PRIVACY POLICY
Effective Date: 25 Nov 2024
Last Updated: 25 Nov 2024
Article 1: Introduction
The AI Health Innovation Hub (AHIH), powered by EmoEx Technology, is committed to protecting the privacy and personal data of all its participants, collaborators, and users. This Privacy Policy outlines how we collect, use, share, and safeguard your information, ensuring compliance with New Zealand’s Privacy Act 2020 and other relevant regulations.
By accessing or using our services, including the Innovation Environment for Psychological and Clinical Practices (IEPCP) platform, you agree to this Privacy Policy. If you do not agree, please refrain from using our services.
Article 2: Information We Collect
2.1 Personal Information
We collect personal information to enhance your experience and participation, including:
-
Identification Data: Name, email address, phone number, and professional details (e.g., credentials, affiliations, roles).
-
Login Details: Username, passwords, and account-related data.
2.2 Research and Interaction Data
During your use of AHIH services, we may collect:
-
Research Data: Inputs provided in trials, workshops, or feedback sessions.
-
IEPCP Usage Data: Data generated through interactions with our tools and platforms, including diagnostic models, AI companions, and simulation environments.
-
Scientific Datasets: We may access the scientific datasets you build within the Innovation Environment for Psychological and Clinical Practices (IEPCP) for purposes of platform operation and technical support. However, we will not record or share these datasets with any third party. You retain full ownership of the original datasets unless otherwise agreed.
2.3 Technical Data
Information collected automatically through technology:
-
Device Information: Browser type, IP address, and operating system.
-
Cookies and Analytics: Preferences, session activities, and visit logs.
2.4 Sensitive Information
We ask you not to use any patient-related information without explicit consent from all stakeholders. With that, and with your explicit consent, we may process:
-
Health-related data, such as patient outcomes and anonymised clinical observations.
-
Other sensitive data relevant to research and trials conducted on the IEPCP platform.
Article 3: How We Use Your Information
We collect and use information to ensure the safe, ethical, and effective operation of the AI Health Innovation Hub (AHIH) and the Innovation Environment for Psychological and Clinical Practices (IEPCP) platform. Below is a detailed explanation of how we use your information:
3.1 To Provide Services
-
Access Management: Use login credentials to manage access to the IEPCP platform and other AHIH services.
-
Enable Participation: Facilitate your registration, participation in research initiatives, and engagement with trials and workshops.
-
Qualification Verification: Professional credentials are used to confirm your eligibility and qualifications for conducting research and developing innovative solutions in your specific field of practice. This ensures that activities are aligned with ethical and professional standards.
3.2 To Enhance Operations
-
Platform Optimisation: Use interaction data from the IEPCP platform to improve system performance, user experience, and service functionality.
-
Feedback Integration: Analyse research inputs and trial results to refine tools, processes, and AI-driven healthcare solutions.
-
Technical Support: Use information collected during your interactions with the IEPCP platform to provide technical support, resolve issues, and ensure seamless operation.
3.3 To Support Research and Development
-
Analysis: Conduct data analysis to evaluate research outcomes and identify opportunities for innovation.
-
Collaboration: Share anonymised insights with collaborators to advance research goals and develop scalable, evidence-based solutions.
-
Reporting: Publish findings in aggregate or anonymised formats for use in academic journals, industry white papers, or public reports.
3.4 To Facilitate Communication
-
Updates and Notifications: Notify you about updates to the platform, upcoming research opportunities, and events.
-
Engagement: Share relevant findings, progress reports, and opportunities for further collaboration.
3.5 To Ensure Compliance
-
Regulatory Adherence: Use information to comply with legal, ethical, and professional standards in healthcare and AI research.
-
Risk Management: Monitor activities for compliance with terms of use and research guidelines.
Article 4: Information Sharing and Disclosure
We are committed to protecting the confidentiality of your data while facilitating collaboration and innovation. This article explains how and under what circumstances your information may be shared.
4.1 Sharing with EmoEx Technology
Your information may be shared with EmoEx Technology under the following conditions:
-
Purpose: To improve the functionality and performance of the IEPCP platform and other related tools.
-
Data Anonymisation: Only aggregated and anonymised data will be shared for research and development purposes to safeguard individual privacy.
