Privacy Statement

Habit Health's Privacy Statement

This privacy statement applies to all of Habit Health (or a person acting on behalf of Habit Health). It aims to clarify how we collect, use, store, disclose, update, and destroy individual's personal information in New Zealand. Habit Health represents Habit Holdings Ltd and its related companies, including PMARS, Hand Rehab, PRG and EAP Services.  

We respect the confidentiality of our clients' personal information and take privacy seriously. We set out in this privacy statement: 

  • Types of personal information we collect  
  • How we collect information 
  • How we use personal information 
  • Who we share personal information with  
  • How to request access to your personal information  
  • How to request correction of your personal information  
  • How to make a complaint 
  • How we treat other information we collect that is not personal information 

As a health care provider Habit Health may collect, use, and disclose personal information relating to its customers and clients to provide health care services and information relating to contractors, suppliers, and employees in the performance of its business activities. 

Habit Health manages personal information we collect in a fair and transparent manner. We appreciate the sensitive nature of personal information and place a high importance in managing information in accordance with relevant legislation, particularly the Health Information Privacy Code 2020, the Privacy Act 2020, other relevant legislation, and the Information Privacy Principles in relation to the collection, storage, use and disclosure of records containing individuals' personal Information.


Personal Information means information about an identifiable individual. 

Collection of personal information 

  • Habit Health may collect Personal Information for a lawful purpose connected with a function or activity of Habit Health.  
  • A person who collects Personal Information on behalf of Habit Health must comply with this statement.  
  • Collecting personal information allows us to confirm the identity of our clients and the people we communicate with for business. This information allows our clients to securely access our online services, book services with ease and communicate with us about their health needs.  

Types of personal information we collect 

The type of personal information collected will likely vary depending on the business purpose, activity, funding type and/or services for which you are engaged with Habit Health. We only collect information required for us to perform one or more of our functions or activities, as outlined in Collection of Personal Information above. 

Personal information collected by us may include:  

  • Contact information – name, date of birth, address, email address, telephone numbers, next of kin/emergency information, membership details.   
  • Unique identifiers – an identifier assigned to an individual by another agency such as ACC claim numbers, NHI numbers, employee numbers etc.   
  • Employment information – employment history, work performance.   
  • Financial information (bank account details).  
  • Sensitive information (health and medical history) necessary for the safe and effective delivery of health care.  
  • Information to assist with management of client and business relationships. 

How we collect information 

Personal information will be collected from the individual it relates to and in compliance with the Privacy Act and HIPC 2020. An exception would be where you (the individual) have provided authority/consent to collect the information from someone else.  

How we collect personal information will vary depending on the business purpose, activity, funding type and/or services for which you are engaged with Habit Health.  

Personal information may be collected through the following means:  

  • Face to face and over the phone from you 
  • When you complete a form on our website or via our APP 
  • When you enquire about a service through our website  
  • When you send an email or enquiry to us 
  • When your employer sends your information to us in order to refer you to our services   

We may also collect information about you from another source if:  

  • You have given authority for us to collect your information from another source; or  
  • You have given consent/authority to another source to share the information with us, e.g., as part of your rehabilitation or pre-employment assessment (ACC, third party insurers, other rehabilitation providers); or  
  • The information will not be used in a form that identifies you; or  
  • The Privacy Commissioner has authorised the collection of information in this manner.   

In addition to collecting and storing necessary information to communicate with our clients about their health concerns, Habit Health also stores names, addresses and contact details of contractors, suppliers, employees, and other parties we interact with related to business activities. The same privacy statement applies to this information.  

Personal Information can also be collected automatically 

When you visit our websites or use our services, some information about you is automatically collected.  For example, to improve our websites usefulness, our servers may collect your browser type, operating system, Internet Protocol (IP) address, domain name, and/ a date/time stamp for your visit. Some of this information is also collected using cookies and similar technologies including Google Analytics. The Google website provides more information about how cookies operate and how Google uses your data and how you can opt out.  We recommend you accept the use of cookies, if you reject or erase the cookies, some of our services may not function properly or be fully available. See further information here.  

How we use personal information

Personal information allows us to confirm the identity of our clients and people we communicate with for business. This information allows our clients to securely access our online services, book services with ease and communicate. This information is used to confirm your identity, assist in the safe provision of services, and is intended to satisfy our contractual, professional and legal obligations.  

