Privacy

Our Privacy Policy is occasionally updated. We strongly recommend you read our privacy policy and terms and conditions before every health test/body scan you have with Health and Fitness Testing NZ.

Booking system and medical notes system

We use Gensolve Practice Manager (Gensolve or GPM) for our booking system, text message reminders, and appointment database. Health and medical practitioners all around Australasia use this technology as it is known for it's robust privacy and ease of use. Our staff access this system via a Health and Fitness Testing NZ approved laptop. Both the laptop and the Gensolve Practice Manager require separate passwords to access results and personal information. The Gensolve Practice Manager Privacy Policy can be found here https://www.gensolve.com/privacy/. We recommend you read it prior to 

Text/Email reminders

To remind you about appointments you have booked with Health and Fitness Testing NZ, our Gensolve Practice Manager system may send you text messages or emails. This information is captured from Gensolve when you book an online appointment with Health and Fitness Testing NZ. 

Gensolve Security

The information below has been provided by Gensolve Practice Manager on 28.8.19

All data sent between the GPM application and the GPM servers is encrypted using the Advanced Encryption Standard 256bit algorithm. A small cached copy of frequently accessed data is stored on the local PC and this is also encrypted.

On the server data is stored in our Oracle Enterprise Edition database. This uses Transparent Data Encryption to encrypt sensitive patient related data on disk. All files uploaded to GPM are also encrypted.

Antivirus and intrusion detection software is installed on our application servers.

For details of our server environments compliance: http://aws.amazon.com/compliance/

and for security: http://aws.amazon.com/security/

For payment security refer to http://www.hicaps.com.au/

All users are required to log into GPM using their individual login credentials. We store hashed passwords in the database so no clear-text passwords are stored. There is the ability to restrict the days, hours, IP or MAC addresses for which logon can be permitted for individual users.

There is a highly configurable User Access Role editor which allows you to create custom access rights for users groups to align with your business process. You can prevent access to areas of GPM and also specify read-only access to specific areas.

All the latest operating system security updates are regularly installed on our servers and network scans are performed.

Reliability

The GPM client can connect to any of the multiple application servers that are running. All of the GPM servers are located in Sydney, Australia.

GPM’s Oracle Enterprise Edition database is fault tolerant. We have a standby node in a geographically separate region from the active database node. We can manually or automatically fail-over to the standby node in 2 minutes.

In the event that the client’s local internet connection is down and the GPM client cannot communicate with our server the application is still able to function in a limited manner. Appointment calendar and client details are still visible. When the connection becomes available again the user is asked whether to apply any locally stored changes to the database.

Gensolve Backups

The GPM database has incremental backups performed every 2 minutes. 7 days worth of incremental backups are stored.

Full daily backups of the database are created and are stored for 30 days.

Weekly backups are created and are stored for 1 year.

 

Fit3d Body Scan and Health Test Results

Health and Fitness Testing NZ staff/contractors will have access to your body scan and health test results. Our staff and you (the client) will have access to these results. We will not share your results without your permission however please note that we use Fit3d Body Scanners and the Fit3d data platform for our body scans. Fit3d have their own terms and conditions and privacy policy (see below for more information on this) that we must adhere to. 

If you are participating in a gym challenge (e.g. 8 week challenge) where a winner is chosen, it is likely the challenge organiser will want access to your results. They will not have access to your results until you grant them access. For this to be achieved, your trainer/coach will send you a "coach request" email letting you know that they wish for you to have access to their results. Once you approve this via email, they will have access to your results. Please only accept access from an email address that you recognise. If in doubt, please check with your gym/trainer.

If you win a challenge/do well, some gyms/trainers will use your results to promote their gym. If this is the case, your gym would usually state this in their gym contract/terms of use. If in doubt, please check this before giving your gym/trainer access to your results. 

Health and Fitness Testing NZ staff may access your Fit3d Body Scan results via the Fit3d 'cloud-based' database by using an approved username and password. Your full name, email address and Fit3d Body Scan results are listed on this database. 

Unless you specifically grant them access, Health and Fitness Testing NZ staff/contractors will not have access to your Body Scan 3d image. They will however have access to the outline of your body. Granting someone 'full access' will give them access to your images. Granting 'limited access' will just give them access to your numbers, graphs and the outline of your body.

Advanced Test Pack, Blood test Results, and Additional Health Questionnaires: Privacy 

Only your Fit3d Body Scan results will be stored on the Fit3d database. 

Your Cholesterol and HbA1c (diabetes) results are analysed using our Cobas b 101 system, developed by Roche. We enter your initials into our analyser system only. 

