Privacy Policy

Last Updated: June 2026

INTRODUCTION

FRAME Osteopathy (“we”, “us”, “our”) respects your privacy and values the information you share with us.

We are committed to protecting your personal and health information in accordance with the Privacy Act 2020 (including the Privacy Amendment Act 2025) and the Health Information Privacy Code 2020 (New Zealand).

This Privacy Policy explains how we collect, use, store, and disclose personal information when you use our services, attend appointments, interact with us, or visit our website.

This Privacy Policy applies to all services provided by FRAME Osteopathy, including services delivered from our clinic locations, online systems, website, and associated communications.

HOW WE COLLECT YOUR INFORMATION

When you use our services (including our website, online booking systems, and communications with us), we may collect personal information about you.

This may include:

•       Personal details (name, date of birth, address)

•       Contact details (phone number and email address)

•       Health and medical information

•       Appointment and treatment information

•       ACC claim information

•       Payment and billing information

•       IP address and device or network information when using our website

We may collect and store information in several ways, including:

•       Patient intake forms and clinical consultations

•       Phone, email, text message, or in-person communication

•       Online booking systems

•       Our website or social media interactions

•       Practice management software and secure cloud-based systems

•       Cookies and website analytics tools

•       Information provided by third parties involved in your care (with your consent or as otherwise permitted by law) — see section on Indirect Collection below

•       Secure backups and archived records

Where treatment is provided to children, information may be collected from parents, guardians, or authorised caregivers. Children's health information is managed in accordance with applicable privacy and health information laws.

COLLECTION OF INFORMATION FROM OTHER SOURCES (IPP 3A)

NEW — IPP 3A compliant: This section has been added to comply with Information Privacy Principle 3A (IPP 3A), introduced by the Privacy Amendment Act 2025, in force from 1 May 2026

Sometimes we collect personal information about you from sources other than directly from you. This is called indirect collection. Under Information Privacy Principle 3A of the Privacy Act 2020, we are required to take reasonable steps to ensure you are made aware of certain matters when this occurs.

When we collect your information indirectly

We may collect personal information about you indirectly from sources such as:

•       Your general practitioner (GP), specialist, or other referring healthcare provider

•       ACC, in connection with an injury claim

•       A parent, guardian, or authorised caregiver (for children or patients who have authorised another person to act on their behalf)

•       A midwife or other allied health professional coordinating your care

•       Your authorised legal representative

What we will tell you when collecting indirectly

In accordance with IPP 3A, when we collect personal information about you from a third party, we will take reasonable steps to ensure you are aware of the following, as soon as reasonably practicable after collection:

•       That your information has been collected, and the source from which it was obtained

•       The purpose for which the information is being collected (for example, to provide osteopathic treatment, to process an ACC claim, or to coordinate your care)

•       The intended recipients of the information (for example, other members of your healthcare team, ACC, or regulatory authorities)

•       The name and contact details of FRAME Osteopathy as the agency collecting and holding the information

•       Whether the collection is authorised or required by law (and if so, which law applies — for example, the Health and Safety at Work Act 2015, the Accident Compensation Act 2001, or the Health Practitioners Competence Assurance Act 2003)

•       Your right to access and request correction of your personal information

In most cases, this notification will occur at or before your first appointment through our patient intake process, Privacy Policy, or direct communication from our team.

Exceptions to IPP 3A notification

We may not be required to notify you of indirect collection in certain circumstances, including where:

•       You have already been made aware of the collection (for example, you authorised the referral or are present during the communication)

•       The information will not be used in a way that identifies you

•       Notification is not reasonably practicable in the circumstances

•       An exception applies under the Privacy Act 2020 (for example, where notification would compromise law enforcement, national security, or create serious risks to public health or safety)

•       The information is publicly available

If you have questions about how we handle information collected indirectly, please contact our Privacy Officer.

PURPOSES FOR COLLECTING, HOLDING, USING AND DISCLOSING PERSONAL INFORMATION

We collect and use your personal information to:

•       Provide osteopathic assessment, treatment, and healthcare services

•       Communicate with you regarding appointments and clinical care

•       Process ACC claims and payments

•       Maintain accurate clinical records

•       Coordinate care with other healthcare providers where appropriate

•       Improve our services and clinic operations

•       Meet legal, professional, and regulatory obligations

•       Provide information where authorised or required by law, a Court, or Tribunal

We may also send appointment reminders, clinic updates, and other service-related communications relevant to your care.

Where we send marketing communications, these will only be sent where permitted by law, and you may opt out at any time.

We take reasonable steps to ensure the information we collect, use, or disclose is accurate, complete, relevant, and up to date.

WHAT HAPPENS IF WE CANNOT COLLECT YOUR INFORMATION

Providing personal information is generally voluntary; however, healthcare services require certain information to be collected.

If you choose not to provide information reasonably required, we may be unable to:

•       Contact or communicate with you effectively

•       Provide treatment safely or appropriately

•       Process ACC claims or payments

•       Deliver services to the expected clinical standard

WHEN WE DISCLOSE YOUR INFORMATION

We will never sell, rent, or trade your personal information.

We may share your information where it is directly related to your care, where authorised by you, or where required or permitted by law.

