Privacy Policy

Introduction

Digital Dermatology respects and upholds your rights to privacy protection under the Australian Privacy Principles contained in the Privacy Act 1988 and, to the extent applicable, state or territory legislation relating to health information, such as the Health Records Act 2001 (Vic) and Health Records and Information Privacy Act 2002 (NSW).

This policy describes how we collect and manage any personal information we have about you.

This policy does not apply to our personnel and job applicants. Please contact human resources for privacy details applicable in that case.

Consent

By using our services, or providing any personal information to us, you consent to us collecting, using and disclosing your personal information in the manner described in this policy.

What personal information about you do we collect or hold?

We may collect and hold the following information about you:

• name, date of birth or age, gender, address and contact details
• information provided to us (or any nurse support service we provide or arrange) by you, including as part of making a booking or during an appointment, including regarding your symptoms, past or current medical conditions, prescriptions, occupation, lifestyle, any photographs you provide and potentially sexual orientation, religion or ethnicity details
• information about you that we receive from other medical practitioners or health service providers
• recordings of your consultations with us (where you consent to recording), although these are deleted once summarised as notes unless you agree otherwise
• medical records that we create in connection with your consultations with us, including our observations, diagnosis, treatment plans and any prescription details
• Medicare card details and any relevant health insurance details
• payment and transaction details and history

You do not have to provide any personal information to us, but we may be unable to provide our services to you if you do not provide some personal information. For example, without name and contact details it may be impractical for us to provide services to you.

If at any time you provide the personal information of another person to us then you must ensure that that person has read and understood this policy and separately consents to that personal information being used and disclosed by us for the above purposes.

How do we collect and hold your personal information?

We collect most personal information about you from you directly (or, if applicable, from your carer, relative or attorney), including through our website, email or in the course of providing our services to you.

We may also collect personal information about you:

• from other medical practitioners (including your GP) or health service providers
• from a government agency (including your My Health Record)
• otherwise in the ordinary course of providing our services to you.

We hold most of your personal information electronically (and occasionally in hard copy form), primarily on servers used by our service providers. Your doctor may also access and temporarily store some of your personal information remotely, using devices protected by appropriate safeguards.

We take reasonable steps to protect the security of your personal information that we hold, including through access controls, network firewalls and physical security measures – however we do not guarantee its safety, as no system (including electronic system) for holding information can be guaranteed to be totally secure.

When we no longer need your personal information for the purposes described below then, subject to the law, we destroy or de-identify it (and may do so without any further consent from you). This may be more than 7 years after your last consultation with us or (if later) after you reach age 25.

What do we do with your personal information?

We use your personal information for the following purposes (without requiring any additional consent from you):

• to assist in providing our services to you (including any nurse support service that we provide or arrange)
• to communicate with you (including sending you any reminders about appointments or your health care)
• where applicable, to provide or arrange prescriptions for you
• to refer you to other medical practitioners or health service providers
• for our administrative (including insurance and legal), planning and quality assurance or improvement processes
• to comply with any requirements that apply by law, are imposed by any court
• to take steps that are necessary or desirable for public health or safety reasons (such as regarding adverse reactions to medications or products, communicable diseases or child abuse or neglect) or to protect your personal wellbeing (including regarding mental health concerns)
• where applicable, to communicate with Medicare or your insurer
• to assess and respond to any complaint or any existing or anticipated legal action
• to undertake or participate in any clinical research where your personal information is used on a de-identified basis
• potentially, in connection with any sale of our practice or company
• to use or train artificial intelligence systems for any of the above purposes
• any other purpose advised to you when we collect your personal information or that is approved by you
• any purpose directly related to any of the above that you would reasonably expect.

In addition to the above, from time to time we may invite patients to participate in research projects, which could involve using their consultation recordings or personal information for research or related purposes. If this arises, we will inform you at the time, explain how the recordings or other personal information will be used, and seek your consent before any such use. Your participation will always be voluntary, and if you do not provide consent, this will not affect your care.

