Last updated: February 2026
On this page
Clinic Admin ("we", "us", "our") provides virtual administration services to allied health practices in Australia. We are committed to protecting the privacy of our clients and their patients in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
We collect information necessary to provide our virtual administration services to allied health practices. This includes:
From Practice Owners and Staff: - Contact information (name, email, phone number) - Business information (practice name, ABN, address) - Billing and payment information - Communication preferences
Through Service Delivery: - Practice management system access credentials (stored securely) - Task instructions and preferences - Communication records related to service delivery
From Your Patients (on your behalf): When providing services, our team may access patient information within your practice management system as directed by you. We act as your agent and handle this information according to your instructions and applicable privacy laws.
We use collected information to:
We do not use your information or your patients' information for marketing purposes unrelated to our services, and we never sell personal information to third parties.
Your patients' data remains your responsibility. We access patient information only as your authorised agent to perform administrative tasks you direct.
Our commitments regarding patient data: - We access only the information necessary for assigned tasks - All team members complete Australian Privacy Principles training - We follow your practice's privacy policies and procedures - We do not retain patient data outside your practice systems - We report any suspected breaches immediately
Your responsibilities: - Ensuring appropriate consent and privacy notices for your patients - Providing us with lawful instructions regarding data handling - Maintaining appropriate access controls in your systems - Complying with your obligations under the Privacy Act 1988
We implement robust security measures to protect information:
Technical Measures: - Encrypted connections for all system access - Secure, managed workstations for our team - Multi-factor authentication where supported - Regular security training and assessments - No local storage of patient data
Operational Measures: - Background checks for all team members - Confidentiality agreements and training - Access limited to assigned practices only - Supervised work environment in our Philippine office - Incident response procedures
We maintain zero security incidents as our standard, not our goal.
We may share information in limited circumstances:
With your consent: When you direct us to share information with third parties.
Service delivery: Our team in the Philippines accesses information to provide services. All team members are bound by confidentiality obligations and trained in Australian privacy requirements.
Legal requirements: When required by Australian or Philippine law, or to respond to valid legal process.
Business operations: With service providers who assist our operations (e.g., payment processors), under appropriate confidentiality agreements.
We do not sell, rent, or trade personal information.
We are committed to compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Key commitments include:
APP 1 - Open and transparent management: This policy explains our practices.
APP 6 - Use and disclosure: We use information only for the purposes for which it was collected or related purposes you would reasonably expect.
APP 11 - Security: We take reasonable steps to protect information from misuse, interference, loss, and unauthorised access.
APP 12 - Access: You may request access to personal information we hold about you.
APP 13 - Correction: You may request correction of inaccurate information.
For patient data, you remain the primary entity responsible for APP compliance. We support your compliance through our training and procedures.
You have the right to:
To exercise these rights, contact us using the details below. We will respond within 30 days.
Note: For patient data, patients should direct requests to your practice. We will assist you in responding to such requests.
We retain information for as long as necessary to provide services and comply with legal obligations:
When information is no longer needed, we securely delete or de-identify it.
Our team is based in the Philippines. By using our services, you consent to your information being accessed from the Philippines.
We ensure appropriate protections for international transfers: - Confidentiality and data protection training for all team members - Contractual obligations regarding data handling - Security measures meeting Australian standards - Compliance with both Australian and Philippine privacy laws
The Philippines has data protection legislation (Data Privacy Act of 2012) that provides comparable protections to Australian law.
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:
Continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
For privacy-related inquiries, requests, or complaints:
Email: privacy@clinicadmin.com.au
Mail: Clinic Admin [Business Address] Australia
We aim to respond to all inquiries within 30 days.
Office of the Australian Information Commissioner: If you are not satisfied with our response, you may complain to the OAIC at www.oaic.gov.au.