Privacy Policy

1. About This Policy

This Privacy Policy explains how Aromatawai (“we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you access or use our platform for posting anonymous reviews of health-care services located in Auckland, New Zealand (“Services”). We are committed to safeguarding your privacy in accordance with the New Zealand Privacy Act 2020 (“Privacy Act”) and all other applicable laws.

2. What Information We Collect

We intentionally keep data collection to an absolute minimum. When you submit a review or otherwise interact with our Services, we collect only:

IP Address

  • Automatically captured by our servers when you connect.
  • Stored in an encrypted database.

We do not request or store your name, email address, phone number, or any other identifying details. However, please be aware that in some circumstances an IP address may be considered “personal information” under the Privacy Act.

Optional / Ancillary Data

  • Log Data: browser type, date-time of request, and referrer URL may be logged automatically for security and performance monitoring.
  • Cookies: we use only essential cookies necessary for site functionality; no third-party tracking cookies are deployed.

3. How We Use Your Information

We use the IP address and log data solely to:

  1. detect and mitigate spam, abuse, or fraudulent activity;
  2. enforce our Terms of Use (e.g., limiting multiple reviews from the same IP within a designated period);
  3. ensure platform security and integrity;
  4. generate aggregated, non-identifying statistics on site performance.

We do not use your IP address for marketing, profiling, or targeted advertising.

4. Legal Basis for Processing

Our collection and processing of your IP address are based on:

  • “Necessary for legitimate interests” (s 22 of the Privacy Act) – protecting our platform from abuse, ensuring reliable service, and maintaining accountability in published reviews.
  • Compliance with legal obligations – responding to lawful requests by courts or regulatory authorities.

5. Disclosure of Information

We will not sell, rent, or trade your personal information. We disclose IP addresses only:

  • to trusted service providers (e.g., hosting or security vendors) who must process such data solely on our instructions and under strict confidentiality;
  • when required by applicable law, court order, or governmental request;
  • to protect the rights, property, or safety of our users or the public (e.g., investigating malicious attacks).

6. Storage and Security

  • Encryption: IP addresses are stored using industry-standard encryption at rest.
  • Access Controls: Access is limited to authorised personnel with need-to-know responsibilities.

7. Your Rights

Under the Privacy Act you have the right to:

  • Request confirmation of whether we hold personal information about you;
  • Access and receive a copy of that information;
  • Request correction of any inaccurate or incomplete information;
  • Complain to the Office of the Privacy Commissioner if you believe your privacy rights have been breached.

To exercise these rights, please contact us using the details in Section 10. We may need to verify your identity (where possible) before fulfilling any request.

8. International Transfers

Our servers may be located outside New Zealand. When personal information is transferred or stored overseas, we ensure that the receiving jurisdiction safeguards your information to a standard comparable to the Privacy Act, or that appropriate contractual protections are in place.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the revised policy on this page and update the “Last updated” date. Significant changes will be announced prominently on our website or via email (if we hold your email address).

10. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact:
Email: enquiries@teroopuwaiora.nz
 

We aim to respond within 20 working days, as required by the Privacy Act.

11. Definitions

“Personal information” has the meaning given in the Privacy Act 2020 and refers to information about an identifiable individual.
“IP Address” is a numerical label assigned to each device connected to the Internet, which can sometimes be used to identify an individual or, more commonly, the household or organisation that controls the device.