1.         Purpose
At G & M Therapeutics Pty LTD (the “Clinic”) we are committed to protecting the privacy and security of personal information we collect from our patients and visitors to our website. This Privacy Policy (the “Policy”) outlines how we handle your personal information, your privacy rights, and our obligations under privacy laws, including:
●      Privacy Act 1988 (Cth)
●      My Health Records Act 2012 (Cth)
●      Various state-specific health records and privacy laws

2.         Scope
This policy applies to all personal and health information collected, stored, used, and disclosed by the clinic regarding any individual using our services.

3.         Definitions
●      Personal Information: Information or an opinion about an identifiable individual, recorded in any form, including names, contact details, or other details from which a person’s identity can reasonably be ascertained.
●      Sensitive Information: A subset of personal information that includes racial or ethnic origin, political opinions, religious beliefs, sexual preferences, criminal records, or membership in professional/trade associations.
●      Third-Party Website Visitors: Individuals who visit the clinic’s website but are not current patients or users of our services.

4.         What Information We Collect
We may collect the following types of personal information:
4.1.         Patients
●      Contact Details: Name, address, phone number, email address.
●      Health Information: Medical history, symptoms, treatment plans, test results, prescriptions, and other health-related data.
●      Payment Information: Medicare details, private health insurance details, credit card information, and payment history.
●      Technical Data: IP address, browser type, device information, and usage data collected through our telehealth platform and website.
4.2.         Website Visitors
●      Technical Data: IP address, browser type, operating system, device information, and website usage data.
●      Personal Data: Any personal information you choose to provide through contact forms, newsletter sign-ups, or online queries.

5.         How We Collect Information
We collect personal information through various methods, including:
●      Direct interactions with patients during consultations, via telehealth platforms, phone calls, or emails.
●      Online forms, such as appointment booking or contact forms on our website.
●      Automatic collection through cookies and similar technologies when you visit our website.
●      Third-party referrals from other healthcare providers, insurers, or authorised representatives.

6.         How We Use Your Information
6.1.         Patients
We use your personal information for the following purposes:
●      To provide healthcare services, including telehealth consultations, diagnosis, treatment, and follow-up care.
●      To communicate with you regarding appointments, treatment plans, and health-related information.
●      To process payments, including Medicare and private health insurance claims.
●      To comply with legal and regulatory obligations, such as reporting notifiable diseases or responding to court orders.
●      To improve our services, telehealth platforms, and website functionality.
●      To provide you with updates about our services, appointment reminders, or health-related information. You can opt out of receiving these communications at any time by following the “unsubscribe” instructions included in the communication or by contacting us directly. We will not use your health information for direct marketing without your explicit consent.
6.2.         Website Visitors
We use your information to:
●      Respond to your inquiries or requests made through our website.
●      Analyse website usage and improve user experience.
●      Manage our website’s functionality and security.

7.         Disclosure of Information
We do not sell or rent your personal information to third parties. We may share your personal information in the following circumstances:
●      Healthcare Providers: With your consent, we may share your health information with other healthcare providers involved in your care.
●      Third-Party Service Providers: We may share your information with third-party service providers who assist us in delivering our services (e.g., IT service providers, payment processors) under strict confidentiality agreements.
●      Legal Requirements: We may disclose your information where required or authorised by law (e.g., to comply with a subpoena or court order).
●      Regulatory Authorities: We may disclose your information to regulatory authorities as required for compliance with health regulations.
●      Overseas Disclosure of Information: We do not routinely disclose personal or health information to overseas recipients. If it becomes necessary to transfer your information outside Australia (for example, where our third-party service providers store data on secure overseas servers), we will:
○      Only transfer the information where permitted by law;
○      Take reasonable steps to ensure the overseas recipient complies with Australian privacy principles or equivalent safeguards; and
○      Inform you in advance, including which country the information will be transferred to, where possible.

8.         Data Security Measures
We implement the following measures to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure:
●      Encryption: All personal information is encrypted during transmission over the internet using secure socket layer (SSL) technology.
●      Access Controls: Access to your personal information is restricted to authorised personnel who need it to perform their duties.
●      Secure Storage: All digital data is stored on secure servers protected by firewalls and regularly updated security software.
●      Regular Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
●      Multi-Factor Authentication (MFA): Employees must use MFA to access systems containing sensitive information.

9.         Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your user experience. Cookies are small text files stored on your device by a web server that help us understand website traffic and usage.
●      Types of Cookies Used:
○      Essential Cookies: Necessary for the website to function properly.
○      Performance Cookies: Help us analyse website performance and improve user experience.
○      Functionality Cookies: Enable enhanced functionality, such as remembering your preferences.
●      Managing Cookies: You can choose to accept or decline cookies through your browser settings. However, disabling cookies may limit your access to certain features of our website.

10.         Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, as required by law, or for other legitimate purposes, such as compliance with our legal obligations. Retention periods are as follows:
●      Patient Health Records: Retained for at least 7 years from the last date of entry, or until minors reach the age of 25, whichever is longer.
●      Website Visitor Data: Retained for up to 2 years or as required for legal or business purposes.

11.         Your Rights
Under Australian privacy laws, you have the following rights regarding your personal information:
●      Access: You have the right to request access to your personal information held by us. We will provide access within 30 days, subject to applicable exceptions.
●      Correction: You have the right to request corrections to your personal information if it is inaccurate, incomplete, or out of date.
●      Withdrawal of Consent: You may withdraw your consent for us to use your personal information at any time by contacting us.
●      Complaints: If you believe your privacy has been breached, you have the right to lodge a complaint with our Privacy Officer using the contact details provided in Section 15, or with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

12.         How to Access or Correct Your Information
If you wish to access, correct, or update your personal information, or if you have any questions or concerns regarding this Policy, please reach out to our Privacy Officer using the contact details provided in Section 14.   We will respond to your request within a reasonable timeframe and in accordance with applicable laws.

13.         Data Breach Notification
In the event of a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). This includes:
●      Promptly assessing suspected data breaches;
●      Notifying affected individuals as soon as practicable; and
●      Notifying the Office of the Australian Information Commissioner (OAIC) in accordance with legal requirements.

14.         Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and we encourage you to review this policy periodically.

15.         Contact Information
If you have any questions or concerns about this policy or our data handling practices, please contact:
●      Privacy Officer: Jessica Fernando
●      Contact Details: [email protected]