At Dr Abbie Clinics, your privacy is important to us. We are committed to protecting your personal and health information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other relevant laws.
This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information, including your health information, when you interact with us, our website, and our services.

1. Who We Are
Dr Abbie Clinics provides clinical services including podiatry, biomechanics, rehabilitation.
Contact:
Phone: (02) 9545 4378
Email: reception@dr-abbie.com
Address: 27 Monro Ave, Kirrawee NSW 2232
The Practice Manager is responsible for the handling of personal information and compliance with privacy requirements.

2. Types of Information We Collect
At Dr Abbie Clinics, we may collect a wide range of personal, health, and sensitive information to provide high-quality, tailored care. This includes:
A. Identity & Demographic Information
Full name, preferred name, gender, date of birth, age
Residential address, postal address, and emergency contact details
Marital status, occupation, employer, and next-of-kin details
Country of birth, language spoken at home, cultural background, and Indigenous status (if provided)
B. Contact Information
Email addresses, phone numbers (mobile, work, home)
Social media handles or other digital contact information if voluntarily provided
Communication preferences (SMS, email, phone, postal)
C. Health & Medical Information
Current and past medical history, including chronic conditions
Family medical history relevant to your care
Allergies, adverse reactions, and medication history
Immunisation history and preventive care information
Diagnostic results, imaging, pathology reports, and laboratory results
Clinical notes from consultations, treatments, and follow-ups
Biomechanical, musculoskeletal, and podiatric assessments
Treatment plans, progress notes, therapy records, and outcome measures
Adverse event reporting or incidents related to care
D. Treatment & Care Information
Foot, lower limb, or biomechanical assessments
Orthotic prescriptions and device usage
Physiotherapy, podiatric, or rehabilitation records
Records of surgeries, procedures, injections, or minor interventions
Swift wart removal, toenail or laser treatments, and other specialist procedures
Pain scores, mobility assessments, and functional outcome measures
E. Billing, Insurance & Financial Information
Medicare, private health insurance, or third-party payer details
Billing history, invoices, and payment records
Credit card or bank account information for payment processing (collected in-person or over the phone, and then processed securely via third-party providers, not retained by the clinic)
Financial arrangements, concessions, or discounts applied
F. Digital & Online Interactions
IP address, browser type, device type, and operating system when accessing our website
Website usage patterns and cookies for improving user experience
Online appointment bookings, form submissions, or inquiries
Email communications, chat logs, or patient portal activity
G. Consent & Legal Documentation
Consent forms for treatments, procedures, photography, or video
Authorisations for disclosure of information to third parties (e.g., referring practitioners)
Research participation consent and clinical trial involvement
Guardianship or legal authority documentation for minors or dependent adults
H. Education & Training Information
Information accessed by students or trainees (de-identified wherever possible)
Supervisory notes related to student involvement in care
Feedback or evaluation records related to educational purposes
I. Special Categories / Sensitive Information
Health information, including genetic, psychological, and physiological data
Information relating to disability, mental health conditions, or other sensitive personal circumstances
J. Other Information
Referral letters, practitioner notes, or correspondence from other healthcare providers
Complaints, feedback, or survey responses
Emergency or incident reports, including notifications to health authorities
Note: All health information collected is treated as sensitive information under the Privacy Act and is afforded extra protection. We only collect information that is necessary for providing safe and effective care, billing, or regulatory compliance.

