Privacy Policy

1. Introduction

We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.


This Privacy Policy is current from 30/09/2025 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.

2. Collection

We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.

Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as referrers, treating specialists, radiologists, pathologists, hospitals and other health care providers.

We collect information in various ways, such as over the phone, in writing, in person in our clinic or over the internet or videoconferencing if you transact with us online or engage in telehealth. This information may be collected by medical and non-medical staff.


In emergency situations we may also need to collect information from your relatives or friends.

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide
services, but for at least 7 years after your last engagement with us.


3. Use and Disclosure

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example to Medicare, police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents.

It is important to know there are exceptions in which all Clinicians are required to break privacy/confidentiality. This can occur when:

  1. The information you have given to your Clinician is subpoenaed (officially requested) by a court of law or tribunal.
  2. Failure to disclose the information would place you or another person at serious risk of harm. When a client discloses intentions or a serious plan to harm another person, we are required to warn the intended victim and report this information to the appropriate authorities. Additionally, when a client discloses or implies a serious plan for suicide, we are required to notify the appropriate authorities and make reasonable attempts to safeguard life.
  3. Your Clinician is made aware that a child or a vulnerable adult is being or has been abused. By law, they must report this information to the appropriate authorities.
  4. Your prior approval has been obtained to (a) provide a written report to another professional or agency (e.g. a GP or lawyer); or (b) discuss the material with another person (e.g. a parent or employer).
  5. You would reasonably expect your personal information to be disclosed to another professional or agency. For example, your Clinician must meet reporting obligations under Medicare or to third party agencies (e.g. insurance companies, workers’ compensation).

The practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the practice team.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. Where the practice seeks to participate in human research activities and/or continuous quality improvement (CQI) activities, patient anonymity will be protected. The practice will also seek and retain a copy of patient consent to any specific data collection for research purposes. Research requests are to be approved by the Practice Principal/ practice partners and must have approval from a Human Research Ethics Committee (HREC) constituted under the NH&MRC guidelines. A copy of this approval will be retained by the practice.

We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.


Some clinicians and external contractors of the practice may use an AI scribe tool to support them to take notes during their consultations with you. The AI scribe uses an audio recording of your consultation to generate a clinical note for your health record. The practice will only use data from our digital scribe service to provide healthcare to you. You will always be notified of the clinicians request to use a digital scribe and your consent is required prior to its use. You may withdraw or withhold consent at any time.


4. Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. Being able to contact you is necessary to ensure we can deliver care to you. We request that you let us know if any of the information we hold about you is incorrect or out-of-date.


Personal information that we hold is protected by:

  • securing our premises;
  • placing passwords and varying access levels on databases to limit access and protect electronic information from
    unauthorised interference, access, modification and disclosure; and
  • providing locked cabinets and rooms for the storage of physical records where relevant.


Where it is necessary to conduct a telehealth consultation from a location outside of our physical practice, our clinicians will take
reasonable steps to maintain a private and secure environment to conduct such consultations.


5. Corrections

If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).


6. Access

You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within 5 business days.


There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.


7. Complaints

If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.


If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.


8. Overseas Disclosure and Hosting of Personal Information

Our website is built and hosted using Webflow, a website development and hosting platform. As a result, certain information collected through our website may be stored or processed on secure servers located outside Australia, including in the United States and other regions supported by Webflow’s global content delivery network (CDN).

8.1 Types of Information That May Be Transferred Overseas

When visitors access our website, Webflow may automatically collect and process certain technical and analytical data for the purposes of site functionality, security, and performance. This may include:

  • IP address
  • Browser type, device information and operating system
  • Pages viewed, dates and times of access, and referring URLs
  • General usage, interaction and performance data
  • Necessary cookies that enable site operation

We configure analytics to avoid collecting information that could reasonably be considered sensitive, and we do not combine analytics data with clinical or health records. 

We do not store any contact form submissions on Webflow.

8.2 Health Information

We do not use Webflow to store or process any health information or any information that may reasonably be considered sensitive under the Privacy Act 1988 (Cth). All medical or sensitive personal information that we collect is stored within secure, Australian-based systems or systems that comply with stringent healthcare data security requirements.

8.3 Reasonable Steps for Cross-Border Disclosures (APP 8)

Before any personal information is disclosed to overseas recipients (including Webflow and infrastructure providers such as AWS, Cloudflare and Fastly), we take reasonable steps to ensure those recipients handle personal information in a manner consistent with the Australian Privacy Principles (APPs). These steps include:

  • Contractual safeguards requiring compliance with the APPs and restricting onward disclosure
  • Technical and organisational measures (e.g., encryption in transit, access controls, logging and periodic reviews)
  • Configuration controls to minimise data collection and prevent any transmission of sensitive information via tracking technologies
  • Vendor due diligence and recurring assessments of privacy/security posture

We remain accountable under Privacy Act s 16C for the handling of personal information by overseas recipients except where a specific exception applies under APP 8.

8.4 Your Consent to Overseas Transfer

By using our website, you consent to the limited transfer of the technical and analytical information described above to Webflow and its infrastructure providers located outside Australia for the purposes of website hosting, functionality, and security.

If you do not wish for this information to be collected, you may choose to disable cookies or refrain from using our website. Please call us directly on (02) 6109 8830 if you have any questions or want to discuss treatment options with us.

8.5 Safeguards and Data Security

We implement strict administrative, technical, and physical safeguards to protect the information we collect. These include ensuring that:

  • No health or sensitive information is stored on Webflow
  • Form submissions containing personal or health information are routed directly to secure, approved systems
  • All third-party providers implement industry-standard security measures
  • Access to information is restricted to authorised personnel only
  • Vendor configurations and contracts are reviewed at least annually

We also maintain a data breach response plan. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act).

8.6 Cookies, Analytics & Tracking Technologies

Our website uses limited cookies and analytics tools to support functionality, security, performance and audience measurement. We adopt data minimisation, configure these tools to avoid collecting sensitive information, and do not use tracking technologies to infer or target individuals based on health status.

You can manage cookies through your browser settings and our on-site controls. Where tracking supports direct marketing or retargeting, we provide a simple opt-out and only use personal information for that purpose in accordance with APP 7. Where third-party providers process data overseas, we apply APP 8 reasonable steps, as described above.

8.7 Medical Information Collected Outside Our Website

Any health information you provide to us outside of the website (including psychological assessments, mental health-related enquiries, or DVA documentation) is not stored on Webflow and is managed in accordance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles
  • Health records retention requirements
  • Our internal clinical governance and data security protocols
  • The Health Records (Privacy and Access) Act 1997 (ACT), including retention (7 years for adults and until age 25 for records created when the individual was under 18)


Contact

Please direct any queries, complaints, requests for access to medical records to:
The Practice Manager, admin@zed3.com.au, (02) 6109 8830

Research Partners
Zed3 Medical Group
Map Icon
Zed3 Mental Health
 Specialist Centre
Calvary Clinic Suite 3,
40 Mary Potter Circuit
BRUCE ACT 2617
Phone Icon
+61 2 6109 8830
Mail Icon
info@zed3.com.au
Mental Health
Infusion Therapy
Veteran Services
Quick Links
Zed3 Medical Group

© Zed3 Medical Group 2025. All rights reserved.