02 9439 1123

Privacy Policy

Introduction

Dr Varun Harish (“we”, “our”, “us”) is committed to protecting the privacy of individuals and complying with the Privacy Act 1988 (Cth), the Health Records and Information Privacy Act 2002 (NSW), the Australian Privacy Principles (APPs), and the Health Privacy Principles (HPPs). We also comply with the Australian Consumer Law (ACL), the Medical Board of Australia’s Code of Conduct, and the Australian Health Practitioner Regulation Agency (AHPRA) Advertising Guidelines.

This Privacy Policy explains how we collect, use, store, and disclose personal information provided to us through our website, including information submitted via our online enquiry form.

1. What information we collect

We may collect personal information from you when you interact with our website or services, including when you submit an enquiry form. This may include:

  • Your name and contact details (such as email address, phone number, and suburb).
  • Information about your enquiry, including any text you provide.
  • Files or images that you choose to upload (for example, medical images or documents relevant to your enquiry).
  • Other information you voluntarily provide to us.
  • Technical data such as IP address, browser type, and usage statistics (collected automatically via cookies or analytics tools).

2. How we collect personal information

We collect personal information in several ways, including directly from you when you submit an enquiry form, contact us by phone or email, or attend a consultation. We may also collect information indirectly, through cookies, analytics, or similar technologies when you interact with our website.

3. Why we collect personal information

We collect, hold, use, and disclose personal information for the following purposes:

  • To respond to your enquiries and provide requested information about our services.
  • To assess and triage the information provided (including uploaded files/images) to assist in determining suitability for consultation or treatment.
  • To manage our relationship with you as a patient or prospective patient.
  • To comply with our legal, professional, and regulatory obligations.
  • To improve our website, services, and patient experience.

We will not use your personal information for direct marketing without your consent.

4. Uploads via the enquiry form

When you submit an enquiry form on our website, you may choose to upload files, images, or other information. By doing so, you consent to us collecting and storing that material. Uploaded information will be treated as health information and handled with additional safeguards under the Privacy Act and the HRIP Act. This information will be used solely for the purpose of responding to your enquiry and determining next steps for your care. We recommend you only upload information relevant to your enquiry and avoid including unnecessary sensitive details. All data transmitted through the form is encrypted using industry-standard protocols (SSL).

4A. Use of uploaded information and patient consent

Any information, images, or documents uploaded through our enquiry form are collected solely for the purpose of responding to your enquiry and providing appropriate medical advice or care. Such material will not be published, displayed, or used in any advertising, marketing, or promotional context without your explicit written consent. We comply with the AHPRA Advertising Guidelines, the Medical Board of Australia’s Code of Conduct, and the Australian Consumer Law. This means we will not publish testimonials, endorsements, or patient images that may be misleading, deceptive, or create unrealistic expectations. If consent is provided for use of de-identified clinical images (for example, in educational or informational content), this will be documented, stored securely, and can be withdrawn at any time.

5. Disclosure of personal information

We will not disclose your personal information except as required or authorised by law, or as reasonably necessary to provide our services. This may include disclosure to:

  • Medical, nursing, or administrative staff directly involved in your care.
  • Specialist service providers (such as IT support, secure cloud storage, or medical imaging providers) under strict confidentiality agreements.
  • Regulatory bodies where legally required.

We do not sell or rent your information to third parties.

6. Storage and security

We take reasonable steps to protect your personal information against misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include secure servers, password protection, restricted staff access, encryption of form submissions and uploaded files, and regular monitoring of security practices. However, no method of transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security of your information.

7. Retention and deletion of information

We will only keep your personal information, including any files or images uploaded through the enquiry form, for as long as it is required to fulfil the purposes outlined in this Privacy Policy or as required by law. Information that forms part of a patient’s medical record will be retained in accordance with legal and professional obligations. Information that does not become part of a patient’s medical record (for example, preliminary enquiries where no ongoing care is provided) will be securely deleted or de-identified once it is no longer needed. We regularly review the personal information we hold and take reasonable steps to permanently destroy or de-identify information that is no longer required.

8. Access and correction

You have the right to request access to personal information we hold about you and to request corrections if it is inaccurate, out-of-date, or incomplete. Requests can be made by contacting us using the details below.

9. Cookies and website analytics

Our website uses cookies and third-party analytics tools to collect non-identifiable data about visitor interactions. This helps us improve website functionality and user experience. You can disable cookies in your browser settings, but some features of the site may not work as intended.

10. Overseas disclosure

We generally do not disclose personal information overseas. However, some of our third-party service providers (e.g., cloud hosting or IT services) may store information outside Australia. Where this occurs, we ensure that appropriate safeguards are in place.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or practice. The most current version will always be published on our website.

12. Contact us

Practice Manager
Dr Varun Harish
Suite 101, 69 Christie Street, St Leonards NSW 2065
admin@drvarun.harish.com.au
(02) 94391123