3. How We Collect Information
At Dr Abbie Clinics, we collect personal and health information through multiple channels to ensure high-quality care, accurate records, and compliance with legal obligations. This includes:
A. Direct Collection from Patients
During in-person consultations, assessments, or treatments
Via patient intake forms, registration forms, or medical history questionnaires
Through online forms, email communications, or patient portal submissions
Over the phone or via video consultations, including verbal collection of payment details
During consent processes for procedures, treatments, photography, or research participation
B. Collection from Guardians, Carers, or Representatives
For minors or patients unable to provide informed consent, information may be collected from parents, guardians, or legal representatives
Includes medical history, consent for procedures, and communication preferences
C. Collection from Other Healthcare Providers
Referring doctors, specialists, allied health professionals, or hospitals
Diagnostic laboratories, imaging centres, and pathology services
Care teams or case managers involved in coordinated patient care
D. Digital and Online Collection
Data submitted through our website or online booking platforms
Analytics from our website, including anonymised traffic patterns, cookies, and session information
Telehealth or virtual consultation platforms, including video, chat, or email records
E. Collection Through Educational or Research Activities
With explicit patient consent, information may be collected for clinical research or quality improvement programs
Students or trainees may access patient information for educational purposes under strict privacy controls
All research participation requires documented consent, and data is de-identified wherever possible
F. Indirect Collection
Publicly available sources of information, where relevant and lawful
Third-party service providers engaged for billing, IT management, or administrative support
Information provided by insurers, Medicare, or government agencies for payment or reporting purposes
G. Special Considerations
Credit card or payment information is only collected for direct payment processing and is handled securely through compliant payment gateways
Sensitive health information is collected only where necessary for treatment, billing, research (with consent), or legal obligations
H. Handling of Unsolicited Information
If information is received that was not specifically solicited, we will take reasonable steps to de-identify or securely dispose of it, unless it is necessary for patient care or permitted by law
Note: We only collect information that is necessary for the purpose of providing healthcare, managing appointments, processing payments, conducting research, or fulfilling legal obligations.

4. Use of Your Information
Dr Abbie Clinics collects and uses your personal and health information for a wide range of purposes essential to providing safe, effective, and coordinated care. These purposes include, but are not limited to:
A. Providing Care
Assessing your health, performing examinations, and making diagnoses
Developing treatment plans tailored to your needs
Delivering podiatry, biomechanics, and related healthcare services
Monitoring and reviewing your progress and outcomes
Coordinating care with other healthcare providers, specialists, or allied health professionals
B. Clinical Management and Administration
Maintaining comprehensive and accurate health records, including medical, diagnostic, and treatment history
Managing appointment scheduling, recalls, reminders, and follow-up care
Ensuring continuity of care and communication across different clinicians or locations
Conducting audits, quality assurance, and clinical risk management to improve service delivery
C. Billing, Payment, and Insurance
Processing payments for services rendered, including credit card or other payment details, through secure channels
Preparing invoices, statements, and receipts
Submitting claims to Medicare, private health insurers, or other government agencies
Managing debt recovery and any associated legal requirements, where necessary
D. Research and Quality Improvement
Conducting clinical research, audits, or studies to improve treatments and service quality, only with your explicit consent
Collecting de-identified or aggregated data for research, service evaluation, and health outcomes analysis
Ensuring all research activities comply with ethics approvals and legal requirements
E. Education and Training
Providing access to de-identified or limited patient information to supervise students, trainees, or visiting clinicians for educational purposes
Ensuring all students or trainees are bound by the same privacy obligations as clinic staff
F. Communication and Engagement
Sending appointment reminders, health alerts, or follow-up notifications
Communicating about clinic updates, new services, promotions, or events only where you have provided consent
Responding to enquiries, feedback, complaints, or requests for information
G. Legal and Regulatory Obligations
Disclosing information to comply with legal requirements, statutory obligations, or court orders
Reporting certain diseases or conditions to public health authorities where required by law
Assisting with investigations, audits, or professional regulatory requirements
H. Internal Operations
Supporting clinic administration, data management, IT system management, and security
Conducting internal audits, risk management, and service improvement initiatives
Protecting the rights, property, and safety of patients, staff, and the clinic
Important Notes:
We will never use your information for purposes unrelated to your care or clinic operations without your explicit consent, except as required by law.
Where possible, information used for secondary purposes (e.g., research, training, marketing) is de-identified to protect your privacy.

