PRIVACY POLICY

We collect personal information from you, where it is necessary to carry out our functions. This information includes your name, contact information, location, interactions with us and health information.

Providing some information is optional. If you choose not to enter a contact detail, we'll be unable to get in touch or provide longer-term health services.

We keep your information safe by storing it in encrypted files, using web-based products that are Health Insurance Portability and Accountability Act (HIPAA) compliant and that your data is only accessed in a Health Information Standards Organization (HISO) compliant firewall.  We protect our data with all reasonable technical and process controls. 

​We use Calendly software for bookings and Indici Practice Patient Management System to securely store medical data in the cloud, fully complying with the NZ privacy laws. We keep your information for 10 years after your death (or sooner with your permission) at which point we securely destroy it by securely erasing all digital traces of it.

​You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us via hello@realwellth.health. Our physical business address is 3 Torridon Court JACKS POINT, 9371, Queenstown, Alternatively, you can contact us via 021 272 9917 (Dr Pragati Gautama) or 021 352 890 (Ilse Erasmus)

This policy is generated by the Privacy Statement Generator of the New Zealand Privacy Commissioner.

Last updated by Dr Pragati Gautama on the 15th of March, 2025

IMPORTANT PRIVACY STATEMENT

Please note that this practice is contributing to, and accessing healthcare information from HealthOne -  

What is HealthOne?

HealthOne is a south island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne strictly adheres to the principles of the Privacy Act, 2020 as well as Rule 5 (Storage and Security of Health Information) set out in the Health Information Privacy Code 2020.  Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested.  Privacy auditing is used to check that only those directly involved in your care are accessing your information.  To find out more about HealthOne please visit https://healthone.org.nz/.  Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing healthone.privacy@pegasus.org.nz 

Pharmacy consultation scene with pharmacist and customers discussing health information, surrounded by medicine shelves, featuring Health One logo and informational text on health choices.

Healthspan Tracker

Collection of Your Personal Information

Your personal information is not collected if you only browse this website.
We and/or our third party service providers may collect your personal information:
(a) directly from you;
(b) when you register as a member of the website;
(c) when you place an order via the website;
(d) where you access and interact with the website or customer service; or
(e) from other sources.
The information collected may include your name, mailing or residential address, telephone number, email address and other transaction and registration details.
If you choose not to provide us with your personal information, we may not be able to provide the information, goods or the service you may require, or to fulfil one or more other purposes of collection of your personal information.
We do not collect your credit card or banking details

Our Use of Cookies

A cookie is a small piece of text that is placed within the memory of a computer and can be later retrieved by web page servers. We use cookies to enhance your interaction and convenience with our website and do not use cookies to record any personal information.
Cookies may record information about your visit, including the type of browser and operating system you use, the previous site you visited, your server’s IP address, the pages you access and the information downloaded by you. While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, at no time can we personally identify you as the source of that data.

Use and Disclosure of Personal Information

You acknowledge and consent that by providing your personal information to us that we may use and disclose your personal information for the purposes for which it was collected or for a related or ancillary purpose such as:
(a) to facilitate and process your order;
(b) to carry out or respond to your requests;
(c) to our third party service providers to assist us in providing and improving our services to you, and to analyse trends in sales and better understand our customer’s needs or to develop, improve and market our products and services to you;
(d) for regulatory reporting and compliance with our legal obligations;
(e) to various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes;
(f) to our third party service providers to include in a database compiled by us or our third party service provider for use in direct marketing of promotions, product and services we think may interest to you;
(g) to seek your feedback in relation to customer satisfaction and our relationship with you;
(h) to monitor or improve the quality and standard of service provided to you;
(i) to our successors and/or assigns;
(j) to provide offers that may be of interest to you; and
(k) to better understand your preferences.
Our third party service providers are organisations that include those that may assist us with research, mail and delivery, security, professional advisory, banking, payment processing or technology services. Where we engage third party service providers to perform services for us those third parties may be required to handle your personal information. Under these circumstances those third parties must safeguard this information and must only use it for the purposes for which it was supplied, although we are not responsible for ensuring this.
Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
Any permitted handling of personal information under any exemptions under the Act will take priority over this Privacy Policy to the extent of any inconsistency.

