Privacy Policy

Our Commitment to Privacy

Our practice is committed to safeguarding the privacy and personal information that we hold, in line with our obligations under the Australian Privacy Principles (APPs) in The Privacy Act 1998 (Cth) (Privacy Act).

This Privacy Policy explains how we at Transform Orthodontic Care (‘TOC’, ‘we’ and ‘us’) handle your personal information, including how we collect, use and disclose your personal information.

This Privacy Policy sets out:

• the type of personal information we collect and hold;
• how and why we collect, store, use and disclose your personal information;
• how you can access and update your personal information held by us; and
• how you can make a complaint if you have any concerns about how we have handled your personal information.

We may change this Privacy Policy from time to time, by publishing changes on our website.

What Personal Information do we collect and why?

We collect personal information in order to provide orthodontic services to our patients and run our business.

In particular, so that we can make thorough clinical assessments of our patients, we may collect and hold the following information:

• our patients’ names and contact details;
• information about personal dental history and family dental history;
• private health care fund and number;
• Medicare number (if required for government-sponsored programs);
• information about medical history that may be relevant to orthodontic care;
• personal information in dental records that may include the Clinical Records Information (see definitions), along with information regarding;
  • drug sensitivities;
  • diagnostic tests;
  • examination history;
  • treatment;
  • advice;
  • referrals; and
  • communications with pathology service providers and other practitioners.

We may also need to collect the following information for administrative purposes, including to arrange payment of accounts:

• contact details and billing address;
• credit card and/or banking details;
• forms and agreements regarding direct debit arrangements;
• private health fund membership details;
• Medicare number;
• Australian Citizenship Status, and
• DentiCare account records.

How do we collect Personal Information?

Where it is practical to do so, we aim to collect personal information directly from the individual it relates to or from the patient’s parent or guardian. However, there may be circumstances where we need to collect personal information from a third party (such as another health care provider). Also, we may collect personal information indirectly because it is included in a communication with us. Some examples of how we collect personal information include (but are not limited to):

• directly from patients during telephone calls, consultations, online forms or booking system;
• on our patient registration forms;
• from communications from a patient’s referring dentist;
• from reports from specialist service providers (e.g. periodontists); and
• publicly available sources, including social media.

We may also collect your contact details and email address via the enquiry form on our Website in order to respond to your query, and for marketing purposes. However, before this information is collected, we ensure that we have your consent to subscribe to our mailing list.

Our Website uses cookies to allow certain functions to work. A cookie is a small string of information that a website transfers to your computer or device to improve the functionality of the website. You can configure your browser to reject cookies, however this may impact your browsing experience.

When you visit our Website, the following personal information may be collected via our server:

• your IP/server address;
• the date and time of your Website visit;
• pages accessed on our Website;
• documents downloaded from our Website; and
• (where you click through to our Website via a link) details regarding IP/website clicked through from.

To improve the Website user experience, including page loading times, our server collects session cookies only.  These session cookies are destroyed at the end of your browsing session.

How do we use and disclose your Information?

To provide our services

With your prior consent, or otherwise in accordance with the APPs, we may use or disclose your patient information to other practitioners for treatment purposes. We may also use or disclose patient information with insurers or lawyers for the purpose of insurance claims or complaints made by you.

We may also use your personal information to provide you with orthodontic treatment and dental care. This may mean sharing your information, in a confidential manner, with other health service providers who form part of your treating team. For example, if you are referred for treatment to another specialist (such as a Periodontist or an Oral and Maxillofacial Surgeon), we may need to consult with those providers about your treatment.

We may also communicate with your referring dentist to inform them of the outcome of our consultation with you.

In order to administer any claims, we may also need to liaise with your nominated private health fund regarding details of your treatment and your relevant account details.

We may also use personal information for audit or quality assessment purposes, billing and invoicing, and for staff training. In limited circumstances, where we have consent to do so, we may use our patient’s personal information in education sessions for health professionals, other than TOC staff.

We will only use your personal information in accordance with the APPs, and while maintaining patient confidentiality.