-
Commercialisation Support: If the results of your research are approved for commercialisation, EmoEx may use aggregated findings, in compliance with pre-agreed terms, to bring these solutions to the broader healthcare community.
4.2 Sharing with Research Collaborators
We collaborate with a wide range of healthcare professionals, academic institutions, and industry experts. Data sharing in this context is conducted as follows:
-
With Consent: Data will only be shared with other collaborators if you provide explicit consent. This ensures that your research contributions remain protected and your rights respected.
-
Confidentiality Agreements: All collaborators must adhere to strict confidentiality agreements, ensuring that any shared data is used solely for the purposes outlined in the agreement.
-
No Sharing Without Consent: Your data will not be shared with other innovators or professionals without your explicit permission.
4.3 Public Reporting
We are committed to transparency and knowledge sharing through the publication of research findings. This is handled as follows:
-
Anonymised Data: Published reports and findings will use aggregated or anonymised data to protect individual privacy.
-
Stakeholder Approval: All publications, including white papers and public reports, require the consent of all stakeholders involved in the research process.
-
Purpose: Reports are published to advance industry standards, promote responsible AI development, and share best practices in healthcare innovation.
4.4 Legal Compliance
We may disclose information to comply with legal and regulatory obligations:
-
Lawful Requests: Data may be shared in response to court orders, legal proceedings, or government inquiries, provided such requests are valid and authorised.
-
Regulatory Compliance: We adhere to New Zealand’s Privacy Act 2020 and other relevant laws, ensuring that disclosures are lawful and minimal.
4.5 Security of Shared Information
When sharing data, we implement measures to ensure its security:
-
Encrypted Transfers: All data shared with collaborators, EmoEx Technology, or regulatory bodies is transmitted using secure, encrypted channels.
-
Access Control: Access to shared data is restricted to authorised personnel and parties bound by confidentiality agreements.
-
Audits: Regular audits are conducted to ensure compliance with this policy and safeguard against unauthorised disclosures.
Key Principles of Information Sharing
-
Consent-Driven Sharing: Your explicit consent is required for any data sharing, especially when collaborating with other researchers or publishing findings.
-
Transparency: You will be informed about how, when, and with whom your information is shared.
-
Confidentiality: All shared data is handled with the utmost confidentiality to protect your intellectual property and privacy.
Article 5: Data Retention
We are dedicated to handling your data responsibly and transparently. This section explains why we retain data, how long it is kept, and the measures we take to ensure secure handling throughout its lifecycle.
5.1 Purpose of Retention
The data we collect through the AI Health Innovation Hub (AHIH) and the Innovation Environment for Psychological and Clinical Practices (IEPCP) platform is retained to:
-
Fulfil its Purpose: Ensure we can provide the services and features you expect, such as participation in research and access to the IEPCP platform.
-
Support Future Innovation: Retain insights and results that help advance long-term healthcare research and development.
-
Meet Legal Requirements: Comply with laws, regulations, and professional standards that govern data management.
5.2 Retention Periods
Different types of data are retained for varying lengths of time to balance operational needs with your privacy:
-
Personal Information: Your personal details are kept for as long as you are actively using AHIH services and for a short time after, to ensure smooth offboarding or to meet legal obligations such as record-keeping.
-
Research and Interaction Data:
-
Anonymised Data: Non-identifiable datasets, used for analysis and reporting, may be stored indefinitely to support ongoing research.
-
Original Datasets: Datasets you upload as part of your collaboration are retained only during the trial period, unless otherwise agreed in advance.
-
Technical Data: Information such as device and system logs is kept for as long as needed to ensure the platform operates smoothly and securely.
5.3 Secure Deletion
We prioritise the secure removal of your data when it is no longer needed:
-
Deletion Process: At the end of the retention period or upon your request, we securely delete or anonymise identifiable data to ensure it cannot be reconstructed.
-
Exceptions: Some data may be retained longer if it is required for:
-
Legal compliance or auditing purposes.
-
Resolving disputes or addressing complaints.
-
Fulfilling specific contractual obligations.
Our goal is to strike the right balance between retaining data for meaningful use and respecting your right to privacy. If you have any questions about how long your data is retained or wish to request its deletion, feel free to contact us at [Insert Contact Email].
Article 6: Data Protection
6.1 Security Measures
To protect your data from unauthorised access, breaches, or misuse, we implement robust security practices:
-
Encryption: All sensitive data is encrypted both in transit and at rest.
