Lipoedema Lab

lipoedema lab

privacy policy

Effective: November 2025

Lipedema Lab ("the clinic", "we", "us", "our") is committed to protecting your privacy and handling your personal information responsibly. As a health service provider, we comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme. This policy explains how we collect, use, disclose, store, and protect your personal and health information.

We review this policy regularly and may update it to reflect changes in our practices or the law. Significant updates will be posted on our website and notified to you directly where required.

1. types of information we collect

We collect personal information (including sensitive health information) only when reasonably necessary for providing our dermal therapy, lymphoedema management, and related health services.

  • Personal details: Full name, contact details (phone, email, address), date of birth, gender, Medicare number (if applicable).
  • Health information: Medical history, treatment records, medication/allergies, referrals, diagnostic results (e.g., skin/lymphatic assessments).
  • Billing/administrative information: Concessional status (we are private billing and do not store payment card or health fund details).
  • Other: Occupation, emergency contacts, demographic details.

We collect information directly from you (e.g., forms, consultations) or indirectly (e.g., from referrers, other providers with your consent, or My Health Record if you authorise access). Where practicable, you may deal with us anonymously or pseudonymously (e.g., general enquiries), but this is often not possible for health services.

2. how we collect information

  • In person, via phone/email, online forms, or our website.
  • With your consent where required (express or implied).
  • We take steps to ensure information is accurate, up-to-date, and complete.

3. how we use and disclose your information

Primary Purposes (What You Would Reasonably Expect):

  • Delivering treatments, assessments, and care plans.
  • Communicating about appointments, reminders, or progress.
  • Internal administrative tasks (e.g., billing, audits).
  • Quality improvement and staff training (de-identified where possible).

Secondary Purposes (Only With Consent or as Permitted by Law):

  • Research or education.
  • Direct marketing (you can opt out at any time).
  • Disclosures to others (e.g., referring doctors, specialists, labs) for your ongoing care.

We May Disclose To:

  • Other healthcare providers involved in your care.
  • Regulatory bodies (e.g., as required for reporting).
  • Third-party providers (e.g., bookkeeping, phone services, IT/software vendors) under confidentiality agreements.
  • In emergencies or where required/authorised by law (e.g., serious threats to health/safety).

We do not disclose to overseas recipients unless necessary (e.g., cloud storage providers with equivalent protections) and will inform you if this applies.

4. data security and retention

We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure:

  • Physical: Locked facilities, secure record storage.
  • Electronic: Encrypted storage/transmission, password-protected compliant medical software (e.g., firewalls, access controls).
  • Organisational: Staff training, privacy policies, breach response plans.

We retain information as required by law (e.g., health records for 7 years post-last service or until age 25 for children). We securely destroy or de-identify when no longer needed.

5. data breaches

If we suspect an "eligible data breach" (unauthorised access/disclosure/loss likely to cause serious harm), we will assess promptly and notify you and the OAIC under the NDB scheme. This includes recommended protective steps (e.g., change passwords).

6. accessing, correcting, or deleting your information

You have rights to:

  • Access your information (usually free, within 30 days).
  • Request corrections if inaccurate/incomplete/out-of-date.
  • Request deletion where no longer needed (subject to legal retention).

Contact us to exercise these rights—we respond reasonably promptly.

7. website, cookies, and online tracking

Our website uses cookies for functionality, analytics, and improvement. You can manage preferences via browser settings, but this may affect site features.

We do not track for targeted advertising. Third-party links are not covered by this policy—review their privacy statements.

8. complaints

If you believe we have breached your privacy or this policy:

  • Contact us first—we aim to resolve internally.
  • If unsatisfied, complain to the OAIC (oaic.gov.au, 1300 363 992).

We treat complaints seriously and respond within 30 days.

9. contact us

Lipedema Lab

Phone: 1800 343 211

For more on your rights: oaic.gov.au