Privacy Policy

We are subject to the operation of the Privacy Act 1988 (Cth) (Privacy Act) and its Australian Privacy Principles (APPs). This policy explains how we handle personal information (including health information) relating to individuals, whether or not they are clients, so as to ensure we meet our obligations under the Privacy Act and APPs, and all other applicable privacy and health records laws.

Terminology

In this policy the expressions “we”, “us” and “our” are a reference to Rural Health Connect Pty Ltd.

The expressions “you” and “your” refer to each and every individual whose personal information we may handle from time to time.

The expression “personal information” is used in this policy to refer to information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Personal information includes “sensitive information”, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history, and health services you receive). Sensitive information also includes information about racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, and sexual orientation or practices.

Any reference to us assuming an obligation under the Privacy Act or other privacy legislation can be interpreted as a reference to us also procuring our subcontractors to undertake a reciprocal obligation to the extent relevant.

Types of information collected

We only collect personal information to the extent that this is reasonably necessary for one or more of our functions or activities.

For example, if you are a client, we may collect your name, email address, address, current location, emergency contact information, phone number, date of birth, nationality, and Medicare information.

We may also collect some sensitive information, particularly health information such as information on any illness, disability or injury, health services, medical history, family history, and prescriptions.

We collect personal information from persons other than clients, such as service providers, contractors and third parties we engage with, to enable us to work, transact or engage with them. This will include contact details and other relevant personal information of such individuals which they provide or which we request and collect from them.

You are not required to disclose your personal information to us. However, if you do not provide the information requested, you may not be able to receive our services or engage with us effectively.

Cookies

We utilise cookies which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

Method of Collection

We generally collect personal information about you directly from you unless it is unreasonable or impracticable for us to do so. We may occasionally need to collect personal information about you from a third party, as described below.

Your personal information may be collected when:

  1. you provide us information (such as when you create a personal profile, sign up to our email database, or book a consultation on our website);
  2. we collect information through technology (including your use of our website and services, including video-conferencing services); or
  3. we receive information about you through third parties, including when information is provided by your GP or other health professionals or health service organisations which are part of your treating team or have referred you to our services, or from your Medicare Mental Health Centre if you are referred as part of the Commonwealth Government Medicare Mental Health Centres centralised tele-psychology and tele-psychiatry service (known as the Centralised Service).

If you are person other than a client, such as service providers, contractors and third parties we engage with, we will generally collect your personal information directly from you, and we may collect your personal information from third parties. For example, if you are a service provider we may collect information from your referees.

When we collect your personal information, we will as soon as is practicable take reasonable steps to notify you of the details of the collection (including notifying you through this policy), such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this policy contains details on how you may access or correct your information, or raise any complaints.

Purposes of collection

If you are a client, purposes for which we may collect personal information include, but are not limited to:

  1. providing you with information or services, including booking consultations with health professionals;
  2. liaising with your GP and other service providers when necessary to organise for transfer of referrals, Mental Health Care Plans and other associated documents;
  3. operating video-conferencing facilities for the purposes of consultations;
  4. contacting your emergency contact and emergency services in the event of an emergency;
  5. opening your personal profile;
  6. connecting you with health professionals;
  7. sending news, information about our activities which we believe may be useful to you;
  8. monitoring who is accessing the website or using services offered on the website;
  9. profiling the type of people accessing the website;
  10. responding to your issues, complaints or inquiries;
  11. reporting to service funders such as Primary Health Networks and the Commonwealth Government;
  12. supporting research and evaluation of the service to support continuous improvement; and
  13. verifying your identity.

If you are a person other than a client, such as a service provider, contractor or other third party we engage with, we will collect your personal information to the extent necessary for our functions or activities, and to work, transact or engage with you.

Use and disclosure

We will not use or disclose your personal information for the purposes other than those connected with the primary purpose of collection, unless you consent, or this is for a related (or in the case of sensitive information, directly related) secondary purpose which you would reasonably expect, or this is otherwise required or authorised by law (for example, where it is unreasonable or impracticable to obtain your consent and the use is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety).

Where reasonable and contractually required, we will report de-identified information to service funders such as Primary Health Networks and the Commonwealth Government for statistical and evaluation purposes designed to improve mental health services in Australia. De-identified information is not “personal information” for the purposes of the Privacy Act, and this information will not identify you.

