Privacy Policy

Privacy Policy


We are committed to safeguarding your privacy and recognise the importance of protecting your personal and health information. This Privacy Policy (Policy) explains how the Fono and its website gather, manage, and safeguard your personal and health information.

This Policy outlines the data we typically collect, the reasons behind its collection, who we share it with, our methods for secure retention, and your rights relating to your personal and health information. It also outlines our procedures for handling complaints.

By accessing our website or providing us with personal or health information (whether directly or through someone acting on your behalf), you acknowledge and consent to collecting and handling your personal and health information under this Policy.

Relevant privacy laws

The specific laws governing our handling of your personal and health information include the Privacy Act 2020, Health Information Privacy Code and Information Privacy Principles. Engaging anonymously with us.

When legally permissible and practical, you can deal with us without disclosing your identity (for example, when seeking general information about our services). However, in most cases, we require your name, contact details, and additional information to deliver our services to you effectively.

Purpose of collecting personal and health information

We only collect your personal and health information when it is reasonably essential for our business operations and services or as the law permits. The reasons for collecting your personal and health information include the following:

  • Gaining insight into your requirements to provide the necessary services and advice
  • Contacting you to offer advice or information regarding service delivery
  • Administering health, dental and related services to you
  • Sending appointment reminders
  • Analysing our services and customer needs for service improvement
  • Conducting surveys, direct marketing and promotions
  • Ensuring the proper functioning of our website
  • Supporting marketing, planning, and research efforts
  • Administering and managing our services, including billing and debt collection
  • Addressing your enquiries, questions, comments and complaints
  • Notifying you about special offers or services directly or through third-party advertising platforms
  • Resolving disputes and addressing issues
  • Preventing prohibited or illegal activities
  • Fulfilling mandatory reporting obligations under applicable law, including notifying you of a notifiable data breach concerning your personal information
  • Assessing your job application with us and checking references
  • Managing your employment or engagement with us
  • Any purposes for which you have provided consent
  • Any related secondary purposes that are reasonably expected based on the collection of your personal information or our ongoing relationship with you
  • Any purposes mandated or authorised by applicable privacy laws
  • Responding to and handling inquiries, complaints, and feedback, safeguarding our legal interests, and investigating and protecting against fraud, theft and other illegal activities

We may also use your personal or health information for additional purposes not explicitly mentioned above, which will be clarified during data collection or as required or permitted by applicable privacy laws.

Types of personal information we collect and retain

The personal or health information collected depends on your contact with us and may include the following:

  • Name
  • Date of birth
  • Gender
  • Occupation
  • Postal and email addresses
  • Telephone number
  • Health insurance details
  • Medical history, test results, medications, and other health-related information

Financial information (including credit card details)

  • IP address or other device identification data
  • Additional information essential for our operations and activities
  • Designated emergency contact person
  • Other relevant information as necessary for us to provide requested services or to adhere to applicable privacy laws.

If you are applying for employment or inquiring about employment opportunities, or if you are an existing employee or practitioner, we may collect additional information from or about you, including:

  • Details related to your job application
  • Referee details
  • Information provided by your referees
  • Criminal history checks
  • Results of any profile or pre-employment testing
  • Identity documents
  • IRD number
  • Health information
  • Next of kin details

Collection of sensitive information

Sensitive information is only collected when reasonably necessary for our services and under specific circumstances, such as when you have provided explicit consent or when required or authorised by law. This may cover health details, medical history, information about prescribed medications, or data needed for job applications, such as ethnic origin or immigration status.

Handling financial information

Your credit card details or other financial information may be collected if you voluntarily provide them at one of our clinics for arranging direct debits or requested payment plans. We will only use your financial information for the intended purpose and in adherence to this policy. Any financial or credit card information collected is strictly confidential and stored on secure servers within controlled facilities.

Collection of personal and health information

Whenever reasonable and feasible, we will collect your personal and health information from you. This might happen when you complete documents like forms. Alternatively, data may be gathered through various other means, including the following:

  • During your visit to one of our practices
  • Through our website
  • Via our social media pages
  • When you participate in a promotion or fill out an enquiry form
  • When you complete a survey
  • If you send us your information via post or email
  • When you contact us by phone
  • If you provide your information in another format, such as verbally or via text message
  • When you apply for a job vacancy
  • If you make a complaint to us

Additionally, we may collect personal and health information from third parties, including:

  • Health service providers or health professionals who have provided treatment to you
  • Your family members or legal guardian
  • Other sources, when necessary, to deliver a health service

Use and disclosure of personal and health information

We are committed to not selling, distributing, renting, licensing, disclosing, sharing, or passing your personal information or health information to third parties except as outlined in this Policy or as required by those bound by confidentiality agreements to keep such information confidential.

In the following circumstances, we may disclose personal information or health information:

  • To our related suppliers, consultants, contractors or agents to facilitate the provision of services on our behalf or to assist us in delivering requested services, including contacting you about these services
  • In the event of a merger or acquisition, your information may be disclosed to the acquiring entity as part of the transaction
  • To relevant government authorities and agencies to investigate health-related issues, including workplace health and safety matters
  • To other healthcare providers involved in your treatment or diagnostic services, ensuring continuity of care
  • When conveying information to a responsible person (e.g., parent, guardian, spouse) in situations where you are incapacitated or unable to communicate unless you have expressed a different preference
  • When sharing information with close family members and following recognised medical practice procedures.