To meet our legal obligations

We may also use personal information for the purpose of:

• complying with any applicable laws (for example any obligations we may have under legislation);
• fulfilling our obligations under contracts with you or third parties;
• protecting our rights or the rights of others where necessary, including for fraud or risk management purposes; and
• complying with requests from government authorities and/or enforcement bodies.

We use third party suppliers (Service Providers) to provide us with services to support our business. These Service Providers may perform services on our behalf or assist us to provide services to you.

For example, we may engage Service Providers to provide us with IT services, servers, advertising, payment processing, marketing and marketing analytics services. Our Service Providers may need to access your personal information in connection with providing us with these services. The Service Providers we use may be based in Australia or overseas.

We only disclose your personal information to our Service Providers in accordance with this Privacy Policy and applicable privacy laws.

For marketing

We also use personal information to market and promote our products and services, including to:

• contact you about special offers or promotions we think may be of interest to you; and
• conduct marketing analysis.

To manage patient accounts

To provide services to our patients we require timely payment of patient accounts. Accordingly, to facilitate this, we may use or disclose the personal information of the patient, and any responsible parties for the patient’s account. In particular, it may be necessary, for the purposes of continuing the patient’s treatment and management of the patient’s account, to disclose personal information regarding the patient and/or a responsible party for the patient’s account (including for patient accounts involving split payments) to a third party, including:

• the patient’s parent or guardian;
• DentiCare; and/or
• another responsible party for the patient’s account.

The personal information we disclose in these circumstances may include the payment status of the patient’s account (e.g. whether overdue/in arrears), and information regarding the payment history/status of the patient’s account.

Other purposes

We may use or disclose your personal information for other reasons which we will explain when we collect it, or for reasons that you have consented to us using or disclosing the information. We will only use or disclose your personal information in accordance with the APPs.

Sharing on social media

Please be aware that when you access our pages on social media websites, the Media Service Provider that hosts our social media pages will also collect your personal information and handle it in accordance with its own privacy policy. We recommend reviewing the privacy policy of those websites before interacting with us via social media.

Health Identifiers

The practice will not adopt, use or disclose an identifier assigned by any government agency, except health care identifiers for purposes permitted under law, including the Healthcare Identifiers Act 2010 (Cth).

Security of personal information

We take the security of the personal information that we hold seriously. Our practice team handles personal information sensitively and in accordance with the APPs and this Privacy Policy.

Generally, the personal information we collect is only held electronically, in the electronic file for the patient it relates to. We use specific practice management software to store our electronic information, and this software system employs encryption of the data.

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password-protected software and hardware.

If we no longer need the personal information we hold physical copies of, we take reasonable steps to destroy or de-identify that information.

We take reasonable steps to ensure the security of the personal information that we transfer electronically, including technical and organisational measures where practicable. We manage our IT systems with appropriate processes and systems to ensure data is not lost, and if we store data offsite (e.g. in cloud facilities), we use facilities that comply with the APPs. We will not transfer personal information overseas for any other reason without your consent or otherwise in accordance with the APPs.

Data retention

It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely indefinitely for IT back up and electronic audit trail purposes.

To comply with our legal obligations, and in accordance with best practice guidance from regulatory bodies and professional associations, we retain dental records for the following purposes:

• in the case of health information collected while the individual was an adult – for at least seven years from the last occasion on which a health service was provided to the individual by the health service provider; or
• in the case of health information collected while the individual was under the age of 18 years – at least until the individual has attained the age of 25 years.

We update your personal information and/or your dependant’s personal information when you advise us of a change in details, and personal details and treatment records are verified and updated at every consultation.

Children’s privacy

Subject to law, including the Privacy Act, and in accordance with any relevant regulatory guidance and/or privacy codes, we may share the personal information of a patient who is a child (including treatment and account information) with all parents and guardians of the child.

How to contact us regarding privacy issues

If you wish to raise concerns about the handling of your personal information or that of your dependant, please contact us at 133 TOC (133 862) or by emailing

info@transformorthocare.com.au.

If you are dissatisfied with our response, you may contact the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW, 2001, www.oaic.gov.au.

Last updated

This Privacy Policy was last updated in August 2025.

Definitions