Carlton Specialists is committed to protecting your privacy and handling your personal information in a lawful and responsible manner. This policy is required under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) and explains how we collect, use, disclose, store and protect personal information when you engage with our services.
This policy is written in clear and simple language to help you understand how your information is managed. Carlton Specialists collects, uses, holds, and discloses personal information in accordance with applicable Australian legislation, including the Privacy Act 1988, the Australian Information Commissioner Act 2010, the My Health Records Act 2012, and the Freedom of Information Act 1982, where relevant.
Under the Privacy Act 1988 (Cth), personal information includes information or opinions that identify an individual. Sensitive information includes health information and other information afforded a higher level of protection under the Act.
Carlton Specialists collects personal and health information where it is necessary to provide healthcare services and operate our practice. This may include your name, date of birth, contact details, address, emergency contact information, Medicare details, Individual Healthcare Identifier (IHI), payment and billing information, gender, and Aboriginal and/or Torres Strait Islander status. We also collect health information such as referrals, medical reports, test results, medications, health history, and other information relevant to your care.
The primary purpose for collecting personal and health information is to provide healthcare services to you. We may also use and disclose this information for secondary purposes that are directly related to the primary purpose, including managing appointments and billing, communicating with you and other healthcare specialists involved in your care, and meeting our legal, regulatory, and professional obligations.
Personal information is generally collected directly from you when you provide it to us, including by phone, via our website, through online booking platforms such as Healthengine, or by completing our patient registration forms. In some circumstances, it may be unreasonable or impracticable to collect information directly from you, and we may receive personal information from referring practitioners, specialists, hospitals, or other healthcare providers involved in your care. This includes accessing and reviewing personal and health information contained in referrals.
Health information is collected only where it is necessary to provide a health service and in accordance with Australian law and professional obligations of confidentiality that apply to healthcare providers.
In some circumstances, we use secure third-party clinical support technologies, including AI-assisted transcription tools, to assist with consultation documentation. Third-party services operate in accordance with applicable privacy and security requirements.
If you contact us via social media or online platforms, we collect the personal information you choose to provide through those communications. Our website may use cookies or similar technologies to support functionality and improve user experience; these do not identify you personally.
Carlton Specialists may disclose personal information, including sensitive information, where it is necessary to provide healthcare services, operate our practice, or where permitted or required by law. This may include disclosure to treating practitioners, referring clinicians, healthcare providers, pathology and diagnostic services, Medicare, insurers, and service providers involved in the delivery and administration of healthcare.
We may also disclose personal information to third parties who provide administrative, clinical, or technical support services to our practice. Where this occurs, we take reasonable steps to ensure that such parties handle personal information in accordance with privacy and security obligations.
Personal information may be disclosed where required or authorised by law, including in response to subpoenas, court orders, statutory reporting obligations, or other lawful requests.
A data breach happens when personal information is accessed or disclosed without permission or is lost. If a data breach involving personal information occurs, we will notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
Some service providers may store or process information overseas. Where personal information is disclosed overseas, we take reasonable steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable laws, including Australian privacy laws.
We may communicate with you and other healthcare providers via electronic means, including email and SMS, where appropriate. While reasonable steps are taken to protect electronic communications, you acknowledge that such communications may not always be secure.
Carlton Specialists takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, in accordance with the Privacy Act 1988 (Cth).
Personal information is stored securely in electronic systems, including clinical and practice management software and secure cloud-based storage services. We use reputable third-party service providers to support the operation of our practice, including Gentu (clinical software), Healthengine (online bookings), Microsoft OneDrive (secure document storage), and Tyro (payment processing). These providers are required to maintain appropriate privacy and security standards.
We use a combination of administrative, technical, and physical safeguards to protect personal information. These include restricted access to systems, secure passwords, antivirus and malware protection, and staff training regarding confidentiality and privacy obligations. Personal information may be linked with other information held about you where necessary to provide healthcare services and operate the practice.
While we take reasonable steps to secure electronic communications and telehealth services, no method of transmission over the internet or via mobile devices is completely secure. You are responsible for any costs associated with your own devices, software, and data usage when accessing our services, including telehealth.
Personal information is retained only for as long as required to provide healthcare services and to meet legal, regulatory, and professional obligations. Where personal information is no longer required and we are not required by law or a court or tribunal order to retain it, we take reasonable steps to destroy or de-identify the information.
We also collect and store personal information relating to staff and job applicants, including employment records, payroll, taxation, and superannuation information. This information is handled confidentially and stored securely in accordance with applicable laws.
Our website may contain links to third-party websites. Any access to or use of those websites is governed by the privacy policies of the relevant third parties, and we are not responsible for their information handling practices.
You have the right to access the personal information we hold about you and to request corrections if you believe it is inaccurate, incomplete, or out of date.
To request access to your information, or to ask for a correction, please contact us using the details provided in this Privacy Policy. We may need to verify your identity before processing your request.
We will respond to requests for access or correction within a reasonable time and will take reasonable steps to update our records where appropriate. In some circumstances, access may be limited or refused where permitted by law, and we will explain the reason if this occurs.
We do not charge a fee for making a request to access or correct your personal information.
Carlton Specialists retains medical records and personal information in accordance with applicable Australian laws and professional obligations.
Medical records are kept for the period required to support the provision of healthcare services and to meet legal, regulatory, and professional requirements. Where we are no longer required to retain information, we take reasonable steps to securely destroy or de-identify it.
If we are required by law, or by a court or tribunal order, to retain personal information, it will be kept for as long as required and handled in accordance with this Privacy Policy.
If you have any questions, concerns, or complaints regarding your privacy, or if you believe that your personal information has been accessed, used, or disclosed inappropriately, please contact us as soon as possible so we can address the matter.
You may contact us by phone on (03) 7053 9520, email at admin@carltonspecialists.com.au or submit your complaint in writing to:
Carlton Specialists
179 Grattan Street
Carlton VIC, 3053
We take all privacy concerns seriously and will endeavour to respond promptly. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by writing to:
Privacy Officer
Governance, Risk and Compliance (FOI and Privacy)
Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2000
Carlton Specialists may update this Privacy Policy from time to time. Revised versions of the Carlton Specialists privacy policy will be posted here.
This privacy policy is effective as of 2 February 2026.
