Biotide Studio – Privacy Policy

1. Introduction

Biotide Studio ABN [36694372908] (we, us, our) is a telehealth clinic operating in Victoria, Australia. We are committed to protecting the privacy and confidentiality of personal information, including sensitive health information, in accordance with all applicable Australian privacy legislation.

This Privacy Policy applies to all personal information collected by Biotide Studio in connection with our clinical services, digital platforms, telehealth consultations, and any other interactions with patients, healthcare providers, and visitors to our website at www.biotidestudio.com.

By engaging our services or using our platforms, you acknowledge that you have read and understood this Privacy Policy. We encourage you to contact us if you have any questions.

2. Legislative Framework

Our privacy practices are governed by the following legislation and standards:

  • Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)

  • My Health Records Act 2012 (Cth)

  • Health Records Act 2001 (Vic) [or applicable state/territory health records legislation]

  • Telecommunications (Interception and Access) Act 1979 (Cth)

  • Spam Act 2003 (Cth)

  • Therapeutic Goods Act 1989 (Cth), as applicable to prescribed therapeutic products

  • RACGP Standards for general practices and AHPRA professional standards, as applicable

  • Australian Digital Health Agency guidelines for telehealth services

Where Biotide Studio is an APP entity or health service provider under applicable legislation, we are bound by the obligations set out in those instruments in addition to any contractual commitments to patients and referral partners.

3. What Personal Information We Collect

We may collect the following categories of personal information:

3.1 Identity and Contact Information

  • Full name, date of birth, gender, and pronouns

  • Residential and postal address

  • Email address and telephone number(s)

  • Emergency contact details

3.2 Health and Clinical Information

Health information is classified as sensitive information under the Privacy Act 1988 (Cth) and is afforded heightened protections. We collect:

  • Current and past medical history, diagnoses, and presenting complaints

  • Medications, supplements, and allergies

  • Results of pathology, imaging, and other diagnostic investigations

  • Details of current healthcare providers and referral information

  • Treatment plans, clinical notes, and progress records from Biotide Studio consultations

  • Information pertaining to lifestyle, diet, exercise, and relevant social history

  • Mental health history, where clinically relevant and disclosed by the patient

  • Reproductive and sexual health history, where clinically relevant

  • Records of prescriptions issued and peptide therapy protocols administered

3.3 Billing and Financial Information

  • Medicare number (where applicable)

  • Private health insurance details

  • Payment method information (processed via secure third-party payment gateway; we do not retain card data)

  • Invoices and records of transactions

3.4 Telehealth and Technical Information

  • IP address and device information when accessing our platforms

  • Telehealth session metadata (time, duration, platform used)

  • Video and audio recordings, only where explicit consent has been obtained

  • Website usage data, including cookies and analytics (see Section 12)

3.5 Referral and Communication Information

  • Information provided by referring healthcare professionals (physiotherapists, general practitioners, and other clinicians)

  • Correspondence and communications with patients and providers

  • Feedback, survey responses, and enquiry details

4. How We Collect Personal Information

Wherever practicable, we collect personal information directly from you. We collect information through:

  • New patient intake forms and registration processes

  • Telehealth and in-clinic consultations conducted by our clinicians

  • Communications via email, telephone, SMS, and secure messaging platforms

  • Our website, patient portal, and appointment booking system

  • Our practice management software (Halaxy)

  • Referral letters and clinical correspondence from healthcare providers

  • Pathology and diagnostic service providers

  • My Health Record system 

  • Payment processing platforms

Where we collect information from a third party (such as a referring clinician), we will take reasonable steps to notify you of this collection as soon as practicable, unless you have already been informed, or it would be unreasonable or impracticable to do so.