Personal information may be used under the following conditions:  

  • For the safe and complete delivery of services related to your clinical care.  
  • In the performance of Habit Health’s business activities. 
  • When you provide an email address to enquire about a service, the email address you provide will be retained and may be used by the company to contact you regarding services related to your enquiry or completed online form.  
  • When you provide a phone number to enquire about a service, the phone number you provide will be retained and may be used by Habit Health to contact you regarding services related to your enquiry or completed online form.  
  • If you contact our EAP National Support Centre by phone, calls may be recorded for training, quality and business purposes. Where this occurs, you will be notified by automated message.  
  • When you enquire about a service, the email address or phone number you provide may be used to inform you of updates to a service you used or showed interest in or may reasonably have interest in.  
  • When you register for one of our services, you may be subscribed to our mailing list for relevant communication regarding your service, updates that may affect you, and related services. You can unsubscribe from our mailing lists at any time from the links at the bottom of our newsletter.  

We also collect, use and store personal information to enable us to;  

  • Comply with various contractual, professional, and legal obligations. 
  • Assess and manage risk to the health, safety and wellness of our workers, customers, and wider community. 
  • Provide services and business activities associated with these services.  
    • Injury Rehabilitation and Assessment 
    • Psychology and Counselling  
    • Employee Assistance Programmes (EAP) 
    • Disruptive Event Management 
    • Health and wellbeing services 
    • Workplace assessments and education  
    • Occupational Health and Safety assessments, services, and monitoring  
    • Employment and Career Services  
    • HR Consulting and organisational development (coaching, training and facilitation) 
    • Health and Fitness  
    • Diet and Nutrition  

We also collect your personal information to enable the provision of confidential and de-identified reporting in relation to organisational trends relating to the health and wellbeing services we provide.  All reasonable steps will be taken by us to ensure that this information does not allow for the identification of any persons. 

The function or activity of Habit Health and the delivery of our services, as well as those of our contracted providers, may vary from time to time.   

Who we will share or disclose personal information with

Habit Health will only share personal information if we are using it for the reason we collected it, if you’ve given your authorisation, or where there is other legal or compliance reasons.  

We will only disclose your personal information where we reasonably believe one of the following applies:  

  • The disclosure is in connection with, or directly related to, one of the purposes for which it was obtained. 
  • The disclosure is to you or authorised by you. 
  • The disclosure is necessary to facilitate the sale of a business as a going concern.  
  • The information is to be used in a form in which you are not identified. 
  • The disclosure is necessary for court proceedings. 
  • The disclosure is required or authorised by law. 
  • The information was obtained from a public source. 
  • We reasonably believe that the disclosure is necessary to prevent or lessen a serious and/or imminent threat to the public or any person. 
  • The disclosure is authorised and conducted in accordance with the guidelines approved by the Privacy Commissioner.  

Examples of disclosures of personal information (depending on the services under which you are engaged or enrolled) may include disclosures to:  

  • Your authorised health practitioners 
  • Our related companies and their staff 
  • Limited disclosure to our professional advisors (such as accountants and lawyers) 
  • Government or third-party service partners (such as ACC, MSD, Apex NZ) in relation to carrying out the service you've requested and take actions connected to the purpose of collection 

We may de-identify personal information we have collected for use and disclosure to organisations outside of Habit Health for the purposes of analysing our service quality and timeliness, marketing and compilation or analysis of statistics comprised of, or related to the information you provide us. De-identified information may also be used internally for business analysis and educational purposes. We will not disclose personal information we have collected to a party outside of New Zealand unless we have taken steps to confirm they will comply with a standard equal of protection regarding personal information that is equal to that offered under New Zealand legislation.  

Other People’s Information which you Provide to Us 

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use, and disclose such information for the purposes described above. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this policy as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our information disclosures practices, the individual’s right to obtain access to the information and the consequences for the individual if the information is not provided. 

How we keep your personal information safe and secure 

Habit Health will take all reasonable steps to ensure that data is secure and will maintain generally accepted standards of technology and operational security to protect Personal Information from loss, misuse, alteration, or destruction. Any person acting on behalf of Habit Health will not transfer Personal Information to an individual without first establishing the identity of the recipient using a personal identifier and/or cross check.   

