Privacy Policy

Last Updated: 22/07/2025

Introduction

This Privacy Policy describes how ClinicTech ("we," "our," or "us") collects, uses, and discloses personal information when you use our AI-powered general practitioner platform ("the Service"). We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), including all 13 Australian Privacy Principles, and applicable healthcare privacy regulations in Australia.

Information We Collect

We will only collect and use sensitive health information with your informed consent unless permitted or required by law. You may withdraw your consent at any time by contacting us, which may impact our ability to provide services.

We collect the following types of personal information:

User-Provided Information:

Information you provide when using our Service, including but not limited to:

  • Account information (name, contact details, date of birth)
  • Medical history and health records
  • Health symptoms and conditions
  • Treatment preferences and healthcare provider information
  • Any other medical or health-related data you input

Automatically Collected Information:

Data collected automatically when you use our Service, such as:

  • Log data and usage information
  • Device information (IP addresses, browser type, device identifiers)
  • Operating system and access times
  • Service interaction patterns and preferences

Health Information:

We specifically collect sensitive health information as defined under Australian privacy law, which receives enhanced protection under the Privacy Act 1988.

How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our AI-powered healthcare Service
  • Personalise your user experience and treatment recommendations
  • Facilitate communication between you and healthcare providers
  • Conduct research and analysis to improve our platform (with appropriate de-identification)
  • Comply with our legal and regulatory obligations under Australian healthcare laws
  • Ensure continuity of care and medical record management

Use of AI

We use AI to collect and gather processed and summarised medical and other information in order to facilitate efficient clinical experiences. However, our platform does not make automated clinical decisions leveraging any technologies using AI. The ultimate clinical decisions rest with qualified medical professionals as per the Australian regulatory requirements.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Your Consent: We will share your health information with healthcare providers, specialists, or other parties with your explicit consent.
  • Legal Compliance: To comply with legal obligations, court orders, or lawful requests from regulatory authorities including the Australian Health Practitioner Regulation Agency (AHPRA).
  • Healthcare Integration: With authorised healthcare providers, hospitals, or medical facilities involved in your care, in accordance with standard medical practice and privacy requirements.
  • Service Providers: With contractors or service providers assisting us with operations, bound by strict confidentiality obligations and data processing agreements.
  • Safety and Protection: To protect our rights, privacy, safety, or property, or that of our users or others, where legally permitted.

Data Security and Health Information Protection

We implement comprehensive security measures specifically designed for health information protection:

  • Administrative, technical, and physical security measures compliant with Australian healthcare standards
  • Encryption of health data in transit and at rest
  • Access controls and audit trails for health information
  • Regular security assessments and updates
  • Staff training on healthcare privacy requirements

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute protection.

Data Breaches and Notification

In the event of an eligible data breach as defined under the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law. Under the Privacy Act, we are committed to promptly identifying, containing, and assessing any potential data breaches to determine if notification obligations apply.

Your Data Protection Rights and Deletion Process

In accordance with the Privacy Act 1988 (Cth) and healthcare privacy regulations, you have the following rights:

Your Rights Include:

  • Right to Access: Request access to your personal and health information
  • Right to Correction: Request correction of any inaccurate or outdated information
  • Right to Erasure: Request deletion of your personal information, subject to legal and medical record retention requirements
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your health records to another provider
  • Right to Withdraw Consent: Withdraw consent for certain uses of your data

How to Exercise Your Rights:

To formally exercise any of these rights, please submit a verifiable request using the contact information below.

Response Time (SLA):

Upon receiving a request, we will first verify your identity. We will process and complete all verified requests within 30 calendar days and notify you upon completion, in accordance with Australian privacy law requirements.

Important Note: Some health information may be subject to mandatory retention periods under Australian healthcare regulations and cannot be deleted until these periods expire.

Cross-Border Data Transfers

Your information may be transferred to and processed in countries other than Australia. Where this occurs, we will:

  • Ensure appropriate safeguards are in place to protect your personal information
  • Comply with Australian Privacy Principle 8 regarding cross-border disclosure
  • Implement contractual protections equivalent to Australian privacy standards
  • Obtain your consent where required by law

Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly and notify parents or guardians where appropriate.

Health Records and Medical Information

  • Medical Record Management: We maintain health records in accordance with Australian healthcare standards and may retain medical information for periods required by law or medical best practice.
  • Healthcare Provider Access: Authorised healthcare providers involved in your care may access your health information through our platform, subject to appropriate authentication and authorisation procedures.
  • Clinical Decision Support: Our AI system may use your health information to provide clinical decision support and alerts, always under the oversight of qualified healthcare professionals.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our platform
  • Sending email notifications for significant changes
  • Providing notice through our Service interface

All changes will be effective once posted, and we encourage you to review this policy periodically.

Complaints and Contact Information

If you have any questions or concerns about this Privacy Policy, or if you wish to make a complaint about our handling of your personal information, please contact us at:

Email: info@clinictech.com.au

ABN: 23 618 752 864

If you are not satisfied with our response to your complaint, you may contact:

  • The Office of the Australian Information Commissioner (OAIC) – www.oaic.gov.au
  • Australian Health Practitioner Regulation Agency (AHPRA) – www.ahpra.gov.au (for healthcare-specific complaints)

Data Request Form

Use this form to exercise your data protection rights:

Definitions

  • Health Information: Information or an opinion about the health or a disability of an individual, including information about a health service provided to an individual.
  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Sensitive Information: Includes health information, and receives enhanced protection under Australian privacy law.