PRIVACY POLICY

This Privacy Policy sets out how St. Agnes Podiatry ABN 76603812166 (“us”, “we” and “our”) collect, use, hold and disclose your personal information when you interact with us, for example, through our dealings with you as a customer, supplier, contractor or job applicant.

It also applies to personal information we collect when you visit and use our https://www.stagnespodiatry.com.au/ website (“Website”)

We take privacy seriously and are committed to maintaining the privacy of the personal information of our customers, visitors to our Website and other individuals we deal with in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (“Privacy Act”).

Why do we collect personal information?

We collect personal information: for the purposes of carrying out our business operations and activities, providing our podiatry services and products, as well as other related purposes, including:

 engaging with you for the provision of provide professional podiatry services and products;

 communicating with you and responding to your communications;

 doing business with you and managing and accounting for our services and products;

 invoicing and debt recovery;

 assessing credit applications and to manage credit provided to our patients;

 providing you with information about issues which may be of interest to you;

 from job applicants who apply for employment with us, so that we can assess their suitability for vacant positions and/or contact them about future employment opportunities that arise;

 to manage our employees and contractors;

 dealing with complaints, claims and disputes;

 to comply with legal and regulatory requirements, resolve any complaints or disputes that

we may have with any of our users, and enforce our agreements with third parties;

 generally carrying on our practice.

We only collect personal information that is reasonably necessary for one or more of our functions or activities as a podiatry practice, or where collection is otherwise permitted or required by law.

What personal information do we collect?

We may collect and retain a range of different information about you. This can include the following.

Personal information

The personal information we collect about you may include but not be limited to your name, date of birth, contact details, occupation and work history, drivers licence details, banking and credit card details, credit information including but not limited to reports, history, standing and capacity, and information relating to your dealings with us and our employees, potential employees and other business contacts.

Sensitive and health information

We also collect sensitive information necessary to provide the specific professional podiatry services and products our patients require. Sensitive Information is a subset of personal information, which in addition to health information, includes information or opinion about such things as an individual’s racial or ethnic origin, religious beliefs or affiliations, political opinions, membership of a professional or trade association, among other matters.

Sensitive Information will be used by us only for the primary purpose for which it was obtained, for a directly related secondary purpose, and with your consent or where required or authorised by law. Health information is personal information about your health. It includes medical conditions, treatments, health history, information about a health service provided, or to be provided, and expressed wishes about the future provision of health services. We will only collect health information with your consent, unless an exception applies under the Privacy Act, for example, where collection is necessary to provide healthcare services or is required or authorised by law.

Other information

We may also collect information about you that you provide to us directly through our Website or indirectly using our Website or online presence or through other websites or accounts from which you permit us to collect information.

How we collect personal information

We generally collect personal information about you in your dealings with us, including:

 when you provide personal information to us including though completion of digital or hard copy forms, surveys or questionnaires;

 when you enquire, communicate or deal with us in person, in writing, online (including by email or social media) or by telephone;

 when you use our Website (including via cookies);

 when you interact with us in the course of us providing our products and services to you;

and / or

 when you apply for a position of employment with us.

Where you provide us with personal information about another individual (for example, a child, dependent or family member), you represent and warrant that you are authorised to provide that information and that you have obtained any necessary consent for us to collect, use and disclose that information in accordance with this Privacy Policy.

We may also collect information about you from third parties, including:

 another health practitioner who refers that individual you as a patient to us or who provides us with specialist or other medical reports about that individual you on that individual’s your request.;

 third party service providers, suppliers and contractors we engage to assist us in delivering our products and services;

 employers, publicly available sources, and third party providers of employment screening or reference checking services.

This Privacy Policy applies to all personal information collected by us, whether or not we have directly requested that information.

Cookies

Information gathered through “cookies” and similar technology used on our Website and social media sites may record certain information about your use of our Website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

Cookies are small text files that are transferred to a user’s hard drive by a website for the purpose of collecting information about a user’s identity, browser type or website visiting patterns. You can refuse cookies by selecting the appropriate settings on your browser and/or deleting cookies stored on your computer, but our Website may not work as intended for you if you do so.

Anonymity and pseudonyms

Individuals have the right not to identify themselves, or to use a pseudonym when dealing with us except where it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym, or where we are required or authorised by law to deal with identified individuals. In the case of healthcare services, it is generally impracticable to provide services without identification. If we request personal information and it is not provided, we may not be able to assist the relevant individual. If that individual is a patient of ours, we may not be able to provide appropriate care to the individual or to claim rebates or other payments from third parties in respect of that individual such as health funds, Medicare and accident and worker’s compensation authorities.

General use and disclosure

We use and disclose personal information for the primary purpose for which it was collected,. Ingeneral, we use and disclose personal information for the purposes set out above or for related purposes related to the purposes set out above that you would reasonably expect, and other purposes authorised by the Privacy Act.

Use and disclosure for direct marketing

We will only use your personal information to market our services or products or to send invitations to events where you have consented to us doing so or where an exception under APP 7 applies. In such cases we will include a simple means by which you can easily request not to receive direct marketing communications (opt-out) in each direct marketing communication, and we will not use that information for those purposes after such a request is made. You can also unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

To whom do we disclose personal information?

