About this policy
This short-form Privacy Policy explains how Walhallow Aboriginal Corporation (WalHealth) handles personal and health information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Who we are
WalHealth provides primary health care and community programs. This policy applies to our clinics, outreach, telehealth, websites and events, and to clients, carers, families, job applicants, contractors and volunteers.
The kinds of information we collect
We may collect your name and contact details, date of birth, emergency contact, Medicare/DVA details, health and clinical information (history, medications, allergies, test results, referrals, care plans), service and program records, billing and claims information, feedback/complaints, CCTV (where signposted), and website/analytics data (e.g., device, IP address, pages viewed).
How we collect information
We usually collect information directly from you or your authorised representative. We may also collect from your other health providers, hospitals, pathology/imaging services, and government agencies (e.g., Services Australia/Medicare), or from community partners and referral sources where lawful and relevant.
Why we collect and use information
We use your information to deliver safe, high‑quality care; coordinate with other health providers at your direction; manage bookings, billing and Medicare/PBS claims; improve our services (quality, safety, training and reporting); run events and programs; respond to feedback and complaints; and comply with laws (e.g., public health reporting, subpoenas, court orders).
When we share information
We may share information with your other health providers, service partners and funders, and with our trusted IT and support vendors who help us operate our services. We also disclose where required or authorised by law. We do not sell personal information.
Community information and cultural safety
We treat cultural and community information as sensitive and handle it with additional safeguards. Aboriginal and Torres Strait Islander peoples are advised our materials may include names, images and voices of people who have passed away.
My Health Record and telehealth
We only access or upload to My Health Record with appropriate consent and authorisation. Telehealth consultations are not recorded unless required by law or expressly agreed.
Government identifiers
We do not adopt or use government‑related identifiers (e.g., Medicare number) as our own, except as permitted by law (for identity verification and claims).
Your choices
Where lawful and practicable, you may interact with us anonymously or using a pseudonym (for example, general enquiries). If you choose not to provide certain information, we may not be able to provide some services.
Direct marketing
We may send health promotion or program updates that could help you. You can opt out at any time using the instructions in our messages or by contacting us.
Access and correction
You can request access to, or correction of, your personal information. We’ll respond within a reasonable time. We may need to verify your identity and, in limited cases allowed by law, we may refuse access and explain why. A reasonable fee may apply for large retrievals or copies.
Website, cookies and analytics
Our website and providers may log device information, IP address, pages viewed and timestamps. We use cookies and analytics to improve security and performance. You can manage cookies in your browser or via our banner. Links to other sites are provided for convenience; their privacy practices are their own.
Storage, security and retention
We take reasonable steps to protect information from misuse, interference, loss and unauthorised access, modification or disclosure (including role‑based access, secure systems, up‑to‑date security software, and physical safeguards). We keep records for the periods required by law and then securely destroy or de‑identify them. If a notifiable data breach occurs, we will assess and notify affected individuals and the OAIC as required.
Overseas services
Some trusted service providers (e.g., cloud hosting, email, analytics, telehealth) may operate outside Australia. Where we disclose information overseas, we take reasonable steps to ensure similar protections to the Australian Privacy Principles.
Children and young people
We seek consent from a parent, guardian or another authorised person where required. Where appropriate and lawful, a mature minor may consent to their own care and information handling.
Complaints and questions
If you have a privacy question or wish to make a complaint, please contact us first. We will respond as soon as reasonably practicable. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).
Contact us
For all enquiries about this policy, please visit our Contact page.
Changes to this policy
We may update this policy from time to time. The latest version will be published on this page and takes effect when posted.