Privacy Policy
Introduction
Measuring Outcomes Ltd (“Measuring Outcomes”, “we” or “us”) is committed to protecting the privacy of those whose personal information we hold.
This policy sets out how we collect, use, disclose and protect the personal information that we obtain through access to and use of TOMM® (The Outcomes Measurement Model).
Measuring Outcomes complies with the New Zealand Privacy Act 2020 (the Act) when dealing with any personal information.
By using TOMM®, each organisation, and end user, agrees to be bound by this Privacy Policy.
Definitions
- Reference to “organisation” in this Privacy Policy includes any person or organisation that is a customer of Measuring Outcomes and to which Measuring Outcomes has licensed or assigned rights and obligations as set out in Measuring Outcomes terms and conditions.
- Reference to “end user” in this Privacy Policy includes any person that is authorised by an organisation to have access to TOMM® on that organisation’s account. The end user’s privileges are set by the organisation e.g. the programmes the end user is assigned to.
- Reference to “client” in this Privacy Policy includes any person designated as such within TOMM® by the organisation or by an end user.
Information provided to us
When an organisation creates an account, they must provide us with, and maintain, up-to-date information as required by Measuring Outcomes, such as:
- the information of the organisation’s primary contact, including designation and e-mail address
- the organisation’s physical and postal address, city, postal code, country/region, and telephone number
- each end user’s name, designation or profession, their privileges e.g. the programmes the USER is assigned to, and their email address
- each client’s name, NHI or other unique identifier and other relevant information as required.
The organisation, or an end user (depending on the permissions set by the organisation), may review and modify this account information at any time by signing into the organisation’s TOMM® account, or calling 0800asktomm, to edit the relevant account profile. An end user cannot modify their own profile.
We may request other optional information, but we clearly indicate that such information is optional. Organisations and end users can review, modify, add, or delete any optional account information for end users by signing into the organisation’s TOMM® account and editing the end users account profile.
We store information that is entered into TOMM® by end users, for example an end user may enter notes about a client’s health, progress in peer relationships, alcohol use, mental health, and values.
Consent
Any organisation, or end user, who uploads personal information into TOMM®, about any client or other person, must have the appropriate consents to do so. By uploading personal information into TOMM® organisations, and end users, are confirming that they have received the required consents.
If any organisation, or end user, records in TOMM® personal information about any client, or other person they represent, then that organisation, or end user, warrants and agrees that they provide (and are authorised by the client or relevant person to provide) Measuring Outcomes with permission for all personal information to be stored, used and disclosed as described in this Privacy Policy.
The organisation, and each end user, are fully responsible for the accuracy of all personal information uploaded into TOMM®. We provide them and each client and relevant person with the ability to correct personal information as described elsewhere in this policy.
Information we receive from your use of TOMM®
When TOMM® is used, we receive certain usage or network activity information. This includes information about interaction with TOMM®, for example when content is viewed or searched, creation of end user accounts or log-ons to accounts or opening or interacting with the programmes.
We also collect data about the devices and computers used to access TOMM®, including IP addresses, browser type, language, operating system, device information, the referring web page, pages visited, location (depending on the permissions granted to us), and cookie information.
Any information, or records, maintained with a TOMM® account will be hosted on third party servers that meet New Zealand government accreditation standards, in a secure environment, by a commercially reputable hosting vendor using good industry practice standards and security techniques.
In addition, Measuring Outcomes utilises the services of a specialist New Zealand cyber security firm to ensure all data in TOMM® accounts is secure and remains private and confidential to authorised users only.
We use the information we collect and/or hold for the following purposes.
Provide and maintain TOMM®
Using the information we collect, we are able to operate and deliver TOMM® to the organisation and end users, and comply with our obligations under the Terms and Conditions. For example, to:
- be able to show client information to the relevant organisation and end users
- make inferences about a client’s progress, based on the client information end users provide us
- connect the end users responsible for the same client; and provide customer support.
Improve and develop TOMM®
Measuring Outcomes collects and uses information to improve and develop TOMM® services. These uses may include using information to perform research, evaluation and analysis aimed at: improving our product services and technologies; troubleshooting and protecting against errors; developing new features; and improving the accuracy of the inferences that we make about client progress.
Communication
We use information to send notifications to organisations, and end users, and to respond to them when they contact us. For example, we may promote new features that we think an organisation, or end user, would be interested in. Organisations, and end users, can control marketing communications and notifications via the “Unsubscribe” link in an email.
Promote safety and security
We use information to promote the safety and security of Measuring Outcomes, TOMM®, organisations, end users, and other parties. For example, we may use information to authenticate end users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our Terms and Conditions.
An organisation, or end user, with appropriate privileges, may direct us to disclose personal information to others. If an organisation, or end user, directs us to share personal information, the organisation, and end user, warrant and agree that the relevant client or other person has authorised such disclosure and understand and agree that the relevant third-party’s use of such information is governed by their privacy policy.
We may occasionally hire other companies to provide services on our behalf, such as website hosting, packaging, mailing, customer support, information technology, payments, marketing, data analysis, research and surveys, and other new services. If we provide personal information to such companies, we only provide the personal information they need to deliver these services. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.
Measuring Outcomes may disclose personal information if required to do so by law, or in good faith believe that such action is necessary to:
- Comply with the law.
- Comply with legal proceedings served on Measuring Outcomes.
- Enforce and investigate potential violations with Measuring Outcomes Terms & Conditions.
- Protect and defend the rights or property of Measuring Outcomes, or
- Act in urgent circumstances to protect the personal safety of any person.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected organisations notice before transferring any personal information provided to us by them (or their end users) to a new entity.
Non-personal information
Measuring Outcomes may extract, use, and share information, which is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, including for the purpose of benchmarking, statistical analysis, local, regional, or national reporting and data compilation.
We keep information associated with each account for as long the account is in existence. For up to 180 days after an account is deactivated it is still possible to recover that account. After that retention period we begin the process of deleting the account permanently from our systems and information may become non-recoverable.
Organisations, and end users, may use the tools provided in TOMM® to delete or correct a specific piece of information that has been entered into the services.
We reserve the right to keep information to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation and to prevent harm.
We may occasionally update this Privacy Policy. When we do, we will upload a revised policy on the website (www.asktomm.com) and any change will apply from the date the revised policy is uploaded.
We encourage organisations, end users, clients, and other relevant persons to review this Privacy Policy periodically to stay informed about how we are helping to protect the personal information we collect. Organisations, and end users, continued use of TOMM® constitutes their agreement to this Privacy Policy and any updates.
Under the Act, anyone who’s personal information is held by us has the right to access and request the correction of any of such personal information by us by contacting us using the details provided below. We will respond to requests in accordance with the Act.
Any questions about this Privacy Policy or our personal information handling practices should be directed to the following email address: