Privacy Policy

Simple Online Healthcare Pty Ltd, trading as ‘Simple Online Doctor’, is committed to protecting your privacy.  

Simple Online Healthcare Pty Ltd, trading as ‘Simple Online Doctor’ (“we”/ “us” / “our”), is registered in Australia with the company number 610 046 663. 

This Privacy Policy outlines how we collect, use, store, and disclose your personal information in compliance with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs) and any relevant privacy code registered under the Privacy Act. It applies to all personal information you provide to us through our website, online medical consultations, and related services. We aim to manage your information openly and transparently so you can feel confident that your privacy is protected. 

We only collect information that is reasonably necessary to provide our telehealth services. The types of personal information we may collect include: 

• Identity and contact details: Your name, date of birth, gender, sex, ethnicity, postal address, email address, phone number, and other information. 
• Health information: Medical history, symptoms, medications, test results, consultation notes, and any other information you share during the assessment and medical consultations. This is considered sensitive information under Australian privacy law, and we treat it with special care. 
• Payment details: Billing information such as your credit/debit card number or other payment information. For security, payment details are often handled by our third-party payment processor and not stored by us in full. 
• Identity verification documents: Copies of documents like your driver’s license, passport, Medicare card, or other IDs you provide for identity verification or regulatory requirements. 
• Other information: Any other personal information you choose to provide us (for example, through emails, contact forms, or surveys). We will only collect what is necessary for the relevant purpose. 

We collect personal information directly from you in several ways, including: 

• Account registration and forms: When you create an account or fill in forms on our website, you provide us with your identity and contact details. This can include entering your name, contact information, and health details when booking an appointment or requesting a service. 
• Medical consultations: During online doctor consultations (via video or voice), our medical professionals will collect information about your health, symptoms, and medical history. They document this information in your medical record. 
• Uploads and documents: You may provide information by uploading documents (for example, ID for verification, previous medical records or test results, and photos related to your condition if needed). 
• Payment transactions: When you pay for our services, you enter payment details into our secure payment system. This may be processed by an accredited payment gateway that collects your card details to complete the transaction. 
• Communication: If you contact us via email, phone, or our support chat, we may keep a record of that correspondence and any personal details you share during the communication. 

We will generally collect personal information directly from you. If we ever need to collect information from someone else (for example, obtaining a specialist report or past medical record with your consent), we will only do so with your consent or as required by law. 

Simple Online Doctor collects and uses your personal information only for legitimate purposes connected with our healthcare services. These purposes include: 

• Providing our services: We use your personal and health information to assess your condition in order for our doctors to provide you with medical advice, diagnose and provide treatment plans, and, if appropriate, issue prescriptions or referrals. The collection and handling of sensitive health information is processed: 
• With your consent, which is obtained when you use our services, book an appointment, or provide medical details. 
• Identification and verification: Your identity details and documents are used to verify who you are. This is important for safety, to ensure we are consulting with the correct person, and to comply with healthcare regulations (for example, verifying age for certain treatments or prescriptions). This processing is conducted: 
• With your consent, where required for verification purposes. 
• As necessary for our legitimate interest in preventing fraudulent activity and ensuring patient safety. 
• Communication: We use contact information (like email or phone number) to communicate with you about appointments, send consultation summaries or test results, provide follow-up care instructions, and remind you of upcoming appointments or other health services. This processing is conducted: 
• As necessary for our legitimate interest in providing timely and effective services. 
• As necessary for the performance of a contract, ensuring you receive essential service-related communications. 
• With your consent, if you opt in to receive marketing or promotional communications (you can withdraw your consent at any time). 
• Processing payments: Payment details are used to charge you for the services provided. We use secure payment processors to handle transactions, and we only use your billing information for payment processing and related accounting purposes. This processing is conducted: 
• As necessary for the performance of a contract, to complete the transaction for services you request. 
• As necessary to comply with legal obligations, including taxation and financial record-keeping laws. 
• Improving our services: We may use de-identified information (information that does not identify you personally) to analyze how our services are used, troubleshoot issues, train our staff, or improve our platform and the quality of care. This processing is conducted: 
• As necessary for our legitimate interest in improving and enhancing our services to benefit patients. 
• With your consent, where required, for surveys or research purposes 
• Legal and regulatory compliance: We may use your information as required to comply with Australian laws and regulations. For example, we might use or disclose information to fulfill reporting obligations (such as mandatory disease notifications), to respond to a court order or subpoena, or to cooperate with law enforcement or health regulators when legally required. This processing is conducted: 
• As necessary to comply with our legal obligations, including obligations under healthcare, public health, and privacy laws. 
• Administration and record-keeping: Like any medical practice, we maintain records of the care provided. We use your information for internal administration, such as managing your patient file, auditing, billing, and for insurance or Medicare processing if applicable. This processing is conducted: 
• As necessary to comply with legal obligations, such as medical record-keeping requirements under Australian healthcare regulations. 
• As necessary for the performance of a contract, ensuring continuity of care and appropriate service administration. 
• As necessary for our legitimate interest in ensuring efficient and organized service operations. 

