Privacy Statement

How we keep your health information safe 

We manage this information carefully and in line with the Privacy Act 2020 and the Health Information Privacy Code 2020. 

What information do we collect 

Depending on how you interact with us, we may collect: 

• Your contact and demographic details, such as your name, date of birth, address, phone number, email address, and NHI number. 

• Information needed for enrolment, eligibility, funding, and administration. 

• Health information such as symptoms, diagnoses, medicines, allergies, test results, referrals, and clinical notes. 

• Information you enter into our patient portal, online forms, or website contact forms. 

• Technical information collected through our website or digital systems, such as basic usage or security information, where applicable. 

How we use information from our website, patient portal, and online enrolment 

We use information collected through our website, patient portal, and online enrolment systems to respond to enquiries, manage enrolments, book and manage appointments, support communication with you, and help us provide care safely and efficiently. 

Only authorised staff and approved service providers can access information when they need it for their role. We expect anyone who handles your information on our behalf to meet appropriate privacy and security standards. 

When we may share your information 

We may share relevant information with other health professionals or services involved in your care, such as hospitals, specialists, laboratories, radiology providers, after-hours services, and other clinicians. We may also share information where required or authorised by law. 

This can include sharing information for enrolment and funding with the relevant health agencies, supporting referrals and care coordination, and meeting legal, audit, or reporting requirements. We only share what is necessary for the purpose. 

How artificial intelligence (AI) may be used safely

We may use approved AI tools to support parts of our work, for example, to assist with documentation, summarising information, or improving administrative efficiency. AI tools are not a substitute for clinical judgement or human decision-making. 

When AI tools are used, we take steps to protect your privacy and confidentiality. This includes assessing privacy and security risks, limiting access, and requiring appropriate safeguards from our technology providers. We are responsible for how your information is handled. 

How we protect your information 

We use a combination of physical, technical, and administrative safeguards to help protect your information from loss, misuse, unauthorised access, or disclosure. This includes secure systems, access controls, staff training, and privacy processes designed to support safe handling of health information. 

Your rights 

You have the right to ask for access to your health information and to request correction of information you believe is wrong. If you have questions about how we collect, use, store, or share your information, please contact the practice and we will be happy to help. 

Privacy officer 

We have designated privacy officers to oversee all privacy-related matters and concerns. 
The privacy officers: 

Ensure we comply with the Privacy Act 2020, e.g. by making sure that staff receive privacy training and understand and comply with their obligations and responsibilities to patients 

• Deal with requests for personal information 

• Authorise release of patient information to third parties

• Advises team members on privacy-related issues 

• Manage any complaints about privacy breaches 

• All staff receive training about confidentiality, the Privacy Act 2020 and their corresponding obligations at the practice. 

• Ensure staff with access to patient information have signed confidentiality agreements 

• Ensure contractors and other visitors complete a confidentiality form 

• A robust IT security policy keeps information secure. 

• Health information is stored within a secure and purpose-built practice management system. 

• Records being transferred reach the correct person. 

• Patient information is disclosed with consent and in accordance with legislation. 

• Our physical environment is set up so health information can’t be seen or overheard. 

• Health information is collected, used, and stored in accordance with legislation 

• Significant privacy breaches are reported to the Privacy Commissioner | Te Mana Mātāpono Matatapu and the affected parties. 

Website privacy policy

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, place an order, subscribe to a newsletter, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, and phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site-related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service provider utilised and other similar information.

Web browser cookies

Our Site may use "cookies" to enhance the User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

Broadway Medical Centre may collect and use Users personal information for the following purposes:

• To improve customer service; The information you provide helps us respond to your customer service requests and support needs more efficiently.

• To improve our Site; We may use the feedback you provide to improve our products and services.

• To process requests; We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

•  To send periodic emails; We may use the email address to respond to their enquiries, questions, and/or other requests.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over an SSL (Secure Socket Layer) secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third-party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes, provided that you have given us your permission.

Third-party websites

Users may find advertising or other content on our Site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites that have a link to our Site, is subject to that website's own terms and policies.

Changes to this privacy policy

Broadway Medical Centre has the discretion to update this website’s privacy policy at any time. When we do, we will post a notification on the main page of our Site and revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Broadway Medical Centre
2 Broadway Dunedin 

03 477 4335

enquiries@broadwaymed.co.nz