Privacy statement

National Skin Cancer Centres asks all patients to complete a form during their initial consultation so we can collect relevant information about you that may include your name, address, contact number, and email address. This information is used to assess your suitability for treatments, provide you with important pre- and post-treatment information, keep you up to date with our services, and confirm your appointments. Please let us know of any changes to your personal details to help us get necessary or important information to you.

Appointments

Appointments can be made online, via telephone, or in-person at one of our centres.

Please arrive five to 10 minutes before your appointment to allow time for checking in. If you are late, we may not have time available to provide your full treatment. Treatments cannot be rushed. You will still be charged for the full appointment.

For health and safety reasons, children cannot accompany patients in the treatment rooms and will not be supervised by our staff.

For us to provide you with the best service, it is important that you share with us all the information requested when completing consent forms or when asked about any factors which may affect your treatment. Our treatments and products may not be suitable for you. Due care and skill are always exercised when treating our patients, but it is your responsibility to identify whether a treatment or product is right for you.

Patients should also hold realistic expectations of the results that are achievable through treatments they receive. Please work with your Skin Doctor or Skin Therapist to determine what results you are likely to achieve.

Cancellations

Patients are required to give a minimum of 24 hours’ notice for appointment cancellations to allow time to reallocate your appointment to another patient. Cancellations can be made in-person at our centre or via telephone. Please do not try to cancel your appointment via social media message.

If you cancel your appointment within 24 hours of the appointment time or fail to attend without appropriate notice, we reserve the right to charge a cancellation fee of 50% of the treatment cost. In the case of pre-paid treatments, the treatment will be forfeited.

Refunds

We are not required to provide a refund if you change your mind about the products or services you asked for. If the product or service has a major problem, you can choose to cancel your contract and receive a refund for unconsumed services or products.

Treatment packages are not transferable to other individuals or centres. Please keep proof of your agreement in the form of an invoice or receipt. Our staff reserve the right to determine suitable treatments for our patients.

If you pre-pay for treatments, you will save an amount according to the pre-payment schedule. No refunds are available on pre-paid treatments. They are not transferrable to other individuals, treatment areas, or centres.

Pre-paid treatments must be used within 12 months of purchase. You agree to these terms by purchasing pre-paid treatments.

Purchases made through the online shop

Treatments, services, or products purchased through our online shop via Shopify are regulated by the aforementioned National Skin Cancer Centres conditions of use, privacy policy, cancellation policy, and refund policy.

Requests for refunds of treatments, services, or products purchased online must be made in writing to info@skincancercentres.com.au for consideration. We may decide, upon review of your written request, whether a refund is appropriate.

We recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information.

View the full privacy statement here.

Purpose

Sonic Healthcare is committed to protecting your privacy and to being open and transparent about how we collect, store, use, disclose and secure your personal information. This Privacy Policy explains how we collect and handle your personal information. It also describes your rights in relation to the personal information we hold about you.

This policy only applies to Sonic Healthcare Australia – Clinical Services, a division of Sonic Healthcare Limited (ABN 24 004 196 909). This division includes the Australian healthcare businesses trading as IPN Medical Centres, Sonic HealthPlus, Australian Skin Cancer Clinics, National Skin Cancer Centres and Artisan Aesthetic Clinics.

In this policy, the words Sonic Healthcare, Sonic, Us and We all refer to businesses within the Sonic Healthcare Australia – Clinical Services division. To view the privacy policies of other businesses in the Sonic Healthcare Limited group of companies, please visit their respective websites.

Updates
If we decide to change this policy (for example, to address changes in the law or in our data handling practices), we will post the amended policy on our website, where you can always find the most up-to-date version: www.scs.com.au. Alternatively, you can ask us to send you a copy by contacting us using the details set out at the end of this policy.

Collection of personal information

What is 'personal information'?

Personal information means information or an opinion that identifies you, or from which your identity can be reasonably ascertained, regardless of the form of the information or opinion, and regardless of whether it is true or not.

Who does Sonic collect personal information about?

We may collect personal information about patients, healthcare professionals, employees, contracted service providers, students, trainees, suppliers, shareholders and other individuals with whom we engage in the course of our usual business operations.

You are not required to provide personal information to us. However, we may not be able to provide our products or services to you, or otherwise engage with you in the manner you expect, if you do not provide us with personal information when requested.

In some circumstances, the services we provide to you may be compromised if you provide us with incomplete or inaccurate information.

Why do we collect personal information?

