Privacy Policy

Elevate Osteopath provides osteopathic treatment and related services in Palmerston North, New Zealand. We are committed to protecting your privacy and handling your personal and health information with respect, care and transparency while maintaining full compliance with New Zealand privacy law.

We are Health and ACC Treatment Providers, the Privacy Act 2020 and the Health Information Privacy Code 2020 (HIPC) governs how we collect, store, use, disclose, and provide access to personal and health information.

We review and update this Privacy Policy regularly to reflect changes in law, our practices, or the services we provide. The most current version is always available on our website at elevateosteopath.co.nz/privacy-policy.

This version is effective from 1 May 2026, incorporating the requirements of the Privacy Amendment Act 2025 (IPP 3A).

  • PERSONAL DETAILS

    • Name, date of birth, gender, contact details (phone, email, physical address)

    • Emergency contact information

    HEALTH INFORMATION

    • Medical history, current conditions, medications, and treatment notes

    • ACC claim numbers and claim-related documents

    • Referral letters and correspondence from other health practitioners

    • Appointment history and clinical records

    ADMINISTRATIVE DETAILS

    • Appointment booking history

    • Payment information and ACC claim records

    WEBSITE & ONLINE DATA

    • Cookies, IP addresses, browser/device information

    • Online booking data and form submissions

    • Analytics and advertising data (Google Analytics)

    • To provide safe, appropriate, and effective care

    • To manage your bookings, payments, and ACC claims

    • To communicate with you about your appointments and ongoing care

    • To share relevant information with other practitioners for continuity of care

    • To meet our legal and professional obligations as registered health practitioners

    • To improve our services through feedback, audits, and analytics

    • With your explicit consent, to send you clinic updates and appointment reminders

    • By email, phone call, or text message

    • Patient intake forms completed before or at your appointment

    • During your appointments (verbal and written notes)

    • Through our online booking platform

    • Through our website contact forms

    Where we collect information directly from you, we will tell you why and how we intend to use it.

    Cookies and Website Analytics

    We use cookies and website analytics tools to understand how visitors use our website and to improve our online services. These include:

    • Google Analytics - Collects anonymised data about website traffic, pages visited, and device information.

    • Session and functional cookies - Enables our online booking system and website features to work correctly.

    We do not use cookies to collect personally identifiable information without your knowledge.

  • Sometimes we receive information about you from a third party rather than directly from you. When this occurs, we are required to notify you as soon as reasonably practicable. Situations where indirect collection may occur includes:

    • ACC: We may receive claim details, cover decisions, or patient records directly from ACC as part of managing your injury claim and treatment. ACC collection authorised under the Accident Compensation Act 2001

    • Referring health professionals: A GP, specialist, physiotherapist, or other practitioner may send us referral letters, clinical notes, or background health information before or during your care.

    • Your insurance providers may provide information relating to your cover or treatment authorisation.

    • Employers: In workplace injury or rehabilitation cases, your employer may provide relevant information as part of a return-to-work programme.

    • Family members or support persons: In some cases (e.g. for minors or in emergency situations), a family member or support person may provide personal information on your behalf.

    When we collect information about you indirectly, we will notify you of the following:

    • That we have collected information about you and from whom

    • The purpose for which the information was collected

    • Who else may receive that information

    • Your right to access and request correction of that information

    In most cases this notification will occur at or before your first appointment. If information is received during an existing treatment relationship, we will notify you at your next appointment.

  • Your information may be accessed by other practitioners within our clinic for the purpose of coordinating your care. All staff are bound by professional and contractual obligations of confidentiality.

    We may share your information with the following third parties where required or authorised:

    • ACC — for treatment claim lodgement, management, invoicing, and auditing.

    • Insurance providers

    • Referring to other health practitioners — with your consent when required for continuity of care

    • Trusted technology providers —  online booking systems, secure email platforms, all bound by data processing agreements

    We do not sell your personal or health information to any third party.

    • Electronic records are kept in secure, password-protected systems. Access to health records is restricted to authorised clinical and administrative staff only.

    • Any physical files are scanned to your patient profile and then securely disposed of.

    • We use encryption and secure connections to protect online data and communications.

    • We regularly review our security practices to ensure they remain appropriate.

    • Health records: At least 10 years after your last treatment, as required under the Health Information Privacy Code 2020.

    • Financial and administrative records: As required under New Zealand tax and financial legislation (generally 7 years).

    • Marketing consents: Until you withdraw your consent - you may unsubscribe at any time.

    When information is no longer required to be retained, it will be securely deleted or destroyed.

  • Under the Privacy Act 2020 and the Health Information Privacy Code 2020, you have the right to:

    • Access your personal or health information held by us

    • Request correction of any information you believe is inaccurate or incomplete

    • Withdraw consent for non-essential uses such as marketing communications at any time

    • Request transfer of your health information to another health provider (see below)

    • Be notified if we collect personal information about you from a third party (IPP 3A)

    • Complain to us, or to the Office of the Privacy Commissioner if you are not satisfied with how we have handled your information

    You may formally request that we share your health information with another health professional through written consent:

    • Regulated health practitioners (registered with a professional body): we can send records directly to them based on your written consent.

    • Unregulated practitioners (e.g., some massage therapists): your records will be sent directly to you to pass on to that provider, in line with HIPC requirements.

  • In the event of a privacy breach that is likely to cause serious harm, we will:

    • Notify the Office of the Privacy Commissioner as soon as reasonably practicable

    • Notify affected individuals directly where required by law or where it is in their interests to do so

    • Take immediate steps to contain and remediate the breach

    • Review our practices to prevent recurrence

    We maintain a privacy breach register and assess all potential breaches in accordance with our obligations under the Privacy Act 2020.

  • Our appointed Privacy Officer is responsible for handling privacy requests, questions, concerns, and complaints. Please contact us to access, update, or correct your information. ‍ ‍

    Elevate Osteopath - Privacy Officer

    Email: elevateosteopath@gmail.com

    Phone: 028 437 9753

    Address: 548 Ferguson Street, Hokowhitu, Palmerston North

    We aim to resolve all concerns promptly and fairly. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner at privacy.org.nz or by calling 0800 803 909.