We will only use or disclose your personal information for the purposes explained in this policy, for purposes that you would reasonably expect, or if required/permitted by law. If we ever need to use your information for a new purpose not covered here, we will seek your consent first (unless an exception under privacy law applies). 

We do not sell your personal information. However, in the course of providing our services, we may disclose some of your personal information to third parties for the purposes outlined above. These third parties may include: 

• Medical professionals and health service providers: Our team of doctors will access your health information to provide care. With your consent or at your direction, we might also share relevant information with other healthcare providers involved in your treatment – for example, a specialist if you are referred or a pharmacist to fulfill a prescription. 
• Pathology labs or diagnostic services: If we order blood tests, imaging, or other diagnostics, we will provide the necessary details (like your name, contact, and test request) to the lab or diagnostic center. They in turn, may share results back with us, which become part of your health record. 
• Pharmacies: If our service includes sending your prescription to a pharmacy for dispensing, we will share the prescription details and your identifying information with that pharmacy to ensure you can receive your medication. 
• Payment processors: We use reputable third-party payment gateways or processors to handle credit card transactions. These processors receive your payment information directly to process payments on our behalf. Simple Online Doctor ensure third-party payment gateways or processors are PCI-DSS compliant (industry security standards for payments).  
• Identity verification services: If we use a third-party service to verify your identity or the authenticity of documents you provide, we will share the necessary information (such as your name or ID details) with that service solely for verification purposes. 
• IT service providers: We rely on third-party companies for services like data hosting (secure cloud storage/servers), software support, or email/SMS delivery. These providers may process or store personal information on our behalf under strict confidentiality and security obligations. We only use providers who meet strong data protection standards. 
• Legal or regulatory authorities: We may be required to disclose personal information to government agencies, regulators, courts, or law enforcement. This would only happen in specific circumstances permitted or mandated by law – for example, responding to a lawful subpoena, complying with mandatory health reporting laws, or cooperating with an investigation by the Office of the Australian Information Commissioner (OAIC) or other authorities. 

In all cases of third-party sharing, we only disclose what is necessary for that service or requirement. Wherever feasible, we will inform you about the disclosure or obtain your consent (for instance, when referring you to another provider). All third parties we engage are required to handle your personal information in accordance with privacy law and our guidelines. If any service provider is located overseas or stores data overseas, we will inform you and take steps to ensure your information receives equivalent protection (in line with APP 8 on cross-border disclosure). (At present, our primary data storage and processing occur in Australia.) 

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorized access, modification, or disclosure (in compliance with APP 11 – Security of personal information).

Personal information is stored in secure electronic systems with encryption. Our website and online platforms use HTTPS (SSL/TLS encryption) to protect data transmitted between your device and our servers.

We restrict access to personal records to authorized personnel only. Only staff members and our registered doctors who need to see your information (for example, the doctor treating you or the support staff processing your booking) are permitted to access it. Each employee or contractor is bound by strict confidentiality obligations.

Our internal systems are protected by strong passwords and, where possible, multi-factor authentication to prevent unauthorized logins. Users of our service should also maintain the confidentiality of their own account password and notify us immediately of any unauthorized use.

We use reputable cloud hosting with adequate security protocols or secure physical servers located in controlled facilities. Regular backups are performed to prevent data loss, and those backups are secured as well. Physical documents (if any) are kept in locked cabinets with limited access.

We regularly update and patch our software to address security vulnerabilities. Security audits and monitoring are conducted to detect and respond to any unusual activity. Our team is trained on privacy obligations and security procedures to ensure your information is handled safely.

Despite our best efforts, no method of electronic storage or transmission over the internet is 100% secure. However, we continuously review and enhance our security practices to mitigate risks. If we ever experience a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by the Notifiable Data Breaches scheme under Australian law.

We will retain your personal information only for as long as it is needed to fulfill the purposes for which it was collected or as required by law or professional standards. 

