Skip to content

Privacy Policy


This is the privacy policy of Brisbane Rheumatology Pty Ltd ACN 652 423 188 (Brisbane Rheumatology, we, us). It applies to all personal information (including sensitive information) we collect and use in connection with our business, including via our website (Website).

We understand the importance of, and are committed to, protecting the privacy and security of your personal information. We comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, which regulate how we may collect,
use, disclose and store your personal information. This privacy policy is intended to keep you informed of the ways we collect, use, disclose, store and protect your personal information and help you to understand your rights (and our obligations) under the
Privacy Act.

We may change this privacy policy from time to time. The updated privacy policy will be posted on our Website, with the date of the update shown.

What is ‘personal information’?

Personal information is information or an opinion about you, whether true or not, which identifies you or from which your identity can be reasonably obtained.

What is ‘sensitive information’?

Sensitive information is a subset of personal information and includes health information. Your health information includes any information collected about your health or disability, and any information collected in relation to a health service you have received. It may also include, for example, your wishes about the future provision of health services.

What kinds of personal information do we collect?

We collect and use personal information related to our business activities when it is necessary and relevant to our relationship with you. Our business activities primarily involve the provision of medical advice and services, specifically in relation to rheumatology. If you make an appointment with us or otherwise contact the practice, we may collect the following types of information about you:
  1. your name, date of birth and contact details, including your email address, telephone number and residential and/or postal address;
  2. your health concerns at the time of making the appointment;
  3. your diagnostic and genetic history;
  4. names of other health professionals involved in your care;
  5. previous medical treatments or prescriptions you have received;
  6. specialist reports and test results, including x-rays, scans, MRIs and blood tests;
  7. your next of kin and their contact details;
  8. your Medicare account details;
  9. your debit or credit card details for Telehealth video services (which will not be billed on any occasion without first obtaining your approval);
  10. any other relevant personal information necessary for the purpose of providing our services to you;
  11. other information and material you provide to us, including through our Website, or that we reasonably need to collect to administer our business, such as contact and billing information including your address and telephone number; and
  12. data we collect automatically about how you use and interact with our Website.

How we collect information about you

Where it is reasonably practical to do so, we will collect your personal information directly from you. We may collect the personal information you directly give us through some of the following means:

  1. when you communicate with us, such as when you contact us by telephone or email, or send an enquiry through our Website;
  2. when you book an appointment with us, including via our Website;
  3. when administering any of our services to you;
  4. while conducting customer satisfaction and market research surveys;
  5. when you settle your account for the services provided to you; and
  6. as otherwise required to manage our business.

In certain cases we may collect personal information from third parties. For example, when we receive specialist reports or test results from third parties.

You must only provide us with the personal information of someone else if you have that person’s consent to disclose that information to us and for us to use that information in accordance with this privacy policy.

Unsolicited information

If we receive personal information about you that we have not requested, and if we determine that we could not have lawfully collected that information under the Privacy Act if we had requested it, we will destroy or de-identify the information (if it is lawful and reasonable to do so). If we collect your personal information in an unsolicited manner, we will take reasonable steps to inform you of such collection and also how we use, disclose and secure your personal information. Such reasonable steps may include referring you to this privacy policy.

Do I have to provide you with my personal information?

You can deal with us anonymously (without giving us your name and contact details) or by using a pseudonym in some limited circumstances. If you contact us by phone or other means and ask to remain anonymous, you may do so and we will try to answer your request without seeking identifying details. However, if you choose to deal with us anonymously, there are some things we cannot do. For example, we will not be able to enter into an agreement with you to provide you with any of our products or services.

Purpose for handling your personal information

As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances. We collect, hold, use and disclose personal information to:

  1. provide you with the services you require and administer our dealings with you, including sending you invoices and receipts;
  2. communicate with you and provide you with relevant information, including marketing information (unless you have requested not to receive marketing information from us);
  3. provide our Website and its functionality to you;
  4. assess your needs so that we can refer you to other professional services;
  5. comply with legal and regulatory obligations; and
  6. otherwise manage our business.

We may use your personal information for activities in support of our primary business functions such as processing payments, administration, employment, management, marketing, contracting, IT, legal, and customer support.

Disclosure of personal information to third parties

We may disclose your personal information to the third parties set out below for any of the purposes set out above. The types of third parties with whom we disclose personal information include:

  1. other doctors or specialist health and medical service providers that we may refer you to;
  2. payment systems operators (eg merchants receiving card payments);
  3. other persons, including government agencies, if required or authorised by law;
  4. a third party purchaser of our business in the event we sell or transfer all or a portion of our business or assets; and
  5. otherwise as authorised by you.

Before disclosing any personal information about you to another doctor or health service provider, we will always obtain your prior written consent where it is reasonably practicable to do so. In certain situations, we may disclose your personal information, including health information, to health service providers (such as doctors and ambulance officers) where we have been unable to obtain your prior written consent.

For example, if you are in an ICU needing urgent treatment, we may share relevant health information we hold about you if requested by the health care professionals providing you with treatment.

Protection of your personal information

We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers. We maintain appropriate physical, procedural and technical security for our information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.

We further protect personal information by restricting access to personal information to only those who need access to the personal information to do their job, and we will destroy or de-identify your personal information once it is no longer needed for a valid purpose or required to be kept by law.

Direct marketing

Like most businesses, marketing is important to our continued success. We may use your personal information (such as your contact details) to provide you with information and newsletters about products and services that we consider may be of interest to you. We will not disclose your personal information to third parties for marketing purposes without your consent.

You may opt out at any time if you no longer wish to receive marketing information from us. You can do this by contacting our Practice Manager on the details below or by using the ‘unsubscribe’ function included in our marketing emails.


A cookie is a small text file stored in your computer’s memory or on your hard disk for a pre-defined period of time. We use cookies to identify specific machines in order to collect aggregate information on how visitors are experiencing our Website. This information will help to better adapt our Website to suit personal requirements. While cookies allow a computer to be identified, they do not permit any reference to a specific individual. For information on cookie settings of your internet browser, please refer to your browser’s manual.

Overseas disclosures

As at the date of this privacy policy, we are not likely to disclose your personal information to overseas recipients. If in the future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act. We will, where practicable, advise you of the countries in which any overseas recipients are likely to be located.

Accessing and correcting your personal information

You may contact our Practice Manager using the contact details below to request access to, or a correction of, the personal information that we hold about you. We will deal with your request within a reasonable time. On the rare occasion that we refuse access, we will provide you with a written notice setting out the reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access. We will also provide you with avenues to complain about our refusal to provide you with access to the information.

We are not obliged to correct any of your personal information if we do not agree that it requires correction. If we refuse a correction request, we will provide you with a written notice with our reasons for refusing. We may recover reasonable costs in relation to a request for access to personal information.

Resolving personal information concerns

If you have any questions, concerns or complaints about this privacy policy, or how we handle your personal information, please contact our Practice Manager:

The Practice Manager

Brisbane Rheumatology Pty Ltd
Level 3, 135 Wickham Terrace

Phone: 07 3831 9145
Fax: 07 5302 2223

We take all complaints seriously and will respond to your complaint within a reasonable period. You may also lodge a complaint with the Office of the Australian Information Commissioner by telephone: 1300 363 992 or email:

This privacy policy was last updated on 22 February 2023.