We collect, hold and use personal information to:

• enable us to provide you with our products and services (including results)
• provide services to, and manage, our related companies
• enable third-party service providers to provide us and our related companies with services, such as accounting and auditing services, legal advice, information technology, property management services, printing and mailing services, and services relating to our share register and group employee share plan
• recruit and manage our relationships with employees
• correspond with people regarding our corporate sponsorships and other charitable and community initiatives
• comply with our legal obligators (including our legal obligations as an accredited healthcare provider)
• communicate with, and comply with our legal obligations to our shareholders, and to process payments to them
• maintain and update our records

What types of personal information do we collect?

The type of personal information we collect about you depends on who you are, our relationship with you and the nature of our interaction with you.

The types of personal information we may include:

• Identity and contract information - this is information we need to confirm your identity, such as your name, age, gender, date of birth, contact details and proof of identity documents.
• Government and insurance identifiers - this is information we require for billing and other administrative purposes, such as your Medicare number or private health insurance membership details.
• Clinical information - this is information we need in order to provide you with appropriate healthcare, such as details of your medical and surgical history, family history, occupational history, allergies, medications, treatments, immunisation status, results of diagnostic tests and physical monitoring (such as blood pressure and ECG readings), medical images, genomic data, healthcare providers and all correspondence to and between your healthcare providers.
• Lifestyle information - this is information relating to your lifestyle which we may also need to provide healthcare products and services to you. For example, dietary and exercise information, and information about smoking, alcohol and drug use.
• On-site information - this is information we collect when you visit our premises, such as images from CCTV cameras located in our clinics and collection centres, images from facial recognition software and vehicle number plate details.
• Online activity information - this includes information about how you interact with our websites, apps, ads, social media profiles and electronic communications, including what you click on. It may also include software versions, device identifiers (like IP address and IMEI [International Mobile Equipment Identity] information), device location, dates, times, file metadata, referring website/app, data entered, and user activity, such as links clicked, app installations, app launches, adding items to a basket and making purchases. This may be done via the use of cookies, tags and tracking pixels.
• Employment information - if you apply for employment with us, or are engaged by us, this may include your employment history, job applications, pre-employment checks, education, qualifications and accreditations, training records and information required by laws, regulations or standards. It may also include sensitive information, such as criminal record or working with children checks, health information and biometric data.
• Financial information - this includes information such as your payment history, credit history, income details, and credit card, bank and cheque account details.
• Transaction information - this is information about how you transact with us, such as products and services purchased, survey responses and other feedback given to us.
• Profile information - occasionally we may need to collect other information, such as details of your religion or ethnicity, that is relevant in our interactions with you.

How do we collect personal information?

We may collect your personal information in a number of ways, depending on the nature and circumstances of your interaction with us. We may collect personal information:

• directly from you - you might provide us with personal information directly, such as when you:
  • contact us by telephone, written correspondence, email or via our website/s or app/s
  • visit one of our clinics, collection centres, laboratories or offices (including via security or other cameras)
  • purchase a product or service from us
  • interact with us as a supplier or service provider
  • set up an account with us, such as a Sonic Dx account
  • apply for a job with us.
• from third-party sources - we might collect your personal information from third-party sources where it is not reasonable or practical for us to collect this information directly from you, or where your health may be at risk and we need your personal information to provide you with emergency medical treatment. For example, we might collect personal information from:
  • other healthcare service providers, including healthcare professionals, hospitals and clinics who refer you for our services or are involved in your care (they will generally explain why they are collecting the information and where it is going)
  • other persons or entities who ask us to perform services on your behalf (for example, your employer, a government agency or a hospital/nursing home in which you are a patient)
  • third parties who we partner with or use to provide you with products and services
  • the My Health Record (MyHR) program operated by the Australian Commonwealth Department of Health, in accordance with the access controls that you have set within that system (if you do not want us to access personal information stored in your MyHR record, it is your responsibility to modify the access controls as required)
  • insurers, law enforcement agencies or other government departments or agencies (or their authorised representatives)
  • people who have authority to share your personal information with us (such as relatives or carers who have been nominated to act as your ‘responsible person’, your guardians, or attorneys appointed under a power of attorney to support you to manage your health)
  • an employer or educational institution who has dealt with you
  • other Sonic Healthcare Group Companies who have provided you with healthcare services or other products or services
  • if you are a healthcare service provider, from relevant government or industry services, databases and directories
  • other publicly available sources or networking services (for example, use of internet searches or social media platforms to verify your identity or other information you have provided to us, or to offer you our products and services).
• through our own efforts - we may generate and collect information about you directly, such as:
  • test result data generated when we perform laboratory testing services for you
    
  • clinical images created when you attend one of our clinics
    
  • genomic or molecular data obtained through genetic or molecular testing
  • physical monitoring data (such as ECG or blood pressure readings).

