Privacy Policy.
Last updated: 10 June 2026
About This Policy
Altara Clinics trading as Altara Clinics ("we", "us", "our") respects your privacy and is committed to handling your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy Regulation 2013, and applicable state and territory health records legislation.
This Privacy Policy explains how we collect, hold, use, disclose, secure and destroy your personal and health information when you interact with our website, complete an assessment, attend a consultation, or otherwise engage our services.
Who we are:
Legal entity: Altara Clinics ABN 50 697 425 488
Trading name: Altara Clinics
Registered office: 1/77 Doggett Street, Newstead QLD 4006
General enquiries: [email protected]
Our consultations are delivered via secure telehealth by practitioners who are individually registered with the Australian Health Practitioner Regulation Agency (Ahpra) and whose professional obligations under National Law and the relevant National Board codes and guidelines apply in addition to this Policy.
Anonymity and Pseudonymity
Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.
You may, however, make general enquiries about our services without providing your name. This reflects your right to anonymity and pseudonymity under APP 2.
What Information We Collect and Why (Collection Notice)
We collect two broad categories of information: personal information about you as an individual, and health information, which is a category of "sensitive information" under the Privacy Act.
Personal information
- Identifying information: full name, date of birth, gender, and contact details (email, phone, suburb, postcode, state).
- Identity verification: a Medicare card or photo identification where required to confirm identity during a telehealth consultation.
- Payment information: card details (processed securely by our payment provider; we do not store full card numbers ourselves).
- Account and device information: IP address, browser type, language, referring URL, pages visited, and similar technical data collected automatically when you use our website.
Health information
Health information includes, but is not limited to:
- Symptoms, presenting concerns, diagnoses (current or historical) and family medical history you share with us;
- Notes made by your practitioner during your assessment and consultation;
- Medications you currently take or have taken, supplements, allergies and adverse reactions;
- Referrals received from or made to other health professionals;
- Care plans, treatment plans, monitoring schedules and review notes;
- Pathology results and other diagnostic findings arranged through accredited Australian laboratories;
- Consultation metadata (date, time, duration, telehealth platform);
- Medicare, Department of Veterans' Affairs, and private health insurance claim information where applicable;
- Lifestyle, sleep, movement, nutrition and wellbeing information you share to help your practitioner understand your individual picture.
Why we collect and use this information
We use your personal and health information for the primary purpose of providing health services to you, including:
- Assessing your suitability for a consultation;
- Conducting your consultation with a qualified Australian practitioner;
- Designing a considered plan around your individual assessment, where clinically appropriate;
- Requesting pathology or other diagnostic investigations where clinically indicated;
- Coordinating ongoing review and, with your consent, coordinating care with your general practitioner or specialist;
- Billing, accounting and record-keeping required by law;
- Quality improvement, clinical audit and training conducted under strict de-identification.
We may also use your information for secondary purposes that you would reasonably expect and that are directly related to the primary purpose, such as responding to your enquiries, sending you appointment confirmations, and maintaining an accurate clinical record.
How We Collect Your Information
We collect information:
- Directly from you: when you submit an enquiry, complete our online assessment, book or attend a consultation, complete intake forms, or correspond with our concierge team;
- From third parties with your consent, for example, a referring practitioner, an accredited pathology provider, a previous clinic, or another health professional involved in your care;
- Automatically: through cookies and analytics tools when you use our website (see "Cookies and Website Analytics" below).
Unsolicited Information
From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If it is not, we will destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so. This follows our obligations under APP 4.
Sensitive Information
Health information is a category of sensitive information under the Privacy Act. As a healthcare provider, we routinely collect health information as part of delivering your care, with your consent or where required or authorised by law.
We do not collect sensitive information beyond health information unless it is reasonably necessary to the care we provide and we have your consent, or we are required or authorised by law to do so.
Disclosure of Your Information
We disclose your personal and health information only where it is reasonably necessary to provide your care, where you consent, or where required or authorised by law. Recipients may include:
- Other practitioners involved in your care: including consulting practitioners within our team, your nominated general practitioner, or specialists to whom you have been referred (with your consent);
- Accredited Australian pathology and diagnostic providers: where investigations are clinically indicated and you have agreed to them;
- Australian pharmacies authorised under the relevant state and territory pharmacy and medicines laws: where a treatment is recommended only if clinically appropriate, and only to the pharmacy of your choice;
- Service providers: telehealth platform, practice management system, payment processor, email infrastructure and cloud hosting providers, all bound by confidentiality obligations;
- Law enforcement, courts and regulators: where required or authorised by law, including court orders, subpoenas, and mandatory reporting obligations.