5. Disclosure of Your Information
Dr Abbie Clinics is committed to protecting your privacy. Your personal and health information will only be disclosed when necessary for your care, clinic operations, or as required by law. Disclosures are managed in line with the Australian Privacy Principles (APPs) and relevant healthcare legislation.
A. Healthcare Providers
Your information may be shared with other healthcare providers involved in your care, such as:
Referring doctors, specialists, or allied health professionals
Hospitals, diagnostic imaging, or pathology services
Disclosure is only made with your consent, except in emergencies where consent cannot reasonably be obtained.
Information shared is limited to what is necessary for your ongoing treatment or care.
B. Billing and Payment
Personal and billing information may be disclosed to:
Medicare or other government agencies for claims and rebates
Private health insurers for processing claims
Debt collection agencies or credit providers, if necessary, will recover unpaid accounts
Only the minimum information necessary for processing payments or claims is shared.
C. Professional Advisors
Your information may be disclosed to professional advisors, including:
Accountants and auditors for financial reporting purposes
Legal advisors for compliance, regulatory, or legal matters
Disclosure is strictly limited to the purpose for which advice is sought and is subject to confidentiality agreements.
D. Education and Research
De-identified or limited information may be disclosed to:
Students, trainees, or visiting practitioners for supervised education
Researchers for approved studies, audits, or quality improvement initiatives
Disclosure requires explicit patient consent and is only done under strict confidentiality and approved ethical standards.
E. Legal and Regulatory Requirements
We may disclose your information without consent when required or authorised by law, including:
Court orders, subpoenas, or other legal directives
Notifiable conditions under public health legislation
Regulatory investigations by health authorities or professional bodies
Only information relevant to the legal or regulatory requirement will be disclosed.
F. Third-Party Service Providers
Certain non-clinical service providers may access your information to perform services on our behalf, such as:
IT and cloud service providers for secure storage and management
Appointment booking platforms, email, or SMS communications providers
Document archiving or transcription services (e.g., AI transcription like Heidi Health)
These providers are contractually bound to use your information solely for the purpose of providing services to Dr Abbie Clinics and to comply with privacy and confidentiality obligations.
G. Marketing and Communication
We will only use your information for marketing or promotional purposes if you have opted in and provided explicit consent.
You may withdraw consent at any time, and your information will not be used for marketing without permission.
H. General Principles
Dr Abbie Clinics does not sell, trade, or rent your personal or health information.
Only the minimum necessary information is disclosed for the purpose required.
All disclosures are documented in your file to maintain accountability and transparency.

6. Consent
By attending Dr Abbie Clinics or using our services, you provide consent to the collection, use, and disclosure of your personal and health information as outlined in this Privacy Policy.
A. How Consent is Obtained
Consent may be provided:
Verbally during consultations
In writing via intake forms, consent forms, or online bookings
Implied by your continued engagement with our services
For minors or individuals unable to provide informed consent, consent will be obtained from a parent, guardian, or legally authorised representative.
B. Scope of Consent
Consent covers the collection, use, and disclosure of your information for:
Diagnosis, treatment, and ongoing care
Clinical management, recalls, and coordination with other healthcare providers
Billing and accounts, including insurance and government claims
Education, training, or research where explicit consent is provided
Marketing or communication, where opt-in consent has been given
C. Withdrawal of Consent
You may withdraw your consent at any time by notifying us in writing.
Withdrawal may limit our ability to provide certain services or communicate with you.
All withdrawals of consent are documented in your patient record to ensure accurate handling of your information.
D. Documentation
Consent, as well as any updates or withdrawals, are securely recorded in your patient file.
This ensures transparency, compliance with the Privacy Act 1988, and continuity of care.

