a Google browser plug-in. Further information on Google Analytics can be found here.
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
Statistical data that we collect
During your use of our websites or other online services, we may collect statistical data about such use, such as the date, time and length of your use, the pages that you visit, and information about the device you are using to access our websites or other online services. This information may be collected by software operating on our websites or other online services, or by third-party service providers on our behalf.
We may use and disclose such statistical data for the following purposes:
- to measure the effectiveness of any services or features provided via our websites or other online services;
- to better direct users to goods or services that might interest them;
- to identify user behaviour and user trends on our websites or other online services;
- to maintain and optimise the technical performance, operation and security of any products or services (including our websites or other online services) provided by us; and
- to assist in resource planning.
We may disclose or sell such statistical data to others for any purpose, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.
We may disclose Personal Information and data about you to:
- our employees, officers, agents, distributors, resellers, suppliers, and subcontractors;
- other members of the Medifab Global Group;
- funding bodies, health care organisations, and health professionals; and
In addition, we may disclose your Personal Information and data:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings; or
- in order to establish, exercise or defend our legal rights (including by providing Personal Information and data to others for the purposes of fraud prevention and reducing credit risk).
We may transfer your Personal Information and other data to another entity in connection with a sale of our business or assets, a merger or consolidation or restructuring of our business or company or the Medifab Global Group, or any other transaction in which a third party acquires ownership of any rights in our business.
Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.
You are responsible for keeping any password and user details we issue to you confidential. We will not ask you for your password (except when you log in to our online services).
Holding Personal Information
We will not hold your Personal Information and other data for longer than is reasonably required for the purposes for which we may lawfully use that Personal Information or data.
Should your Personal Information and other data no longer be required, we will either securely destroy your Personal Information and data or retain it in an aggregated and anonymised form.
Transfer of Information
- All email correspondence and file storage are hosted in Australia by Microsoft via its Office 365 service. For more details about the privacy policies and practices of Microsoft see: https://privacy.microsoft.com/en-ca/privacystatement
- Order details and basic customer information (name, address, contact details) are stored in Australia by our cloud services provider OVHcloud. For more details about the privacy policies and practices of OVHcloud see: https://www.ovh.com.au/support/termsofservice/Privacy_policy.pdf
- We use an application hosted by Nintex, based in Australia, to record and administer customer complaints and incidents. For more details about the privacy policies and practices of Nintex see: https://www.nintex.com/legal/privacy-policy/
If we transfer outside New Zealand the Personal Information of any New Zealand-based person, we will ensure that appropriate safeguards are in place with the recipient of that Personal Information, as prescribed by the Privacy Act 2020 (NZ), before we transfer that Personal Information.
If we transfer outside Australia the Personal Information of any Australia-based person, we will ensure that appropriate safeguards are in place with the recipient of that Personal Information to ensure that the recipient complies with the Privacy Act 1988 (Australia), before we transfer that Personal Information.
We will ensure that appropriate safeguards are in place as prescribed by the European Union’s General Data Protection Regulation (GDPR) before we transfer any Personal Information of any European Union subjects to any data processor based in any country that the European Commission has not recognised as providing adequate protection for the personal data of European Union subjects.
The European Commission has recognised New Zealand as providing adequate protection for the personal data of European Union subjects.
We want to make sure you are fully aware of all your rights in relation to the Personal Information and data we collect. These rights may differ depending on the applicable privacy or data laws in the country where you are based.
The main rights you have in relation to the Personal Information and data we collect are below.
- The right to access: You have the right under certain conditions to request from us copies of your Personal Information, as well as information about our collection and processing of your Personal Information. Provision of such information will be subject to the supply of appropriate evidence of your identity.
- The right to rectification: You have the right under certain conditions to request that we correct any Personal Information you believe is inaccurate. You may also have the right under certain conditions to request that we complete any data you believe is incomplete.
- The right to erasure: If you are a European subject, you have the right under certain conditions to request that we erase your Personal Information.
- The right to restrict processing: If you are a European subject, you have the right under certain conditions to request that we restrict the processing of your Personal Information.
- The right to object to processing: If you are a European subject, you have the right under certain conditions to object to our processing of your Personal Information.
- The right to data portability: If you are a European Union subject, you have the right under certain conditions to request that we transfer your Personal Information that we have collected to another organisation, or directly to you.
If you want to exercise any of these rights, please contact our Privacy Officer (see below) and he/she will tell you how to make a request and if any charges will apply.
European Union subjects also have the right to lodge a complaint about our Personal Information processing activities with a supervisory authority in the EU Member State where they are based or where the data processing activity took place.
Our Privacy Officer can help you to identify who your supervisory authority is.
Updating this Policy
Medifab Global Group Privacy Officer:
Phone: 0800 543 343 (NZ) or 1300 543 343 (AU)
(NZ) Medifab Limited
22 Detroit Drive
(AU) Medifab Limited
26 Pardoe Street