[last updated August 2018]
Under the Australian Privacy Act 1988 (Cth), personal information is information about a living person which
can be used (by itself or together with other information) to reasonably identify that person. As we are
involved in the Health Sector, we take additional precautions with privacy and are governed by the Australian
personal information we receive and hold about you, who we share it with, how we keep it secure and what
your rights are. We aim high. If you think we can improve our privacy handling, please let us know via the
below contact details.
Schedule 1 – Our details if you need to contact us.
Business Name: Hope Health Centre
Address: 28 Grandview Avenue, Turvey Park, NSW, 2650
Phone: 02 6925 0000
When we talk about ‘us’ or ‘our’, we mean our business/entity as identified in the above schedule 1.
When we talk about ‘you’, ‘user’ or ‘your’ in our terms and conditions, we mean you, the user of our services or
visitor to our website.
'Personal information' is information that directly identifies you, such as your name and email address, or data
that could be used, on its own or in combination with other data, to identify you. It has the meaning given to it
in the Act. Sensitive information is personal information requiring special protection and includes information
about your health. For the purposes of this policy, we are including sensitive information within personal
In general, we only use your personal information for the delivery of our services and to send you information
about our services. We never sell or give away your personal information.
1. Staying Anonymous
You can browse our online website anonymously (although cookies may identify your IP address). However, if
you use, request or sign up for/purchase any of our services, you will need to identify yourself and at that point
we will start collecting your personal information. If you do not give personal information to us, it will affect our
ability to provide you with requested information or to deliver our products or services.
When you visit us in person, you may be able to stay anonymous or use a pseudonym in some circumstances.
Please let us know when you make a booking (or when you arrive if you didn’t need a booking) and we can
discuss your options. Depending on your circumstances, we may not be able treat you if you do not provide your personal information.
2. My Health Record
Our practice is not registered with the government’s My Health Record system.
3. Collecting personal information
At all times we try to only collect the minimum information we need to keep to provide our services (as
requested by you) and to keep our records up to date.
The main way we collect personal information about you is when you give it to us, for example:
when you contact us
when you submit information to our website or in person (e.g. question sheet)
when you talk with us in person
when you ask for access to information we hold about you
4. Collecting information from third parties
We may also collect personal information that is given to us or available to us by a third party (for example,
information that a referring specialist or general practitioner makes available to us). If someone calls on your
behalf or provides us with information about you, we may collect the caller’s name and contact details as well.
We may collect information from your employer or prospective employer (if relevant).
When you use our website, we may receive data from third parties such as analytics providers and advertising
networks like Google and Facebook.
We may access information from My Health Record about you, but will only add what is relevant from that
information to our records if it is important to enable us to provide better services to you.
This information forms part of the personal information described in this policy.
We will not intentionally collect personal information that is unintentionally disclosed.
5. What do we collect
To enable us to safely deliver our health services to you, it is necessary for us to collect and store basic and
health information about you. It is important that we keep your records up to date and we have processes in
place to help with this. For example, we may ask you if your details have changed each time you use our service.
We will collect (as appropriate to your circumstances) the following types of information:
Your name, address, telephone, email
You date of birth
Your Medicare card details as well as any related card numbers (Health Care Card, Veterans, Private Health fund etc)
Information relevant to your health (current and historical) including medications
Family medical history
Your ethnic background (if relevant to your care)
Your work history and/or current position
Medical reports, referral letters, test results etc
Any other information you provide or we receive from third parties
We keep your records in our system while you are still an active client of ours. After that, we may keep your
archived records for up to 25 years, or as long as is required under relevant health regulations.
When we collect personal information about you, we will take steps to appropriately protect the information we
receive. For example, our paper copy forms are stored in a locked filing system and our local electronic stored
data is password protected.
6. How do we use your personal information and who do we share it with?
We collect and use your personal information to provide our services to you, including your health care.
Additionally, we use or share your information as follows:
We use it for administrative and billing purposes.
We will share your information with your carer or representative if you have authorised us to do so or
they have provided us with your authority (for example under a Power of Attorney for health decisions).
If you are under the age of 18, we will share your information with your legal guardian.
We will add your health information to My Health Record with your consent.
We will share your health information with authorised health practitioners within our business.
We will share your health information when we are required to do so by law. For example, if we receive
a valid court subpoena to disclose information.
If we refer you to a third party for additional therapy, we will share your information with the third party
with your consent.
We will use your information for recalls or follow up visits.
If we are seeing you for a work-related matter, we will share your personal information with you
employer (or prospective employer), their authorised representative and their insurer.
We will also disclose your health information if there is an emergency which we feel warrants disclosing
your health or other information. For example, if you were suddenly unwell at our premises and we call
the paramedics, we will tell the paramedics all health information we hold about you as well as your
name, date of birth etc.