This may include sharing information with:

•       Healthcare providers involved in your care (e.g., GP, specialist, midwife, or referrer)

•       ACC for injury-related claims

•       IT service providers supporting secure clinic systems

•       Authorised staff members and practitioners within FRAME Osteopathy

•       Professional advisers such as accountants, auditors, or legal advisers

•       Government or regulatory authorities where legally required, including the Osteopathic Council of New Zealand

•       Your authorised representatives or legal advisers (at your request)

•       Service providers necessary for clinic operations

Information will only be shared to the extent necessary for the relevant purpose.

Where we share your information with third parties who may then provide it back to us, or where third parties share your information with us as part of your care coordination, our IPP 3A notification obligations apply — see the section above on Collection of Information from Other Sources.

OVERSEAS STORAGE AND PROCESSING

FRAME Osteopathy uses trusted third-party service providers to support the delivery of healthcare services and clinic operations.

These providers may include:

•       Gensolve Practice Manager (patient records, clinical notes, invoicing, and online bookings)

•       Squarespace (website hosting and website management)

•       Google Workspace (email and business communications)

•       Google Analytics (website analytics and performance monitoring)

•       Mailchimp (email newsletters and clinic communications)

•       Secure cloud backup and storage providers

Some of these providers may store or process information outside New Zealand. Where personal information is transferred or stored overseas, we take reasonable steps to ensure it is protected by safeguards comparable to those required under New Zealand privacy law, in accordance with Information Privacy Principle 12, and that providers handling personal information maintain appropriate security and privacy protections.

OUR WEBSITE

This Privacy Policy also applies to our website.

Our website may contain links to third-party websites. FRAME Osteopathy is not responsible for the privacy practices, policies, or content of external websites.

COOKIES AND WEBSITE ANALYTICS

Our website is hosted by Squarespace and may use cookies and similar technologies to improve website performance and user experience.

We use Google Analytics to help us understand how visitors use our website. Google Analytics may collect information such as:

•       IP addresses

•       Browser and device information

•       Pages visited

•       Time spent on the website

•       General geographic location information

•       Website referral sources

This information helps us understand website usage, improve content, and enhance the services we provide.

The information collected through analytics tools is generally aggregated and does not identify individual users.

Cookies do not provide us with personal contact information or access data stored on your device.

You may disable cookies through your browser settings if you prefer, although some website functions may be affected.

EMAIL COMMUNICATIONS AND NEWSLETTERS

If you choose to subscribe to our newsletter, health updates, or other clinic communications, we may collect and store your contact details using Mailchimp or a similar email communication platform.

You may unsubscribe from marketing or newsletter communications at any time by clicking the unsubscribe link included in the email or by contacting us directly.

We will continue to send appointment reminders, booking confirmations, invoices, and other communications necessary for your healthcare and clinic administration regardless of your marketing preferences.

ONLINE BOOKINGS

When you make an appointment online, your information is collected and managed through Gensolve Practice Manager, our practice management and online booking system.

Information provided through online bookings is handled in accordance with this Privacy Policy and the privacy and security requirements applicable to healthcare providers in New Zealand.

SECURITY

We are committed to keeping your personal information secure.

We take reasonable precautions to protect information from loss, misuse, unauthorised access, disclosure, or alteration, including:

•       Secure cloud-based clinical systems

•       Password-protected access

•       Restricted staff permissions

•       Confidentiality obligations for all practitioners and staff

•       Secure storage and disposal of records

•       Regular software and security updates where appropriate

While no system can guarantee absolute security, we take reasonable steps to protect your information.

PRIVACY BREACHES

If a privacy breach occurs that is likely to cause serious harm, we will comply with our obligations under the Privacy Act 2020, including notifying affected individuals and the Office of the Privacy Commissioner where required.

If you believe your information has been compromised, please notify us immediately.

RETENTION OF INFORMATION

We retain personal and health information only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, regulatory, professional, and operational requirements.

Clinical records are generally retained for a minimum of 10 years from the date of your last appointment or contact with the clinic, or longer where required by law.

ACCESS AND CORRECTION

You have the right to request access to personal information we hold about you and to request correction if necessary.

This right applies whether the information was collected directly from you or indirectly from a third party. In accordance with IPP 3A, if we have collected your information from another source, you retain the same rights of access and correction as if we had collected it directly from you.

Requests should be made in writing to our Privacy Officer:

Privacy Officer

FRAME Osteopathy
229 Fitzgerald Avenue
Central Christchurch 8011, New Zealand

Phone: 03 599 9143

Email: privacyofficer@frameosteo.co.nz

Identification may be required before information is released.

CHANGES TO THIS POLICY

FRAME Osteopathy reserves the right to amend, withdraw, or replace this Privacy Policy at any time to reflect changes in legal requirements, technology, or clinic practices.

The current version will always be available on our website or upon request. Where changes are material, we will take reasonable steps to notify existing patients.

CONTACT US

If you have any questions, concerns, or requests relating to privacy or your personal information, please contact:

Privacy Officer
FRAME Osteopathy
229 Fitzgerald Avenue
Central Christchurch 8011, New Zealand

Phone: 03 599 9143

Email: privacyofficer@frameosteo.co.nz

General Enquiries: hello@frameosteo.co.nz

FRAME Osteopathy operates from multiple clinic locations within Christchurch. All privacy-related enquiries, requests for access to information, and requests for correction of information should be directed to the Privacy Officer using the contact details above.