5. Why We Collect and Use Your Information

We collect and use personal information for the following primary purposes:

  • Providing, managing, and coordinating clinical and telehealth services

  • Assessing patient suitability for peptide therapy and developing treatment protocols

  • Communicating with you about your care, appointments, and treatment progress

  • Issuing prescriptions and liaising with compounding pharmacies

  • Coordinating shared care with referring clinicians, including providing progress and treatment reports back to your referring healthcare provider

  • Billing, processing payments, and managing Medicare or insurance claims

  • Maintaining accurate and complete clinical records as required by law

  • Complying with mandatory reporting obligations and regulatory requirements

  • Improving the quality and safety of our services through clinical audit

  • Sending appointment reminders and administrative communications

  • Responding to your enquiries and complaints

We may also use de-identified, aggregated information for:

  • Service development, clinical governance, and quality improvement

  • Population health analysis and research (in accordance with the National Statement on Ethical Conduct in Human Research)

  • Staff education and training

6. Disclosure of Personal Information

6.1 Disclosures with Your Consent

With your consent, we may disclose your information to:

  • Your nominated general practitioner, physiotherapist, or other treating clinicians, including the provision of progress reports as part of a shared care arrangement

  • Compounding pharmacies for the purpose of dispensing prescribed peptide therapies

  • Specialists and allied health professionals involved in your care

  • My Health Record (where applicable and authorised)

6.2 Disclosures Required by Law or for Safety

We may disclose your information without your consent where:

  • Required or authorised by law (e.g., mandatory reporting obligations under child protection legislation, notifiable disease reporting, subpoena, or court order)

  • Reasonably necessary to prevent or lessen a serious and imminent threat to the life or health of any person (APP 6.2(c))

  • Necessary for the establishment, exercise, or defence of a legal claim

  • Required by AHPRA, the TGA, or another regulatory body

6.3 Service Providers and Technology Partners

We engage trusted third-party service providers to support our operations. These parties are bound by contractual obligations to handle your information only as directed by us and in accordance with applicable privacy law. They include:

  • Halaxy (practice management, prescribing, and payments platform)

  • Patient portal and telehealth technology providers

  • Secure cloud storage and IT infrastructure providers

  • Pathology and diagnostic laboratories

  • Accounting and legal professionals (under strict confidentiality obligations)

  • Email and communication platform providers

6.4 We Do Not Sell Your Information

Biotide Studio does not sell, rent, or otherwise trade personal information to third parties for marketing or commercial purposes.

7. Overseas Disclosure

Some of our technology service providers may store or process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure that those overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles.

Relevant jurisdictions may include the United States and the European Union. By providing your personal information to us, you consent to the disclosure of your information to overseas recipients in accordance with this policy. In the event that an overseas recipient does not comply with the APPs, we will remain accountable to you to the extent permitted by law under APP 8.

8. Storage and Security of Your Information

We take the security of your personal information seriously and implement physical, technical, and administrative safeguards proportionate to the sensitivity of the information held. Our security measures include:

  • End-to-end encryption for telehealth consultations and secure messaging

  • Role-based access controls and multi-factor authentication for clinical systems

  • Secure, encrypted cloud storage for clinical records

  • Regular security audits and staff privacy training

  • Contractual security requirements imposed on all third-party service providers

  • Physical security measures at any premises where hard-copy records are held

Clinical records are retained for a minimum of seven (7) years from the date of last entry for adult patients, and until the age of 25 for patients who were minors at the time of treatment, in accordance with applicable state and territory legislation. Where records are no longer required, we will securely destroy or de-identify them.

9. Notifiable Data Breaches

Biotide Studio is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach — one that is likely to result in serious harm to individuals whose information is involved — we will:

  • Conduct an expeditious assessment of the breach within 30 days

  • Notify the Office of the Australian Information Commissioner (OAIC) as required

  • Notify affected individuals as soon as practicable

  • Take immediate steps to contain the breach and mitigate potential harm

10. Your Rights

10.1 Access

You have the right to request access to the personal information we hold about you (APP 12). We will respond to access requests within 30 days. Access may be declined or limited in limited circumstances prescribed by the Privacy Act, such as where disclosure would pose a serious threat to health or safety, or where information relates to a legal matter.

10.2 Correction

You have the right to request correction of personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13). We will take reasonable steps to correct information within 30 days of your request.

