Privacy Policy

Privacy Policy

Last updated: 12 June, 2026

ABOUT THIS POLICY

This policy explains how O-health collects, uses, stores and discloses your personal and health information, and how you can access it, correct it or make a complaint.

O-health is operated by Cocamba Pty Ltd (ABN 63 112 683 182), trading as O-health.

As a health service provider, we handle your information in line with:

– the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs); and

– the Health Records and Information Privacy Act 2002 (NSW) and the Health Privacy Principles (HPPs).

Your health information is “sensitive information” under these laws. We treat it with the additional care those laws require.

  1. THE INFORMATION WE COLLECT

To provide your care and run our practice, we may collect:

– your name, date of birth, address, email and phone number;

– your health and clinical information, including your reason for attending, symptoms, history, assessment findings, treatment notes and progress;

– your Medicare, DVA or private health fund details, where relevant to claiming;

– your GP or referring practitioner’s details;

– an emergency contact;

– payment information; and

– information about how you use our website (see Section 11).

We collect health information only where it is reasonably necessary for, or directly related to, providing your care.

  1. HOW WE COLLECT IT

Where reasonable and practical, we collect information directly from you: through our forms (including online intake forms), in person, by phone, by email, and through our online booking system.

Sometimes we receive information about you from others, such as your GP, a referring practitioner, a family member or carer, or your health fund. Where we do, we take reasonable steps to make sure you are aware of it.

  1. WHY WE COLLECT AND USE IT

We collect and use your information mainly to provide your care. We also use it for purposes related to your care that you would reasonably expect, including:

– arranging and reminding you of appointments;

– billing, payments and claiming through Medicare, DVA or your health fund;

– communicating with your GP or other practitioners involved in your care;

– managing and improving the quality and safety of our services; and

– meeting our legal and professional obligations.

We will use your information for direct marketing only as described in Section 10.

  1. WHEN WE DISCLOSE IT

We may disclose your information to:

– other practitioners within O-health who are involved in your care;

– your GP, referrer or other treating practitioners, where relevant to your care;

– Medicare, DVA or your health fund, for claiming;

– service providers who help us run our practice (such as our software, payment and communications providers), under arrangements that require them to protect your information; and

– others where you consent, or where we are required or authorised by law.

  1. WHERE YOUR INFORMATION IS STORED, AND OVERSEAS DISCLOSURE

Your clinical records and appointment bookings are held in Australia. Our practice-management and online booking system stores Australian users’ data on Australian servers, and our main payment methods (Tyro and HICAPS) process payments in Australia.

Some of the service providers that support our operations store or process information outside Australia, including in the United States. These include our email marketing provider (Mailchimp) and the providers of our website analytics and advertising (including Google and Meta). On the occasions we use a backup card-payment provider (Square or Stripe), payment information may also be processed overseas.

Where we disclose information to a provider outside Australia, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles.

  1. SENSITIVE AND HEALTH INFORMATION

Because your health information is sensitive, we use and disclose it only:

– for the purpose for which it was collected (your care);

– for a directly related purpose you would reasonably expect;

– with your consent; or

– where we are required or authorised by law.

  1. KEEPING YOUR INFORMATION SECURE

We take reasonable steps to protect your information from misuse, loss, and unauthorised access, modification or disclosure. This includes secure systems, encryption of data in storage and in transit, access controls, and obligations on our team to keep your information confidential.

  1. DATA BREACHES

If we have reasonable grounds to believe a data breach is likely to result in serious harm, we will assess it and, where the Notifiable Data Breaches scheme requires, notify you and the Office of the Australian Information Commissioner.

  1. HOW LONG WE KEEP IT

We keep your records for as long as the law requires and as needed to provide your care.

– For adults, we keep clinical records for at least 7 years from your last appointment.

– For patients seen as a child, we keep records until they turn 25.

When information is no longer needed, we take reasonable steps to securely destroy it or permanently de-identify it.

  1. DIRECT MARKETING

We may send you information about our services, for example by email through Mailchimp, where you have consented or would reasonably expect it. Every marketing message includes a simple way to unsubscribe, and you can opt out at any time by contacting us. We do not use or disclose your health information for marketing without your consent.

  1. OUR WEBSITE, COOKIES AND ANALYTICS

When you use our website, we may collect information through cookies and similar tools, including through Google Analytics and the Meta pixel, to understand how the site is used and to support our advertising. You can control or disable cookies through your browser settings, though some parts of the site may not work as well if you do.

  1. ACCESSING AND CORRECTING YOUR INFORMATION

You can ask to see the information we hold about you, and to have it corrected if it is wrong or out of date. Please contact us in writing. We do not charge a fee for an access request, but we may charge a reasonable fee for providing copies. We may ask you to confirm your identity first. In limited cases the law allows us to decline access, and if that happens we will explain why.

Please tell us if your details change so we can keep your records accurate.

  1. COMPLAINTS

If you are concerned about how we have handled your information, please contact us first (see Section 14). We will acknowledge your complaint, look into it, and respond to you within a reasonable time.

If you are not satisfied with our response, you can contact:

– the Office of the Australian Information Commissioner (OAIC), at oaic.gov.au or 1300 363 992; or

– the Information and Privacy Commission NSW (IPC), at ipc.nsw.gov.au or 1800 472 679.

 

  1. CONTACT US

O-health

Email: info@o-health.com.au

Phone: 02 6021 2777

Cocamba Pty Ltd, ABN 63 112 683 182

 

  1. CHANGES TO THIS POLICY

We may update this policy from time to time. We will post the current version on our website with a new “last updated” date. Please review it from time to time.