We will also share your personal information (eg. contact details) for business purposes including:
Third party suppliers, we engage to provide services which involve processing data on our behalf, for
example, IT and system administration services, website developers. In this case, we will require them to
use that information only for the purpose of providing the services we have requested, and in
Payment third parties if there is a dispute over a payment. For example, if our third-party payment
provider contacts us regarding a dispute over a payment, we will provide them with requested
information and billing details on our system etc to allow the payment dispute to be resolved.
If you have received Medicare or health insurance rebates and we receive a request for information
from that provider, we will share information with them to validate your claim.
Professional advisers including accountants, lawyers, bankers, auditors and insurers for the compliant
operation of our business.
Government bodies that require us to report processing activities.
Third parties where we are required to in accordance with the law. We reserve the right to fully co-
operate with any law enforcement authorities or court order requiring or requesting us to disclose the
identity or other usage details of any user of our online services, or in accordance with a properly
executed court order, or as otherwise required to do so by law.
7. Direct Marketing
We may send you direct marketing about our products or services. You may always opt out of receiving this
marketing by letting us know. For example, if we send you an email there will be an opt-out option at the
bottom of the email. Opting out of marketing will have your details removed from our marketing list but will not
change the way we use other personal information we hold about you. For example, you may still receive
reminders about upcoming appointments.
8. Testimonials, Service ratings and public comment
Under national health regulations, we are prohibited from publishing testimonials from our clients.
You may provide us with a star rating on our website or Facebook page but cannot include any written
explanation of why you gave us that star rating. You may talk about our services on websites or social media
platforms that are not under our control.
Be aware that if you provide any public rating or comment about your use of our services, you will be making
your status as our client part of public record.
9. Social media platforms and messaging systems
We may have a social media presence. Be aware that if you connect with us on social media, you will
be making your status as our client, or someone related to a client, part of public record.
We may use your personal information on social media to let you know about our services or upcoming
offers or events. We may confirm an appointment time with you through a messenger service.
We will not discuss or collect your health information via social media or messaging services.
We use a range of tools provided by third parties including search engine browsers and our web hosting
company, to collect or view website traffic information. These sites have their own privacy policies. We also use
cookies and session tools to improve your experience when accessing our websites and tracking cookies or
remarketing pixels for analytical and advertising purposes.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline
cookies if you prefer. Some website features may not function properly without cookies.
The kind of information that can be collected includes:
device-specific information such as mobile network information
server logs including your IP address, the times you use our services and system activity
location information including IP address, GPS, and Wi-Fi access points
local storage availability
We use the information to help to track your use of our online services to improve your user experience and the
quality of our services.
To find out how to opt-out of tailored advertising please check the options available here -
11. Third Party Links
Our website may contain links to other websites who will have their own privacy policies. Once you leave our
website, we are no longer responsible for your personal information and you should ensure you are familiar with
the privacy policies of third party sites you visit.
12. Security and overseas recipients
We use safe practices and appropriate password protection for our systems and aim to ensure our third-party
providers use similar care with your personal data. No security measures are 100% safe however and your data
is stored with us at your own risk. We take reasonable steps to protect all personal information within our direct
control from misuse, interference, loss, unauthorised access, unlawful or accidental destruction, modification or
disclosure. To prevent unauthorised access or disclosure we use respected hosting services, firewall and other
electronic security procedures and managerial procedures to safeguard and secure the information we collect
We have procedures in place to deal with any suspected personal data breach and will notify you and any
applicable regulator of a breach if we are legally required to.
We rely on third-party providers to store the information you have provided to us securely and your data will
cross international borders. Not all countries have the same level of privacy protection as Australia and you
acknowledge and agree to our transferring of your personal data across international borders in this way. We
will do our best to ensure your data is protected to a similar standard as set out in this policy by using third party
providers with similar privacy protections.
All hard copy files are stored in Australia.
13. Accessing and correcting your personal information – Your legal rights
You have the right to know what information we hold about you and to ensure the information is accurate and
up to date.
If you wish to exercise any of the rights, please contact us using our contact details in schedule 1.
You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your
request is clearly unfounded, repetitive or excessive. We may also refuse to comply with your request in these
We may need to request specific information from you to help us confirm your identity and ensure your right to
access your personal data (or to exercise any of your other rights). This is a security measure to ensure that
personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you
for further information in relation to your request to speed up our response. For record-keeping purposes, we
will record and store all information exchanged during an exercise of your rights under this clause.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is
particularly complex or you have made a number of requests. In this case, we will notify you.
If you have any concerns about our use of your personal information, please let us know what the problem is in
writing to the email address shown in the schedule at the top of this policy. We will do our best to help and will
respond to your concerns within 30 days.
If, after lodging a complaint with us, you are not happy with how we managed your concerns, you can contact
the Australian Privacy Commission, available at http://www.oaic.gov.au.
use our online services.