1. Introduction

NUYU Clinic Pty Ltd (ABN 356 920 279 37, ACN 692 027 937), trading as Pepti Clinic ("we", "us", "our"), is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This privacy policy explains how your personal information (including your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

As a telehealth health service provider, we understand the sensitivity of health information and take our privacy obligations seriously.

2. Your Consent

When you register as a patient of Pepti Clinic, you provide consent for our medical practitioners and staff to access and use your personal information so they can provide you with the best possible healthcare.

You may withdraw your consent at any time by contacting us, however this may affect our ability to provide services to you.

3. Why We Collect, Use, Hold and Share Your Personal Information

Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as:

• Facilitating telehealth consultations with medical practitioners
• Assessing your eligibility for our services
• Processing and fulfilling your orders
• Arranging prescription dispensing through partner pharmacies
• Financial claims and payment processing
• Practice audits and accreditation
• Business processes including staff training
• Maintaining medical records as required by law
• Complying with legal and regulatory obligations

4. What Personal Information Do We Collect?

4.1 Personal Information

The information we will collect about you includes:

• Identity information: Full name, date of birth, gender
• Contact information: Email address, phone number, residential address, delivery address
• Account information: Username, password (encrypted), account preferences
• Medicare number: For identification and claiming purposes (where available)
• Healthcare identifiers: Individual Healthcare Identifier (IHI) where applicable
• Health fund details: Private health insurance information where relevant
• Transaction information: Order history, payment records, delivery details
• Communication records: Correspondence with our support team, feedback, enquiries

4.2 Sensitive Information (Health Information)

As a telehealth wellness provider, we collect sensitive health information including:

• Medical history: Current and past health conditions, medications, allergies, adverse events, immunisations
• Health questionnaire responses: Information provided during eligibility assessments
• Social and family history: Relevant lifestyle factors and family medical history
• Consultation records: Notes from consultations with medical practitioners
• Prescription information: Medications prescribed, dosages, treatment plans
• Treatment outcomes: Follow-up information and progress notes

4.3 Technical Information

When you visit our website, we automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on site
• Referral source and search terms

5. Dealing with Us Anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so, or unless we are required or authorised by law to only deal with identified individuals.

Please note: For clinical services including telehealth consultations and prescription services, it is not practicable for us to deal with you anonymously. We are required to verify your identity to provide safe and appropriate healthcare, to comply with prescribing regulations, and to maintain accurate medical records.

For general enquiries about our services, you may contact us without identifying yourself.

6. How Do We Collect Your Personal Information?

We may collect your personal information in several different ways:

1. Directly from you: When you create an account, complete our registration and health questionnaires, place orders, book consultations, or contact us via email, phone, or our website.

2. During healthcare services: During the course of providing medical services, we may collect further personal information from you.

3. From other healthcare providers: With your consent, we may collect information from other involved healthcare providers such as your GP, specialists, allied health professionals, hospitals, pathology services, or diagnostic imaging services.

4. From third parties: Partner pharmacies, Medicare, the Department of Veterans' Affairs, or your health fund (as necessary).

5. Automatically: Through cookies and similar technologies when you use our website.

7. When, Why and With Whom Do We Share Your Personal Information?

We sometimes share your personal information:

We may also disclose your information when:

• It is required or authorised by law (e.g., court subpoenas, mandatory disease notifications)
• It is necessary to lessen or prevent a serious threat to your life, health or safety, or public health or safety
• To assist in locating a missing person
• To establish, exercise or defend a legal claim
• For confidential dispute resolution processes
• There is a statutory requirement to share certain information (e.g., some diseases require mandatory notification to health authorities)

Other than in the course of providing healthcare services or as otherwise described in this policy, we will not share your personal information with any third party without your consent.

We do not sell your personal information to third parties.

8. Overseas Disclosure

All personal and health information is stored on servers located within Australia.

9. My Health Record

Pepti Clinic does not currently upload information to the My Health Record system. If this changes in the future, we will update this policy and notify you accordingly.

If you have a My Health Record and wish for information from your consultations with us to be shared with your other healthcare providers through that system, please discuss this with your treating practitioner.

10. Direct Marketing

We will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at [email protected]

Opting out of marketing does not affect transactional communications such as order confirmations, appointment reminders, or important service updates.

11. Use of De-identified Data

We may use your personal information to improve the quality of services we offer through research and analysis of our patient data.

We may provide de-identified data (where you cannot be identified) to other organisations to improve population health outcomes. When we do this:

• The information is secure and patients cannot be identified
• The information is stored within Australia
• The data is used only for legitimate research and public health purposes

You can let us know if you do not want your information included in de-identified datasets by contacting us at [email protected].

12. How Do We Store and Protect Your Personal Information?

Your personal information is stored securely in electronic format in protected information systems.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Encryption of data in transit using SSL/TLS technology
• Secure storage of data behind firewalls
• Password protection and access controls limiting who can view sensitive information
• Regular security assessments and updates
• Confidentiality agreements for staff and contractors
• Staff training on privacy and data protection obligations

We do not store complete credit card details. Payment information is transmitted directly to our payment processor via encrypted connection.

13. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Medical records: We are required to retain medical records for a minimum of 7 years from the date of last contact (or until age 25 for patients who were minors at the time of treatment), in accordance with Australian health records legislation.

Transaction records: Retained for 7 years for taxation and accounting purposes.

You may request deletion of your personal information (subject to our legal retention obligations) by contacting us.

14. How Can You Access and Correct Your Personal Information?

You have the right to request access to, and correction of, your personal information.

14.1 Accessing Your Information

To request access to your medical records or other personal information held by us:

• Put your request in writing by emailing [email protected]
• Include proof of your identity
• Specify what information you are requesting

We will respond to your request within 30 days. In some circumstances, we may need to extend this timeframe, and we will notify you if this is the case.

Fees: There is no charge for making a request. However, we may charge a reasonable fee for the administrative costs of compiling and providing the information. We will advise you of any fees before proceeding.

14.2 Correcting Your Information

We will take reasonable steps to correct your personal information where it is not accurate or up to date. From time to time, we may ask you to verify that your personal information is correct and current.

You may request correction of your information by emailing [email protected] with details of what needs to be corrected.

15. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and login status
• Analyse website traffic and usage patterns
• Improve website functionality and user experience
• Deliver relevant content

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

16. How Can You Lodge a Privacy-Related Complaint?

We take complaints and concerns regarding privacy seriously.

To lodge a complaint:

• Put your concerns in writing to [email protected]
• Include your contact details and a description of your complaint
• We will acknowledge your complaint within 5 business days

We will investigate and aim to resolve your complaint within 30 days. If we need more time, we will let you know.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

Generally, the OAIC will require you to give us time to respond before they will investigate.

17. Policy Review

This privacy policy will be reviewed regularly to ensure it remains in accordance with any changes to our practices or legal requirements.

When we make significant changes, we will notify you by email or through a notice on our website. We encourage you to review this policy periodically.

The current version of this policy is always available on our website at www.pepticlinic.com.au/privacy-policy

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Officer
Pepti Clinic (NUYU Clinic Pty Ltd)
Email: [email protected]
General enquiries: [email protected]
Website: www.pepticlinic.com.au