PRIVACY POLICY

PURPOSE
Dee Why Skin Cancer & Cosmetic Clinic (ACN 681 417 390) (We / Us) is a facility that provides rooms and services to medical practitioners and other health service providers who operate their practice from within the facility.

We are committed to protecting the privacy of personal information provided to Us and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

Where we refer to “personal information” in this Policy, we are referring to any information that is personal information under the Privacy Act. This Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information.

CONSENT
We are committed to ensuring that any personal information we collect is obtained lawfully, transparently and with your consent, whenever it is practical for us to do so. By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy. In some circumstances, where it is not reasonable or practical for us to collect this information directly from you, responsible persons (for example, a spouse or partner, close family member, emergency contact or enduring medical power of attorney) may consent on your behalf.

COLLECTION OF PERSONAL INFORMATION
We generally collect information that is necessary and relevant to enable Us to provide you with access to medical care, treatment and to manage the facility. If you choose not to provide information as requested, we may not be able to service your needs. This information may include your name, address, date of birth, gender, health information, family history and contact details and any other information to assist Us in providing you access to Services provided by your healthcare provider.

We will usually collect your personal information directly from you, including by telephone, email, written correspondence, online forms, through our practice management and clinical software systems, or via third-party service providers that assist us in operating the practice, including online booking, reminder and communication platforms.

We may also collect information from a third party where your health may be at risk, and we need your personal information to provide you with emergency medical treatment.

The third parties from whom we may collect your personal information include:

  1. other health service providers, including healthcare professionals, hospitals, clinics and other pathology practices if they have referred you to us or are involved in your care. (Your doctor will generally explain why they are collecting the information and where it is going.)
  2. your nominated responsible persons (such as a relative or carer)
  3. the My Health Record program operated by the Australian Commonwealth Department of Health, if you have chosen to participate
  4. health insurers, law enforcement or other government instrumentalities.
    We may be required by law to retain medical records for a period of 7 years following your most recent visit, or to age 25 for children.

USE AND DISCLOSURE
We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose).

We may use third-party service providers, contractors and cloud-based software platforms to assist in operating the practice and administering healthcare services. These providers may assist with appointment bookings, recalls and reminders, billing and payment administration, practitioner service fee reconciliation, reporting, analytics, accreditation, document management, secure messaging, practice management, clinical software integration, IT support and other administrative or operational functions. We take reasonable steps to ensure that these providers handle personal information in accordance with applicable privacy, confidentiality and security obligations.

The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include:

  1. to coordinate and/or communicate with healthcare providers involved in your care
  2. to procure additional healthcare services on your behalf (such as referrals to other providers or obtaining second opinions)
  3. to conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
  4. to liaise with your health fund, insurer, Medicare, Department of Veterans’ Affairs, Department of Health or another payer or contractor of services
  5. MyHealth record system. If you choose to participate in the MyHealth Record program operated by the Commonwealth Department of Health, we may access the personal information it contains. We may also disclose your personal information by uploading your health information electronically to the My Health Record system.
  6. to fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law
  7. to send you standard reminders (for example, for appointments for follow-up care, account management), by text message, mail or email, to the number or address that you have provided to us
  8. We may contact you as part of your ongoing care, for example, in relation to appointments and patient check-ups.
  9. to handle a complaint or respond to anticipated or existing legal actions
  10. to obtain feedback about our services or provide advice or information to you about products, services, treatment options and clinical trials that are relevant to you
  11. for billing, reconciliation, practitioner service fee calculation, payment processing and related administrative and operational functions associated with managing the practice and facilitating healthcare service
  12. to engage you (as a contractor) to provide products or services to us

In addition, we may de-identify and/or aggregate personal information that we collect for purposes including clinical research, quality assurance, accreditation, operational reporting, practice management, service utilisation analysis, customer service improvement, health outcomes analysis and other administrative or business activities.

We will treat your personal information as strictly private and confidential. We will use and disclose your personal information for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment or as otherwise required or permitted by law, including to provide medical services or to provide reminders to you.

Our systems and service providers may change from time to time as part of the ongoing operation and improvement of the practice.

