Skip to content

Did you know that you can now complete your patient forms digitally? Check out our new digital experience here.

Privacy Statement

Last updated: 1st April 2026

Ormiston Hospital & Healthcare is committed to protecting your privacy and adheres to the principles of the Privacy Act 2020. This privacy statement applies to the Ormiston Hospital website and all data collection activities. This privacy statement sits within the Ormiston Hospital terms and conditions policy. By using the Ormiston Hospital website or liaising with Ormiston Hospital, you consent to the data practices described in this statement.

1. Collection of your Personal Information

  1. Collection of your Personal Information

We will only use or disclose your personal information:

  • for the purpose which it was collected (or a purpose that is directly related to the purpose in connection with which the information was obtained);
  • for any other purpose for which you have authorised; and
  • where we are permitted or required to do so by law.

2. What information do you collect?

Ormiston Hospital collects personally identifiable information, such as your name, email and postal address, date of birth, contact details, occupation, the name of your GP, emergency contact details, and other personal details (such as health insurance details if applicable), your NHI number, medical history, family medical history and health information such as medical test results, diagnosis and treatments in order for us to open a hospital record.


For medical practitioners who are credentialed to treat patients at our hospital, the information we collect includes personal information such as name, contact details, evidence of competency, experience, current fitness, relevant health information, professionalism and performance, and a medical history to ensure that such practitioners are sufficiently qualified and safe to operate on patients.


We often collect personal information that is regarded as health information. Health information may only be collected where it is reasonably necessary for, or directly related to, one of our business functions or activities. Where required by law or regulation, we will handle this type of personal information differently to other types of personal information due to its special nature.


In addition to your personal information, Ormiston Hospital also collects anonymous demographic information, which is not unique to you, such as your postcode, age, gender, preferences, interests and favourites.


There is also information about your computer hardware and software that is automatically collected by Ormiston Hospital. This information can include: browser type, domain names, access times and referring website addresses. This information is used by Ormiston Hospital for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Ormiston Hospital website and other contact channels.


Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Ormiston Hospital public message boards or social media platforms, this information may be collected and used by others.


Ormiston Hospital encourages you to review the privacy statements of websites you choose to link to from Ormiston Hospital so that you can understand how those websites collect, use and share your information. Ormiston Hospital is not responsible for the privacy statements or other content on websites outside of the Ormiston Hospital and Ormiston Hospital family of websites.

3. Use of your Personal Information

Ormiston Hospital may use your information to inform you of other products or services available from Ormiston Hospital and its affiliates. Ormiston Hospital may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.


Ormiston Hospital does not sell, rent or lease its customer lists to third parties. Ormiston Hospital may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (email, name, address, telephone number) is not transferred to the third party. In addition, Ormiston Hospital may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Ormiston Hospital, and they are required to maintain the confidentiality of your information.


Ormiston Hospital does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.


Ormiston Hospital keeps track of the websites and pages our customers visit within Ormiston Hospital, in order to determine what Ormiston Hospital services are the most popular. This data is used to deliver customised content and advertising within Ormiston Hospital to customers whose behaviour indicates that they are interested in a particular subject area.


Ormiston Hospital websites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:
(a) conform to the edicts of the law or comply with legal process served on Ormiston Hospital or the site;
(b) protect and defend the rights or property of Ormiston Hospital; and,
(c) act under exigent circumstances to protect the personal safety of users of Ormiston Hospital, or the public.

You may opt out of receiving marketing or promotional communications from Ormiston Hospital at any time by following the unsubscribe instructions included in those communications or by contacting us directly using the details provided below.

4. Use of Third Party Providers

To provide the best possible service and support to patients, staff and medical practitioners, we do use some third party providers that we may disclose information to. This might include platforms such as Google Tools, Meta, LinkedIn, Healthpoint and Customer Relationship Management (CRM) tools. In some cases we collaborate with Health NZ and may share personal data required for the care of our patients. Ormiston Hospital will also share data on occasion with ACC and insurers.


We may also use the data we collect in collaboration with other businesses that are part of Ormiston Hospital, such as Ormiston Specialists Centre.

5. Use of Cookies

The Ormiston Hospital website uses “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.


One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise Ormiston Hospital pages, or register with Ormiston Hospital site or services, a cookie helps Ormiston Hospital to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Ormiston Hospital Web site, the information you previously provided can be retrieved, so you can easily use the Ormiston Hospital features that you customised.


