Last updated: [06/01/2026]
Holistica Health Pty Ltd (ACN 673 241 962) (Holistica Health, we, us, our) is committed to protecting your privacy and handling your personal information in an open and transparent way.
This Privacy Policy explains how we collect, use, store and disclose personal information when you:
visit or use our website and telehealth platform at holisticahealth.com.au (Platform),
create an account, book and attend consultations,
communicate with our clinicians and support team, and
use related services and features.
This Privacy Policy is intended to be consistent with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).
Personal information has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.
Sensitive information includes health information and is given a higher level of protection under Australian privacy law.
Health information includes information about your physical or mental health, health services provided, medications, allergies, clinical notes, pathology or imaging results, and any information collected for the purpose of providing healthcare.
We may collect and hold the following types of personal information.
name, date of birth, sex, address
email address, phone number
emergency contact details (where provided)
identity verification information, including Medicare details and or Individual Healthcare Identifier (IHI), where required for patient safety and accurate clinical records
login credentials (stored securely)
appointment history and platform activity
device information and technical data (IP address, browser type, operating system)
cookies and similar tracking technologies
symptoms and medical history
medications, allergies and health questionnaires
consultation notes and clinical outcomes
referrals, pathology and imaging requests and results (where provided)
prescriptions and certificates issued (where clinically appropriate)
payment transaction records and invoices
limited payment identifiers
We do not typically store full credit card details. Payments are processed by third-party payment providers.
messages, emails, call records, and support interactions
feedback, complaints and dispute communications
We may collect personal information directly from you when you:
register for an account, complete intake forms, book appointments, and attend consultations
submit health information, questionnaires, or medical documents
contact our support team
make payments
subscribe to marketing communications (where you opt in)
We may also collect information automatically through your use of the Platform via cookies, logs, and similar technologies.
We may collect personal information from third parties when required or authorised, including:
Medicare or IHI verification processes (where applicable)
your nominated GP or healthcare provider (with your consent)
pathology and imaging providers (where applicable)
third-party service providers that support the Platform
law enforcement or regulators where legally required
We collect, use and disclose personal information to:
deliver consultations and healthcare services
make clinical decisions and maintain clinical records
send relevant clinical documents (prescriptions, referrals, certificates)
coordinate follow-up and continuity of care
manage accounts, bookings, customer support, payments and billing
improve Platform functionality and user experience
monitor performance, security and fraud prevention
comply with legal obligations and professional standards
send appointment reminders and service notifications
respond to enquiries and complaints
request feedback and conduct quality assurance activities
We may send marketing communications where:
you have opted in, or
it is otherwise permitted by law and you would reasonably expect to receive them.
You can opt out at any time. We do not use sensitive health information for marketing without your consent.
We may disclose personal information to:
our treating practitioners involved in your care
your nominated GP or healthcare provider, with your consent
pathology and imaging providers, pharmacies, and allied services, where required for care delivery
technology providers supporting the Platform, including hosting, data storage and security services
booking, telehealth video and communication systems
payment processors
analytics and website performance providers
professional advisors (legal, accounting, insurers) where necessary
We take reasonable steps to ensure our service providers handle personal information securely and in accordance with this Privacy Policy.
We may disclose information when required or authorised by law, including:
responding to lawful requests from law enforcement or government agencies
mandatory reporting obligations
safety-related disclosures where there is a serious threat to life, health or safety
regulatory and professional compliance requirements
6.1 We collect health information primarily for the purpose of providing healthcare services.
6.2 Where required by law, we will obtain your consent before collecting sensitive information. By using the Platform and providing health information for consultation and care, you consent to its collection, use and disclosure as described in this Policy.
6.3 We store clinical records in systems designed to support confidentiality and integrity. Access to clinical records is restricted to authorised personnel and clinicians involved in care delivery, subject to role-based access controls.
7.1 We use cookies and similar technologies to:
operate and maintain the Platform
understand usage patterns and improve services
enhance security and prevent fraud
personalise user experience where applicable
7.2 Some third-party analytics tools may collect information such as IP address, device identifiers, pages visited and time spent. This information is generally used in aggregate form.
7.3 You can manage cookies through your browser settings. Disabling cookies may impact Platform functionality.
8.1 Essential service messages
We may contact you for important service reasons such as appointment reminders, clinical communications, account security, billing and technical issues. You cannot opt out of these essential communications while you maintain an active account.
8.2 Marketing
Where you have opted in, or where permitted by law, we may send you marketing communications. You can opt out at any time via the unsubscribe option or by contacting us.
8.3 We do not use sensitive health information for marketing purposes without your consent.
9.1 Some of our third-party service providers may store, process, or access data outside Australia, including through cloud hosting and support services.
9.2 We take reasonable steps to ensure overseas recipients handle personal information in a way that is consistent with the Australian Privacy Principles, including through contractual commitments and security controls.
9.3 Where we disclose personal information to overseas recipients, you acknowledge that privacy protections may differ depending on the location. Where required by law, we will ensure appropriate safeguards are in place.
10.1 We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
10.2 Security measures may include:
secure hosting and encryption in transit and at rest (where applicable)
access controls, authentication and audit logs
monitoring and security testing
staff confidentiality obligations
10.3 No method of transmission or storage is completely secure. You are responsible for safeguarding your login details and using secure devices and networks.
11.1 We retain personal information only as long as necessary to provide services, meet legal and regulatory obligations, resolve disputes, and enforce agreements.
11.2 Clinical records are retained in accordance with applicable healthcare record retention requirements in Australia.
12.1 You may request access to the personal information we hold about you, subject to exceptions permitted by law.
12.2 You may request correction of inaccurate, incomplete or outdated personal information.
12.3 Requests can be made using the contact details below. We may need to verify your identity before processing your request.
13.1 If you believe we have breached your privacy rights or have concerns about how we handle personal information, please contact us using the details below.
13.2 We will:
acknowledge your complaint within a reasonable timeframe,
investigate it, and
respond with the outcome and any steps we will take.
13.3 If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).
14.1 We may update this Privacy Policy from time to time by publishing the updated version on the Platform.
14.2 Changes take effect from the date published, unless otherwise stated.
Holistica Health Pty Ltd (ACN 673 241 962)
Privacy enquiries and requests can be submitted via the Platform’s Contact page.