10.3 Complaints

If you believe we have breached your privacy or the APPs, you may lodge a complaint with us in the first instance. We will respond to privacy complaints within 30 days. If you are not satisfied with our response, you may refer your complaint to:

  • The Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992

  • The Health Services Commissioner (Victoria) or the relevant health complaints body in your state or territory

10.4 Withdrawal of Consent

Where we rely on your consent as a basis for using or disclosing your information, you may withdraw that consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to withdrawal. Note that withdrawal of consent for essential clinical disclosures may limit our ability to provide safe and effective care.

10.5 Anonymity and Pseudonymity

Under APP 2, you have the option to interact with us anonymously or using a pseudonym in certain contexts. However, for clinical services, we are required by law and professional standards to verify your identity and hold accurate health records. Where anonymity is requested for general enquiries, we will accommodate this where practicable.

11. Telehealth-Specific Privacy Considerations

Biotide Studio provides clinical services via telehealth. Patients engaging in telehealth consultations should be aware of the following:

  • Telehealth sessions are conducted over encrypted, secure platforms. We recommend that you participate from a private location to protect the confidentiality of your health discussions.

  • Sessions are not routinely recorded. Where recording is proposed for clinical or educational purposes, explicit written consent will be obtained from you in advance.

  • Telehealth platforms used by Biotide Studio are selected for their compliance with Australian privacy and security standards. Details of current platforms are available on request.

  • The same professional, ethical, and legal obligations regarding privacy and confidentiality apply to telehealth consultations as to in-person consultations.

  • You have the right to decline telehealth in favour of in-person consultation where this is available and clinically appropriate.

  • Technical or security issues during a telehealth session that may compromise privacy will be reported to you and, where applicable, to the OAIC under the NDB scheme.

12. Website, Cookies and Digital Marketing

Our website uses cookies and similar tracking technologies to improve user experience and analyse website traffic. Cookies collect information such as IP address, browser type, pages visited, and session duration. This data is used in aggregate and is not linked to your clinical records.

You may disable cookies through your browser settings; however, this may affect the functionality of some areas of our website. We do not use sensitive health information for targeted advertising.

Any marketing communications we send are issued in compliance with the Spam Act 2003 (Cth) and will include an unsubscribe facility. We will not use your clinical information for direct marketing without your explicit consent.

13. Children and Young Persons

Biotide Studio's services are intended for adult patients. We are unable to consult any patients under 18 years old.

14. Research and Secondary Use

Where Biotide Studio participates in clinical research or quality improvement activities, we will only use identifiable patient information with your explicit consent or in accordance with an exemption under the Privacy Act 1988 (Cth) and the National Statement on Ethical Conduct in Human Research (2023). De-identified data may be used for research and quality improvement without individual consent.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The current version of this policy will always be available on our website and in our clinic. We will notify existing patients of material changes via email or through our patient portal. Your continued use of our services following notification of changes constitutes acceptance of the updated policy.

16. Contact Us

For all privacy enquiries, access requests, correction requests, or complaints, please contact our Privacy Officer:

Privacy Officer

Biotide Studio

Studio 9, 92 Clyde St, St Kilda, Vic 

Email: care@biotidestudio.com.
We aim to respond to all privacy enquiries within 30 days.

Schedule A — Glossary of Key Terms

APP: Australian Privacy Principle, as defined in Schedule 1 of the Privacy Act 1988 (Cth)

Health information: Information or an opinion about the health or disability (at any time) of an individual; or an individual's expressed wishes about the future provision of health services to him or her; or a health service provided to an individual — as defined in the Privacy Act 1988 (Cth)

Notifiable Data Breach: An eligible data breach as defined under Part IIIC of the Privacy Act 1988 (Cth), being an unauthorised access to, or unauthorised disclosure of, personal information, or a loss of personal information, that is likely to result in serious harm

OAIC: Office of the Australian Information Commissioner

Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable — as defined in s 6 of the Privacy Act 1988 (Cth)

Sensitive information: A subset of personal information including health information, which is afforded heightened protections under APP 3 and APP 6

Telehealth: The delivery of healthcare consultations and services via digital communication technologies, including video conferencing and telephone