0800 633 236 / info@bpacsolutions.com

Privacy Policy

Version 1 – Published 28th January 2026

  1. Introduction

BPAC CS (“we”, “our”, “us”) is committed to protecting the privacy of our users, clients, and partners. As a New Zealand-based health software development company, we understand the sensitivity of health information and adhere to the New Zealand Privacy Act 2020, the Health Information Privacy Code 2020, and other applicable laws.

This Privacy Policy explains how we collect, use, disclose, and protect personal and health information through our software products, services, and website.

  1. What Information We Collect

We may collect the following types of information:

  1. Personal Information
  • Name
  • Email address
  • Contact number
  • Job title and organisation (for B2B clients)
  • Health provider identifier and/or individual Patient NHI
  • Login credentials (for software platforms)
  1. Health Information

(Collected only where applicable through our software on behalf of clients)

  • Patient names or identifiers
  • Medical history, treatments, and test results
  • Appointments and clinical notes
  1. Technical Information
  • IP address
  • Browser type and version
  • Device identifiers
  • Usage logs and analytics data
  1. How We Collect Information

We collect information in the following ways:

  • When you use or register for our software or services
  • When you contact us directly (via email, phone, or contact forms)
  • When our software is used by healthcare providers to store and manage health data
  • Through cookies and analytics tools on our website (see Section 8)
  1. Purpose of Collection

We collect personal and health information to:

  • Within the software, provide clinical or administrative guidance to health providers and patients for the benefit of the patient(s)
  • Provide, develop, and improve our software and services
  • Support our clients in managing health data
  • Ensure compliance with legal and regulatory requirements
  • Communicate with users and respond to enquiries
  • Conduct data analysis and usage statistics (in anonymised form where possible)
  1. Disclosure of Information

We do not sell personal or health information.

We may disclose information to:

  • Clients (e.g., healthcare providers who own the data)
  • Other Agencies, where we have an agreement with that agency for data access and processing (eg. ACC)
  • Subcontractors or service providers (e.g., cloud hosting, analytics) under strict confidentiality agreements
  • Legal or regulatory authorities when required by law

Any disclosure of health information is done in accordance with the Health Information Privacy Code 2020.

  1. Data Storage and Security

We store data securely using industry best practices, including:

  • Data encryption at rest and in transit
  • Role-based access controls
  • Regular security audits and penetration testing
  • Hosting on secure, NZ-compliant servers or trusted overseas jurisdictions (with safeguards)
  1. Access and Correction

Under the Privacy Act 2020, you have the right to access and request correction of your personal information.

We may need to verify your identity before processing your request.

  1. Cookies and Analytics

Our website and software platforms may use cookies and third-party analytics tools (e.g., Google Analytics) to improve functionality and user experience.

You can manage cookie preferences in your browser settings.

  1. Data Retention

We retain personal and health information only for as long as required to fulfil the purposes for which it was collected, or as required by law or contractual agreement.

  1. International Transfers

If personal or health data is transferred outside New Zealand, we ensure that the recipient country has comparable privacy protections or that contractual safeguards are in place.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through our website or via email.