This Privacy Policy explains how Aevora Health (we/us/our) collects, holds, uses and discloses personal information, including sensitive information such as health information. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1) What information we collect

The type of information we collect depends on why you’re engaging with us. It may include:

• Identity & contact details: name, date of birth, address, phone, email.
• Health information: your presenting concerns, health history, medications, assessments, clinical notes, referrals, and other details needed to provide care.
• Claims identifiers: Medicare/DVA/private health or insurer details where relevant.
• Payments: transaction details needed to process fees (we do not keep full card details—see “Security”).

2) How we collect it

We collect information directly from you when you:

• complete forms, book online, attend appointments, or contact us (phone/email/SMS/online).
• interact with our website or practice communications.

We may also collect information from third parties where relevant and permitted, such as:

• other treating practitioners (with your consent or as otherwise authorised).
• your insurer/health fund or Medicare/DVA (for billing/claims).
• a parent/guardian or responsible person where applicable.

Where lawful and practical, you may deal with us anonymously or using a pseudonym. In healthcare settings this is often not practical, and not providing requested information may limit the services we can provide.

3) Why we collect, hold and use your information

We use personal information to:

• provide and manage clinical care safely and appropriately.
• communicate with you about appointments, accounts, and service-related matters.
• maintain accurate records and meet legal/professional obligations.
• process payments and, where applicable, facilitate Medicare/DVA/private health/insurance claims.
• operate and improve our practice systems and services.

4) When we disclose information (and to whom)

We only disclose personal information when it is reasonably necessary for care, administration, operations, or when required/authorised by law.

Common recipients may include:

• other health practitioners involved in your care (e.g., your GP or specialist), where relevant.
• Medicare, DVA, private health funds, or insurers for claims and payment processing.
• professional advisers (e.g., accountant, lawyer, insurer) where required.
• service providers who help us run the practice (e.g., practice management software, IT support), under confidentiality and security controls.

5) Marketing and optional communications

We may send information about practice updates, services, or events. You can opt out at any time using the method provided in the message or by contacting us. We do not send marketing that you have not consented to receive where consent is required.

6) Website cookies and analytics

Our website may use cookies and analytics tools to understand traffic and improve performance. You can usually manage cookie preferences through your browser settings.

7) Overseas disclosure

Where possible, we use Australian-based services. If we ever need to disclose personal information overseas (for example, due to the location of a technology provider), we will take reasonable steps to ensure appropriate privacy protections apply, unless an exception under the Privacy Act applies.

8) How we keep information secure

We take reasonable steps to protect personal information from loss, misuse, and unauthorised access, modification or disclosure. Security measures may include access controls, passwords, secure storage, and confidentiality obligations for staff and contractors.

Card details: we do not retain full credit card details. If card information is collected for payment processing, it is handled securely and not stored by us beyond what is necessary for that purpose.

When information is no longer needed (and we are not legally required to retain it), we take reasonable steps to securely destroy or de-identify it.

9) Data breaches

If a privacy breach occurs, we will investigate and take appropriate steps to reduce harm. Where required, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

10) Access and correction

You may request access to personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We may need to verify your identity and, in limited circumstances permitted by law, may refuse access. If a fee applies (e.g., for copying), it will be reasonable and communicated in advance.

11) Questions or complaints

If you have a privacy concern, please contact us first so we can respond promptly. If you are not satisfied, you can complain to the OAIC.

12) Changes to this policy

We may update this policy from time to time. The current version will be available via our website or on request.