Menu Close

Privacy Policy

This Privacy Policy details how we deal with patient personal information and has been developed in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act). By using this website, you consent to the data practices described in this Privacy Policy.

What kinds of information do we collect?

The types of personal information we collect may include the following:

  • names;
  • contact information including addresses, telephone numbers, fax numbers, email addresses,
  • birth dates,
  • images taken on our premises or at events we are associated with which may identify an individual,
  • medical information; and
  • other personal information.

Use of personal information

We will only use patient personal information for the purposes for which it was given to us, or for purposes which are directly related to the provision of our services.

Personal information may be used by us in a number of ways, including:

  • to assist patients to conveniently and easily access the services that we offer and provide;
  • to be able to improve the services offered to patients;
  • to set up, administer and manage our operations and the provision of our services;
  • to collect payments;
  • to make payments;
  • for internal record keeping;
  • to improve the Practice’s products and services;
  • to respond and communicate to patients if they make a complaint or request a correction;
  • to manage, train and develop our employees and representatives;
  • to communicate and transact with our suppliers;
  • to manage complaints and disputes;
  • to understand patient needs, patient behaviours and how patients interact with us so that we can engage in research and development in connection with our services and business strategy, including managing the delivery of our services and the ways we communicate with patients; and

to meet our legal and regulatory obligations and comply with law enforcement activities.

Disclosure of personal information

In certain circumstances, it may be necessary for us to disclose patient personal information to third parties in order to assist us in providing our services, or where disclosure is required by us to meet our legal and regulatory obligations. Third parties may include:

  • technology support service providers where applicable to the service provided to the patient;
  • DHL, Australia Post and other freight or shipping service providers for the purposes of sending any products;
  • government and law enforcement agencies and regulators; and
  • entities established to help identify illegal activities and prevent fraud where authorised by law.

We may also disclose patient personal information to anyone authorised by the patient, or to whom the patient has provided patient consent (either expressly or impliedly) or where another permitted general situation applies (as defined in Section 16A of the Privacy Act).


A cookie is a small file which asks permission to be placed on patient computers’ hard drives. Once the patient agrees, the file is added and the cookie helps analyse web traffic or lets the patient know when they visit a particular site. Cookies allow web applications to respond to users as an individual. The web application can tailor its operations to patient needs, likes and dislikes by gathering and remembering information about patient preferences. We may use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic.

Storage and security

The security of patient personal information is paramount to us and we use all reasonable endeavours to keep patient information in a secure environment and to protect patient personal information from misuse, interference, loss, unauthorised access, modification or disclosure. If you reasonably believe that there has been unauthorised use or disclosure of patient personal information please contact the Practice Manager immediately.

Accuracy of patient information

We take reasonable steps to ensure that the personal information held by us is accurate, complete and up to date. If you believe that any patient personal information is inaccurate, please contact us immediately and we will take reasonable steps to correct it.

Variation and consent to variation

We may vary the terms of this Privacy Policy at any time.

Disclosure to overseas recipients

We may disclose personal information to the third parties as listed in this Privacy Policy, which include overseas recipients located in Singapore, the United States of America, the United Kingdom and New Zealand. 

Access to patient information and making a complaint

Patients may request access to the personal information we hold about them. We will respond to patient request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner requested.  This will be subject to any exemptions provided under the Privacy Act.

Patients can request personal information we hold about them by writing to:

The Practice Manager
Chang Medical Pty Ltd
Suite 12A McCullough Centre
259 McCullough Street
Sunnybank QLD 4109

If a patient wishes to make a complaint about a breach of the Privacy Act by us, patients should do so by providing the complaint in writing. We will seek to respond to any complaint within a reasonable period of time. We may seek further information in order to provide a comprehensive and complete response.

Patients may also make a complaint to the Office of the Australian Information Commissioner.


In this Privacy Policy, “Practice” means Chang Medical Pty Ltd (trading as Chang Medical) being the medical practice of Dr Andrew Chang (BEng (Hons), MBBS (Hons), FRACS (OHNS), MD).