Privacy Policy

Haven Paediatrics  |  ABN 12 257 199 378

About this policy

Haven Paediatrics (ABN 12 257 199 378) is committed to protecting your privacy and handling personal information responsibly. This policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

As a healthcare provider, we handle health information — a category of sensitive information under Australian privacy law — and we take that responsibility seriously. This policy applies only to personal information we collect through our website.

If you have any questions about this policy or how we handle your personal information, please contact us using the details at the end of this document.

What information we collect

Website usage information

Our website uses analytics tools — including Google Analytics — to collect non-identifiable data about visitor behaviour, such as pages viewed, time spent on the site, referral sources, browser type, and device information. This helps us understand how our website is used and improve its performance. This data does not identify individual visitors.

We use cookies and similar technologies (such as analytics cookies) to support website functionality and understand usage patterns. You can manage or disable cookies through your browser settings, although this may affect some website features.

Where practical, you may browse our website anonymously or using a pseudonym. However, this is not possible when submitting enquiry or appointment forms.

Information you provide

When you contact us via our website, we collect the personal information you provide, which may include:

• Name
• Email address
• Phone number
• Date of birth
• Any message, document, or information you choose to submit

Our forms (including general enquiries, appointment requests, and employment enquiries) are powered by Gravity Forms, a WordPress plugin. Information submitted is securely stored within our website platform and accessible only to authorised Haven Paediatrics staff.

While we encourage you not to include detailed clinical information in website forms, any personal or health information you submit will be handled in accordance with this Privacy Policy and applicable law.

General enquiries and appointment requests

When you submit a general enquiry or request an appointment, we collect the information you provide to respond to your enquiry and assist with scheduling. This may include personal and limited health information, such as details included in a referral if provided by you.

By submitting an appointment request, you consent to us contacting you regarding your enquiry and to discuss information necessary for your care.

Employment enquiries

If you enquire about employment opportunities, we collect the personal and professional information contained in your application, including:

• Name and contact details
• Qualifications and employment history
• Any other information you provide

By submitting an employment enquiry, you consent to us contacting you regarding your application.

How we use your information

We may use personal information collected via our website to:

• Respond to enquiries and appointment requests
• Communicate with you
• Manage employment applications
• Improve our website and services
• Maintain internal records

Disclosure of information

Third-party service providers

We use a limited number of third-party services to support our operations, including:

• Website forms: Gravity Forms (WordPress plugin)
• Hosting and email/cloud services: Microsoft
• Analytics: Google Analytics

Some of these providers may store or process data overseas. We take reasonable steps to ensure these providers handle personal information in accordance with Australian privacy law.

These providers are not authorised to use your personal information for their own purposes.

Legal and regulatory requirements

We may disclose personal information where required by law, including to:

• Government or regulatory bodies (e.g., AHPRA)
• The Office of the Health Ombudsman
• Courts or legal authorities

We only disclose the minimum information necessary.

Mandatory reporting

As healthcare providers, we are subject to mandatory reporting obligations under Queensland and Commonwealth law. If we reasonably believe a child is at risk of harm or abuse, or that a registered practitioner is practising unsafely, we are required to report this regardless of consent.

What we do not do

We do not sell, trade, rent, or disclose your personal information to third parties for marketing or unrelated commercial purposes.

Children and parental consent

Haven Paediatrics treats children and young people under 18 years of age. Personal and health information is generally collected from parents or legal guardians on behalf of the child.

By providing information about a child, you confirm that you are legally authorised to do so.

Storage and security of your information

Your information may be stored using secure systems provided by trusted third-party providers, including Microsoft and Xestro.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:

• Secure systems and servers
• Access controls and role-based permissions
• Staff confidentiality obligations
• Privacy training for staff

Only authorised staff can access personal information, and only where necessary for their role.

Data retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this policy or as required by law.

Access and correction of your information

You may request access to, or correction of, personal information we hold about you by contacting us using the details below. We will respond within a reasonable timeframe and may require verification of your identity.

Data breaches

If a data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Complaints

If you believe we have not handled your personal information in accordance with the Privacy Act or this policy, you can contact us in writing. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied, you may contact:

Changes to this policy

We may update this policy periodically to reflect changes in our practices, technology, or legal requirements. The current version will always be available at havenpaediatrics.com.au/privacy-policy.

Contact us