We may also collect information through the use of digital technologies like cookies, tags and pixels when you use our websites, apps or social media platforms. These may also come from third-party services (for example, LinkedIn) for the purposes of collecting data to enable website or app security, continuity, performance measurement, personalised advertising and analytics. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.

Anonymity and pseudonymity

You may choose to deal with us anonymously or by using a pseudonym, unless it is impracticable for us to do so or we are required or authorised by law to only deal with identified individuals. If you choose to remain anonymous, or to use a pseudonym, we may not be able to provide certain services to you, either at our usual standard, or at all.

How does Sonic use and share your personal information?

We collect, store, use and share your personal information in a number of ways, depending on the nature of our relationship with you. Some examples are set out below. We will not seek your consent to use your personal information in these ways.

Healthcare purposes

• To coordinate and/or communicate with you and with healthcare providers involved in your care.
• To procure additional healthcare services on your behalf (such as referrals to other providers or to obtain a second opinion).
• To liaise with your health fund, insurer, Medicare, Department of Veterans’ Affairs, Australian Government Department of Health, Disability and Ageing or another payer or contractor of services regarding products and services provided to you.
• To fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law.

Quality assurance and teaching purposes

• To conduct activities related to quality assurance/improvement, accreditation, audit, statistical analysis, risk and claims management and internal training.

Administrative purposes

• To send you standard reminders (for example, for appointments for follow-up care and account management).
• For invoicing, billing and account management.
• To handle a complaint or respond to anticipated or existing legal actions.
• To comply with applicable laws requiring disclosure of information (such as, in response to a subpoena, or mandatory notification laws relating to child abuse or infectious diseases).

Research purposes

• To carry out clinical research, improve our products and services and develop new products and services (but only if it is necessary to use identifiable information and the use is permitted by the Privacy Act 1988 [Cth]).

Communication purposes

• To obtain feedback about our services.
• To provide advice or information to you about products and services that are relevant to you (unless you have opted out from receiving direct marketing communications).

Business purposes

• To engage you, or someone you represent, to provide products or services to us as a contractor, and to manage that relationship.
• To consider your application for employment with us, including to undertake suitability checks.
• If you are employed or engaged to work for us, to manage your employment, engagement or placement, including any workers’ compensation claims which may arise.

Sonic may use electronic processes when using your personal information as specified above. We may link, combine or share personal information about you in various databases created by any of Sonic’s businesses.

Use of personal information for direct marketing

We may use your personal information for marketing that is directly related to our services, in compliance with applicable laws, such as the Privacy Act 1988 (Cth) and Spam Act 2003 (Cth). We may engage third parties, under contract, to provide marketing services on our behalf.

You may advise us that you do not wish to receive direct marketing from us at any time by contacting us or by using the opt-out facilities provided in our client registration processes, informed consent procedures and the marketing communications you receive.

De-identification and aggregation

We may also de-identify and/or aggregate the personal information that we collect to:

• carry out clinical research, improve our products and services, or develop new products and services
• carry out quality assurance activities
• perform analytics relating to customer service, health outcomes and other business activities.

Disclosure of personal information to third parties

When providing services to you or otherwise engaging with you, we may disclose your personal information to trusted third parties, including:

• healthcare service providers or other relevant parties involved in your care or requesting services on your behalf
• other specialist providers, where necessary, for confirmatory testing (second opinion), or to perform highly specialised or proprietary services on our behalf
• Medicare, your private health insurer or any organisation responsible for payment of any part of your account, such as the Department of Veterans’ Affairs
• approved and trusted contractors engaged in providing professional services to us (such as debt collection agencies, credit checking agencies, information and communication technology providers, specialist clinical services, data entry and data analytics services)
• our insurers, in appropriate circumstances.

Where we outsource any of our services or hire contractors to perform professional services, we will require them, under contract, to comply with the Privacy Act or other relevant privacy legislation and, where applicable, this Policy.

We may use electronic processes to disclose your personal information as specified above, where available or relevant. Where we use document automation technologies to disclose your personal information (such as to generate appointment bookings, referrals, results or e-scripts), we will only disclose your information to the extent reasonably necessary and only for the purposes specified above.

We will not seek your additional consent to disclose your personal information for any of the purposes described above.

Disclosures required by law

We may be required by law to disclose your personal information without your consent, including in response to:

• subpoenas or other court or tribunal orders
• police warrants
• health regulator requirements
• laws mandating notification of certain diseases, to the relevant agency (such as national cancer registries).

Disclosures for research and other purposes

Periodically, we may disclose data to other organisations undertaking research (such as universities, medical research institutes, pharmaceutical companies and cancer councils). In most instances, any data we provide will have been aggregated/de-identified. We will only disclose identified data if it is necessary for the purposes of the research and disclosure is permitted under the Privacy Act 1988 (Cth).

