APM Workcare Ltd trading as Assure Programs (Assure) is strongly committed to maintaining the privacy of the personal information it collects as part of the services we offer. Assure places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders.

References in this policy to ‘Assure’, ‘us’, ‘we’ or ‘our’ mean APM Workcare Ltd trading as Assure Programs.

Purpose

  • Give you a better and more complete understanding of the kinds of personal information that we collect and hold.
  • Clearly and concisely communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us.
  • Inform you about the purposes for which we collect, hold, use and disclose personal information.
  • Provide you with information about how you may access your personal information, and seek correction of your personal information.
  • Provide you with information about how you may make a complaint, and how we will deal with any such complaint.
  • Advise you of the circumstances in which we are likely to disclose your personal information to overseas recipients.

Policy statement

This policy sets out how we will comply with our obligations under the Privacy Act 2020 (Act). Assure is bound by the 13 Information Privacy Principles which regulate how we may collect, use, disclose and store your personal information, and how you may access, and correct personal information held about you.

We will ensure that all of our officers, employees and subcontractors / supply chain partners are aware of and understand Assure’s obligations and their own obligations under the Act and are provided with training to enable them to fulfil these obligations.

We will also achieve this through maintaining internal policies and processes to prevent personal information being collected, held, shared / exchanged, accessed or disposed of improperly.

What is personal information?

Personal information means information about an identifiable individual.  It includes your name, date of birth / age, gender and contact details as well as health and other information that would enable you to be identified.

Collection of personal information

We do not collect personal information unless it is for a lawful purpose connected with a function or activity of Assure and the collection of the information is necessary for that purpose.

Personal information collected by us will usually fall into one of the following categories:

  • Contact information (name, age, address, email address and telephone numbers).
  • Employment information (e.g. employment history, work performance, absences, workplace incidents, next of kin information).
  • Financial information (e.g. bank account details).
  • ‘Sensitive’ information (e.g. health, medical history, criminal history, religious beliefs, trade union activity).
  • Information obtained to assist in managing client and business relationships.

We may collect your information from you in a variety of ways including face-to-face, over the telephone, through an on-line form or portal, via the Wellbeing Gateway app (Platform) and its chat function, through a paper form or by email.

Sometimes we will collect personal information from a third party if it is not reasonably practicable to collect the personal information directly from you (e.g. checking a candidate’s work history).

We may also collect information about you from another source if:

  • you have given your consent for us to collect your information from another source;
  • your interests are not prejudiced through the collection of information from another source;
  • collecting the information from you would prejudice the purpose of collecting it;
  • the information will not be used in a form that identifies you;
  • the information is publicly available; or
  • the Privacy Commissioner has authorised the collection of information in this manner

Why do we collect, use and store your personal information?

We collect, use and store your personal information to provide you with services including:

  • Employee management.
  • Employee assistance program (EAP) support.
  • Occupational safety and health.
  • Psychological assessments / counselling.
  • Training / education.
  • Research.
  • Organisational development.
  • Client and business relationship management.

Our services, functions and activities, as well as those of our contracted service providers / supply chain partners, may change from time to time.

We may also collect, use and store your personal information:

  • for marketing purposes, in order to provide you with information about the services we offer;
  • to respond to your questions or suggestions;
  • to improve the quality of our services including the use of automated processes such as artificial intelligence;
  • to improve the quality of your visit to our website or the Platform or browser;
  • to undertake employee recruitment activities; or
  • to assist with data analytic processes.

If you create a profile on the Platform, the only information which is available to the public is your username, program, photo (if you choose to display a photo) and your points if you are participating in challenges or other events. If you choose to post in the Online Community, your profile and posts will be available to those in your closed group – not the general public.

If you sync your Google device with the Platform, the Platform’s use and transfer of information from Google Application Programming Interfaces (APIs) to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Protecting and storing your personal information

We are committed to keeping personal information secure and safe. Some of the ways we do this are:

  • Requiring employees and contractors / supply chain partners to enter into confidentiality agreements.
  • Secure hard copy document storage (i.e. storing hard copy documents in locked filing cabinets).
  • Security measures for access to computer systems.
  • Password protected data storage devices such as laptops, tablets and smart phones.
  • Providing a discreet environment for confidential discussions.
  • Access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended.
  • Security measures for our websites.

Although we take all reasonable steps within our powers to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss, misuse or unauthorised access to such information. Assure will not be held responsible for such actions where the security of the personal information in not within our control or we cannot reasonably prevent such an incident.

Who will we disclose your personal information to?

We will only use and disclose personal information for the purpose for which it was initially collected, or for purposes which are directly related to one of our functions or activities.