7. Access, Correction, and Deletion
You have rights in relation to your personal and health information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). These include the right to:
A. Access
You may request access to the personal and health information Dr Abbie Clinics holds about you.
Access requests can be made in writing to the Practice Manager.
Where access is granted, a staff member will be present to ensure security and confidentiality when accessing electronic records.
In some cases, access may be refused under legal exemptions (e.g., information relating to legal proceedings or where disclosure may pose a serious threat to the life or health of any individual).
B. Correction
You may request corrections to your information if it is inaccurate, out-of-date, incomplete, or misleading.
Requests should be made in writing. The correction process may involve verification with clinical staff and relevant healthcare providers.
Corrections will be documented and incorporated into your electronic or paper records, with a note of the previous information for audit and clinical continuity purposes.
C. Deletion
You may request deletion of your personal information; however, we may be legally required to retain certain records for clinical, legal, or auditing purposes.
Where deletion is permitted, it will be securely completed for both electronic and paper records.
D. Response Time
Dr Abbie Clinics will respond to requests for access, correction, or deletion as promptly as practicable, generally within 30 days.
If a request is refused, you will be provided with reasons for the refusal and information on avenues for complaint or review.

8. Storage and Security of Information
Dr Abbie Clinics takes all reasonable steps to ensure the privacy, security, and integrity of your personal and health information.
A. Electronic Records
All electronic records are stored in secure, password-protected practice management systems.
User access is role-based, with automatic log-out and screen-locking protocols to prevent unauthorised access.
Backups are encrypted and stored securely, with access limited to authorised personnel.
B. Paper Records
Paper records are stored in locked cabinets within restricted-access areas.
Only authorised staff may access these records, and access is logged for audit purposes.
C. Staff Training and Confidentiality
All staff, including receptionists, clinicians, and trainees, are required to sign confidentiality agreements.
Staff undergo ongoing training in privacy, security, and information-handling procedures.
Access to personal and health information is limited to only those who require it for their professional duties.
D. Use of Technology and AI Tools
Where AI or other technology is used (e.g., transcription services), audio and raw data are not stored.
Temporary data is encrypted and only accessible to authorised clinicians until safely incorporated into the patient’s electronic health record (EHR).
Clinicians review and approve all AI-generated notes before they are included in the patient record.
E. Limitations
While we implement rigorous security measures, no system can guarantee the complete security of information transmitted over the internet.
Patients are encouraged to use secure channels when sharing sensitive information electronically.
F. Payment Security Protocols When collecting payment details over the phone, staff are trained to input information directly into the secure, encrypted payment gateway. Dr Abbie Clinics does not record, store, or digitally retain full credit card numbers, CVC codes, or magnetic stripe data in patient files or internal systems. This data is handled exclusively by PCI DSS-compliant third-party providers.

9. Retention of Information
Dr Abbie Clinics retains patient personal and health information in accordance with state and territory legislation, professional obligations, and clinical best practice. Retention ensures continuity of care, compliance with legal requirements, and protection of both patients and the practice.
A. Retention Periods
Adults: Records are retained for a minimum of 7 years from the date of the last patient interaction.
Minors: Records are retained for a minimum of 7 years after reaching the age of majority, in accordance with state/territory requirements.
Special Circumstances: Records may be retained for longer periods if required for:
Ongoing clinical care
Legal proceedings or audits
Research purposes (with consent and ethics approval)
B. Secure Storage
Both electronic and paper records are securely stored during the retention period, using encryption, restricted access, and locked storage.
C. Disposal of Information
Once records are no longer required, they are securely destroyed in a manner that ensures confidentiality and compliance with relevant legislation (e.g., secure shredding for paper records, permanent deletion for electronic records).

10. Direct Marketing
Dr Abbie Clinics may use your personal information for marketing, promotions, or clinic communications only with your express consent.
A. Purpose of Marketing
To inform patients about new services, promotions, events, health information, or other services relevant to foot, ankle, and lower limb care.
B. Consent and Opt-Out
You may opt in to receive marketing communications at any point during registration or consultation.
You may withdraw consent at any time by:
Emailing info@drabbieclinics.com.au
Using unsubscribe links in marketing emails
Opting out will not affect your access to care or any other services provided by the clinic.
C. Third-Party Marketing
We do not sell or trade your personal information to third-party marketing companies.
Where third-party tools are used for communication, these providers are bound by strict privacy agreements and confidentiality requirements.