All personal information is stored securely in specialised software in the cloud or in a secure server environment. Information is only accessed by authorised persons for the purposes related to the services provided or anonymised reporting.  

Habit Health will take reasonable steps to destroy or permanently de-identify personal information (such as a job applicant's resume) if it is no longer needed. Habit Health comply with all legislations that mandate certain time periods that we must hold your information for.  

How to request access to your personal information 

If Habit Health holds Personal Information about you, we will comply with legislative obligations to let you know what information we have on record.  You can request access to your personal information or someone else’s personal information (as long as you have the correct authority). Requests will be acknowledged promptly (within 5 working days).  

You can contact us to request access by: 

We must be able to verify your identity to be able to provide you access to your information.  

  • In limited situations, a request for access may be denied or restricted access given. We will provide reasons in writing for any refusal or limitation of access with information on how to complain. Grounds for refusal could include: 
  • Where providing access will pose a serious threat to life or health of any individual or pose an unreasonable impact on the privacy or an individual; 
  • your request for access is frivolous or vexatious; 
  • where the information relates to existing legal proceedings between Habit Health and you, and the information would not be discoverable in the process of those legal proceedings; 
  • where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law. 

If you have any concerns regarding the above, you can email our Privacy Officer at

How to request correction of your personal information 

Habit Health takes reasonable steps to ensure the Personal Information we collect, use or disclose is accurate, complete and up to date. If the information we have on record for you is not accurate, complete, and up to date, we will take reasonable steps to correct the information. We may require evidence that the information we have is inaccurate, incomplete, or out-of-date.  

You can request us to correct your information by:   

  • Phoning us on 0800 557 556 
  • Emailing us on   
  • Liaising directly with your treatment provider.  

We will respond and check our records. If the information we hold is confirmed to be factually incorrect, we will: 

  • Update the information on your file. 
  • Send the corrected information to any third party who may have received the incorrect information.  
  • Let you know we’ve made the change.   

Sometimes we may not be able to make the change you’ve requested. This is usually because it relates to opinion-based information e.g., clinical, or medical assessment. In this instance we will:  

  • Provide you with written information on why we can’t make the change and provide you with information on how to complain.  
  • You can choose to provide a written statement of correction which we will attach to your file. This will record your request for correction, but that we haven’t made the change.  

If you have any concerns regarding the above, you can email our Privacy Officer at  

Privacy concerns or complaints 

We are happy to discuss with you any concerns regarding the management of personal information or any information about our privacy statement.  

If you think we have breached the Privacy Act, Information Privacy Principles or Health Information Privacy Code 2020 you are entitled to complain.  

You can view our External complaints management process here

Let us know of your concerns or complaint by: 

  • Phoning us on 0800 115477  
  • Our website feedback portal for Habit Health here. And for EAP Services, click here.  
  • Liaising with your local service provider contact. 
  • Emailing our Privacy Officer at   

We will acknowledge your complaint within 5 working days.   

We will investigate the complaint and attempt to resolve it within 10 working days after the complaint was received. If we cannot conclude the complaint within this timeframe, we will provide you with information on how long we think it will take to investigate and respond to and keep you updated regularly. 

If you are not satisfied with the response or the outcome of the complaint, you can appeal to the Privacy Commissioner. 

Alternatively, you can lodge a complaint with the Office of the Privacy Commissioner here.

Personal Identifiers 

EAP Services will use a Client Identification Numbering System which allows for privacy and security of your information, and which is not related to any other identifier system. 


Habit Health is open about its management of personal information. This Privacy Statement will be made available to anyone who asks for it.  

Call Recording Privacy Statement 

As part of our commitment to providing the best possible service to our clients and customers, we record telephone calls made to and from our EAP service National Support Centre. 

We record calls: 

  • for staff training purposes, to help us improve our service and to ensure the information we provide is consistent and accurate; 
  • for reporting on the types and numbers of enquiries we receive; 
  • to ensure we have an accurate record of your call, which may be needed to support any services requirement. 

We understand your personal information is important, and we are committed to protecting your privacy. Recordings will be securely stored. 

Updates to Habit Health’s Privacy Statement 

We may amend or update this Privacy Statement from time to time with or without notice to you.