Privacy Policy – New Zealand

About Menova Health NZ and This Privacy Policy

Menova Health is a brand operated under Medora Group Pty Ltd (ABN 49 680 309 282), in partnership with our New Zealand operating entities:

• Menova Health NZ Limited Partnership NZBN 9429052711558
• Menova NZ Pty Ltd ACN: 684 316 103

(collectively referred to as “Menova Health,” “we,” “us,” or “our”).

We provide tailored and managed men’s health solutions to support well-being through secure and convenient telehealth services.

We are committed to safeguarding your personal and health information and complying with New Zealand’s Privacy Act 2020 and the Health Information Privacy Code 2020 (HIPC). We also adhere to international privacy and security standards such as HIPAA, where applicable.

This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal and medical information in the context of our New Zealand operations.

1. What is Personal Information?

“Personal information” refers to information or an opinion about an identified or reasonably identifiable individual. This includes sensitive information such as:

• Health and medical history
• Racial or ethnic origin
• Sexual orientation or practices
• Religious or philosophical beliefs

Information that has been de-identified and cannot reasonably be used to identify you is not considered personal information under this policy unless re-identified.

2. Why Do We Collect Your Personal Information?

We collect your information to:

• Deliver tailored healthcare services and support programs
• Assess and manage your health needs
• Communicate about your treatment, results, or appointments
• Facilitate billing, payments, and insurance claims
• Improve patient outcomes using technology, including AI
• Send marketing communications (with your consent)
• Conduct research and quality improvement (using de-identified data where possible)
• Meet legal and regulatory obligations (e.g., mandatory disease reporting)

3. How Do We Collect Your Personal Information?

We collect information in the following ways:

Direct Collection:

• Through consultations, forms, online quizzes, or surveys
• When you contact us or register for services

Third-Party Collection (with your consent or as required by law):

• From pharmacies, pathology providers, insurers, or referring healthcare professionals

Automatically via Technology:

• From your device when you use our website or patient platform (cookies, analytics, etc.)

4. What Types of Personal Information Do We Collect?

• Personal Details: Name, date of birth, contact information
• Health Data: Medical history, diagnosis, prescriptions, treatment outcomes
• Payment Information: Medicare, insurance, billing details
• Digital Data: IP address, device/browser information, usage analytics
• Preferences: Communication preferences, health goals, marketing choices

5. Where Is Your Data Stored? (Cross-Border Disclosure)

Your data is securely stored in Zoho CRM, with servers located in Australia, and is managed by our parent entity, Medora Group Pty Ltd.

In accordance with New Zealand’s Information Privacy Principle 12 (IPP 12) and HIPC Rule 11, we ensure that any offshore disclosure of your health information:

• Is done only with your informed consent, and
• Is subject to comparable safeguards to those required under NZ privacy laws.

We have implemented contractual protections and technical safeguards to ensure your data remains confidential, encrypted, and only accessible to authorised personnel. Zoho CRM complies with international standards such as ISO 27001, HIPAA, and GDPR.

By continuing to use our services, you acknowledge and consent to the storage and processing of your personal and medical data in Australia under the above conditions.

6. How Do We Use Your Personal Information?

We use your information to:

• Deliver and improve healthcare services
• Personalize your treatment based on AI insights and analytics
• Communicate with you and provide support
• Fulfill legal obligations or respond to law enforcement
• Send marketing material (opt-out available anytime)

7. Disclosure of Your Information

We may share your data with:

• Healthcare professionals and service providers involved in your care
• Government bodies or insurers (e.g., for Medicare or ACC claims)
• Offshore contractors (Philippines, India, UAE, UK) for support, subject to strict confidentiality and compliance agreements
• IT providers (e.g., Zoho CRM) for secure data hosting

All third parties are contractually bound to protect your privacy and security in accordance with NZ law.

8. Data Security and Retention

We protect your information using:

• Encryption, firewalls, and secure servers
• Role-based access to limit who can view or modify sensitive information
• Regular audits and staff training on privacy protocols

Health records are retained for at least 10 years from your last interaction (or longer if required by law). Once no longer needed, your data will be securely deleted or anonymised.

9. Data Breach Notification

If a privacy breach occurs that is likely to cause serious harm, we will:

• Notify affected individuals promptly
• Report the breach to the Office of the Privacy Commissioner (NZ)
• Take steps to contain the breach and prevent recurrence

10. Use of AI and De-Identified Data

We may use de-identified data for:

• AI development to improve clinical outcomes
• Internal analytics, service improvement, or research

Identifiable health data will only be used for AI purposes with your explicit consent.

11. Cookies and Analytics

We use cookies and web tracking tools to:

• Improve your browsing and service experience
• Analyse usage patterns on our website and patient platform

You can disable cookies via your browser settings.

12. Your Privacy Rights (Under NZ Law)

You have the right to:

• Access your personal or medical information
• Request correction of inaccurate or outdated information
• Withdraw consent for specific data uses
• Request deletion or transfer of your data (where feasible)

Contact us at the details below for any data requests.

13. Privacy Complaints

If you have any concerns or complaints about your privacy, please contact us:

Email: compliance@menovahealth.com
Phone: 1300 001 459

If unresolved, you may escalate the matter to:

Office of the Privacy Commissioner (NZ)
compliance@menovahealth.com

0800 803 909

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our operations. The most recent version will always be available on our website.