Information from the Fono's website and online software

We or our designated representatives may collect information via services like Google Analytics whenever you use our website. The types of data that may be collected include:

  • Date and time of your visit to our website
  • Your IP address
  • The addresses of the documents you access
  • The type of browser and operating system you are using
  • Any links to recurring sites and other websites you are about to visit

This information provides us with insights into how the website is used, including the frequency and duration of visits and which web pages you have accessed. We may share aggregate statistics about our visitors, traffic patterns, and related site data with third parties. Please note that this data reflects site usage and does not contain personally identifiable information.


Most commercial websites use cookies, which are data transferred from a website to your browser and stored on your hard drive. Cookies help track your ongoing access and use of the website. We may use cookies to monitor usage patterns and enhance our service to you.

Cookies also allow us to remember when your computer or device accesses our website. They are crucial for the effective operation of our website and for supporting your online interactions with us. Cookies do not personally identify you.

If you prefer not to receive cookies, you can adjust your web browser's security settings to turn off cookies or receive warnings when they are being used. However, please be aware that this may limit your ability to use all of the website's features.

Links to other websites and third-party advertising services

Our website may include links to other websites not under our control. These external websites may employ cookies. These third parties are responsible for collecting the necessary consent from you for their own cookie usage, to the extent required by law, and to inform you about the cookies they use. We recommend reviewing the Privacy Policy of all third-party websites to ensure you are comfortable with their use of cookies.

Additionally, we may use specific third-party advertising services like Google to display advertisements for our advertisers. These third-party services may also place cookies on your computer for ad tracking and presentation purposes. We do not share personally identifiable visitor information with these third-party services.

Please be aware that we bear no responsibility for linked websites or third-party advertising services. We provide these links solely for your information and convenience. We explicitly disclaim responsibility for their content, privacy practices, and terms of use. We make no endorsements, representations, or warranties regarding these external sites' accuracy, content, or thoroughness. Your disclosure of personal information to third-party websites is done at your own risk.

Storing personal and health information

We take appropriate and reasonable measures, both organisational and technological, to safeguard your personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure. Some of the methods used for this purpose include:

  • Requiring our staff to maintain confidentiality
  • Implementing secure document storage measures
  • Enforcing security protocols for access to our computer systems
  • Providing a safe environment and access control for confidential information
  • Allowing access to personal and health information only after individuals seeking access have met our identification requirements

The storage location for your personal and health information depends on your interactions with us, including:

  • Electronic databases for processing customer enquiries or feedback
  • Email databases for communications
  • Paper-based forms

However, it's important to note that the internet is not entirely secure. We cannot always guarantee absolute security for your personal information. Transmitting personal information over the internet carries its own risks, and you should only provide information within a secure environment.

Data breaches

Under the NZ Privacy Act, we must inform the New Zealand Privacy Commissioner about ‘notifiable privacy breaches’. This obligation may also extend to notifying you. A notifiable privacy breach occurs when the following conditions are met concerning personal information held by us:

  • There is unauthorised or accidental access to that information, disclosure, alteration, loss, or destruction of that information, or an action that prevents us from accessing that information either temporarily or permanently.
  • It is reasonable to believe that the privacy breach has seriously harmed one or more affected individuals or is likely to do so.

If there is uncertainty regarding whether a suspected privacy breach satisfies these criteria, we will investigate and assess the breach to determine if it qualifies as a ‘notifiable privacy breach.’ This procedure ensures that, following the NZ Privacy Act, you are informed if your personal information is implicated in a privacy breach that has resulted in or is likely to result in serious harm. Even if the criteria are not met, we may notify you as part of our commitment to prioritising privacy.

Ensuring the accuracy of personal and health information

While you are responsible for ensuring the accuracy, completeness, and currency of the personal and health information you provide, we are also committed to upholding these standards as required by relevant privacy laws. We will strive to guarantee that the personal and health information collected from you remains up to date, accurate, and complete. Medical records are considered our property.

However, you maintain the right to access them, subject to certain exceptions permitted by applicable laws. In cases involving pathology services, requesting information from the referring doctor is advisable. We will release medical records to an authorised personal representative or legal adviser if you have provided written authorisation unless any relevant legal exceptions apply.

You can request access to or correct your personal information and health information held by us at any time by contacting the Privacy Officer using the contact details below.

We will need to verify your identity as part of this process. Subject to any relevant exceptions or requirements, we will provide access to the personal or health information you request within a reasonable timeframe, usually 20 working days. If we decline your request, we will provide written explanations and guidance on how to raise a complaint.

Reasonable fees may be charged for compiling and granting access to personal and health information.

Contacting us for information on privacy rights

For any queries regarding this Policy, complaints, or to exercise your privacy rights, please get in touch with our Privacy Officer by emailing