City Osteopaths Privacy Policy
Last updated: May 2026 | Compliant with the Privacy Act 2020 and Privacy Amendment Act 2025
Overview
City Osteopaths Ltd is committed to protecting the privacy of our patients, staff, and visitors. This policy sets out how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 2020 (including the Privacy Amendment Act 2025, which introduced Information Privacy Principle 3A effective 1 May 2026).
This policy applies to all personal information collected by City Osteopaths, whether obtained directly from you or from another source.
What We Collect
We may collect the following personal information:
Name
Contact information, including email address and phone number
Demographic information such as postcode, preferences and interests
Health and clinical information relevant to your allied healthcare treatment
Other information relevant to patient care, customer surveys and/or offers
We only collect information that is necessary for one or more of our functions or activities. Where you choose not to provide requested information, we will advise you of the consequences this may have — for example, it may limit our ability to provide you with relevant services.
Collection of Information Directly From You
When we collect personal information directly from you (for example, through intake forms, over the phone, or in person), we will:
Collect it in a fair and transparent manner
Let you know who we are and how to contact us
Tell you the purpose for which your information is being collected
Inform you of your right to access and request correction of your information
This is consistent with Information Privacy Principle 3 of the Privacy Act 2020.
Collection of Information From Other Sources (IPP 3A)
New from 1 May 2026: In addition to notifying you when we collect information directly from you, we are now also required to notify you when we collect your personal information from a third party or other source. This is required under Information Privacy Principle 3A (IPP 3A) introduced by the Privacy Amendment Act 2025.
In the course of providing allied healthcare, we may occasionally receive personal information about you from other sources. Examples include:
A referral from your GP or another health professional
Information from another healthcare provider involved in your care
A referral or information from a family member or caregiver (where appropriate)
When we collect your personal information indirectly in this way, we will take reasonable steps to inform you of the following as soon as reasonably practicable after collection:
That your information has been collected and who collected it
The source from which it was collected
The purpose for which it was collected
The identity and contact details of City Osteopaths
Any other agencies to whom we may disclose the information
Your right to access and request correction of your information
This notification will generally be provided at or before your next appointment following such collection, unless an exception applies under the Act (for example, where notification would be impractical or where you have already been made aware of the collection).
How We Use Your Information
We use the information we hold about you for the following purposes:
Providing and managing your osteopathic treatment and allied healthcare
Internal record keeping
Improving our products and services
Communicating with you about appointments, offers, and relevant health information
We will not use your information for any other purpose without your consent, unless required or permitted by law.
Sensitive Information:
Health and clinical information is treated as sensitive information. We treat all such information with the utmost security and confidentiality. It will not be collected for any purposes other than those for which we have obtained your consent, unless the law requires otherwise or exceptional circumstances apply under the Act.
Disclosure of Your Information
We will only disclose your personal information in accordance with the Privacy Act 2020. This means information may be disclosed:
For the purposes for which we told you we were collecting it, and for related purposes you would reasonably expect
Where we have your consent to do so
As required by law
Under other circumstances permitted under the Act
We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required to by law. In the course of our business activities, we may need to disclose some of your personal information to relevant clinical or administrative staff.
At the front desk, we take care not to use the full name of a patient aloud when others are present in the waiting room.
Security of Your Information:
We are committed to ensuring that any information you provide is kept secure. We have put in place suitable physical, electronic, and administrative procedures to safeguard and secure the information we collect.
Personal information will be managed confidentially and securely and destroyed appropriately when no longer required. We will monitor and implement appropriate technical advances or management processes to safeguard personal information.
Security Cameras: We are committed to providing a safe and secure environment for our employees and patients. Security cameras are only in the reception areas and may operate 24 hours a day, 7 days a week and may record video only (no audio). Access to footage is restricted — only the practice manager has full access to the camera system. Footage is retained on the drive for 7 days before being overwritten.
Cameras are installed and operated in reception areas for the following reasons:
To facilitate employee and public safety
To improve security and deter criminal activity within the premises
To protect business fittings, fixtures, and assets
To monitor trespass or unauthorised access to the premises
Your Rights: Access and Correction:
You have the right to request access to personal information we hold about you. You may also request that we correct any information you believe is inaccurate or incomplete. Requests can be made verbally in person or in writing.
City Osteopaths may occasionally need to deny access to information in accordance with the exemptions contained in the Act. If we deny access, we will tell you why.
If you believe any information we hold about you is incorrect or incomplete, please contact us as soon as possible at practicemanager@cityosteopaths.co.nz and we will promptly correct any information found to be incorrect.
Data Quality: We will take all reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, complete, and up to date, and has been obtained directly from you or from reputable sources.
Opt-Out: We will always provide you with a no-cost way to contact us to register a request to opt out from receiving any product offers or marketing communications.
Unauthorised Disclosure or Access:
City Osteopaths is committed to protecting the privacy of individuals. We consider any unauthorised disclosure of, or access to, personal information by our employees or contractors to be a serious breach of this policy. Appropriate action — which may include disciplinary or legal action — will be taken in such cases.
Privacy Inquiries: Privacy-related inquiries or concerns can be directed to our clinic manager: practicemanager@cityosteopaths.co.nz
If you are not satisfied with our response, you may also contact the Office of the Privacy Commissioner at www.privacy.org.nz.
Availability and Review of This Policy: This privacy policy is available on our website at all times, and a link to this policy is provided on our intake forms. This policy will be reviewed from time to time, and any amendments will be incorporated into the updated version.
