Privacy Policy

We may collect and hold the following categories of personal information:

• Identity details — name, date of birth, gender
• Contact details — address, phone number, email address
• Health and medical information relevant to your care
• Medicare and private health insurance details
• Payment and billing information
• Information you provide in consultations, forms, or through our website
• Data collected through connected devices such as health apps or wearables, where applicable

We may collect your information through the following channels:

• Directly from you — via forms, consultations, online bookings, phone calls, or email
• From third parties involved in your care — including specialists, hospitals, diagnostic services, Medicare, and insurers
• Through our website, secure patient portals, or electronic communication channels

We use your personal information to:

• Provide and manage your medical care
• Communicate with you about your treatment and appointments
• Process payments and Medicare or private health claims
• Comply with our legal, ethical, and clinical obligations
• Conduct internal audits, quality improvement, and staff training
• Ensure patient safety, data security, and continuity of care

We are required under the Privacy Act to take reasonable steps to protect your personal information. Our security measures include both technical safeguards — such as encryption, firewalls, and secure servers — and organisational controls, including restricted staff access, staff training, and audit logs.

Where personal information is no longer required, it will be securely destroyed or permanently de-identified, unless we are legally required to retain it.

In the event of a data breach that is likely to result in serious harm, we will:

• Promptly notify affected individuals, explaining the nature of the breach and any recommended steps they should take
• Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme
• Take immediate remedial action to minimise harm and prevent recurrence

Where personal information is transferred outside Australia — for example, when using secure cloud service providers — we take steps to ensure it is only disclosed to countries with adequate privacy protections or to recipients subject to binding contractual safeguards.

If we use automated decision-making systems — such as risk screening or digital triage tools — you will be informed. You may request an explanation of how any such decisions are made and seek human review or intervention.

It is a criminal offence in Australia to maliciously disclose personal information ("doxxing") with the intention of causing harm, harassment, or intimidation. MedSurg Weight Loss strictly prohibits such conduct by any member of our team.

You have the right to:

• Access and request a copy of your personal information held by us
• Request correction of your information if it is inaccurate or incomplete
• Withdraw consent for secondary uses of your information, such as research or marketing
• Make a complaint if you believe your privacy has been breached

If you believe we have breached your privacy rights, you may:

1. 1Contact us directly — we aim to resolve concerns promptly and fairly:

1. 2If your concern remains unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

This Privacy Policy will be updated as required by law or to reflect changes in our practices. Significant updates will be communicated through our website or directly to patients where appropriate.

We encourage you to review this page periodically. Continued use of our services following any changes constitutes acceptance of the updated policy.