We may disclose your personal information to third parties for the purposes set

out above, including:

 to our employees;

 to employers who engage us to provide our products and services to you;

 to your family, friends and other health practitioners to whom you authorise

us to disclose the information

 to our suppliers who provide us with products or services for your requirements;

 to anyone else whom you authorises us to disclose the information;

 other persons, including government agencies, regulatory bodies and law enforcement agencies as required, authorised or permitted by law.

Who else can access this information?

Our contractors and other third parties may have access to some personal information we hold while assisting us to carry on our practice. For example, we may use contractors to provide reception and other administrative support to our practice, distribute some of our publications , and develop and maintain our computer systems, electronic records, Websites, blogs and other social media sites. We may also disclose personal information to our auditors, insurers and legal and other professional advisers may access personal information we hold to assist us in protecting our interests, and to ensure that we comply with our obligations.

Disclosure to overseas recipients

We do not generally disclose personal information to overseas recipients. Where we disclose personal information to an overseas recipient (for example, where required to provide specific services or products our patients require or where our IT or practice management systems involve overseas hosting), we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information, in

accordance with APP 8. If we are unable to ensure that an overseas recipient will comply with the Australian Privacy Principles in circumstances where we are unable to ensure that the recipient will comply with the Australian Privacy Principles, we will only disclose the information with your informed consent, after advising you that we will not be responsible under the Privacy Act for how that overseas recipient handles your information.

How do we keep personal information secure?

We take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. We store hard copies of personal information in access-controlled premises, and digital versions on secure servers. We require all persons authorised to access digital information to use logins and passwords to access such information. We require all our contractors and others to whom we disclose personal information or whom may have access to personal information we collect, to keep such personal information private and to protect such personal information from misuse and loss and from unauthorised access, modification or disclosure. [Any credit card details provided to us for the purposes of making any payment are destroyed or de-identified when processing the payment is finalised.] and the information is no longer needed for any permitted purpose under the Privacy Act. Unless we are prevented from doing so by law, we de-identify or destroy securely all personal information we hold when no longer reasonably required by us.

Security breaches

In the event that we become aware of eligible data breach (as defined in the Privacy Act), being unauthorised access to or disclosure of personal information we hold, or loss of such information which may lead in circumstances where unauthorised access or disclosure, we will promptly investigate and where appropriate, take is likely to occur, where such breach is likely to result in serious harm to any individual to whom the information relates, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. This includes promptly assessing whether the breach is likely to result in serious harm, taking remedial action where possible, and notifying affected individuals and the Office of the Australian Information Commissioner as required by law.

Integrity of personal information

We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete and that the personal information we use or disclose is accurate, up to date, complete and relevant, having regard to the purpose of such use or disclosure. To that end, we encourage you to contact us to update or correct any personal information we hold about you.

Accessing your personal information

You may request access to personal information we hold about you. We may require you to verify your identity and to specify what information you require. We will respond to requests for access to personal information within a reasonable period (generally within 30 days) and in the manner requested by the individual if it is reasonable and practicable to do so. We will not charge a fee for making a request for access, but may charge a reasonable fee for giving access to the information in the manner requested. We may refuse to provide access only in the limited circumstances permitted under APP

12.3, such as where providing access would pose a serious threat to the life, health or safety of any individual, giving access would have an unreasonable impact on the privacy of other individuals, or where the request is frivolous or vexatious. If we refuse access, we will provide written reasons for the refusal and inform the individual of their right to complain.

Correction of personal information

We take reasonable steps to correct all personal information we hold to ensure that, having regard to the purposes for which it is held, the information is accurate, up to date, complete, relevant and not misleading. You may request corrections to personal information we hold about you. We will respond to such requests within a reasonable period (generally within 30 days). We will not charge a fee for making a request for correction or for correcting the information. If we refuse to correct personal information as requested, we will provide written reasons for the refusal and inform you of your right to complain. If we refuse to correct information and you request us to do so, we will take reasonable steps to associate with the information a statement that you view it as incorrect, inaccurate, out of date, incomplete, irrelevant or misleading. We may refuse to correct personal information only in the

limited circumstances permitted under APP 13.3.

Complaints

If you wish to make a complaint about this Privacy Policy or our collection, use or disclosure of personal information, please contact us in the first instance. We investigate your complaint and within a reasonable period (generally within 30 days) and will provide you with a written response setting out our decision and the reasons for our decision. We will try to resolve your complaint directly with you. If you are not satisfied with the outcome, then you may make a complaint to the Office of the Australian Information Commissioner (OAIC). For information about how to make such a complaint,

please refer to the OAIC website http://www.oaic.gov.au/.

Contact us

If you have any questions about this Privacy Policy, wish to access or correct personal information, opt out of marketing communications, or to make a privacy complaint, please contact our Practice Manager at

info@stagnespodiatry.com.au

Changes to Privacy Policy

We may update this Privacy Policy from time to time. The current version will be posted on our Website with the date of the last update. Where changes are significant, we will take reasonable steps to notify individuals who may be affected by the changes. We recommend that you regularly review

our Privacy Policy to ensure you are aware of any changes.

This Privacy Policy is current as at 12/3/2026.