-
Access Controls: Only authorised personnel with specific roles can access your information.
-
Regular Monitoring: Conduct regular audits, vulnerability assessments, and system monitoring to detect and address potential risks.
6.2 Incident Response
In the event of a data breach, we will:
-
Notify affected individuals promptly as required by New Zealand’s Privacy Act 2020.
-
Investigate the breach to determine its cause and mitigate future risks.
-
Inform relevant authorities if necessary.
6.3 Third-Party Data Protection
-
Collaborators and third-party service providers must adhere to strict security and privacy standards.
-
Data shared with such parties is protected by legally binding confidentiality and data protection agreements.
Article 7: Your Rights
The AI Health Innovation Hub (AHIH) is committed to protecting your rights under New Zealand’s Privacy Act 2020 and ensuring that you have full control over your personal information. Below is a detailed explanation of your rights and how you can exercise them:
7.1 Right to Access
You have the right to request access to the personal data we hold about you. This includes obtaining a copy of the data and understanding how it is being used, such as the types of data collected, the purposes for which it is processed, and the parties with whom it has been shared, if any. To exercise this right, submit an access request by contacting us at [Insert Contact Email]. We will verify your identity and provide the requested information within the timeframe required by law.
7.2 Right to Correction
You have the right to request corrections to any personal information that is inaccurate, incomplete, or outdated. You may also update missing information if it is relevant to the purpose of collection. To do this, contact us with details of the corrections required. We may ask for supporting documentation to verify the requested changes.
7.3 Right to Deletion (Right to Be Forgotten)
You have the right to ask for your personal information to be deleted if it is no longer needed for the purposes for which it was collected, if you withdraw consent and there is no other legal basis for processing, or if you object to its use and there are no overriding legitimate grounds to retain it. Data may not be deleted if required for legal obligations, ongoing research, or anonymised use. Submit a deletion request with specific details about the information you wish to have removed.
7.4 Right to Consent Management
You have the right to withdraw consent for specific uses of your data, such as participation in trials or research activities, or data sharing with collaborators or third parties. You can also modify your preferences regarding data processing and communications. To exercise this right, contact us to update your preferences or withdraw consent. Note that withdrawal may limit your access to certain services.
7.5 Right to Object
You have the right to object to the processing of your personal data for specific purposes, including direct marketing communications or the use of data for research purposes where anonymisation has not been applied. Provide a written objection specifying the purpose or activity you wish to challenge.
7.6 Right to Data Portability
You have the right to request that your personal data be provided in a structured, commonly used, and machine-readable format. You may also ask us to transfer your data directly to another organisation, where technically feasible. Contact us with details of your request and the recipient organisation. We will process this within legal and technical constraints.
7.7 Right to Restriction of Processing
You have the right to temporarily restrict the use of your data if you contest its accuracy, if the data is no longer required for processing but must be retained for legal or other valid reasons, or if you have objected to processing and a decision is pending. During restriction, your data will not be processed but may still be stored. Submit a restriction request detailing the reason and scope of limitation.
7.8 Right to Transparency in Automated Decisions
You have the right to be informed about the logic, significance, and potential consequences of automated decisions made using your data, such as AI-driven recommendations. You may also request a review of significant decisions that affect you, ensuring human oversight is applied. Reach out to us for clarification on automated decisions involving your data and for assistance with reviews.
7.9 How to Exercise Your Rights
To exercise any of these rights, contact us at info@eahih.org with your specific request. You will need to provide verification of your identity to protect your data from unauthorised access. We aim to respond to all requests within the legally mandated timeframe, which is usually 20 working days under New Zealand law.
7.10 Limitations to Your Rights
While we strive to honour all requests, certain limitations may apply. Some data may need to be retained to comply with laws or regulations, and requests that significantly disrupt ongoing research or development may be denied but will be reviewed on a case-by-case basis.
By detailing these rights, we aim to empower you with control over your personal data and ensure transparency in how we handle your information.
Article 8: Cookies and Tracking
The AI Health Innovation Hub (AHIH) uses cookies and similar tracking technologies to enhance user experience, analyse website usage, and improve the functionality of our services. This article provides details on the types of cookies we use, their purpose, and how you can manage them.
