Last updated: 7/2/26
This policy explains how Flourish Health collects, uses, stores, and shares personal information, including health information.

We comply with the Privacy Act 2020 and the Health Information Privacy Code 2020 (HIPC), which provides specific rules for health information.

1) What information we collect

Depending on how you interact with us, we may collect:

A. Contact + identity details

• Name, email, phone number, address, date of birth (if relevant)
  
  

B. Health information (sensitive)

• Symptoms, health history, diagnoses, medications, supplements, allergies, test results, lifestyle factors, and other information you provide in consults or forms
  
  

C. Booking + payment information

• Appointment details, invoices, payment status
  (We generally do not store full card details—payments are handled by secure payment providers.)
  
  

D. Website + device information

• IP address, browser/device details, pages visited, and cookies/analytics data
  
  

2) How we collect your information

We collect information when you:

• Submit an enquiry, booking, or form
  
  

• Work with us in a consult or program
  
  

• Purchase a service or product
  
  

• Use our website (cookies/analytics)
  
  

Where practical, we collect information directly from you.

3) Why we collect and use your information

We use your information to:

• Provide and manage services (including safe, appropriate care)
  
  

• Communicate with you about bookings, services, and follow-ups
  
  

• Create invoices, process payments, and keep business records
  
  

• Improve our services and website
  
  

• Send marketing emails only if you have opted in (you can unsubscribe anytime)
  
  

• Meet legal, regulatory, and safety obligations
  
  

We only collect information we need for these purposes.

4) When we might share your information

We do not sell your personal information.

We may share information where necessary with:

• Service providers who support our business (e.g., booking systems, practice management, email marketing, cloud storage, accountants, payment processors) under confidentiality/security expectations
  
  

• Other health providers (e.g., your GP) only with your consent, unless an exception applies
  
  

• Authorities/emergency services if required or permitted by law (e.g., to lessen or prevent a serious threat to life/health)
  
  

Common examples of service providers:

• Practice management: Practice Better, Heidi Health AI tool

• Booking: Square Space, Practice Better, Google Calendar, Gmail

• Email marketing: Beehyv and Square Space

• Payments: Stripe and Xero 

• Analytics: Google Analytics
  
  

5) Overseas storage and access

Some third-party providers may store or process data outside New Zealand. When we use these providers, information may be held overseas. We take reasonable steps to use reputable providers with appropriate safeguards.

6) How we keep your information secure

We take reasonable security measures to protect your information from loss, misuse, and unauthorised access, including secure systems, access controls, and password protection.

7) How long we keep your information

We keep personal and health information only as long as needed for the purpose it was collected, and for legitimate business or legal reasons. After that, we securely delete or de-identify it where practical.

8) Your rights: access and correction

You have the right to:

• Request access to personal/health information we hold about you
  
  

• Request correction if you believe it is inaccurate
  
  

We may ask you to verify your identity before releasing information. HIPC specifically supports access and correction rights for health information.

9) Cookies and analytics

Our website may use cookies and analytics tools to understand how people use the site and to improve performance and marketing.

You can disable cookies in your browser settings, but some parts of the site may not work properly.

10) Marketing communications

If you opt in, we may send you emails about services, updates, or offers. You can unsubscribe anytime using the link in the email or by contacting us.

11) Making a privacy complaint

If you have concerns about how we handle your information, contact:
Privacy contact: Danii O’Malley  Email: danii@flourishwithdanii.co.nz

We’ll do our best to resolve your concern promptly. If you’re not satisfied, you can contact the Office of the Privacy Commissioner.

12) Updates to this Privacy Policy

We may update this policy from time to time. The latest version will always be posted on our website with the “Last updated” date.