Mascot Medical Practice PTY LTD ("we," "us," or "our"), located at Shop 6, 19-33 Kent Rd, Mascot, NSW 2020, operates the website mascotmedical.com.au ("Website"). We are committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our Website, visit our practice, or receive services from healthcare providers at our practice.

By using our Website or services, you consent to the handling of your personal information as described in this Privacy Policy. We may update this policy periodically, and changes will be posted on our Website. Please check regularly for updates.

1. What Personal Information Do We Collect?

We collect personal information necessary to provide healthcare services and manage our practice. Personal information includes information or opinions about an identifiable person, including sensitive information like health data. We may collect:

• Identity: Name, address, date of birth, gender, contact details (email, phone).
• Billing and Administration: Medicare number, health insurance details, payment information (e.g., credit card details).
• Medical: Medical history, clinical notes, test results, treatment plans, prescribed medications, referral details.
• Website Usage: IP address, device type, pages visited, time/date of visit, and cookies for analytics.

If you do not provide requested information, our healthcare providers may be unable to deliver services effectively.

2. How Do We Collect Personal Information?

We collect personal information from:

• You directly (e.g., via patient forms, booking requests, or interactions with our staff).
• Your parent, carer, or guardian, if applicable.
• Healthcare providers at our practice, recorded in your medical records.
• External health providers or national systems (e.g., My Health Record).
• Government agencies (e.g., Medicare, Department of Veterans Affairs).
• Third-party services like Hotdoc for online bookings (subject to Hotdoc’s Privacy Policy).

We use cookies on our Website to track user sessions and analyze traffic. Cookies generally do not identify you unless linked to other provided information.

3. Why Do We Use and Disclose Personal Information?

We use and disclose personal information to:

• Enable healthcare providers to deliver medical services, manage your health, and provide continuity of care.
• Send appointment reminders (e.g., via SMS or email) or respond to online inquiries.
• Process payments, including billing Medicare, health insurers, or other responsible parties.
• Conduct administrative tasks, such as data storage, system maintenance, and analytics.
• Send marketing materials about our services, with an option to opt out by contacting our Privacy Officer.
• Use de-identified data for teaching, research, or service improvement (you may opt out by contacting us).
• Comply with Australian laws or address serious health/safety threats.

Identified data may be shared for medical research only with your consent or ethics committee approval.

4. Who Do We Share Personal Information With?

We may share personal information with:

• Healthcare providers at our practice to deliver services.
• Third-party service providers (e.g., Hotdoc for bookings, IT support for systems), bound by confidentiality.
• Professional advisers or insurers, on a confidential basis, as required by law.
• Government agencies (e.g., Medicare) for billing or legal compliance.
• Research organizations, using de-identified data or identified data with consent/approval.

We store personal information in Australia and take reasonable steps to ensure secure handling. Limited data may be accessed by overseas providers (e.g., IT support in the Philippines) for system maintenance, and you consent to this disclosure, acknowledging that overseas recipients may not be bound by Australian privacy laws.

5. How Do We Protect and Store Personal Information?

We use reasonable safeguards to protect your personal information from misuse, loss, or unauthorized access, modification, or disclosure. Data is stored securely in electronic or hard copy form. We retain health information for at least:

• Until you turn 25, if collected before age 18.
• 7 years from the last service or record update, after which it is securely destroyed or de-identified.

6. Accessing and Correcting Your Personal Information

You (or your authorized representative) may request access to or correction of your personal information by contacting our Privacy Officer. Please provide your name, date of birth, and details of the request. We will respond within 45 days (NSW) or 14 days (ACT). A reasonable fee may apply for access costs. In some cases, access or correction may be denied, and we will provide written reasons.

7. Making a Complaint

If you have concerns about how we handle your personal information, contact our Privacy Officer with your name, contact details, and complaint description. We will respond within a reasonable time and provide options for further action if you are unsatisfied.

8. Contact Us

For privacy inquiries or complaints, contact our Privacy Officer:

• Email: privacy@mascotmedical.com.au
• Post: Privacy Officer, Mascot Medical Practice, Shop 6, 19-33 Kent Rd, Mascot, NSW 2020