Privacy Policy

Effective date: 2025

Origin Aesthetics is committed to protecting your privacy and handling your personal information with care, transparency, and respect. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it.

This policy is issued in accordance with the Privacy Act 2020 (New Zealand) and the Health Information Privacy Code 2020, which apply to the collection and handling of health information.

1. Who We Are

Origin Aesthetics is operated by Dr Maya Williams (FANZCA), practising from 114 Queen Street East, Hastings, Hawke’s Bay, New Zealand. Dr Williams is the data controller for the purposes of this policy.


2. What Information We Collect

2.1 Personal information

We may collect:

  • Full name, date of birth, and contact details (phone, email, address)

  • Booking and appointment information

  • Payment records (note: card details are processed by your payment provider and not stored by Origin Aesthetics)

  • Correspondence with us by email, phone, or through the website

2.2 Health information

As a medical practice, we collect health information that is necessary to provide safe and appropriate treatment. This includes:

  • Medical history, current medications, and known allergies

  • Details of previous aesthetic or cosmetic treatments

  • Consultation notes and clinical assessments

  • Treatment records, including product type, dose, and injection sites

  • Clinical photographs taken before and after treatment


3. How We Collect Your Information

We collect your information:

  • Through online intake and consent forms completed via Cloud Appointments prior to your appointment

  • During your in-person consultation and treatment

  • By phone or email when you contact us

  • Through our website, including booking requests


4. How We Use Your Information

We use your information to:

  • Provide safe and appropriate medical consultations and aesthetic treatments

  • Maintain accurate clinical records as required by the Medical Council of New Zealand

  • Communicate with you about your appointments, follow-up care, and treatment reviews

  • Process bookings and payments

  • Comply with legal and professional obligations

  • Contact you with relevant updates about Origin Aesthetics, where you have consented to receive such communications


5. Clinical Photography

Clinical photographs are taken as part of your medical record and stored securely. These photographs are used only for clinical purposes (including review of your treatment progress) unless you provide separate written consent for their use in marketing or promotional material.

You may withdraw consent for marketing use of your photographs at any time by contacting us. Withdrawal of marketing consent does not affect your clinical record.

Photographs are stored on encrypted media and in your patient record in Cloud Appointments. No clinical photographs are posted publicly without your express written consent.


6. AI-Assisted Clinical Notes

Origin Aesthetics uses Heidi Health, an AI-assisted clinical documentation tool, to support the creation of consultation notes. Audio from consultations may be processed by Heidi Health to generate draft notes, which are then reviewed and finalised by Dr Williams.

Heidi Health operates in compliance with applicable privacy and health data standards. If you prefer that AI-assisted transcription not be used during your consultation, please advise Dr Williams at the start of your appointment.


7. Where Your Information Is Stored

Your clinical records and booking information are held in Cloud Appointments, a cloud-based practice management platform. Cloud Appointments stores data on secure, encrypted servers. We recommend reviewing Cloud Appointments’ own privacy policy for further detail on their data handling practices.

Clinical photographs are stored on encrypted media before being uploaded to your patient record. Hard copy records, if any, are held securely at the practice premises.


8. Who We Share Your Information With

We do not sell or share your personal information with third parties for commercial purposes. We may share your information in the following limited circumstances:

  • With your GP, specialist, or other treating clinician where this is clinically appropriate and with your knowledge

  • With Cloud Appointments and Heidi Health as our service providers, for the purposes described above

  • Where required by law, including in response to a lawful request from a regulatory authority or court

  • Where disclosure is necessary to prevent a serious threat to your health or safety or that of another person


9. How Long We Keep Your Information

Clinical records are retained for a minimum of ten years from the date of your last treatment, in accordance with Medical Council of New Zealand guidance. Records relating to treatment of minors are retained until ten years after the patient turns eighteen.

Booking and administrative records may be retained for a shorter period as required for business and accounting purposes.


10. Your Rights

Under the Privacy Act 2020 and the Health Information Privacy Code 2020, you have the right to:

  • Request access to the personal information we hold about you

  • Request correction of any information you believe to be inaccurate or incomplete

  • Withdraw consent for specific uses of your information (such as marketing communications or use of photographs in promotional material)

  • Ask us to explain how your information has been used

To exercise any of these rights, please contact us using the details below.


11. Security

We take reasonable steps to protect your personal information from unauthorised access, use, disclosure, or loss. These measures include secure storage of clinical records, encrypted handling of photographs, and use of reputable, compliant third-party platforms.

If you believe there has been a breach of your privacy, please contact us promptly.


12. Privacy Complaints

If you have a concern about how Origin Aesthetics has handled your personal information, we encourage you to contact us directly in the first instance. We will respond to privacy inquiries within 20 working days.

If you are not satisfied with our response, you have the right to make a complaint to the Office of the Privacy Commissioner at privacy.org.nz or by calling 0800 803 909.


13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website at originaesthetics.co.nz. We encourage you to review it periodically.


14. Contact

For any privacy-related questions or requests, please contact us through the website at info@originaesthetics.co.nz