Privacy Policy
NATURAL MEDIC PTY. LTD.
Privacy Policy Collection and Handling of Health Information
Effective Date: 5 June 2026
1. Our Commitment to Privacy
This Privacy Policy explains how Natural Medic Pty. Ltd. ABN 96 613 892 792 ("Practice", "we", "us", "our") collects, uses, stores, discloses, and otherwise handles your personal information and sensitive health information, including information collected through our online payment and booking platform.
The Practice is bound by:
The Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1;
The My Health Records Act 2012 (Cth), where applicable;
The Information Privacy Act 2009 (Qld);
The relevant National Board obligations regarding patient records under the National Law.
1.1 Health Information is Sensitive Information
Health information is classified as "sensitive information" under the Privacy Act and attracts a higher level of protection. The Practice will not collect sensitive health information unless it is reasonably necessary for, or directly related to, the provision of healthcare services to you, and your consent has been obtained unless a legal exception applies.
2. What Information We Collect
2.1 Identity and Contact Information
Full name, date of birth, and gender;
Residential address, email address, and telephone number;
Medicare card number and private health fund details where applicable.
2.2 Payment Information
When you make a payment through our platform, Stripe processes your payment card details directly. The Practice does not receive, store, or have access to your full card number, CVV, or bank account details. We receive only a tokenised confirmation of payment from Stripe.
We retain records of transaction amounts, dates, and Stripe-issued transaction reference numbers for billing, accounting, and medico-legal compliance purposes.
2.3 Health and Clinical Information Health history, current conditions, medications, and allergies disclosed in intake forms or during consultations; Clinical assessment findings, diagnoses, treatment records, and progress notes; Referral letters and correspondence with other healthcare providers; For Chinese medicine and acupuncture clients: tongue and pulse diagnosis records, acupuncture point selection records, herbal prescription records, and relevant dietary and lifestyle information; For chiropractic clients: postural assessment findings, spinal analysis records, and imaging referrals or reports.
2.4 Booking and Technical Information
Appointment history and booking preferences;
IP address and browser or device information collected via the booking and payment platform for security and fraud prevention purposes.
3. How We Collect Information We collect personal and health information: Directly from you via intake forms, online booking, and consultations; From other healthcare providers with your consent or as otherwise permitted by law; From emergency contacts or carers where you have authorised this; Through our payment platform (Stripe) for transaction-related information; Through cookies and analytics on our website (see Section 8 below).
4. Why We Collect and Use Your Information We collect and use personal and health information to: Provide, manage, and coordinate healthcare services to you; Process payments and issue receipts and tax invoices; Communicate appointment reminders and follow-up care information; Facilitate Medicare or private health insurance claiming; Meet our legal and regulatory obligations under the National Law, AHPRA requirements, and applicable health records legislation; Maintain accurate and contemporaneous clinical records as required by the relevant National Board; Conduct quality assurance and practice improvement activities; Respond to complaints or legal proceedings. We will not use your health information for direct marketing without your express consent.
5. Disclosure of Your Information
5.1 Permitted Disclosures We may disclose your personal or health information to: Other treating healthcare practitioners with your consent or where necessary for your treatment; Hospitals, specialists, or allied health providers involved in your care; Your Medicare provider, private health insurer, or workers' compensation insurer for the purpose of processing claims; Stripe, Inc. for the purpose of processing and verifying payments, limited to payment-related data only; Our practice management software provider, under a data processing agreement that ensures equivalent privacy protections; Law enforcement or regulatory bodies including AHPRA and the Queensland Office of the Health Ombudsman where required or authorised by law; In an emergency, to a person responsible for your care.
5.2 No Overseas Disclosure Without Consent
We will not disclose your personal information to overseas recipients unless you have consented, we are required by law to do so, or we are satisfied that the overseas recipient is subject to a law or binding scheme that is at least equivalent to the APPs.
Stripe may process payment data on servers located overseas including the United States. Stripe maintains compliance with applicable international data protection frameworks. By using the payment platform, you consent to this data transfer for the limited purpose of payment processing.
5.3 No Sale of Information
We will never sell your personal information or health information to any third party.
6. Storage and Security
Your personal and health information is stored: In our secure practice management system, protected by encryption, access controls, and regular security reviews; In physical paper records where applicable, stored in locked filing systems with restricted staff access; On Stripe's secure servers for payment transaction records. We take reasonable technical and organisational steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. In the event of an eligible data breach as defined under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals in accordance with our obligations.
6.1 Retention Periods
We retain health records for the minimum periods required by law and the relevant National Board guidelines:
Adult health records: a minimum of 7 years from the date of the last entry;
Records relating to a minor: until the individual reaches 25 years of age, or 7 years from the last entry, whichever is later;
Payment records: 7 years from the date of transaction for tax and accounting compliance.
Records are securely destroyed at the end of the applicable retention period.
7. Your Privacy Rights Under the Privacy Act, the Information Privacy Act 2009 (Qld), and applicable health records legislation, you have the right to: Access the personal and health information we hold about you, subject to limited exceptions under law; Request correction of information that is inaccurate, incomplete, out of date, or misleading; Make a complaint to us, or to the OAIC or the Queensland Office of the Information Commissioner, if you believe your privacy rights have been breached; Withdraw consent to the use of your information for marketing purposes at any time. To exercise any of these rights, please contact us using the details in Section 10 below. We will respond within 30 days of receiving your request.
8. Cookies and Online Tracking Our website and booking platform use cookies and similar technologies to facilitate the booking process, improve user experience, and detect fraud. We use: Essential cookies: required for the booking and payment platform to function; Analytics cookies: to understand how clients interact with our platform. These may collect anonymised usage data; Payment security cookies: used by Stripe to detect fraud and protect payment transactions. You may disable non-essential cookies through your browser settings. This may affect certain non-essential features of the booking platform.
9. Children's Privacy
If you are booking on behalf of a minor under 18 years of age, you represent that you are the minor's parent or legal guardian and consent to the collection and use of the minor's health information for the purposes set out in this Policy. Parental or guardian consent is required for the treatment of minors, consistent with the relevant National Board's standards and applicable Queensland legislation.
10. Contact and Complaints
Privacy Officer: info@naturalmedic.com.au
Natural Medic Pty. Ltd. 4/490 Scottsdale Dr, Varsity Lakes QLD 4227
Phone: 0452 288 241 Email: info@naturalmedic.com.au
If you are not satisfied with our response to a privacy complaint, you may contact: info@naturalmedic.com.au
Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992
Queensland Office of the Information Commissioner: www.oic.qld.gov.au | 07 3234 7373
Queensland Office of the Health Ombudsman: www.oho.qld.gov.au | 133 646
AHPRA: www.ahpra.gov.au | 1300 419 495
11. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our practices. The current version will always be available at our practice reception and on our website. The effective date at the top of this document indicates when the most recent update was made.