We may disclose your personal information to trusted third parties (without requiring any additional consent from you) for any of the above purposes, including:

• to electronic prescription providers and pharmacists (and their couriers), for the purpose of prescribing or delivering medications to you (and making related Pharmaceutical Benefits Scheme applications in relation to some medications)
• to your GP or other medical practitioners or health service providers that we use (including any nurse support service) or to whom we refer you
• to Medicare or your insurer
• to government or statutory bodies (including your My Health Record) where requested by you or required by law
• disclosure on a confidential basis to partners that we use in the ordinary operation of our practice, such as for cloud-based IT services, audit or legal services or insurance.

We may send emails to you at your nominated email address. Those emails (and any attachments to them) may include medical details relating to you or other personal information of yours and will not be encrypted or password protected, so you should ensure that the email address that you nominate is one that only you can access (unless you are happy for others who can access the email account to be able to read the emails and attachments).

We will never sell your personal information to anybody. We will never publicly display your name, email address or other details that identify you.

At any time you may opt out of receiving any communications from us (other than as required for us to fulfil our obligations to you or necessary for the operation of our practice, such as regarding payment of an account).

Overseas disclosure

To run our practice we use a number of service providers who, in the course of them providing the relevant services for us, will store some of your personal information on servers primarily located in Australia but in one instance also in the United States. All disclosures to those service providers are subject to us being satisfied as to the reputation of the service provider, and the service provider agreeing to use your personal information only for the services that we have requested and to take at least reasonable steps to keep your personal information secure.

Occasionally we may use the services of overseas experts, which may involve providing some of your personal information to them (such as a clinical photograph or other details). We will notify you in advance if we propose to do that.

Our website

Like many other websites, our website

• may collect information when you use our website (such as IP address and which pages you access)
• uses cookies. A cookie is information sent by our website to your browser that is then stored on your computer. It is used to identify your computer to us, and to remember previous requests you have made when you return to the website or move between web pages. This allows us to improve the functionality of the website.
• may use analytical services (such as Google Analytics) to collect data about traffic on our website

Access and correction

You may request access to personal information we hold about you by writing to our Privacy Officer at the address below. If we hold personal information that you are entitled to access, then within a reasonable period after your request we will provide you with access (subject to you first satisfying any requirements that we have to verify your identity). If we refuse your request then we will give you a written statement setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.

We will provide access in the manner you request if it is reasonable and practicable to do so. If it is not reasonable and practicable to provide access in that manner then we will endeavour to provide you with a suitable range of choices as to how you access it (e.g. emailing or mailing it to you).

If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, then you may request amendment of it. We will consider if the information requires amendment and respond to you within a reasonable period after your request. If we do not agree that it should be amended, then we will add a note to the personal information stating that you disagree with it and will also give you a written statement setting out the reasons for the refusal (unless unreasonable to give them), and the process we provide if you wish to complain about the refusal.

Our contact details are as follows:

Digital Dermatology
117 Pascoe Vale Road
Moonee Ponds, Victoria 3039

Phone: 1800 88 33 07
Email: support@digitaldermatology.com.au

Complaints

Any questions about this policy, or any complaint regarding treatment of your privacy by us, should also be made in writing to the address above.

If you lodge a complaint, we will let you know the name of the individual responsible for taking care of it, and will tell you when we will provide a full response.

If we do not resolve a complaint to your satisfaction then we encourage you to contact us to explain why, or you may raise your complaint with the Office of the Australian Information Commissioner (OAIC) using any of the following contact details or the privacy complaint form on the OAIC website

Phone: 1300 363 992
Mail: GPO Box 5288, Sydney NSW 2001

Miscellaneous

In this policy “personal information” has the same meaning as under the Privacy Act. References to Digital Dermatology, “we” or “us” are to Digital Dermatology Pty Ltd (ACN 683 207 721) which has issued this policy.

This is our policy as at 31 August 2025. We may change this policy from time to time. Although we intend to observe this policy at all times, it is not legally binding on us in any way. From time to time we may regard it as necessary or desirable to act outside the policy. We may do so, subject only to any applicable contractual rights you have and time, any statutory rights you have under the Privacy Act or other applicable legislation.