CLOSED CIRCUIT TV
We may have CCTV installed in the common areas at Our centres, such as the reception area. CCTV systems are only installed in areas of operation. CCTV cameras are never hidden. The recording of CCTV footage may be continuous or limited. We may collect, use and disclose your personal information in the CCTV footage for security purposes.

REMAINING ANONYMOUS IN ACCESSING SERVICES
If you are accessing healthcare services through Us, staying completely anonymous may not be practical because we are required to maintain accurate records of the care and services you receive access to. While we may be able to accommodate the use of a pseudonym, be aware that choosing not to disclose your real identity could affect the quality of services you receive. If you would like to use a pseudonym that is confidentially linked to your real identity, please let us know so we can discuss how best to assist you in the management of your care and treatment at Our facilities.
For other interactions, you are welcome to contact us anonymously or use a pseudonym. However, doing so may limit Our ability to effectively address your feedback or inquiries. We will inform you if collecting additional personal information is necessary to assist you further.

DIRECT MARKETING
We may use the personal information we collect from you for marketing purposes, including e-newsletters, promotions and special offers. Our communications may be sent to you in various forms, including mail, SMS, and email in accordance with applicable laws. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

If you have received marketing information from Us and you wish to stop receiving it, you can contact us (either using the contact details below or the opt-out mechanism detailed in our marketing material) and ask us to stop sending the marketing information within a reasonable time after your request has been made.

We will not sell, distribute, or licence your personal information to third parties unless we have your permission or are required by law to do so.

DATA QUALITY AND SECURITY
We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure. We collect that information from you directly and rely on you to supply accurate information.

ACCURACY
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes. Our staff may ask you to confirm that your contact details are correct when you attend a consultation.

SECURITY
We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures to protect your privacy. We regularly review our information security processes to ensure they continue to offer an appropriate level of protection for your information.

RETENTION
When we no longer need your personal information for the purposes described in the Policy, and we are not required to retain it under relevant accreditation standards or law, we will destroy or permanently de-identify it.

NOTIFICATION
If we become aware that unauthorised access or disclosure of your information has occurred and there is a likely risk of serious harm associated with that unauthorised access or disclosure, we will notify you promptly and provide you with a recommended course of action where necessary.

Although We will endeavour to protect your personal information, We are unable to guarantee that any information you transmit to Us over the internet is 100% secure. Any information you transmit to Us over the internet is conducted at your own risk.

ACCESS
Subject to any legal restrictions, you are entitled to request access to your personal information We hold about you. We request that you send your request in writing to Us and We will respond to it within a reasonable time. There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to Our decision.

In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner so that complex clinical information can be explained to you within the context of your individual circumstances. Pathology results are available in your MyHealth record after 7 days from the date of the tests being undertaken.

COMPLAINTS
If you have a complaint about the privacy of your personal information (including any breach of the Australian Privacy Principles or an applicable registered APP code), or you would like further information on Our privacy policy, or you need to correct your personal information, We request that you contact Us in writing at the following address:
Dee Why Skin Cancer & Cosmetic Clinic
Shop 1, 2 Delmar Parade, Dee Why NSW 2099

Upon receipt of a complaint, We will consider the details and attempt to resolve it in accordance with Our complaints handling procedures. If you are dissatisfied with Our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner (see http://www.oaic.gov.au/privacy/privacy-complaints) or the Privacy Commissioner in your State or Territory.

OVERSEAS DISCLOSURE OF PERSONAL INFORMATION
We may engage authorised overseas service providers or contractors to assist with limited administrative, technical or support services associated with operating the practice. These providers may be located in jurisdictions including The Philippines.

Where overseas service providers are engaged, we take reasonable steps to ensure that they are subject to appropriate confidentiality, privacy and security obligations in relation to personal information.

Unless otherwise disclosed or required by law, personal information is stored within Australia, although authorised overseas personnel may access information in limited circumstances for approved support or administrative purposes.

GENERAL
We may amend or replace this privacy policy from time to time in which case a copy of the amended privacy policy will be published on our website. If an individual does not provide their personal information to Us, We may not be able to provide our services to them.

This version of the Privacy Policy was updated on 25 May 2026.