Privacy Policy

Effective Date: 30 November 2025

Last Updated: 6 March 2026

1. Introduction
Auckland Bone Density Ltd (“we”, “our”, “us”) is committed to protecting your privacy. We manage personal and health information in accordance with the Privacy Act 2020 (including the 2025 Amendment regarding indirect collection) and the Health Information Privacy Code 2020. This policy explains how we collect, use, store, and share your information when you use our website https://www.bonedensity.co.nz and our clinical services.

2. Information We Collect
We collect personal and health information necessary to provide bone density assessments:

Identity & Contact: Name, date of birth, gender, email, and phone number.
Health Information: Medical history, clinical referrals, and bone density assessment results.
Technical Data: IP address, browser type, and device information collected via our website.
Communication: Any information you provide voluntarily via our contact forms or surveys.

3. How We Collect Information (Including New IPP3A Standards)
We collect information in the following ways:

Directly from you: When you book an appointment, fill out forms on our website, or speak with our staff.
Indirectly from Third Parties: We may receive health information from your referring GP or specialist.
Automatically via Cookies: Our website is hosted on the Wix platform. We use cookies and similar tracking technologies to monitor website performance and improve user experience. See cookies policy page

4. How We Use Your Information
We use your information for:

Clinical Services: Scheduling and providing bone density assessments and processing clinical reports.
Voice-to-Text Clinical Documentation: We use secure software (Heidi and Olympus ODMS Cloud) to generate clinical letters.
Heidi: Audio recordings are deleted immediately after transcription. Notes are encrypted and stored on Australian servers complying with NZ Privacy standards.
Olympus ODMS Cloud: Hosted on Microsoft Azure (Australia region). Files are end-to-end encrypted and automatically deleted after 90 days.
Communication: Sending appointment reminders and responding to enquiries.
Compliance: Meeting our legal obligations under the Health Information Privacy Code 2020.

5. Sharing Your Information
We do not sell your personal information. We may share it with:

Your Healthcare Team: Your referring doctor or specialist involved in your care.
Service Providers: Trusted partners such as IT support and payment processors (e.g., Windcave or Stripe).
Wix.com: As our website provider, Wix stores website-related data on secure servers.
Legal Necessity: Authorities if required by law or to prevent a serious threat to public health/safety.

6. Security and Storage
As a healthcare provider, we hold your data to high security standards:

Website Security: Our website is hosted on the Wix platform, which is PCI DSS compliant and uses SSL/TLS encryption to protect data transmitted via our online forms.
Storage: Health records are stored in a secure clinical environment with restricted access.
Data Retention: We retain health information for a minimum of 10 years as required by the Health (Retention of Health Information) Regulations 1996.

7. Your Rights
You have the right to:

Access: Request a copy of the personal and health information we hold about you (Rule 6, HIPC).
Correction: Request that we correct any information if you believe it is inaccurate (Rule 7, HIPC).
Opt-out: You can manage your cookie preferences via our website’s cookie banner.

To exercise these rights, please contact:

Email: admin@aucklandbonedensity.co.nz

Phone: 09 623 2301

8. Privacy Breaches
In the event of a privacy breach that is likely to cause serious harm, we will notify you and the Office of the Privacy Commissioner as soon as practicable, and within the 72-hour notification guideline where possible.

9. Contact Us
For any questions regarding this policy:

Address: 100 Mountain Road, Mount Eden, Auckland 1023

Email: admin@aucklandbonedensity.co.nz