Privacy Policy
Legacy Women Clinic — Australian Privacy Act 1988 Compliant
Last Updated: January 2026
Introduction
Legacy Women Clinic (“the Clinic”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our telehealth services. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
1. Data Custody & Third-Party Infrastructure
We use Halaxy as our practice management system to securely store and manage patient records on our behalf. Legacy Women Clinic remains responsible for handling personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs), and we take reasonable steps to ensure our service providers protect information appropriately.
By using our services, you acknowledge that your clinical data is stored on Halaxy’s secure servers and that Halaxy operates as a data processor on behalf of Legacy Women Clinic. All access to clinical data is encrypted and restricted to authorized medical professionals only.
2. Information We Collect
Clinical Information
When you book a consultation or use our telehealth services, we collect health information including medical history, symptoms, medications, allergies, and clinical notes. This information is collected primarily for providing health care services. This information is stored securely in Halaxy.
Personal Information
Name, email address, phone number, date of birth, and address for appointment scheduling and communication purposes.
Website Data
When you visit our website, we automatically collect certain information:
- IP address and device/browser information
- Pages visited, timestamps, and browsing behavior
- Cookies and local storage for website functionality
- Analytics tools (if enabled) to understand site usage
- Embedded services such as Google Maps and reCAPTCHA
Website Contact Form
Our website contact form is for general inquiries ONLY. Please do not submit sensitive health information via the website form. If you do, we may need to transfer your message into our secure clinical system and/or contact you to use a safer channel. Submitting information via the form is at your discretion and carries security risks inherent to web communications.
3. Payment & Financial Data
We DO NOT store credit card information. All payments are processed and tokenized through Halaxy and Braintree payment processors. We do not have access to your full credit card details. Payment processing is handled by these third-party providers in compliance with PCI DSS standards.
For any payment-related inquiries, please contact clinic@legacywomenclinic.com.au.
4. Security & Limitation of Liability
Limitation of Liability Regarding Cyber Security
Legacy Women Clinic utilizes industry-leading third-party providers (including Wix and Halaxy) to manage data and website operations. While we enforce strict internal security protocols (including Multi-Factor Authentication and encrypted transfers), the Clinic shall not be held liable for any loss, damage, or breach of privacy resulting from a cyber-attack, hacking incident, or security failure of these third-party platforms.
By using our services, the patient acknowledges that no digital transmission is 100% secure and agrees to use our secure Halaxy portal for all clinical communications to minimize risk. The Clinic’s liability for any data incident is limited to the minimum requirements set by the Privacy Act 1988.
Security Measures
- Multi-Factor Authentication (MFA) for all staff and authorized users
- Encryption in transit and at rest (where supported by the provider)
- Secure data storage with Halaxy’s encrypted servers
- Role-based access controls for clinical data
- Regular security audits and compliance checks
- Restricted access to clinical data (authorized medical professionals only)
Hacking & Data Breaches
In the event of a system-wide hack or security breach affecting our providers, we will follow the Notifiable Data Breaches (NDB) scheme as required by the Privacy Act 1988 and will notify affected individuals. We take reasonable steps to prevent unauthorized access. However, no digital system is completely immune to security risks. Our liability for any data incident is limited to the extent permitted by Australian law.
5. How We Use Your Information
- Providing telehealth consultations and medical services
- Appointment scheduling and reminders
- Processing payments and billing
- Responding to general inquiries via contact form
- Complying with legal and regulatory obligations
6. Disclosure of Information
We do not sell, trade, or rent your personal information to third parties. However, we may disclose information in the following circumstances:
- To Halaxy for clinical data management and storage
- To payment processors (Braintree) for payment processing
- When required by law or court order
- To other healthcare providers with your consent for continuity of care
6A. Overseas Disclosure
Some of our service providers may store or process information outside Australia (for example, website hosting, analytics, or communications tools). Where this occurs, we take reasonable steps to ensure appropriate privacy protections are in place in accordance with the Australian Privacy Principles.
7. Data Retention
We retain clinical records for the period required under applicable Australian state/territory health records laws and professional obligations (which may differ for adults and minors). Personal information is retained only as long as necessary to provide services or comply with legal obligations. You may request deletion of your data, subject to legal and clinical record-keeping requirements.
8. Your Privacy Rights & Access to Information
Under the Australian Privacy Act 1988, you have the right to:
- •Access your personal and clinical information
- •Request correction of inaccurate information
- •Request deletion of your data (subject to legal requirements)
- •Lodge a complaint regarding privacy concerns
How to Request Access or Correction
To request access to or correction of your personal or clinical information, please contact us at clinic@legacywomenclinic.com.au with the following details:
- •Your full name and date of birth
- •The specific information you wish to access or correct
- •Proof of identity (if required)
We aim to respond to access and correction requests within 30 days. We may refuse access in limited circumstances where permitted by law (for example, if the information relates to legal proceedings or would harm another person’s privacy). If we refuse your request, we will provide reasons in writing.
9. Contact for Complaints & Inquiries
For privacy concerns, complaints, or inquiries regarding this policy, please contact:
Legacy Women Clinic
Email: clinic@legacywomenclinic.com.au
Address: Suite 15, 68 Albert Street, Berry NSW
If you are not satisfied with our response to your privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
10. Website Contact Form — Important Warning
⚠️ WARNING: Our website contact form is for general inquiries ONLY and is NOT encrypted. Please do not submit sensitive health information via the website form. If you do, we may need to transfer your message into our secure clinical system and/or contact you to use a safer channel. Submitting information via the form is at your discretion and carries security risks inherent to web communications.
For clinical consultations and health-related inquiries, please use the secure Halaxy portal or call us directly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by updating the “Last Updated” date at the top of this policy. Your continued use of our services constitutes acceptance of the updated Privacy Policy.
12. Compliance Statement
Legacy Women Clinic is committed to compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). This Privacy Policy has been designed to provide maximum transparency regarding data handling practices in accordance with applicable Australian law.
This Privacy Policy is effective as of January 2026 and supersedes all previous privacy policies. For the most current version, please visit our website.