You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Ormiston Hospital services or websites you visit.

6. Collection of CCTV footage

CCTV cameras are operating 24/7 at our site: Ormiston Hospital, 125 Ormiston Road, Flat Bush.
The purpose of using CCTV systems is to maintain the safety and security of property, patients, staff and visitors at Ormiston Hospital and to monitor and improve business operations. CCTV footage is stored securely and access is restricted to authorised personnel only. Footage is retained for a limited period unless it is required for investigation, security, or legal purposes.


CCTV information may be disclosed to law enforcement agencies or other authorised parties where permitted or required by law.


If you have any queries about the collection and usage of CCTV footage, please contact the Ormiston Hospital Privacy Officer.

7. Security of your Personal Information

Ormiston Hospital secures your personal information from unauthorised access, use or disclosure. Ormiston Hospital secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.


Data from digitally submitted patient information forms via the website is only held on our website server for 30 days to ensure your data is protected. Medical practitioner information and credentialling data is stored in a secure third party Customer Relationship Management (CRM), HubSpot.

8. Changes to this Statement

Ormiston Hospital will occasionally update this Statement of Privacy to reflect company and customer feedback – the date of the latest version can be found at the top of this landing page. Ormiston Hospital encourages you to periodically review this Statement to be informed of how we are protecting your information.

9. Contact information and compliants

Access and correction requests

You may request access to and/or correction of any of the personal information, including your medical records that we hold about you. To enable us to process your request, we ask that you contact us in writing or by email (contact info can be found below) and state:

  • your name;
  • your date of birth; and
  • the kind or type of information that you are requesting access to.

If you wish to correct that information, we may require proof that we have incorrect information held about you (i.e. such as a statement from a doctor).

The type of information held generally includes the following:

  • a record of your hospital procedures and medical history, and;
  • the name of your medical practitioner who is providing or has provided treatment to you, if you are our patient;
  • details relating to your credentialling with us, if you are a medical practitioner working within our hospitals;
  • for some people, information relating to their treatment insurance cover and audit requirements.

Details of what kind of information we hold and for what purpose can be obtained by emailing us. You can also request information as to how we collect, use, store, and disclose your information.


We will acknowledge a request for access and respond to your request as soon as reasonably practicable and no later than 20 working days from the date the request is received, unless we have extended the time limit for responding to your request in accordance with the provisions of the Privacy Act. We may recover from you the reasonable costs of providing access to your personal information. We do not charge you for receiving or processing a request to correct or update your personal information. Access to the information will either be in the form of copies or by allowing you to view the information.


Where your access request may result in disclosure of personal information and, in particular health information, about other individuals, the request for access must be in writing with appropriate consents or a declaration that consent has been given before the personal information is released.


If you establish that the personal information we hold about you is not accurate, complete or up-to-date, we will take reasonable steps to correct the information on being provided sufficient evidence to correct or change the information. Please help us keep your details accurate by letting us know whenever they change or whenever you become aware that our records are inaccurate.


There are certain circumstances permitted under the Privacy Act where we might not be able to fulfil your request. If that happens, we will provide reasons in writing for the denial or limitation on access and the options available to you to dispute the refusal, and we will inform you of any exceptions relied on under the Act. If we don’t allow you to access or correct your personal information, and you disagree with our decision, please contact us using the contact details set out at the end of this privacy statement.


We will investigate your complaint and respond to you as quickly as possible (usually within 30 days of hearing from you). If your complaint takes longer to resolve, we’ll let you know how the investigation is progressing.

Complaints

You should first direct any complaint of an alleged breach of the Privacy Act to our Privacy Officer. The complaint can be emailed to Ormiston Hospital at: PrivacyOrmiston@ormistonhospital.co.nz

Alternatively, any complaint may be sent by post, for the attention of the Privacy Officer, to this address:

Ormiston Hospital & Healthcare
125 Ormiston Road

Flat Bush

Auckland 2013
New Zealand

If you are not satisfied with how we have dealt with the complaint, you may contact the Privacy Commissioner at:

Privacy Commissioner
Level 13, WHK Tower
51-53 Shortland Street
Auckland 1140
New Zealand

Telephone: 0800 803 909

Email: enquiries@privacy.org.nz