Direct marketing (APP 7)
We do not send you marketing communications about health treatments or services without your express consent. Where you have consented (for example, by subscribing to our newsletter), we will only send communications that relate to general health education, service updates, or programme offerings. Every marketing message includes a clear, no-cost way to opt out. You can also withdraw your consent at any time by emailing [email protected].
We do not target advertising based on health conditions or sensitive characteristics.
Government and healthcare identifiers
We may collect and use government identifiers (such as your Medicare number, Department of Veterans' Affairs number or Individual Healthcare Identifier) only where it is reasonably necessary for the delivery, claiming or coordination of your care, and only to the extent permitted by the Healthcare Identifiers Act 2010 and the Privacy Act. We do not use government identifiers as our internal record identifier.
My Health Record
We do not upload information to your My Health Record without your express, informed consent. You may discuss your My Health Record preferences with your practitioner at any time.
Overseas Disclosure
We host clinical records and operational systems on Australian infrastructure wherever practicable. Some of our service providers (for example, email, analytics and customer support tools) may be located outside Australia, including in the United States and the European Union. Before disclosing personal information to an overseas recipient, we either take reasonable steps to ensure the recipient handles your information in a manner consistent with the APPs (including through contractual safeguards), or we obtain your informed consent to the disclosure, in line with APP 8. We will identify recipient countries on request. Clinical health records are not transferred overseas without your express consent.
Data Security
We hold clinical records in practice management systems hosted on Australian infrastructure with industry-standard physical, administrative and technical safeguards (including encryption in transit and at rest, multi-factor authentication, access logging and role-based access control).
AI and automated tools
We may use software tools to assist with administrative tasks such as appointment scheduling, transcription of practitioner notes, and reviewing the intake assessment you submit through our website. These tools support, but do not replace, the clinical judgement of a qualified Australian healthcare practitioner. No prescribing or treatment decision is made by an automated system. A practitioner reviews your information and is responsible for any clinical decision relating to your care.
Telehealth privacy
Consultations are delivered via secure, encrypted video connections. At the start of each consultation we verify your identity. You may be asked to confirm whether anyone else is present with you, so your practitioner can adapt the conversation accordingly. If telehealth is not suitable for your concern, your practitioner may recommend in-person assessment, GP review, specialist referral, further investigation or no treatment depending on your circumstances. In a medical emergency, call 000.
Notifiable Data Breaches
We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (ss 26WA-26WR). In the event of an eligible data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable and within 30 days of becoming aware of the breach, and we will provide guidance on steps you can take to protect yourself.
Data Retention
We retain clinical records in accordance with the applicable state or territory health records legislation and the Medical Board of Australia's Good Medical Practice: A Code of Conduct for Doctors in Australia. For Queensland, where our clinic is based, the Public Records Act 2002 (Qld) and the Information Privacy Act 2009 (Qld) apply to records management. For patients elsewhere in Australia, the equivalent state or territory legislation applies (for example, the Health Records Act 2001 (Vic) or the Health Records and Information Privacy Act 2002 (NSW)). The minimum retention period is generally seven years from the date of the last clinical entry for adult patients, or until the patient reaches 25 years of age for minors, whichever is the later. We do not destroy clinical records before the applicable statutory retention period has expired.
When information is no longer required and we are not required by law to retain it, we will destroy or de-identify it.
Accessing and Correcting Your Information
You have the right to request access to the personal and health information we hold about you, and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, email [email protected]. We will respond within 30 days. We do not charge for access requests but may charge a reasonable fee for the cost of providing copies.
For your safety, we may ask you to verify your identity before releasing information. In limited circumstances permitted by law we may refuse access, for example, where release would pose a serious threat to the life, health or safety of any person, or would be unlawful. We will explain any refusal in writing.
Cookies and Website Analytics
Our website uses cookies and similar technologies to keep your session active, remember your preferences, and understand how visitors interact with the site (for example, through Google Analytics or similar privacy-respecting analytics). We do not use cookies to record sensitive health information, and we do not target advertising based on browsing of health topics on our site.
You can disable cookies in your browser settings; some features of the site may not function correctly without them.
Complaints
If you have a privacy concern, please contact our concierge team first at [email protected]. We will acknowledge your complaint within 7 days and respond substantively within 30 days.
If you are not satisfied with our response, you may contact:
- Office of the Australian Information Commissioner (OAIC): oaic.gov.au or 1300 363 992;
- Australian Health Practitioner Regulation Agency (Ahpra): ahpra.gov.au or 1300 419 495 for practitioner conduct concerns;
- The Health Complaints Commissioner or equivalent body in your state or territory (for example, the Office of the Health Ombudsman in Queensland).
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version is always available on this page, with the "last updated" date at the top. Material changes will be communicated to you where required.
Contact Us
For any privacy matter, please write to:
Altara Clinics
1/77 Doggett Street, Newstead QLD 4006
[email protected]