8.1 Use of Cookies
Cookies are small text files stored on your device when you visit our website or access the IEPCP platform. We use cookies to:
-
Enhance website functionality and user experience by ensuring seamless navigation and operation.
-
Analyse website traffic and usage patterns to understand how users interact with our services and identify areas for improvement.
-
Remember user preferences (e.g., language, region) to streamline interactions and provide a personalised experience.
8.2 Types of Cookies
The cookies we use fall into the following categories:
-
Essential Cookies: These are required for core functionalities, such as authentication and secure access to the IEPCP platform. Without these cookies, certain features may not function properly.
-
Analytics Cookies: These cookies gather anonymised data about user behaviour, including which pages are visited most frequently and how users navigate the site. This helps us improve our services and optimise content.
-
Preference Cookies: These cookies store your preferences, such as language settings and region, ensuring that your experience is tailored to your needs.
8.3 Managing Cookies
You have the right to manage how cookies are used on your device:
-
Browser Settings: You can enable, disable, or delete cookies through your browser settings. Most browsers provide options to block cookies or alert you when cookies are being set.
-
Impact on Functionality: Please note that disabling cookies may affect the functionality of certain features on the website or the IEPCP platform. Essential cookies, for instance, are necessary for authentication and secure access.
8.4 Third-Party Analytics
We may use trusted third-party services, such as Google Analytics, to track and analyse usage trends:
-
Purpose: These services help us understand how users interact with our website and platform, enabling us to improve functionality and user experience.
-
Data Protection: All data shared with third-party analytics providers is anonymised and aggregated to protect individual privacy. No personally identifiable information (PII) is shared.
8.5 Your Control Over Cookies
To manage cookies:
-
Adjust your browser settings to control or delete cookies. Instructions are typically available in your browser’s help section.
-
Use opt-out tools provided by third-party analytics providers, such as Google Analytics, if you do not wish to have your website activity tracked.
By using our website and the IEPCP platform, you consent to the use of cookies and similar technologies as described in this article. For more information or assistance with cookie management, contact us at [Insert Contact Email].
Article 9: Updates to This Policy
The AI Health Innovation Hub (AHIH) is committed to maintaining transparency and ensuring that this Privacy Policy reflects our evolving operations, legal requirements, and user feedback. This article outlines how updates to this policy are managed and communicated.
9.1 Periodic Updates
We may update this Privacy Policy periodically to address:
-
Changes in AHIH Operations or Services: Adjustments made to accommodate new features, services, or operational procedures within AHIH or the IEPCP platform.
-
New Legal or Regulatory Requirements: Amendments necessary to comply with changes in laws, regulations, or industry standards that impact data privacy.
-
Feedback or Suggestions: Revisions based on input from our collaborators, participants, and users to ensure the policy remains clear, relevant, and user-focused.
9.2 Notification of Changes
-
Communication Channels: Any significant updates to this Privacy Policy will be communicated through email notifications or via a prominent notice on the AHIH website. This ensures all users are informed of changes in a timely manner.
-
Effective Date: The “Effective Date” listed at the top of this Privacy Policy indicates when the latest updates were implemented, allowing you to track revisions easily.
9.3 Continued Use
Your continued use of AHIH services following any updates to this Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you are advised to discontinue use of our services and contact us for clarification or to exercise your rights.
Article 10: Contact Information
The AI Health Innovation Hub (AHIH) values your feedback and is committed to addressing your questions, concerns, or complaints regarding this Privacy Policy. Below are the ways you can reach us.
10.1 General Inquiries
For questions, concerns, or feedback about this Privacy Policy or how your data is handled, please contact us using the following details:
-
Email: info@eahih.org
10.2 Complaints
If you believe your rights under this Privacy Policy have been violated or are dissatisfied with how your data is managed, you can:
-
File a Complaint Directly with Us: Reach out using the contact details above, and we will investigate and address your concerns promptly.
-
Report to New Zealand’s Office of the Privacy Commissioner: If you are not satisfied with our response or believe further action is needed, you may contact the Office of the Privacy Commissioner for guidance or to file a formal complaint.
10.3 Physical Address
You can also reach us at our physical office location:
-
AI Health Innovation Hub
-
409 Manukau Road, Epsom, Auckland
We are committed to resolving all inquiries and complaints promptly and transparently to ensure your privacy and rights are respected.
AI Health Innovation Hub.