Agency Health – Privacy Policy

Agency Health – Privacy Policy

About Agency Health and this Privacy Policy

Agency Health Labs Pty Ltd (ABN 84 686 846 604) (Agency Health, we, us or our) is committed to protecting the privacy and confidentiality of your personal information.

We provide preventative health services through our online platform (Platform). Users of our services (Users) can engage with our Australian medical staff and access pathology tests to help identify and manage health risks before disease onset.

This privacy policy (this Policy) specifically relates to our handling of your identifying personal information which we may collect as part of your use of the Platform and when we provide services to you. 

This Policy explains how we will collect, use, disclose, store, and protect your personal information. This Policy also describes the way in which you may access or correct the personal information we hold about you, and how to contact us if you have any complaints in relation to your privacy.

We will handle your personal information in accordance with applicable privacy and health records laws, including the Privacy Act 1988 (Cth) (the Privacy Act) and its Australian Privacy Principles (APPs), and the Health Records Act 2001 (Vic) and its Health Privacy Principles (HPPs).

What is ‘personal information’?

This Policy applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.

Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history, and health services you receive).  Sensitive information also includes information about racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, and sexual orientation or practices.

Why do we collect your personal information?

We collect personal information from you so that we can provide our services to you, or where this is otherwise necessary for our functions or activities. 

If you are a User we may collect your personal information:

  • to provide you with health services and any other services we provide;

  • to allow you to access and engage with the Platform;

  • to provide you with information regarding our services; 

  • to obtain any necessary consents from you to engage in the above services and activities;

  • to arrange payments (if applicable); and

  • to enable us to respond to any queries or complaints you may have.  

If you are a person other than a User, such as a service provider, contractor or other third party we engage with, we will collect your personal information to the extent necessary for our functions or activities, and to work, transact or engage with you.  

You are not required to disclose your personal information to us.  However, if you do not provide the information requested, you may not be able to receive our services or engage with us effectively.

What types of personal information do we collect?

We may collect the following personal information from Users, to the extent this is necessary for the services and activities we provide:

  • your name, address, date of birth, email and contact details;

  • your Medicare number, and other relevant government identifiers;

  • your health and medical history, medications, lifestyle history, family history and genetic information and ethnic background;

  • your health goals; and

  • your payment and billing details.

We collect personal information from persons other than Users, such as service providers, contractors and third parties we engage with, to enable us to work, transact or engage with them.  This will include contact details and other relevant personal information of such individuals which they provide or which we request and collect from them. 

How do we collect your personal information?

We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.

We will only collect your personal information where you have consented, or otherwise in accordance with the law.

If you are a User, we will generally collect your personal information directly from you. This might by when you access the Platform and provide responses to our registration and onboarding questionnaires or other forms, other email/electronic communication, and may be collected during your interactions with our medical staff which may be online or over the phone.

We may occasionally need to collect personal information about you from a third party. This may include, but is not limited to, collection from the following third parties:  family members or other persons you have authorised to provide your information to us, pathology laboratories (such as when they provide us with your pathology test results), other health service providers that are part of your treating team, and Medicare. We will only do this with your consent, or where it is not practical to obtain this information from you and this is otherwise permitted by the privacy laws.  

If you are person other than a User, such as service providers, contractors and third parties we engage with, we will generally collect your personal information directly from you, and we may collect your personal information from third parties. For example, if you are a service provider we may collect information from your referees.

When we collect your personal information, we will as soon as is practicable take reasonable steps to notify you of the details of the collection (including notifying you through this Policy), such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this Policy contains details on how you may access or correct your information, or raise any complaints.  

How do we use your personal information?

How we use your personal information will depend on why you are dealing or engaging with us and in what capacity.

We will generally only use your personal information for the main purposes for which you have provided it to us. 

If you are a User, we generally use your personal information for the following main purposes: 

  • to provide our services to you and communicate with you in relation to those services;

  • to allow you to access and engage with the Platform; 

  • to help us manage our accounts and administrative services, related to the services being provided to you;

  • to obtain, analyse and discuss test results from pathology laboratories; or

  • to request your participation in a quality improvement activity, clinical trial or research.

  • To send you our newsletter, or other information or marketing about our Services that you think may be of interest to you.

  • To reply to your questions, inquiries, or customer service requests or to send you notices, updates, security alerts, or support and administrative messages.

  • To provide you with information about the Services that you request from us or which we feel may interest you.

  • To monitor and analyze trends, usage and activities in connection with our Services and to improve the Services.

  • To facilitate contests, sweepstakes and promotions, and to process entries and provide prizes and rewards.

  • To detect, investigate and prevent fraudulent transactions and other illegal activities on the Services and to protect the rights and property of us and our customers.

  • To carry out our obligations arising from any contracts entered into between you and us, including for billing and collection.

If you are a person other than a User, such as service providers, contractors and third parties we engage with, we may use your personal information to manage our relationship with you.

We may also use your personal information where we are otherwise required or authorised by law to do so, which may include the following:

  • where we use your information for purposes which are directly related to the main purpose for which we collected it, in circumstances where you would reasonably expect us to use your information for these purposes; or

  • for funding, management, planning, monitoring improvement or evaluation of our services, or the training of staff, where we take all reasonable steps to de-identify that information; or

  • where it is unreasonable or impracticable to obtain your consent and the use is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

Do we disclose your personal information to others?

We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.

We will generally only disclose your personal information to other persons for the main purposes for which you have provided it to us, which if you are a User will usually be for the purposes of you receiving services from us. 

In particular, if you are a User, we may disclose your personal information to: 

  • pathology laboratories and other health service providers that are part of your treating team; or

  • Medicare, 

  • With vendors, consultants, and other service providers who process your personal information on our behalf when they provide services to us, for example data analytics, research, marketing and financial services.