Like many other businesses in New Zealand, Assure contracts out some of its functions and relies on contracted service providers, third party suppliers or supply chain partners to provide specialised services such as employment services, “cloud computing” technology and data storage services, data analytic and marketing services, legal advice, insurance broking, security services, business advisors and financial services. If personal information is provided to these suppliers and supply chain partners in order to enable them to perform the agreed tasks, we will take reasonable measures to prevent the supplier or supply chain partner from unauthorised use or disclosure of the personal information. We will not disclose your personal information to government agencies, private sector organisations or any third parties unless one of the following applies:

  • The disclosure is in connection with, or directly related to, one of the purposes for which it was obtained;
  • Assure obtained the information from a public source;
  • Disclosure is to you;
  • Disclosure is authorised by you;
  • Disclosure is necessary to prevent or lessen a serious threat to public health or safety, or the life or health of any individual;
  • Disclosure is necessary to avoid prejudice to the maintenance of the law by any public sector agency;
  • Disclosure is necessary to facilitate the sale of a business as a going concern;
  • The information is to be used in a form in which you are not identified; or
  • Disclosure is authorised by the Privacy Commissioner.

We provide periodic reports to the organisations that have contracted us to provide services. There is no identifiable personal information contained within these reports, and all data sets are carefully examined and edited as appropriate to ensure that, where relevant for that service, your confidential access and privacy of our service is maintained.

We will not disclose any personal information to your employer arising from counselling sessions or EAP support unless required by law or we have your express consent.

Accuracy of personal information

We will ensure that all personal information we collect, use or disclose is accurate, complete and up to date. Please contact Assure’s Privacy Officer (details below) if you are aware of any personal information that does not meet this objective.

If we are aware that we hold personal information that (having regard to the purpose for which it was collected) is inaccurate, out of date, incomplete, or irrelevant, we will take reasonable steps to correct that information.

You may seek access to, and correction of, personal information held by us in accordance with the section below “How can I access my personal information and contact Assure?”

Will my personal information be transferred overseas?

We may transfer personal information to Assure’s affiliates in Australia (Assure AU) in order to perform one or more of our functions or activities.  In these circumstances, we have a legally binding agreement between Assure and Assure AU to ensure the integrity and confidentiality of your information to a standard equivalent to that set out in the Act.

In addition to Australia, personal information may be disclosed to recipients located in the United States and the Philippines for data hosting, IT support and/or cloud based services.  In all instances where this occurs, we will act in accordance with the Act and this Privacy Policy and ensure that:

  • The privacy laws of that country overall provide comparable safeguards to those in New Zealand (comparable safeguards);
  • We believe that the other person will be required to protect the information in a way that provides comparable safeguards; and
  • You have authorised the disclosure of your personal information to the other person, after being told the other person may not be required to protect the information in a way that overall provides comparable safeguards.

How can I access my personal information and contact Assure?

Please contact us if you would like to seek access to or correct the personal information we hold about you:

  • Assure Privacy Officer – PO Box 104048, Henderson, Auckland 0612
  • [email protected]
  • 0800 808 374

Under the Act, we may refuse to grant access to personal information if such a disclosure:

  • Poses a risk to New Zealand’s security or defence.
  • Breaches confidences with another government.
  • Would prevent detection of criminal offences or the right to a fair trial.
  • Endangers the health or safety of an individual.
  • Would be likely to risk serious harassment of an individual.
  • Involves a trade secret or unreasonably prejudices someone’s commercial position.
  • Involves an unwarranted breach of another individual’s privacy.
  • Breaches confidence where the information has been gained solely for reasons to do with the individual’s employment, or to decide whether to insure the person.
  • Is contrary to the interests of an individual under the age of 16.
  • Breaches legal professional privilege.
  • Constitutes contempt of court of the House of Representatives.

We may also refuse requests for access to personal information if we do not hold the information or if the request is frivolous or vexatious.

If we do not agree to provide access to personal information or to correct the personal information, we will provide you with written reasons for the refusal and the mechanisms available to complain about the refusal.

If we do not agree to make a correction to personal information, you may provide a statement about the requested corrections, and we will ensure that the statement is apparent to any users of the relevant personal information.

How do we handle complaints?

If you consider that there has been a breach of the Act, the Information Privacy Principles or this policy, you are entitled to complain to Assure.

All complaints are to be in writing and directed to the Assure Privacy Officer using the contact details above. A Privacy Complaint Form can be completed. Assure will acknowledge receipt of a written complaint within 2 business days.

Assure’s Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.

Monitoring and training

Compliance with this Privacy Policy is subject to internal and regulatory audit. Assure will comply with all reporting requirements of the Act as they exist from time to time.

All staff will receive training with regard to privacy and the application of this Privacy Policy as part of their induction.

Last updated: 20/03/2026