Secondary purposes for use or disclosure of your personal information might include disclosure to maintenance personnel or other third party contractors (including outsourced and cloud service providers) who may be unable to avoid accessing personal information in the course of providing technical or other support services to our company. Your information will only be disclosed to these persons to the extent necessary for them to provide such services.

We may also use your personal information to request your participation in a quality improvement activity or research.

Due to the nature of our services, it may be necessary to disclose limited personal information to third parties, including health professionals and certain service providers, to assist us in the provision of services to you.

We will not sell or otherwise provide your personal information to a third party, or make any other use of your personal information, for any purpose which is not incidental to your use of this web site or our services.

Direct marketing

We will not use or disclose your personal information for the purposes of direct marketing unless:

  1. you have consented to receive direct marketing materials; or
  2. you would reasonably expect us to use your personal details for this purpose; or
  3. we believe you may be interested in the material but it is impractical for us to obtain your consent.

In every instance, we will ensure that our direct marketing material incorporates an option for you to elect to receive no further such communications.

Please note also that even if you have requested not to receive further direct marketing communications, we may nevertheless continue to provide you with information about changes to our terms and conditions for the supply of goods or services, questionnaires and other factual information. This form of communication is not regarded as “direct marketing” under the Privacy Act.

Storage of data and overseas disclosure

Where we store personal information, it will be stored on site or with our third party service providers within Australia. However, it is possible that our third party service providers’ use of cloud technology may result in offshore disclosure. It is not practicable for us to specify in advance the location of every service provider with whom we deal and the relevant locations in those circumstances. However, for any personal information that is transferred outside of Australia, we will only do so where, and to the extent, permitted under the Privacy Act.

If you have any concerns or queries regarding the transfer of your personal information please contact us using the details provided below.

Data security and quality

We will take reasonable steps to protect the personal information which we hold from misuse or loss and from unauthorised access, modification or disclosure. We will archive client files following cessation of services though personal information will be accessible for a minimum of 7 years to support re-engagement of services, and it will otherwise be stored in accordance with the law.

Practitioners are generally required to maintain secure health records for a minimum of 7 years after the last occasion of service.

When your personal information is no longer required and has been retained for the required periods under law, we will take steps to securely destroy the information or to ensure that the information is permanently de-identified.

When using our website you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect such information, we do not warrant the security of any information that you transmit to us over the Internet and you do so at your own risk.

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date, complete, relevant and not misleading.

Openness

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. We will notify you about any changes to our policy through our website. This will include any notification of any changes in service operation or ownership and how any such changes may impact on your personal data. You may obtain a copy of our current policy from our website or by contacting us on the details below.

Data breaches

We are required to comply with mandatory “notifiable data breach” scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an “eligible data breach” of personal information occurs.

An “eligible data breach” occurs when:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
  2. this is likely to result in serious harm to one or more individuals; and
  3. the organisation has not been able to prevent the likely risk of serious harm with remedial action.

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an “eligible data breach”.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act.

Access, correction and further information

You have a right to seek access to, and correction of the personal information we hold about you.

You may request access to the personal information that we hold about you, using our contact details set out below. In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.

If you believe that the personal information we hold about you requires correction (for example, because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected using our contact details set out below.

We will respond to all requests for access and/or correction within a reasonable time.

If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

Please contact us via the details below if you:

  1. wish to have access to the personal information which we hold about you;
  2. consider that the personal information which we hold about you requires correction; or
  3. require further information on our personal information handling practices.

If you wish to: comment on or query our privacy policy; make an enquiry regarding any personal information relating to you which may be in our possession; withdraw or withhold consent for the collection, storage or distribution of your data or records; or request deletion of your personal data and records, contact us at:

Rural Health Connect Pty Ltd
19A East St
Rockhampton 4700
Email: info@ruralhealthconnect.com.au
Ph: 0427 692 377

There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in actually providing you with access.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should advise us via the above contact details.

If you remain unsatisfied with the way in which we have handled a privacy issue, or if you do not wish to raise a question or complaint with us directly, you may wish to contact an independent advisor or the Office of the Australian Information Commissioner for guidance on alternative courses of action which may be available.

This Privacy Policy was most recently published in January 2026