Privacy Policy — Belle Women’s Health

Last updated: 22 April 2026

Clinic: Belle Women’s Health (ABN 62 691 099 868)
Practice address: Ground level, 60 Leichhardt Street, Spring Hill, QLD 4000
General contact: reception@bellewh.com.au | 07 3543 6111
Privacy Officer: Practice Manager | egrijmans@bellewh.com.au

1. About this Policy (APP 1)

Belle Women’s Health (“we”, “our”, “us”) provides private health services in Australia. We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy explains the kinds of personal information we collect, how we collect, use, disclose and protect it, how you can access and correct it, how to complain, and whether we disclose overseas. This Policy applies to both our clinical services and our website interactions.

2. What we collect (personal and health information)

We collect information reasonably necessary to provide our services, including:

• Identity & contact: name, date of birth, address, email, phone.

• Government identifiers used in healthcare: Medicare/DVA numbers and healthcare identifiers (we do not use these to identify you within the practice except as permitted by law).

• Health information (sensitive information): presenting complaints, symptoms, history, diagnoses, treatments, medications, allergies, referrals, clinical images, specialist letters, care plans, recalls, and any relevant social or family history.

• Diagnostics and results: pathology and imaging requests and reports.

• Administrative/billing: appointments, Medicare/insurer claims, account and payment records.

• Website/technical: IP address, device/browser details, pages viewed, timestamps, and cookies/analytics used to operate and secure our website.

3. How we collect your information

We collect information:

• Directly from you (forms, phone/email, telehealth, in-person consultations).

• From a person responsible for you (where appropriate).

• From third parties where permitted or required by law: other providers involved in your care (GPs, specialists, allied health), hospitals, diagnostic services, pharmacies/e-prescription services, Medicare/DVA, health funds, and the My Health Record system.

We take reasonable steps to ensure the information we collect is accurate, up-to-date and complete. This includes confirming key details with you during consultations, updating records when new information is received, and reconciling clinical information from third parties.

4. Why we collect, use and disclose your information (APP 6)

Primary purposes:

• To provide and coordinate healthcare, including requesting, receiving and discussing tests, preparing referrals, and communicating with you about your care.

• To arrange billing, Medicare/DVA and health fund claims, and account administration.

• To comply with legal obligations (e.g., notifiable disease reporting, child protection).

Directly related secondary purposes you would reasonably expect:

• Quality assurance, clinical audit, accreditation, practice management, and staff training/supervision (with appropriate confidentiality safeguards).

• Appointment recalls/reminders (subject to your preferences).

We do not sell your personal information.

5. Disclosures we commonly make

We may disclose personal information to:

• Other treating providers involved in your care (e.g., GPs, specialists, allied health).

• Diagnostic services, pharmacies/e‑prescription or secure messaging services, hospitals and other healthcare facilities.

• Medicare/DVA, health funds and claims intermediaries for claiming/eligibility.

• Government regulators and oversight bodies where required or authorised by law (e.g., OAIC for privacy complaints).

• Our contracted service providers (e.g., secure cloud hosting, practice software, IT support) under agreements requiring APP‑compliant safeguards and confidentiality.

6. My Health Record

As a participating healthcare provider organisation, we may upload information to, and view information from, your My Health Record to support your care, in accordance with your access controls and the My Health Records Act 2012. Information downloaded to our local system is then handled under the Privacy Act and the APPs like other health information we hold. We maintain a My Health Record security and access policy and comply with ongoing participation obligations.

7. Direct marketing

We only send marketing or promotional communications with your consent. Clinical communications relating to your care (such as appointment reminders, recalls, and follow-ups) are not considered direct marketing. You may opt out of marketing communications at any time using the method in the message or by contacting us.

8. Anonymity and pseudonyms (APP 2)

You may interact with us anonymously or using a pseudonym where lawful and reasonably practicable (e.g., general enquiries). For clinical care and where Medicare/insurer billing applies, anonymity is generally impracticable.

9. Cross‑border disclosures (APP 8)

We seek to store personal information in Australia. Some of our contracted service providers (such as cloud hosting or IT support providers) may store or access data from overseas locations. Where this occurs, we take reasonable steps to ensure such providers comply with the APPs, including through contractual safeguards and due diligence. We will inform you where required by law or obtain your consent where applicable.

10. Data security (APP 11)

We implement reasonable and proportionate technical, administrative and physical safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Measures include role-based access controls, secure data transmission, secure hosting environments, audit logging, system maintenance and updates, backups, staff training and confidentiality obligations, and vendor due diligence.

11. Retention and destruction

We retain health records in accordance with applicable legal and medico-legal requirements, including generally at least 7 years from the date of last entry for adults, and for children until they reach 25 years of age, or longer where required (for example, where there are actual or reasonably anticipated medico-legal matters). When no longer required, information is securely destroyed or de-identified.

12. Access and correction (APP 12–13)

You may request access to, or correction of, your personal information by contacting our Privacy Officer. We will respond within a reasonable time (usually within 30 days). We may need to verify your identity and, where permitted by law, charge a reasonable cost‑recovery fee for providing copies (not for making a request). If we refuse access or correction, we will provide written reasons and information about complaint options.

13. Data breaches — Notifiable Data Breaches (NDB) scheme

We maintain a data breach response process. If an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the NDB scheme. If a breach relates to the My Health Record system, we will also notify the Australian Digital Health Agency (System Operator) as soon as practicable.

14. Queries or complaints about privacy

Please contact our Privacy Officer first (reception@bellewh.com.au). We will acknowledge and respond within a reasonable timeframe. If you are not satisfied with our response, you can contact the OAIC: 1300 363 992 | enquiries@oaic.gov.au | GPO Box 5218, Sydney NSW 2001 | oaic.gov.au.

15. Private vs state privacy regimes (Queensland)

As a private sector health service provider in Queensland, we are covered by the Commonwealth Privacy Act and the APPs. State privacy laws primarily apply to public sector agencies.

16. Changes to this Policy

We may update this Policy to reflect legal, operational or technological changes. The latest version will be published on our website with an updated effective date. Where changes are material, we will take reasonable steps to notify you.