What we hold,
and why.
We treat every piece of information you share with us as privileged and confidential. This includes your name, contact details, clinical history, diagnostic data, and any information you provide throughout your engagement with us. Our approach is anchored in discretion, confidentiality, and the highest standards of clinical governance.
We collect only information necessary for your care, directly from you whenever possible. At or before collection, we will explain why the information is needed, how it will be used, who will have access, and your rights under the Privacy Act 2020 and Health Information Privacy Code 2020.
For members, this policy forms part of the terms and conditions of your Membership Agreement. Aurum Health Limited may, from time to time, update this policy and will notify you when it does so.
What we collect,
and how we use it.
We collect and hold the following information to deliver our services: your personal details such as name, date of birth, and contact information; your National Health Index (NHI) number; health information including clinical history, diagnoses, treatments, and test results; and records of consultations, communications, and correspondence.
This information is collected directly from you, or — where appropriate — from other healthcare providers with your consent.
- To provide you with tailored health consultations, diagnostics, and ongoing care.
- To coordinate with trusted clinical partners, such as laboratories and specialists.
- To ensure continuity of care and maintain high-quality clinical records.
- To provide you with the personalised service that defines Aurum.
- To meet obligations under New Zealand health and privacy legislation.
We never use your information for purposes unrelated to your care or client services without your explicit consent.
We also collect standard website usage data through cookies and analytics tools. This includes pages visited, session duration, referring sources, and device type. This information is used to improve the performance and relevance of our website and is not used to identify individual visitors. You may disable cookies in your browser settings, though this may affect some website functionality.
Strict limits on
who sees what.
We share your data only internally with Aurum's clinicians where a Transfer of Care takes place, with your consent when it directly supports your care, as required by law, or with trusted clinical partners under strict confidentiality agreements. We share nothing else, with no one else.
As a fully private provider, we do not submit client data to Primary Health Organisations (PHOs), nor do we participate in government-funded screening or reporting schemes. We do not transfer your data internationally unless it is necessary for your care, to countries with comparable data protection standards, and only with your consent.
- All care is delivered via secure telehealth platforms.
- We use Indici as our Patient Management System, alongside globally recognised platforms including Microsoft 365.
- No clinical data is ever stored outside our Patient Management System.
- Client data access is strictly role-based — clinical staff access clinical data; administrative staff access only what is necessary to support you.
- We conduct regular audits and reviews of our systems to uphold data security.
- Health records are retained for a minimum of ten years after your last contact, as required by New Zealand health regulations, after which they are securely destroyed.
What you are
entitled to.
Under the Privacy Act 2020 and the Health Information Privacy Code 2020, you have clear and enforceable rights over your personal information.
- Request a copy of the information we hold about you. We aim to respond within 20 working days.
- Ask for amendments to your information if you believe it is inaccurate.
- Be informed about how your data is being used and with whom it has been shared.
- Withdraw consent for certain uses of your data, except where required by law.
- Raise any concerns via our Feedback and Insights policy. Unresolved concerns can be directed to the Office of the Privacy Commissioner.
For a full overview of your rights, visit privacy.org.nz.
Named people.
Personal accountability.
All Aurum Health Limited staff — clinical and non-clinical — undergo regular training on the Privacy Act 2020, the Health Information Privacy Code 2020, and our internal privacy protocols. Our Privacy Officers personally oversee governance to ensure ongoing compliance and continuous improvement.
help@aurumhealth.nz · 0800 287 861
Speak with us
directly.
We welcome any question about how your health information is held, accessed, or protected.