Your blood test results, blood pressure, lung function test (and other medical test) results will usually be recorded on a piece of paper/summary page. These will be scanned and saved under your name on our Gensolve Practice Manager database (see above for Gensolve details). Your date of birth, email address, and phone number are also stored on this database. After your test results have been processed, you will either be emailed a copy of your results via a pdf or you will be given a hand written copy or printed copy of these results. This is dependant on the type of test pack you have purchased. If you would like clarifcation on how your will receive your results for your situation, please email our director peter@healthandfitnesstesting.nz.

Your specific health test results are NOT shared with your Doctor, trainer, or workplace unless you have requested this or given permission for this. 

Health and Fitness Testing NZ will occasionally provide a workplace or gym/health centre with a summary of health test results for a specific workplace/gym. Your name, DOB, email address will NOT be used for this summary data. The purpose of sharing this summary data is to assist a specific workplace/gym in making better decisions on what to focus on in future health and wellness initiatives and also to assist in monitoring the progress of current wellness initiatives. If you have any concerns about this please contact our director prior to booking your health test peter@healthandfitnesstesting.nz

DEXA Body Scan

Our DEXA body scans are performed by trained Otago University staff. Their department is attached to Wellington Hospital. An Otago University lab technician will conduct your DEXA scan, print out a copy of your results and discuss them with you. A copy of your results will also be emailed to Health and Fitness Testing NZ Ltd. Health and Fitness Testing NZ Ltd will save a copy of your DEXA results on the Gensolve Practice Manager database. 

Fit3d are our body scan machine providers. Please read their privacy policy below.

Fit3d Privacy Policy 

Health and Fitness Testing NZ copied this privacy policy from the Fit3d website on 27.8.19. Fit3d may occasinoally update their privacy policy without informing us. We recommend you read a copy of Fit3d's privacy policy before every Fit3d Body Scan you have. For an updated policy please visit https://fit3d.com/privacy

Effective Date: 4/15/2013

Fit3D, Inc. (“Fit3D”) values your privacy. Fit3D offers an innovative three ­dimensional body imaging device available at various locations, including, health clubs and weight loss clinics. At our website, www.fit3d.com (the “Site”), you may view your scan results, watch your progress, and otherwise support your personal journey. In this Privacy Policy (the “Policy”), we describe the information that we collect from you when you use our device and our Site (collectively, our “Services”). By visiting the Site, or using any of our Services, you agree that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy. This Policy does not cover what information the participating facilities or other locations (collectively, “health clubs”) collect from you in connection with your use of their facilities and/or our device, or how those health clubs use and disclose your information.

  • What Information Do We Collect About You and Why?

  • Information We Collect Directly From You

  • Information We Collect Automatically

  • How We Use Your Information

  • How We Share Your Information

  • Cookies and Other Tracking Mechanisms

  • Third Party Analytics

  • Third ­Party Links

  • Security of My Personal Information

  • Access To My Personal Information

  • What Choices Do I Have Regarding Use of My Personal Information?

  • Children Under 13

  • Contact Us

  • Changes to this Policy

 

What Information Do We Collect About You and Why?

Information We Collect Directly From You. We require you to create an account to view your 3D results online. To register, we require the following information: your name, email address, password, phone number, weight, height, gender. After you register, you may add information to your profile such as ethnicity, general physical activity type, and general nutrition quality. You also may have the opportunity to set up your unique identifier so that you may log into our device at your participating health club. If you sign up for a membership, we will collect your credit or debit card information and your billing and shipping address. When you use our device, we will collect your body measurements; this information will be associated with your user profile.

 

Information We Collect from Third Parties.

We may automatically collect the following information about your use of our Site or Services through cookies, web beacons, and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; the length of time you visit our Site and or use our Services; and the referring URL, or the webpage that led you to our Site. Please see the section below entitled “Cookies and Other Tracking Mechanisms” for additional information.

 

How We Use Your Information

We use the information that we collect about you for the following purposes:

  • To provide our Services to you, to communicate with you about your use of our Services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.

  • To tailor the content and information that we may send or display to you.

  • For marketing and promotional purposes. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information, including products offered by third parties, that we think may interest you.

  • To better understand how users access and use our Site and Services, both on an aggregated and individualized basis, in order to improve our Site and Services, for marketing and advertising purposes (e.g., to help us determine where to advertise our products and services as well as to determine what advertisements to put on our Site and appropriate sponsorship activities), to respond to user desires and preferences, and for other research and analytical purposes.