We will keep your health information for as long as necessary to continue providing you services and to comply with legal obligations. For example, we may retain adult patient records for at least 7 years from the date of the last service and, in the case of a minor, until the child turns 25. We retain records to ensure continuity of care and for medico-legal purposes. 

Contact information and other personal details will be kept while your account is active or as long as needed for our business operations. If you cease using our services, we may keep certain information for our records (for example, invoices or consents) to comply with taxation, auditing, and regulatory requirements. 

We do not store full credit card numbers on our systems (these are handled by the payment gateway). Any payment transaction records we keep (e.g., receipts or transaction IDs) are retained according to financial record-keeping laws (often 7 years). 

When personal information is no longer required for the purpose it was collected (and we are not legally required to retain it), we will take reasonable steps to destroy it or permanently de-identify it. For instance, if you close your account and request deletion of your identity documents on file, and we have no further legal need to keep them, we will securely delete those documents. 

Please note that due to healthcare regulations, we cannot always accommodate immediate deletion of medical records upon request, especially if those records are needed to provide you (or future practitioners) with a complete medical history or if we must retain them by law. However, once the mandatory retention period ends, we will securely dispose of the information. 

We will also respect any withdrawal of consent to use information for optional purposes (like marketing) by updating our records and practices accordingly. 

You have the right to access the personal information we hold about you and to request corrections if you believe it is inaccurate, out-of-date, or incomplete. We are committed to responding to such requests in accordance with APPs 12 and 13. 

• Accessing your information   

You may request access to your information (including health records) at any time by contacting us using the details in the Contact section below. We will need to verify your identity before granting access. We will promptly provide you with your information, usually within 30 days. In some cases, we may provide access by giving you a summary of the information or facilitating an electronic record download. There is generally no fee for requesting access; however, if your request is complex and incurs significant staff time or resources, we might charge a reasonable cost-recovery fee (we will let you know in advance if a fee applies). 

• Correcting your information 

If you think any personal information we hold about you is incorrect or incomplete, please let us know. You can request that we correct or update your details. We will take reasonable steps to amend your records accordingly. If, for some reason, we cannot accommodate a correction (for example, if we disagree that the information is incorrect), we will let you know why and, at your request, note on your record that you sought a correction. 

We always strive to maintain accurate, up-to-date information. For some changes (like updating your contact details), you may be able to log into your account and make the edits directly. For other changes (like amending a medical note), please contact us, and we will assist. 

We take your privacy seriously, and we welcome questions or feedback about our privacy practices. If you have any concerns or believe your privacy has been compromised, please let us know so we can address the issue. 

For any privacy-related inquiries or complaints, you can contact us at:

Email: [email protected]

Address:

119 Racecourse Road

Ascot

4007

Queensland

Australia

Phone: (07) 4839 7994

Please provide details about your question or complaint so we can respond effectively. We will acknowledge your query or complaint within a reasonable time (usually within 5 business days) and let you know the next steps. For complaints, we will investigate the matter and aim to provide you with a written response outlining the outcome and any actions we will take to resolve your concern. 

If a privacy complaint is made, we will work with you to resolve it. This may involve clarifying the issue with you, investigating internally, and updating our procedures if necessary. We aim to resolve all complaints promptly and fairly, typically within 30 days. If we need more time (for example, if the matter is complex), we will keep you informed of the progress. 

If you are not satisfied with our response, or if you prefer not to raise the matter with us, you have the right to contact the Office of the Australian Information Commissioner (OAIC). You can lodge a complaint with the OAIC after you have attempted to resolve it with us: 

Office of the Australian Information Commissioner  

By post: GPO Box 5218, Sydney NSW 2001, Australia 

Website: https://www.oaic.gov.au  

Phone: 1300 363 992 

We value your trust and will do everything we can to address your concerns and improve our practices. Your feedback on privacy matters is welcome and helps us ensure we meet our obligations. 

Our privacy practices are designed to comply with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles. In summary: 

• We only collect, use, and handle personal information in ways that are allowed by and comply with the law. 
• We regularly review this Privacy Policy and our procedures to ensure we remain compliant with current privacy regulations and guidance from the OAIC. 
• If there are any changes to the Privacy Act or APPs that affect your rights or our obligations, we will update our policy and practices accordingly. 

By using our services, you consent to the collection and handling of your personal information as described in this policy. We encourage you to read this policy carefully and contact us if you have any questions. 

Last updated: 07 April 2005 - This policy will be reviewed periodically and updated as necessary to ensure compliance with Australian privacy laws and our commitment to protecting your information. Any changes will be posted on this page and if significant, we may notify you through email or via our website.