Our privacy obligations

CaptureCare Pty Ltd ABN  90 647 696 517 (“CaptureCare” or “We”) is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).  The APPs regulate how personal information is handled by CaptureCare.  

‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.  CaptureCare’s Privacy Policy applies to personal information collected and/or held by CaptureCare. 

Additionally, as a health service provider or organisation operating in Victoria that collects, holds or uses health information, CaptureCare is also governed by the Health Records Act 2001 (VIC).

This document explains how and why we collect, use, hold and disclose your personal information and is referred to as our Privacy Policy.

The types of personal information we collect and hold

We collect personal information about clients, doctors, and patients, as part of our routine activities.  We also collect personal information about our staff, contractors and suppliers, as well as the contact details of individuals who work for contractors and suppliers, and other types of professional associates and personal contacts.

How we collect personal information

Information that you specifically give us

We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us.  This might happen over the telephone, through our website, by filling in a paper form, or meeting with us face-to-face.  We will give you a Collection Notice at the time, to explain how we will use the personal information we are asking for.  The notice may be written or verbal.  

You might also provide your personal information to us, without us directly asking for it, for example if you engage with us on social media.

Information that we collect from others

If you apply for a job or contract with us, we will collect personal information about you from your referees.  With your consent we may also use a third-party service to ensure your employment, educational and identity records are valid including by contacting the Australian Health Practitioner Regulation Agency (AHPRA).  We may also check some details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases. 

Information that we generate ourselves

We maintain records of the interactions we have with you, including the products and services we have provided to you, education that has been provided for you and complaints that have been made. We collect limited information about users of our websites, for diagnostic and analytic purposes.  

Cookies’, Automated technologies or interactions

We use cookies, web analytics tools and similar tracking technologies to track the activity on our website, for better customisation and marketing purposes. Cookies are digital identifiers that are stored on your computer. We may collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and third-party websites as well as accessing cookies stored on your computer that were created by third parties. It is possible that you may be either directly or indirectly identifiable from this information. You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.

The types of personal information we collect

The types of personal information we collect about you will depend upon the interactions you have with us.  You may provide us with basic information such as your name, date of birth, phone number, postal address and email address.  

If you are receiving services as a telehealth patient or participating in our Remote Monitoring Program, we may collect additional details about your healthcare including but not limited to your health condition, health and fitness metrics, and reason for referral, diagnosis, reason for prescription, symptoms, side effects and personal experience, either directly from you or from your doctor.

Links to other sites

On our website, we may provide links to third party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.

How we use personal information 

We may use your personal information for the following purposes:

  • to provide the education, care and support you have requested
  • to answer your enquiry about our services, or to respond to a complaint
  • to manage our employment or business relationship with you
  • to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
  • to comply with legal, contractual and regulatory obligations 
  • if otherwise permitted or required by law, or
  • for other purposes with your consent obtained through the provision of a Collection Notice or verbally, unless you withdraw your consent.

If you are a patient participating in a telehealth program, we may also use your personal information:

  • for the purposes of complying with our contractual obligations to pass de-identified health data to our business partners; 
  • to contact emergency services in the event of an imminent threat to your health or safety;
  • to provide your doctor with a report containing information about you, or any other nominated doctor in the same clinic; and
  • for the purposes of analysing trends, conducting research and publication of such findings at health care professional education symposiums.  In these circumstances we will de-identify your personal information so that it will not identify you individually.  

We will keep personal information about you, to use for the above purposes, for seven years as per the Health Records Regulations 2002

When we disclose personal information 

Our third-party service providers

The personal information of doctors, patients, clients, staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third-party service providers.  Our third-party service providers are bound by contract to only use your personal information on our behalf, under our instructions.

Our third-party service providers include Cliniko. You can obtain further information about the privacy policies of these providers here:

Cliniko Privacy Policy: https://www.cliniko.com/policies/privacy/

Other disclosures and transfers

We may also disclose your personal information to third parties for the following purposes:

  • if necessary to provide the service or product you have requested;
  • if otherwise permitted or required by law; or
  • for other purposes with your consent.

Third party devices and services

As part of our service, we may provide or integrate with third-party devices, such as wearable technologies by Apple Watch, Garmin Watch or Oura Ring and their associated technology platforms. These devices, related apps and technology platforms have their own terms, privacy settings and privacy policies. We do not control how these third parties collect, use, or share your personal information. We encourage you to review any applicable third-party privacy policies for more information about how your data is handled when using such devices and associated technology platforms.

Overseas transfers of Personal Information

We may store, process or back up your personal information on servers that are located overseas. Information collected or processed through Salesforce may be stored in USA.  If we are required to provide personal information to third parties overseas, we will take such steps that are reasonable to ensure that your information is handled and stored in accordance with the APPs.

Important Notice: By submitting your personal information to us, you expressly consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside of Australia do not always have the same privacy protection obligations as Australia in relation to personal information. 

You consent to us providing your personal information to recipients outside of Australia even though that recipient is not bound by the Privacy Act, will not be accountable to you or to us for breaches of the Privacy Act and you will not have the redress options available to you under the Privacy Act. 

If you do not agree to the transfer of your personal information outside of Australia, please either do not provide us with your personal information or contact us via the details set out at the end of this document.

Security of your personal information 

We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure. We will take reasonable steps to ensure personal information is stored securely not kept longer than necessary and disposed of appropriately.  We use encryption technology to ensure the secure transmission of emails.

Doxxing

Doxxing refers to the publication or disclosure of an individual’s personal information without consent with the intent or effect of causing harm, harassment, intimidation or distress. We will not knowingly collect, publish or facilitate the publication of personal information in a way that could lead to harm or harassment.

In addition, we strictly prohibit any use of CaptureCare to dox, expose or maliciously share another participant’s information. This includes sharing private or identifying information without consent, encouraging others to target a person based on shared data or uploading or linking to content designed to expose someone’s identity against their will.

We will take all reasonable steps to remove or restrict access to any personal information that is disclosed in breach of this Privacy Policy or the Privacy Act. If you believe your personal information has been doxxed or misused in connection with our services, please contact our Privacy Officer on the details below. We may also report serious doxxing incidents to the Office of the Australian Information Commissioner (OAIC) and law enforcement as appropriate.  

Accessing or correcting your personal information 

You have the right to request access to the personal information that we hold about you.  Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period and without unreasonable expense.

You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up to date.  Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period.  We do not charge for making corrections.

To seek access to, or correction of, your personal information, please contact our Privacy Officer.   To seek to exercise any of those rights, please contact our Privacy Officer.

Updates to this Privacy Policy

We will review this policy regularly and we may update it from time to time. We recommend that you visit our website regularly to keep up to date with any changes.

To contact our Privacy Officer

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows: support@capturecare.com.au

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by email as above.  We will acknowledge your formal complaint within 10 working days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001.

Last Updated: July 2025