top of page

Privacy Policy

Effective Date: 30 November 2025

Last Updated: 14 March 2026

​

1. Introduction
Auckland Bone Density Ltd (“we”, “our”, “us”) is committed to protecting your privacy and the confidentiality of your health information. We manage personal and health information in accordance with the Privacy Act 2020, including the Privacy Amendment Act 2025 (indirect collection – IPP3A), and the Health Information Privacy Code 2020 (HIPC, https://www.privacy.org.nz/privacy-principles/codes-of-practice/hipc2020).

This Privacy Policy explains how we collect, use, store, protect, and share your personal and health information when you use our website https://www.bonedensity.co.nz or receive our clinical services.

 

2. Information We Collect

We collect only information that is necessary for the provision of bone density and related clinical services (HIPC Rule 1).

This may include:

  • Identity and Contact Information: Name, date of birth, gender, address, email address, and phone number.

  • Health Information: Medical history, relevant risk factors, medications, clinical referrals, and bone density (DXA) assessment results.

  • Technical Information: IP address, browser type, device information, and website usage data collected through cookies and similar technologies.

  • Communications: Information you provide when contacting us via our website, email, phone, or surveys.​

​

3. How We Collect Information (Including New IPP3A Standards)

We collect information in the following ways:

(a) Directly from You
When you book appointments, complete registration or consent forms, use our website, or communicate with our staff.

(b) Indirectly from Third Parties
We may collect health information indirectly where necessary to provide care, including from your referring GP or specialist or other health professionals involved in your treatment.

Where information is collected indirectly, we take reasonable steps to ensure you are aware of:

  • The fact the information has been collected

  • The source of the information

  • The purpose for which it is being used


unless an exception under HIPC Rule 3(4) applies (for example, where providing notice would prejudice your health, be impracticable, or the information is required for authorised clinical purposes).

(c) Automatically via Cookies
Our website is hosted on the Wix platform. We use cookies and similar tracking technologies to monitor website performance and improve user experience. You can manage cookie preferences via our website cookie banner. See our separate Cookies Policy for further details.

 

4. How We Use Your Information

We use your personal and health information only for purposes permitted under the HIPC (Rule 2), including:

  • Clinical Care: Providing bone density assessments, generating reports, and supporting diagnosis and monitoring.

  • Clinical Correspondence: Creating and sending clinical reports to your referring healthcare provider.

  • Voice‑to‑Text Clinical Documentation:

  – Heidi: Audio recordings are deleted after transcription and no later than 7 days after being created. Notes are encrypted and stored on secure servers located in Australia with protections comparable to New Zealand privacy standards.

  • Administration and Communication: Appointment reminders, billing, and responding to enquiries.

  • Legal and Regulatory Compliance: Meeting obligations under the Privacy Act 2020, the HIPC, and other applicable health legislation.

​

5. Sharing Your Information

We do not sell your personal information.

We may share your information only where permitted under the HIPC (Prinicples 10 and 11), including with:

  • Your Healthcare Team: Your referring GP, specialist, or other healthcare providers involved in your care.

  • Service Providers: Trusted third parties who provide services to us (such as IT support and payment processing including Windcave or Stripe). These providers are contractually required to protect your information and use it only for authorised purposes.

  • Website Provider (Wix): Website-related data may be stored on secure Wix servers.

  • Legal or Safety Requirements: Where required by law or where disclosure is necessary to prevent or lessen a serious threat to public health or safety.

 

6. Overseas Storage and Safeguards
Some service providers we use store data outside New Zealand, including in Australia.

Before using overseas providers, we ensure that reasonable steps are taken to ensure the information is protected by safeguards comparable to those under New Zealand law, or that the disclosure is otherwise permitted under IPP12 of the Privacy Act 2020.

​

7. Security and Storage

We take reasonable safeguards to protect health information from loss, misuse, unauthorised access, or disclosure (HIPC Rule 5).

Measures include:

  • Website Security: SSL/TLS encryption and hosting on the PCI DSS–compliant Wix platform.

  • Clinical Records: Storage in secure clinical systems with role‑based access controls.

  • Retention: Health information is retained for a minimum of 10 years in accordance with the Health (Retention of Health Information) Regulations 1996, after which it is securely disposed of.

 

8. Your Rights

Under the Health Information Privacy Code 2020, you have the right to:

  • Access your personal and health information we hold (Rule 6)

  • Request correction of information you believe is inaccurate or incomplete (Rule 7). If a correction is not made, you may request that a statement of correction be attached.

  • Be informed about indirect collection of health information where required

  • Control cookies through our website settings


Requests will be responded to within the timeframes required by law.

 

9. Privacy BreachesWe have procedures in place to manage privacy breaches. If a breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Privacy Commissioner as soon as practicable, in accordance with the Privacy Act 2020.
 

10. Contact Us

Auckland Bone Density Ltd
100 Mountain Road, Mount Eden, Auckland 1023
Email: admin@aucklandbonedensity.co.nz
Phone: 09 623 2301

You have the right to complain to the Office of the Privacy Commissioner if you believe your privacy rights have been breached.

​

bottom of page