This Privacy Policy describes how CMA Clinic ("we", "us", "our") collects, uses and discloses your personal information when you visit our website at cmaclinic.com.au, contact us, or book a consultation. We are committed to handling your information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
Contact
If you have questions about this policy, want more information about our privacy practices, or would like to make a complaint, please contact us by email at harry@cmaclinic.com.au.
What we collect
The personal information we collect depends on how you interact with us. We collect only what we need to provide our services and to comply with our regulatory obligations.
Information you provide directly
- What we collect
- Name, date of birth, address, email address, phone number, Medicare number, Individual Healthcare Identifier (IHI), and any clinical or health information you provide as part of booking or attending a consultation.
- When we collect it
- When you book a consultation, complete a consent form, contact us through our website, or speak with our clinicians.
Information collected automatically
- What we collect
- Device and browser information, IP address, time zone, the pages you view on our site, the links you click, and how you arrived at the site (e.g. from a search engine or advertisement).
- When we collect it
- When you visit our website, through cookies and similar technologies (see Cookies section below).
Payment information
- What we collect
- Card payment information for consultation fees is collected directly by our payment processor (Stripe) and is not stored by us. We receive only confirmation that the payment has been successful, along with your name and email address used at checkout.
- When we collect it
- When you pay for a consultation through one of our booking links.
How we use it
We use the personal information we collect to:
- Provide our telehealth consultation services and any follow-up care.
- Communicate with you about your appointment, your care, and our services.
- Process payments for consultations.
- Comply with legal, regulatory, and clinical record-keeping obligations under Australian law.
- Improve our website and the way we deliver our services.
- Where you have agreed, send you marketing communications about our services.
Sharing & service providers
We share your personal information only as necessary to provide our services or where required by law. The third-party service providers we use include:
- MediRecords — our clinical management system, which holds patient records, appointment details, and prescriptions issued by our doctors. MediRecords is an Australian-based provider that complies with Australian healthcare data standards.
- Stripe — our payment processor. Stripe collects card information directly during the payment process; we do not store full card details. See Stripe's privacy policy.
- Netlify — our website hosting provider. Netlify processes basic technical information (such as IP address) when you visit our website. See Netlify's privacy policy.
- ActiveCampaign — our email marketing and contact list platform. If you sign up for marketing communications or send us a message, your contact details may be stored in ActiveCampaign. See ActiveCampaign's privacy policy.
- Google Workspace — for email correspondence with our team (including consent forms and contact-form submissions sent to reception@cmaclinic.com.au and harry@cmaclinic.com.au).
We may also disclose personal information where required by law, in response to a subpoena, search warrant or other lawful request, or where necessary to protect our rights or the safety of our patients or staff.
Advertising & analytics
To understand how visitors use our website, and to help reach people who may benefit from our services, we may use the following third-party tools:
- Google Analytics — to understand how visitors use our website. See Google's privacy policy. You can opt out at tools.google.com/dlpage/gaoptout.
- Meta Pixel — to measure the effectiveness of advertising on Facebook and Instagram. See Meta's privacy policy. You can manage your ad preferences at facebook.com/settings/?tab=ads.
- TikTok Pixel — to measure the effectiveness of advertising on TikTok. See TikTok's privacy policy.
Where we use these tools, they may set cookies in your browser and collect information about your visit to our site. The information collected by these third parties is governed by their own privacy policies. You can opt out of personalised advertising more broadly through the Digital Advertising Alliance's opt-out portal at optout.aboutads.info.
Cookies
A cookie is a small piece of information stored on your device when you visit a website. We use cookies for two main purposes:
- Functional cookies — necessary for our website to work properly (for example, remembering your preferences as you navigate between pages).
- Analytics and advertising cookies — set by the third-party tools listed above (Google Analytics, Meta Pixel, TikTok Pixel) to help us understand how the site is used and to measure advertising effectiveness.
Most browsers accept cookies automatically, but you can change your browser settings to block cookies or to alert you when a cookie is being sent. Blocking cookies may affect parts of our site. For more information on managing cookies, visit allaboutcookies.org.
Health records
Health information is sensitive personal information and is afforded additional protection under Australian privacy law. We collect and use your health information only for the purposes of providing telehealth consultations and any related care, and we store it within MediRecords (our clinical management system).
We will not disclose your health information to anyone outside the clinical team treating you, except:
- Where you have given us your consent (for example, when you ask us to send a prescription to a pharmacy of your choice).
- Where required or authorised by law.
- Where necessary to lessen or prevent a serious threat to life, health, or safety.
Retention
We retain your information for as long as necessary to provide our services and to meet our legal obligations. Australian healthcare regulations require clinical records to be retained for a minimum period (typically seven years from the last patient contact, or until the patient turns 25 if treated as a minor). Non-clinical information, such as marketing-list contact details, is retained until you ask us to delete it.
You can request that we delete information held about you at any time, subject to our legal record-keeping obligations. See "Your rights" below.
Your rights
Under the Australian Privacy Principles, you have the right to:
- Ask us what personal information we hold about you.
- Ask us to correct any information that is inaccurate, out of date, or incomplete.
- Ask us to delete personal information we hold about you, subject to our legal obligations to retain certain records.
- Withdraw your consent to receive marketing communications at any time, by clicking "unsubscribe" in any marketing email or by contacting us directly.
To exercise any of these rights, please email harry@cmaclinic.com.au. We may need to verify your identity before acting on a request.
Do Not Track
Because there is no consistent industry standard for how websites should respond to "Do Not Track" signals, we do not currently alter our data collection or usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The "last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.
Complaints
If you would like to make a complaint about how we have handled your personal information, please contact us by email at harry@cmaclinic.com.au. We will respond to your complaint within a reasonable time and aim to resolve it directly with you.
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints.