Privacy Policy

Goldfields Women’s Health Care Centre 
15 Dugan St, Kalgoorlie WA 6430
Effective 25 January 2026

1. Introduction Goldfields Womens Health Care Centre (“we”, “us”, “our”) provides counselling, general practice (GP) services, NDIS support coordination, and membership services. We are committed to protecting your privacy and managing personal information in an open and transparent way, as required by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, store, use, and disclose your information, and what rights you have.

2. What Personal Information We Collect
2.1 Personal Information

Name, date of birth, gender, address, phone, email
Emergency contact details
Membership details
Communication preferences

2.2 Health Information
Collected when delivering counselling services:

Medical and mental health history
Assessment information, progress notes, treatment plans
Diagnoses, medications, allergies, risk assessments
Healthcare identifiers (e.g., Medicare, IHI)

2.3 NDIS Information
Collected when providing NDIS Support Coordination services:

NDIS plan summaries
Goals and service needs
Reports, correspondence with providers
Participant supplied documents

2.4 Administrative Information

Appointment bookings
Program participation
Billing, Medicare, and private health fund details

2.5 Website & Forms

Information submitted through online forms
Non-identifying analytics
We only collect what is reasonably necessary for our functions.

3. How We Collect Personal Information
We collect personal information:

Directly from you (in person, online, via phone or forms)
From authorised representatives
From treating practitioners or referrers
From NDIS providers or the NDIA where authorised
Through our practice systems:
- Cliniko for bookings, counselling notes, and practice management [help.cliniko.com]
- Sonic Clinical Services for NDIS participant bookings and notes [scs.com.au]

4. Why We Collect, Use and Disclose Personal Information
4.1 Primary Purposes We use information to:

Provide counselling, GP services, and NDIS support coordination
Understand your healthcare or support needs
Coordinate care with treating providers (with consent or where permitted)
Manage appointments, recalls, and communications
Assist with Medicare/private health claims
Maintain clinical quality and safety
Meet legal, regulatory, reporting, and incident management obligations

4.2 Secondary Purposes (where permitted)

Training and supervision
Accreditation and quality improvement
Research or evaluation (only under APP exceptions or consent)

We do not use your information for targeted advertising or custom audience marketing.

5. Independent Contractors Operating at Our Centre
Some clinicians consulting at our premises operate independently and maintain their own clinical records. This includes: GPs Well Women’s Clinic (Plaza Medical), Physio Clinic (Goldfields Physio), and Legal (Women’s Legal Service WA).

We do not access their clinical systems.
We only manage the booking information for appointments made through us.
To access or correct records created by a contractor, you must contact them directly.

6. De-Identified Information for Funding and Reporting We may use de-identified information (information that cannot reasonably identify you) for:

Reporting outcomes to grant funders
Meeting funding or program obligations
Service evaluation, quality improvement, and planning

This information does not include your name, contact details, clinical information, or any identifiable data.

7. Who We Share Your Personal Information With
We may disclose your information to:

Treating doctors, allied health workers, and referrers
Pathology and diagnostic providers
NDIS providers and the NDIA where authorised
Our IT, administrative, and communication providers bound by confidentiality

We will only share information:

with your consent,
where required or authorised by law, or
where necessary to reduce a serious threat to life, health, or safety.

8. Cross Border Disclosure
We do not store personal information overseas. 
Our systems and backups are hosted within Australia.

9. Security and Storage
We take reasonable technical and organisational measures to protect your information, including:

Encrypted storage and secure transmission
Role-based access controls
Multi-factor authentication
Staff privacy training
Secure physical storage
Monitoring and audit logs
Regular security reviews

Our key system, Cliniko, uses encrypted data, secure hosting, and daily backups. [cliniko.com] 
Records are retained per legal requirements and securely destroyed when no longer required.

10. Access to and Correction of Your Information
You may request:

Access to your information
Correction of inaccurate, outdated, or incomplete information

We will respond within a reasonable time and explain any lawful limitations.

11. Data Breaches
If a data breach occurs that is likely to cause serious harm, we will:

Contain the breach
Assess the risk
Notify affected individuals
Notify the Office of the Australian Information Commissioner (OAIC)

12. Automated Decision Making (ADM)
We do not use substantially automated decision making that significantly affects individuals’ rights or access to services.

13. My Health Record We do not connect to or upload information to the My Health Record system.
14. Making a Privacy Complaint
If you have a concern or complaint about your privacy:

Contact our Chief Executive Officer at: Brooke Jennings, ceo@gwhcc.org.au, 15 Dugan St Kalgoorlie
If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

15. Updates to This Policy
We may update this policy to reflect changes in our practices or legal requirements. 
The most current version will always be available on our website and upon request.