 

How We Share Your Information

We do not share your personal information with non-­affiliated third parties for their own marketing purposes. We may share your information, including your personal information, for the following purposes:

  • Other Users of Our Site: Sharing your experiences can be an important and motivating factor in some people’s weight loss journey. You may post comments, pictures, and other content on our blogs and in other portions of our Site. The information that you post will be viewable by other registered users of our Site. We may provide opportunities for you to share your profile (or portions thereof) with other users on our Site. Your default profile will be set to private. Please see Privacy Settings for additional information about sharing your profile information with other users of our Services.

  • Affiliates: We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.

  • Service Providers: We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.

  • Your Fitness Club: We may share your information and progress with your participating health club and/or trainer, however we will only share your images with your specific consent or request.

  • Other Persons/Entities: From time to time, we may provide you with the option of sharing your profile and/or progress with other persons and entities not listed here (e.g., your doctor, a weight loss clinic). We only will share your information with your specific consent.

  • Business Transfers: If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected about you to the other company.

  • In Response to Legal Process: We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

  • To Protect Us and Others: We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which we are involved.

  • Aggregate and De­Identified Information: We may share aggregate or de-­identified information about users with third parties for marketing, advertising, research or similar purposes.

 Our Use of Cookies and Other Tracking Mechanisms

  • Cookies

    • We use cookies and other tracking mechanisms to track information about your use of our Site or Services. We may combine this information with other personal information we collect from you. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-­keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log­in process or to allow us to track your activities at our Site. There are two types of cookies: session and persistent cookies.

      • Session Cookies: Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.

      • Persistent Cookies: Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity, and to display advertising both on our Site and on third­-party sites.

    • Disabling Cookies

      • Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.

    • Web Beacons, Pixel Tags and Other Technologies

      • We use web beacons, such as clear GIFs, web bugs or pixel tags, which are tiny graphics with a unique identifier similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs in connection with our Site to, among other things, track the activities of website visitors, help us manage content, and compile statistics about website usage. We and our third party service providers also use clear GIFs in HTML e­mails to our customers, to help us track e­mail response rates, measure the success of our marketing campaigns, identify when our e­mails are viewed and track whether our e­mails are forwarded.

    • Third Party Analytics

      • We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance and user experiences. We do not share your personal information with these third parties. These third parties may place cookies on your computer or use other tracking order to conduct the requested analytics.

User Generated Content

As stated above, we invite you to post content on our Site, including your comments, pictures, and any other information that you would like to be available on our Site. If you post content to our Site, all of the information that you post will be available to registered Site users. If you post your own content on our Site or Services, your posting may become public and Company cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.

 

Third­ Party Links

Our Site contains links to third­party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

 

Security of My Personal Information

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log­in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

Access To My Personal Information

You may modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site for a period of time. What Choices Do I Have Regarding Use of My Personal Information? We may send periodic promotional or informational emails to you. You may opt­-out of such communications by following the opt-­out instructions contained in the e­mail. Please note that it may take up to 10 business days for us to process opt­-out requests. If you opt­-out of receiving emails about recommendations or other information we think may interest you, we may still send you e­mails about your account or any Services you have requested or received from us.

 

Children Under 13

Our Services are not designed for children under 13. If we discover that a child under 13 has provided us with personal information, we have the right to delete such information from our systems.

 

Contact Us

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us privacy@fit3d.com.

 

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or by sending an email to the address of record.

That is the end of the section on Fit3d Privacy

Our website

Plastics Studio, a Wellington-based company, created the Health and Fitness Testing NZ website. You can view their terms and conditions and privacy policy here https://www.plasticstudio.co.nz/about-us/terms-and-conditions/

Additonal communication

Email lists

After most Fit3d Body Scans/Health Tests you will be emailed some follow up information. If you have had a health test/Fit3d Body Scan as part of a gym challenge/event or corporate wellness event, we may record your name and email address on an excel spread sheet so we can send out follow up information. The main purpose of this information is to provide you with links to better your health and fitness and given you the opportunit to ask further questions. We may also email you information on any upcoming events/testing that you may find useful or email you links to third party information that we think you may be interested in.

These email lists are created using Micrsoft Excel. They are saved on a Health and Fitness Testing NZ approved computer. This computer is password protected and only Health and Fitness Testing NZ staff/employees will be given access to these lists. Please note, your health data is not included on these lists, just your name and email address. 

 

If you have any questions or you feel your privacy has been breached please email peter@healthandfitnesstesting.nz