Privacy Policy

Effective date: 29 May 2026

This Privacy Policy explains how Collins Kelly Plastic Surgery Ltd (NZBN 9429050957460), trading as The Surgery Dunedin ("we", "us", "our"), collects, uses, stores, and discloses your personal information and health information when you visit thesurgerydunedin.com (the "Site") or interact with us through the Site.

We are committed to protecting your privacy and handling your information in accordance with the Privacy Act 2020, the Health Information Privacy Code 2020 (HIPC), and other applicable New Zealand laws.

Who we are

The Surgery Dunedin is a medical practice operated by Dr Anne Collins. As a registered health practitioner, we are a "health agency" under the Privacy Act 2020 and are bound by the additional protections of the Health Information Privacy Code 2020 when handling health information.

Information we collect

We collect two categories of information through this Site.

Personal information, which may include:

  • Your first and last name
  • Email address
  • Phone number
  • Postal and billing address (if you purchase products)
  • Payment information (processed by our payment provider, never stored by us directly)
  • Any other information you choose to provide in your message to us

Health information, which may include:

  • The procedure or treatment you indicate you are considering or seeking advice about
  • Any health-related details you choose to share in your enquiry message

We only collect health information that is necessary for us to respond to your enquiry and provide our services. You are not required to provide health information through the Site, and you may prefer to discuss any health matters in person during a consultation.

We also collect limited technical information automatically when you visit the Site, including your IP address, browser type and version, the pages you visit, and the time and date of your visit. This is collected through Google Analytics (see "Cookies and analytics" below).

How we use your information

We use the information we collect to:

  • Respond to your enquiry and arrange consultations or appointments
  • Process and fulfil orders from our online store
  • Provide the medical services you have requested
  • Communicate with you about your enquiry, order, or care
  • Maintain accurate clinical and business records
  • Improve our Site and services
  • Comply with our legal and professional obligations as a medical practice

We may send you marketing communications, product updates, skincare information, special offers, or news about The Surgery where you have expressly opted in to receive them.

You can unsubscribe from marketing communications at any time by using the unsubscribe link included in our emails or by contacting us directly.

We will not send you marketing communications unless you have consented to receive them or we are otherwise permitted to do so under applicable law.

How we share your information

We do not sell your information. We only share your information in the following limited circumstances:

  • Shopify processes orders from our online store, including payment, shipping, and order management. Order data is held on Shopify's infrastructure (which is located overseas, including in the United States).
  • Google Analytics processes anonymised website usage data on our behalf. Google's servers are located outside New Zealand.
  • Our clinical and administrative team may access your information internally for the purpose of responding to you and providing care.
  • Other healthcare providers may receive your health information where this is necessary for your care and you have consented (or where disclosure is otherwise permitted under the HIPC, for example in an emergency).
  • Regulatory and legal authorities, where we are required by law to disclose information (for example, to the Medical Council of New Zealand, the Health and Disability Commissioner, ACC, or under a court order).

Overseas storage and disclosure

Some of the third parties listed above (including Shopify and Google) store and process information on servers located outside New Zealand. As a result, your personal information may be transferred to and stored in other countries. 

Where we disclose personal information overseas, we take reasonable steps to ensure that the recipient protects the information in a manner that provides safeguards comparable to those required under New Zealand privacy law, or otherwise complies with the requirements of the Privacy Act 2020. This may include relying on contractual protections, the recipient's privacy and security practices, or other measures permitted under the Privacy Act 2020.

By using this Site and providing information to us, you acknowledge that your information may be processed and stored outside New Zealand by our service providers.

How long we keep your information

We retain health information for a minimum of 10 years from the date we last provided services to you, in accordance with the Health (Retention of Health Information) Regulations 1996.

Other personal information (such as enquiries that do not result in a consultation, or online store orders) is retained only for as long as we need it for the purpose it was collected, or as required by law.

Security

We take reasonable steps to protect your information from loss, misuse, unauthorised access, modification, or disclosure. These steps include access controls, secure storage, and using reputable third-party providers.

However, no method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

Your rights

Under the Privacy Act 2020 and the HIPC, you have the right to:

  • Access the personal and health information we hold about you
  • Request correction of any information that is inaccurate, out of date, or incomplete
  • Withdraw consent for us to handle your information, where consent is the basis on which we hold it (noting this may affect our ability to provide services to you)
  • Make a complaint if you believe we have not handled your information appropriately

To exercise any of these rights, please contact us at hello@thesurgerydunedin.com

We will respond to your request within 20 working days, as required under the Privacy Act 2020.

Cookies and analytics

Cookies are small text files placed on your device by websites you visit. We use cookies through Google Analytics to understand how visitors use our Site, which helps us improve it. The information collected is anonymised and aggregated.

You can set your browser to refuse cookies or to notify you when a cookie is being sent. If you refuse cookies, some parts of the Site may not function properly.

Children

This Site and our online store are not directed at children under 16. If you are under 16, please ask a parent or guardian to make any enquiry or purchase on your behalf.

Complaints

If you are unhappy with how we have handled your personal or health information, please contact us first at hello@thesurgerydunedin.com so we can try to resolve the matter directly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Privacy Commissioner:

For complaints specifically about health information, you may also contact the Health and Disability Commissioner:

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make any material changes, we will post a prominent notice on our Site and update the effective date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Site after we post any changes constitutes your acceptance of the updated policy.

Contact us

If you have any questions about this Privacy Policy or how we handle your information, please contact us at:

Email: hello@thesurgerydunedin.com 

Practice: The Surgery Dunedin