My Health Record

If you choose to participate in the My Health Record program operated by the Australian Digital Health Agency, we may access the personal information it contains. We may also disclose your personal information by uploading your health information electronically to the My Health Record system if requested, or required by law, to do so.

If you do not want us to access personal information stored in your My Health Record or upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.

Cross-border disclosures

We may enter into arrangements with other related entities or third parties outside Australia to store, access or use data we collect, including personal information, in order to provide services to us (such as data processing, analysis, interpretation or the performance of specialised tests). In such cases, we will take reasonable steps to ensure that the third parties do not breach the Australian Privacy Principles (APPs), including by requiring that the third party has information security measures and information handling practices in place that are of an acceptable standard and approved by us.

The countries in which the recipients are likely to be located include, but are not limited to, those countries where the Sonic group operates (New Zealand, USA, UK, Germany, Switzerland, Belgium and Poland).

Website

When you use our website(s), we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.

Our website(s) may use cookies that allow us to gather anonymised statistics relating to the management of our website(s). These analytics may include, but are not limited to, your internet service provider (ISP), domain name, browser type and the pages you visit.

Our websites, apps and email communications may contain links to other websites and apps that are owned or operated by third parties. If you choose to access those third party websites or apps, the third party may collect personal information about you. We are not responsible for the privacy practices of any third parties, nor the information on their websites and apps.

Use of artificial intelligence (AI) technologies

We may use AI systems (including decision support tools, data analysis systems and internal chatbots) to process, generate or infer personal information. For example, our doctors may use an AI decision support tool to assist them to form a diagnosis when they are reviewing your test results.

We do not use AI systems to make fully automated decisions about individuals that may have significant legal or personal effects without appropriate human oversight.
Personal information is only input into or generated by AI systems when:

• it is reasonably necessary for our business operations
• it complies with lawful and fair collection practices (APP 3)
• it is used for the primary purpose for which it was collected, a directly-related secondary purpose, or with consent (APP 6).

We take reasonable steps to ensure the accuracy, security and transparency of personal information processed, generated or inferred through AI systems. We do not input any personal or sensitive data into publicly accessible AI systems.

If we collect information via an AI chatbot or automated tool, we will tell you and give you the option to withhold sensitive information or to seek human assistance.

Protecting your personal information

We take the protection of your personal information seriously and take all reasonable steps to ensure the information we collect, use and disclose is accurate, secure and protected from misuse and loss, and from unauthorised access, modification or disclosure.

Accuracy

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes.

Security

We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures to protect your privacy. We regularly review our information security processes to ensure they continue to offer an appropriate level of protection for your information.

Retention

As a diagnostic health services provider, we are required to comply with numerous laws, rules and standards relating to the retention of health information and records. When we no longer need your personal information for the purposes described in the Policy, and we are no longer required to retain it under relevant accreditation standards or law, we will destroy or permanently de-identify it.

Notification

If we become aware that unauthorised access or disclosure of your information has occurred and there is a likely risk of serious harm associated with that unauthorised access or disclosure, we will notify you promptly and provide you with a recommended course of action where necessary.

Access to, and correction of, your personal information

Access

You have the right to request access to the personal information about you that we hold. You can do this by contacting our Privacy Officer (see below).

To protect your privacy, we will need you to verify your identity before providing access to your information. We may recover any reasonable costs associated with supplying this information to you.

We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or if giving access would have an unreasonable impact on the privacy of other individuals. We will normally give you a written notice stating our reasons for not complying with your request and informing you of how you can complain about our refusal.

In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner so that complex clinical information can be explained to you within the context of your individual circumstances.

Correcting your personal information

You have the right to request an amendment to the information we hold, if you believe it to be inaccurate.

If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant (taking into account the reasons why we hold that information), we will take reasonable steps to amend it. In situations where the law does not allow us to delete health information, this may include keeping a statement of the relevant corrections with your personal information.

If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.

If you wish to request changes to your personal information held by us, you can contact our Privacy Officer (see below), who can give you more detailed information about our correction procedure.

Contacting Sonic Clinical Services about privacy issues and complaints

If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer. We may need to verify your identity and ask for further details to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time and generally within 21 days.

Sonic Healthcare Australia - Clinical Services Privacy Officer contact details

The Privacy Officer
Sonic Healthcare Australia - Clinical Services
Level 8, Grosvenor Place,
225 George St, Sydney NSW 2000

Email: privacy@scs.com.au

Phone: (02) 8288 8988

If we cannot satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination.

If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner.

Office of the Australian Information Commissioner (OAIC)

GPO Box 5218
Sydney NSW 2001

Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Web: www.oaic.gov.au

This privacy policy was last updated on April 2025.