Privacy Policy

Effective 26 October 2019

Phyx Limited (“our, we or us”) is committed to protecting your personal information. We have created this Privacy Policy to help you understand how we collect, use and protect your information when you use the Phyx website (“the website”).

If you want to talk to us about this policy or any concerns or queries you have about the use of your personal information, please email us at

1. What information does Phyx collect?

We collect information relating to you that you have provided to us through the use of the website, when you book a consultation, or when you communicate with us..    

This information may include your name, email address, phone number, billing information, and contact information. This information may be held by us while you are using our services and for a period of seven years afterwards. The website also uses cookies to track user engagement. The basis for us processing this information is our legitimate interest in administration of the business and improving our products and services based on who uses them. 

 All information obtained during a digital physiotherapy consultation is confidential and will only be shared for medical purposes with your explicit consent. This information will be documented as clinical notes and retained for a period of seven years following your last contact with Phyx, as per New Zealand law. 

2. How do we use your information?

The information that we collect from you may be used by us for a number of purposes connected with our business such as:

2.1 arranging consultations;

2.2 replying to your communication with us;

2.3 carrying out market and product analysis, and improvements to our products and services;

2.4 contacting you about our products and services (if you consent);

3. Sharing your information

There may be times when we need to disclose your personal information to third parties. If we do this, we will only disclose your information to:

3.1 companies which maintain and operate the servers that store the website content;

3.2 email services which distribute communications from us 

3.3 services which interpret data from cookies

3.4 services responsible for processing your payments

These third parties are based in the U.S. and are certified under the EU-US Privacy Shield Framework.

5. Protecting your personal information

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment protected from unauthorised access, modification or disclosure.

6. Your rights as a data subject

6.1 The right to be informed – this means we must inform you how we are going to use your personal data. We do this through this privacy policy and by informing you how your data will be used each time we collect it.

6.2 The right of access – you have the right to access your personal data (i.e. data that is about you) that we hold. To request access to your data, please email

6.3 The right to rectification – if you think the data we hold on you is incorrect, tell us so we can put it right. You can do this by contacting

6.4 The right to erasure – you have the right to request that we delete your data. We will do so, provided that we do not have a compelling reason for keeping it. To request this, please email

6.5 The right to restrict processing – There are circumstances in which you can suppress the processing of your personal data, for example, stopping communications with us. To request this, please email

6.6 The right to data portability – you can obtain and reuse your personal data for your own purposes across different services To request, please email

6.7 The right to object – you have the right to object to any direct email marketing messaging, and can do this by following the unsubscribe instructions included in email communications. If you would like to formally object to any of our legitimate interest processing, please email

6.8 Rights in relation to automated decision making and profiling – Phyx does not currently use automated decision making processes. If this changes, this policy will be updated accordingly. 

7. Complaints

You may direct complaints to or your national privacy regulation office. 

8. Consent 

We will only engage in some types of data processing  with your consent. One of those is sending you direct marketing messages. You can choose to opt in or out of email marketing on the website or by following the ‘unsubscribe’ link in marketing emails.