Providing Personal Information About Another Person

You represent to us that where you provide personal information to us about another person, you are authorised to provide that information to us, and that you will inform that person who we are, how we use and disclose their information, and that they can gain access to that information;

Securing Your Personal Information

We have implemented appropriate physical, electronic and managerial security procedures in order to protect personal information from loss, misuse, alteration or destruction. Access to your personal information is limited to those who specifically need it to conduct their responsibilities.
We and our third party service providers take reasonable steps to destroy or permanently de-identify your personal information where it is no longer required and to protect your personal information from unauthorised access, disclosure, loss, misuse and alteration.

To secure your privacy, financial data and other personal information, we use applications that have implemented an Information Security Management System.

An ISMS is a combination of processes and policies that help you identify, manage, and protect vulnerable corporate data and information against various risks. ISMS’s key objective is to ensure the confidentiality, integrity and availability of data and information in maintained. These applications are compliant with GDPR, ISO 27001 and SCOC2:

  • General Data Protection Regulation: The General Data Protection Regulation, abbreviated GDPR, or French RGPD is a European Union regulation on information privacy in the European Union and the European Economic Area.

  • ISO 27001 is an internationally recognised standard that sets requirements for ISMS.
    Service Organization Control Type 2: SOC2 is a cybersecurity compliance framework developed by the

  • American Institute of Certified Public Accountants (AICPA). The primary purpose of SOC 2 is to ensure that third-party service providers store and process client data in a secure manner.

Accuracy and Access to Personal Information

We take reasonable steps to ensure that the information we hold about you is accurate, complete and up-to-date. To assist us to do this, please provide us with the correct information and inform us if your details change. You may update your membership details at any time by accessing your membership account or by contacting us. If we deny you access to your personal information, we will provide you with the reason for such denial. We may recover from you our reasonable costs of supplying you with access to this information.

Linked Sites

Our websites may contain links to websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of these parties. We are not responsible for information on, or the privacy practices of, such websites.

Transmission of Your Data

While care is taken to protect your personal information on the website, unfortunately no data transmission over the Internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email as we have no way of protecting that information until it reaches us. Once we receive your personal information, we are required to protect it in accordance with the Act.

Website Hosting and Trans-Border data flows

Your personal information may be transferred to a database or server hosted outside New Zealand, in which case, we and our third party service providers will comply with the transborder data flow privacy standards under the Act, for example, by taking reasonable steps to protect the information being held, used or disclosed by the recipient inconsistently with the National Privacy Principles. Please contact us if you have any objections to such transfers.

Changes to our Policy

From time to time it may be necessary for us to review and revise this Privacy Policy. We reserve the right to change our Privacy Policy at any time. Amendments or replacements of the Privacy Policy will be posted on the website.

Direct Marketing

You consent for your personal information to be included in a database for use in direct marketing by Real Wellth, their related entities or their third party contractors. If you do not wish to receive marketing material from us, you can opt-out or unsubscribe, by contacting us. All emails, SMS and newsletters from this website allow you to opt-out of further mailings by clicking on the link or responding “unsubscribe”.

Interpretation

All defined terms in this Privacy Policy shall have the same meaning in this Privacy Policy as is given to those terms in the Terms and Conditions of this website.

Our Privacy Complaint Process

If you are concerned with the way your personal information has been handled, please contact or write to us, or alternatively, contact the Privacy Officer as set out below. If your personal information has not been handled in an appropriate way, we will take steps to remedy your concerns in a reasonable time.

Real Wellth Limited NZBN9429052519079
Email:  hello@realwellth.health

Online Privacy Policy Version 4.0 September 2024