  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.

where this is necessary for your ongoing care and support. Please tell us if you do not wish for your personal information to be disclosed to a particular health professional or organisation.

If you are a person other than a User, such as service providers, contractors and third parties we engage with, we may disclose your personal information to manage our relationship with you.

We will otherwise only disclose your personal information to other persons:

  • for other purposes for which you have provided consent. For example, if you are a User who requires ongoing clinical care, we may seek your consent to refer you to an appropriate health professional for that care;

  • for purposes which are directly related to these main purposes for which the information was collected, in circumstances where you would reasonably expect us to disclose your information for these purposes;  or

  • where we are otherwise required or authorised by law to do so, for example:

    • where disclosure is necessary under law, such as where we need to comply with a subpoena or Court order; or

    • where it is unreasonable or impracticable to obtain your consent and we reasonably believe disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

Automated decision making and use of artificial intelligence (AI)

To further ensure we provide high quality services to Users, we use artificial intelligence (AI) tools to assist in the processing of information. However, we do not share any of your identifying personal information with the AI tools we use.  Specifically, we share de-identified information collected from Users with our AI tools to produce a draft clinical reasoning for pathology test referrals, and to produce a draft results summary from Users’ de-identified pathology test results.

These AI-generated drafts are provided to our medical staff, who independently review the outputs and make all clinical decisions. We do not make decisions which could reasonably be expected to significantly affect the rights or interests of Users or other individuals solely by means of automated decision making or the use of AI, and all AI use is subject to human oversight and clinical judgement.

The AI tools we use are aimed at assisting our medical staff by improving the quality and relevance of clinical information available to them to make clinical decisions. 

Will we transfer your personal information interstate or overseas?

We comply with the requirements of the APPs and HPPs when disclosing personal information interstate or overseas.

It may be necessary to disclose your personal information to persons or organisations interstate or overseas to provide you with ongoing care (for example, where a referral is made by our medical staff to a health professional located interstate or overseas). 

We will only disclose your personal information interstate or overseas if we would be lawfully permitted to disclose it to a recipient in Australia, and:

  • we have taken reasonable steps to ensure that the interstate or overseas recipient of your personal information does not breach the APPs or HPPs; or

  • the interstate or overseas recipient is subject to a law, binding scheme or binding contract that provides substantially similar protection to the APPs and HPPs which you can access and enforce; or 

  • the disclosure interstate or overseas is otherwise required or authorised by law.

How do we store and secure your personal information?

The security of your personal information is important to us. We take reasonable steps to protect your information from misuse, interference and loss, and from unauthorised access, modification or disclosure. 

These steps include technical and cybersecurity measures to protect our information technology systems and networks, organisational measures including strict authorisation and password requirements for Users and our staff to access our systems (where access to personal information is restricted on a ‘need to know’ basis), and requiring our staff to maintain the privacy of personal information in accordance with this Policy.

We keep your personal information for the time periods required by law. When your personal information is no longer required (and in the case of your health information, the information has been retained for the required periods under the HPPs or otherwise under law) we will take steps to securely destroy the information or to ensure that the information is permanently de-identified.

How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information we hold about you. 

You may request access to the personal information that we hold about you, using our contact details set out below. In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.

If you believe that the personal information we hold about you requires correction (for example, because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected using our contact details set out below.

If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

Website privacy

We may collect your personal information through your interactions with us via our website. 

We will deal with any personal information collected via our website in accordance with this Policy and the law. 

We also collect data through our use of ‘cookies’ and other internet technologies. 

Cookies are small data files which are stored on your device’s browser. Cookies are stored in order for your internet browser to navigate a website. Cookies will not identify you, but they do identify your internet service provider and browser type. 

We will not use cookies to collect your identifying personal information. The cookies may collect statistical information about your visit to our website (such as the pages you visit on the website) in order to remember your preferences and allow you to navigate the website more easily.

The default setting of most internet browsers is to accept cookies automatically, but you can choose whether to allow cookies through your browser settings. 

If we provide links through our website to third-party websites, or other third party applications, we are not responsible for the content provided, privacy policy and practices of such third-parties.  You should familiarise yourself with the privacy policies of any such third parties.

Data breaches

We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act.  The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.

An ‘eligible data breach’ occurs when:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and

  • this is likely to result in serious harm to one or more individuals; and

  • the organisation has not been able to prevent the likely risk of serious harm with remedial action.

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act. 

Privacy related questions and complaints

We respect your privacy and we take all complaints regarding privacy very seriously. 

If you have any questions about privacy-related issues, or wish to complain about a breach of your privacy or the handling of your personal information by us, you may lodge your question or complaint in writing to us using the contact details below.  We will respond to you as soon as possible, but no later than 30 days from receipt of your question or complaint.

If you are not satisfied with our response, or if you do not wish to raise a question or complaint with us directly, you may wish to contact: 

  • the Office of the Australian Information Commissioner. See www.oaic.gov.au; or

  • the Victorian Health Complaints Commissioner.  See www.hcc.vic.gov.au.

Our contact details

If you would like to contact us regarding any privacy matters, including where:

  • you would like to request access to or correction of your personal information; or

  • you have a complaint or concern regarding your privacy,

please contact us using the following details:

Agency Health

P.O. BOX 5041 North Kew Vic AU 3101

early.access@agencyhealth.com.au

Updates to this Policy

We may update this Policy from time to time. We will notify you about any changes to this Policy through our website, and we will make the most current version of the Policy available to you when you receive services from us, or on your request. 

Last updated: July 26th, 2025

3464-3868-3707, v. 1