Privacy Policy

asd.health · Last updated: 19.6.2026 · Version 1.0

We provide assessment and clinical care, which means we collect sensitive information about your health. Protecting it matters to us. This page explains, in plain language, what we collect, how we use it, who we share it with, and the choices you have. A more detailed version is available on request.

If you become a client, you will be asked to read and sign a separate Privacy and Confidentiality consent form at intake, which sets out the specific consents relevant to your care.

We are a private health service provider bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, the My Health Records Act 2012 (Cth), the Notifiable Data Breaches scheme, and the health-records laws of the states and territories in which we operate (including the Health Records Act 2001 (Vic), the Health Records and Information Privacy Act 2002 (NSW), and the Health Records (Privacy and Access) Act 1997 (ACT)). Where a higher standard applies, we follow it.

• About you — name, date of birth, contact details, and emergency contacts. For children, information from parents or guardians.
• Your health information — your history, the reasons you’re seeing us, assessment results, diagnoses, reports and clinical notes.
• Identifiers — Medicare, DVA or healthcare identifier numbers, where needed for your care or claims.
• Referrals and forms — referrals from your GP or others, and the intake forms and questionnaires you complete.
• Payment details — what we need to bill you and process claims.
• Website data — technical information (such as your IP address, device and browser type, and pages visited) and information collected through cookies and similar technologies (see Cookies and advertising below).

We use your information to provide and coordinate your care; to contact you and send appointment reminders; to process payments and Medicare, DVA or health-fund claims you authorise; to run our clinic (administration, quality, professional supervision and safety); for research using de-identified information wherever practicable; to send newsletters or service updates where permitted (you can opt out anytime); and to meet our legal obligations.

We only use your information for the reason we collected it, for a related reason you would expect, with your consent, or where the law requires it.

• The clinicians and staff caring for you, including across our [IHD] group of clinics where needed for your care.
• Your GP, referrer and other treating health providers, with your consent. If you are referred under Medicare’s Better Access initiative, we are required to report to your referring doctor.
• The service providers that help us run our clinic (such as practice-management, telehealth, IT, hosting and communications providers).
• Medicare, DVA and health funds, for claims you authorise.
• My Health Record, where this applies to you — you control your own My Health Record settings.
• Others where the law requires it, or to protect someone’s safety.

We never sell your personal information.

Some of our service providers are based, or store data, in the European Union, which has strong privacy protections (the GDPR). We put contractual safeguards in place before sharing information with them, and take reasonable steps to ensure it is handled consistently with Australian privacy law.

Our website uses cookies and similar technologies. These include:

• Essential cookies, needed for the site to function;
• Analytics cookies, which help us understand how the site is used and improve it; and
• Advertising cookies and pixels, which support marketing on social media platforms.

Where we run social media advertising, our website may use the Meta Pixel (and/or Conversions API) provided by Meta Platforms, Inc. and Meta Platforms Ireland Limited. This technology collects information such as your IP address, device information, and the pages you visit on our site, and shares it with Meta to measure and target advertising on Facebook and Instagram. Meta may act as a controller of the data it receives; for more information see Meta’s Privacy Policy at facebook.com/privacy/policy.

We do not use advertising or tracking technologies on our intake, booking, or assessment pages, and we do not transmit your health information to advertising platforms.

You can control non-essential cookies through our cookie consent banner when you first visit the site, change your choice at any time via the “Manage cookies” link in our footer, and manage or block cookies in your browser settings. Non-essential cookies (including advertising pixels) are only set where you have consented.

We do not use artificial intelligence or automated processing to make clinical decisions about you. Your care is decided by qualified practitioners.

We protect your information with secure systems, access controls and trained staff. If a serious data breach ever affected you, we would notify you and the privacy regulator, as the law requires.

We keep health records for as long as the law requires — generally at least 7 years after your last visit for adults, and for children, until they turn 25 (or 7 years after the last visit, whichever is later).

• You can ask to see the information we hold about you, and ask us to correct anything that’s wrong or out of date.
• You can withdraw consent or opt out of marketing at any time.

Contact our Privacy Officer at [email protected].

If you have a concern about how we’ve handled your information, contact our Privacy Officer. If you’re not satisfied with our response, you can contact the Office of the Australian Information Commissioner at oaic.gov.au or on 1300 363 992.

We may update this policy from time to time. The current version is always available at [asd.health/privacy].