Privacy Policy

Last Updated: Aug 2025

TopDoc Medical Group Pty Ltd (ACN 670 520 064) and its related entities and clinic-specific legal entities (collectively referred to as TopDoc, we, us, or our) are committed to protecting your privacy and ensuring the confidentiality of your personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and protect your personal information, including when you interact with our general practices, TopDoc Infusion Clinics, SkinCheck Australia, or our website.

1. What Personal Information We Collect

Name, address, date of birth, contact information
Gender, Medicare number, health fund details
Emergency contact and next-of-kin details
Medical and surgical history, medications, allergies
Test results, immunisation records, referrals
Family medical history and lifestyle data
Employment or insurance details for work-related consults
Payment information and billing history

We may also collect information about your interactions with us, including website usage, feedback, and communication preferences.

2. How We Collect Personal Information

Online appointment systems (e.g., HotDoc)
In-person clinic visits, forms, or phone calls
Email correspondence, patient portals, and website contact forms
Referrals from other healthcare professionals
Your use of diagnostic or imaging services
Public health sources (e.g., ‘My Health Record’ system)
Recruitment platforms and job applications
CCTV footage in our clinic common areas
Occasionally, your carer or family member during urgent situations

3. Use of Artificial Intelligence (AI) in Clinical Settings

While TopDoc does not mandate the use of AI, independent healthcare practitioners operating within our clinics may choose to use AI-driven tools to enhance clinical documentation, transcription, or decision support.

Such use will only occur:

With your prior informed consent;
In accordance with professional and ethical standards; and
Subject to strict confidentiality and security obligations.

If you have concerns about the use of AI in your consultation, please discuss them directly with your practitioner before proceeding.

4. Why We Collect, Use and Disclose Your Information

Delivering safe and effective healthcare
Enabling independent practitioners to diagnose and treat you
Referrals to specialists and allied health providers
Accessing and updating your ‘My Health Record’
Appointment reminders, recalls, and administrative communication
Managing clinic operations, including queue management and patient flow
Processing payments and health fund claims
Regulatory compliance (e.g., AHPRA, Medicare)
Addressing feedback, complaints, or legal claims
Service improvement, quality assurance, and clinical audits
Internal training or de-identified research
Providing relevant health updates and promotional materials (if opted in)

5. Disclosure to Third Parties

We may disclose your personal information to:

Independent healthcare professionals working in TopDoc facilities
Medical specialists, allied health professionals, and diagnostic providers
Pathology and imaging providers
IT providers, cloud-based storage solutions, and software vendors (e.g., Best Practice)
Payment processors, such as HotDoc and potentially Stripe or Medipass
Medicare, private insurers, compensation bodies, and regulatory authorities
Legal advisers and insurers (where relevant)
Contractors who provide administrative, technical or marketing services

We take all reasonable steps to ensure these third parties protect your information and use it only for authorised purposes.

6. Overseas Disclosure

Some of our third-party service providers may store or process your information overseas. This may include:

Payment processors or booking platforms with offshore servers
Cloud-hosted services with data centres outside Australia

Where this occurs, we take reasonable steps to ensure that overseas recipients comply with Australian privacy standards.

7. Marketing and Research

We may use your personal information to:

Send health-related updates, service information, and promotional material (only if you have opted in)
Invite feedback on your experience with our clinics
Conduct internal audits or quality improvement activities
Contribute to medical research or public health studies (de-identified only)

Your sensitive health information will never be used for marketing without your explicit consent. You may opt out at any time.

8. Security of Your Information

We implement a range of safeguards to protect your personal and health information:

Secure medical software (Best Practice) with user authentication
Role-based access control to sensitive records
Staff training on privacy and data handling
Secure disposal of obsolete records
Physical and digital surveillance, including CCTV in public clinic areas

Medical records are retained as required by law:

For 7 years from the last health service (if you are over 18)
Until age 25 (if you were under 18 at the time of your last visit)

9. Accessing and Correcting Your Information

You have the right to access or request correction of your personal information.

To do so:

Contact the reception of the clinic you attended
Submit your request in writing (fees may apply)

Access may be declined only in limited situations permitted by law, such as when access could pose a serious threat to safety.

If you believe your data is incorrect or out of date, please inform us, and we will take reasonable steps to amend it. If we disagree, you may request a statement of your correction be attached to your file.

10. Dealing Anonymously or Using a Pseudonym

Where lawful and practicable, you may interact with us anonymously or using a pseudonym. However, full identification is typically required to ensure safe and effective medical care.

11. Cookies, Analytics and Website Data

Our website uses cookies to:

Improve your browsing experience
Understand website traffic via tools like Google Analytics

This data is de-identified and used only to enhance functionality and service delivery. You may disable cookies in your browser settings.

12. Use of Google APIs and Other Integrations

Our digital forms or check-in tools may use Google Maps APIs or other third-party APIs to verify addresses or enhance location-based services. These integrations may collect limited metadata or anonymised location information.

13. Use of CCTV

CCTV is used in common areas of our clinics (e.g., reception) to:

Enhance patient and staff safety
Prevent unauthorised access or misconduct

Recordings are stored securely and accessed only by authorised personnel. CCTV is not used in clinical consultation areas.

14. Acquisition of Clinics

When TopDoc acquires an existing medical centre, patient records may be transferred to the new TopDoc entity. Patients will be notified in writing, via signage at the clinic, or local newspaper announcement, depending on state regulations.

You may request that your records be transferred to yourself or to an alternate provider. All transferred data will continue to be managed under this Privacy Policy.

15. Complaints

If you have a concern about your privacy or the way your personal information has been handled, please contact:

Privacy Officer – TopDoc Medical Group Pty Ltd
International Tower 3, Level 17/300 Barangaroo Ave, Barangaroo NSW 2000
Email: enquiries@topdoc.au

We aim to respond within 30 days. If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

16. Changes to This Policy

We may amend this Privacy Policy from time to time. The latest version will always be published on our website and available at reception in our clinics.