Edgecliff Orthodontics Privacy Policy
Last Updated: February 2026
Edgecliff Orthodontics (“we,” “our,” “the Practice”) is committed to protecting your personal and health information. This policy explains how we collect, use, hold, and disclose your information in accordance with the Privacy Act 1988 (Cth), the Notifiable Data Breaches Act 2017 (Cth), the Australian Privacy Principles (APPs), and NSW Health Records legislation.
1. Scope
This policy applies to all patients, clients, contractors, suppliers, employees, and anyone whose personal information we handle.
2. What is Personal Information?
Personal information identifies you or could reasonably identify you, including sensitive information such as health details, racial or ethnic origin, or other personal attributes.
a. Children’s Privacy
We protect the privacy of children under 18. Consent from a parent or guardian is generally required to collect information. Parents or guardians can access or correct their child’s information. Children’s information is used only for treatment, care, or as required by law. Records of minors are retained until age 25 per NSW legislation.
If necessary information is not provided, we may be unable to provide services.
3. Information We Collect
Depending on your relationship with us, we may collect:
a. Patients/Clients: Name, date of birth, contact details, school, health information, treatment history, X-rays, photographs, dental impressions, parent/guardian information for minors, payment/billing and insurance details.
b. Employees/Candidates: Resume, contact details, qualifications, references, medical information, taxation details.
c. Suppliers & Referees: Contact information, business or professional records.
d. Sensitive information (with consent): Health, racial/ethnic origin, religious or political beliefs, sexual orientation, criminal record, genetic information.
4. How We Collect Information
We collect personal information in lawful ways, including:
a. In person or by phone
b. Application or consent forms
c. Email or online forms (Snapforms)
d. Transactions and payments (including EFTPOS and HICAPS)
e. Our website
f. Publicly available sources
g. Surveillance cameras where applicable.
We will notify you if we collect information from someone else or if collection is required by law.
5. Why We Collect Information
We collect and use personal information to:
a. Manage patient relationships including recalls and SMS reminders
b. Provide orthodontic treatment and ongoing care
c. Schedule appointments and treatment updates
d. Arrange imaging and laboratory work
e. Submit health fund claims and respond to audit requests
f. Manage invoices, payments, and Denticare plans
g. Recruit and manage staff
h. Report and track for business purposes, using third party providers such as Commbank Smart Health Hub
i. Comply with legal and regulatory obligations
We will never sell or provide your personal or health information to third parties unrelated to you care or legal obligations.
Any third parties used adhere to Australian privacy/data protection laws.
6. Clinical Software and AI Tools
We use practice management software (Oasis) and may use AI-assisted clinical note-taking tools (Heidi Health) to support patient care. Full identifying patient details are not input into standalone AI tools. All clinical notes are reviewed by clinicians before being saved. IT service providers supporting our software comply with Australian privacy regulations.
7. How We Use and Disclose Information
We may disclose your information to:
a. Our employees and contractors who need it to perform their duties
b. To third-party service providers such as labs, IT support, billing services, business reporting services and imaging providers
c. To referring dentists and specialists
d. To private health funds for claims or audits
e. To Denticare or other payment plan providers, or as required or authorised by law.
We take reasonable steps to ensure any overseas storage or processing complies with Australian privacy laws.
8. Access, Correction, and Record Release
You can request access to your personal information, request correction of inaccurate or incomplete information, or request release of your records to another provider by contacting info@edgeclifforthodontics.com.au. Proof of identity will be required. We will respond within 30 days.
9. Security and Retention
We take reasonable steps to protect personal information from misuse, loss, or unauthorised access. Any physical records are securely stored in locked cabinets. Electronic records are protected with secure logins, passwords, and backups. Records are retained for legally required periods: adults at least 7 years from the last entry, minors until age 25. Records are securely destroyed or de-identified when no longer required.
10. Data Breaches
A Data Breach occurs when personal information is lost, stolen, or accessed without authorisation, including lost or stolen devices or paper records, employee error, or hacking incidents. If a Notifiable Data Breach occurs, we will notify affected individuals, notify the Office of the Australian Information Commissioner (OAIC), and take remedial actions to prevent harm. If you suspect a breach, report it to the Practice Manager within 24 hours.
11. Anonymity
You may interact with us anonymously or using a pseudonym where reasonable. If you choose not to provide personal information, we may be unable to provide services or respond to your requests.
12. Privacy Complaints
If you believe your privacy has been mishandled, contact our Privacy Officer in writing. We will respond within a reasonable timeframe. If unresolved, you may contact the OAIC or NSW Health Privacy Commissioner.
13. Privacy Officer Contact
Telephone: 02 9327 2800
Email: info@edgeclifforthodontics.com.au
Postal: 508/180 Ocean Street, Edgecliff NSW 2027
14. Breach of Policy
Employees who breach this policy may face disciplinary action, including termination of employment.
15. Variations
This policy may be updated from time to time. Changes will be reflected on our website and in the Practice records.