As a health service provider, we are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
Personal Information We Collect
The types of personal information we collect may include:
We may collect the above types of personal information from people including website visitors, clients, email subscribers, social media fans, employment applicants, potential clients, referral partners and service providers.
We may also collect the following sensitive information:
We usually will only collect sensitive information from clients we are providing services to, or potential clients who have requested our services.
How We Collect Personal Information
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly.
We may collect personal information in a number of ways:
We collect sensitive information in more limited circumstances, such as:
We limit the circumstances in which we collect personal and sensitive information indirectly. This may be where a person has authorized us to collect information from other person(s) or it is not practical or reasonable to collect it from you directly, such as
Why We Collect, Hold, Use and Disclose Personal Information
We collect, hold, use and disclose personal information as is reasonably necessary for us to operate our business and provide our services, including for the following purposes:
We only collect, hold, use and disclose sensitive information where it is necessary for us to provide a service we have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing), unless we have received the person’s prior informed consent. If we form the view that it is necessary for us to disclose personal or sensitive information to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety and it is impractical for us to first obtain the patient’s consent, we may disclose information in those circumstances.
We will retain patient medical records for at least the minimum period required by law (currently 7 years from the date of last entry into the patient record).
We do not disclose personal information to overseas recipients.
We never sell or rent personal or sensitive information we collect.
How We Hold and Protect Personal Information
We store personal information in hard copy and/or electronically, including as
We may use a third-party provider to host personal information (such as photographs) on an online portal for the purpose of information sharing with the provider of the information.
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:
We take extra precautions to protect sensitive information, including:
If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify the individual as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.
Requests to Access, Correct or Delete Information
You can request details of personal information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act).
Requests must be made in writing to firstname.lastname@example.org. We will acknowledge receipt of your request within a reasonable time (usually 21 days) and detail whether the request can be complied with. We may refuse to provide you with information that we hold in certain circumstances set out in the Act or other legislation. Otherwise, we will provide access to the information if it is reasonable and practicable to do so. In most cases we will do this free of charge, but if your request requires significant effort or expense on our part, we might ask for compensation for that. We will give you an indication of any costs associated with providing the information. If you request for us to process your request, we will pass on agreed costs for time spent and photocopying costs when processing a request. Information can be expected to be provided within 30 days.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below.
We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.
If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us using the details set out below.
Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information.
We will respond to any request to access, correct or delete information within a reasonable time.
We like to keep our customers and website visitors up to date, so from time to time we will send you newsletters, invitations and updates. Not to worry: our emails will always come with an “Unsubscribe” button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details set out below.
If you have a concern about management of your personal information, please contact us at email@example.com. We can also provide you with a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled, on request.
If unsatisfied with our response, you may lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.
Changes to this policy
This policy was last updated: 27 August 2021