11. Cross-Border Disclosure
Dr Abbie Clinics may engage service providers or cloud-based platforms outside Australia for technical, administrative, or storage purposes. Cross-border disclosure is managed carefully to protect patient privacy.
A. Conditions for Disclosure Before disclosing personal information outside of Australia, Dr Abbie Clinics takes reasonable steps to ensure that the overseas recipient handles the information in a manner compliant with the APPs. Providers must demonstrate equivalent or higher standards of privacy protection as required under the Australian Privacy Act 1988. Data is encrypted in transit and at rest, and access is restricted to authorised personnel. Cross-border providers are contractually obligated to use personal information only for the purposes specified by Dr Abbie Clinics and to comply with privacy and confidentiality obligations.
B. Patient Awareness
Patients are informed of potential cross-border processing of data in this Privacy Policy.
No sensitive health information will be disclosed internationally without the patient’s explicit consent, unless required by law.

12. Cookies and Website Analytics
Our website may use cookies, tracking technologies, and analytics tools to improve functionality, content, and user experience.
A. Types of Cookies
Essential Cookies: Required for website operation (e.g., session management, booking forms).
Functional Cookies: Enhance site performance and remember user preferences.
Analytics Cookies: Collect anonymous data on visitor behaviour to improve website design, content, and navigation.
B. Privacy Considerations
Cookies do not collect personally identifiable information unless voluntarily submitted via forms.
Analytics data is aggregated and anonymised.
Users can disable cookies in their browser settings, which may impact the website’s functionality.
C. Third-Party Tools
Third-party services (e.g., Google Analytics) may collect information to provide anonymised usage statistics.
Data shared with third parties is handled in accordance with the privacy agreements and for the sole purpose of website improvement.

13. Data Breach Response
Dr Abbie Clinics takes the security of personal and health information seriously. In the event of a suspected or confirmed data breach, we will respond promptly and effectively in accordance with the Privacy Act 1988 and the Notifiable Data Breaches (NDB) scheme.
A. Identification and Assessment
Any suspected breach is immediately reported to the Practice Manager or Privacy Officer.
The nature and scope of the breach, including affected data, systems, and individuals, are assessed.
B. Containment and Mitigation
Immediate measures are taken to contain the breach and prevent further unauthorised access or disclosure.
Technical, administrative, or procedural steps are implemented to mitigate harm to affected individuals.
C. Notification
Affected individuals are notified as soon as practicable, detailing the nature of the breach, potential risks, and recommended actions to protect themselves.
Where required under the Notifiable Data Breaches (NDB) scheme, the Office of the Australian Information Commissioner (OAIC) is notified.
D. Review and Prevention
The incident is reviewed to identify root causes and gaps in current security measures.
Policies, procedures, and staff training are updated to prevent recurrence.

14. Complaints
Dr Abbie Clinics is committed to addressing any privacy concerns promptly, professionally, and transparently.
A. How to Make a Complaint
If you believe your privacy has been breached, you may lodge a complaint by contacting us:
Email: info@drabbieclinics.com.au
Phone: [Insert Clinic Phone Number]
Mail: [Insert Clinic Address]
B. Complaint Handling
All complaints are acknowledged within 5 business days.
We will investigate complaints thoroughly and provide a response outlining findings, actions taken, and remedies (where applicable).
Confidentiality is maintained throughout the complaint process.
C. External Review
If you are not satisfied with our handling of your complaint, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC) via:
Website: www.oaic.gov.au
Phone: 1300 363 992
The OAIC can investigate breaches and enforce compliance with privacy obligations.

15. Changes to this Policy
Dr Abbie Clinics regularly reviews and updates this Privacy Policy to ensure compliance with legal requirements, evolving best practices, and the highest standards of patient care.
A. Updates
Updates may occur due to legislative changes, technological developments, or internal process improvements.
The latest version of this Privacy Policy is always available on our website.
B. Notification
Where changes are significant, patients and website users may be notified via email, website announcements, or clinic notices.
C. Commitment
Dr Abbie Clinics is committed to maintaining the highest standards of privacy and confidentiality while delivering exceptional, patient-centred care.

Effective Date: 4th December, 2025