Privacy Policy & Legal


Dr Neels du Toit  and its associated entities (the Company) is committed to protecting the rights and obligations of our patients, staff and all other stakeholders in relation to their personal and health information.

This policy has been written to ensure the way the Company collects, stores, uses, and discloses personal and health information complies with The Privacy Act 1988 and the associated Australian Privacy Principles (APPs) as well as the Health Records Act 2001 (Vic).


This policy applies to all staff, doctors, patients and any other stakeholders engaging with the Company.


Dr Neels du Toit  is responsible for this policy.


This policy will be made available to anyone upon request, free of charge.

It is the Company’s policy to comply with the Australian Privacy Principles (APP) as follows:

    • Open and transparent management of personal information (APP 1)

Personal information refers to information or an opinion about an identified individual.

The type of personal and health information the Company may collect and hold includes information about:

      • Your name, address, date of birth, gender, occupation, email and contact telephone details;
      • Medicare number, WorkCover claim number and contact details, private health fund number and contact details (where available) for identification and claiming purposes;
      • Referring doctor’s contact details and commentary;
      • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors, details of investigations and results, details of previous operations, details of General Practitioners applicable to your medical history.
      • Financial transaction history. Any credit card details will be collected, used, stored and destroyed in a confidential and safe manner in line with the Payment Card Industry Data Security Standard (PCI DSS).

Sensitive information is defined by law as the following type of information: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; memberships; sexual orientation; genetic information; biometric information; biometric templates.

As part of administering the Company’s services, staff may need to collect sensitive information. We will only collect this type of information if it is necessary to deliver a service to you, or where it is required for research purposes and you have specifically consented to the collection of that information.

You are free to provide (or not provide) any information you choose. However, if you do not provide some or all of the information requested, the Company may not be able to offer you the services or provide you with information to assist with your treatment and ongoing management of your medical condition.

    • Anonymity and pseudonymity (APP 2)

To provide you with a safe and lawful medical healthcare service, it is not possible for the Company to deal with you anonymously. However, it is an option to provide feedback anonymously.

    • Collection of solicited personal information (APP 3)

Solicited personal information is information the Company will ask you for. We will need to collect personal information as a provision of the clinical services provided to you.

The Company will collect your personal and demographic information via registration when you present to the clinic for the first time and we will continue to check and update this information upon all subsequent attendances.

During the course of providing medical services, the Company’s healthcare practitioners will consequently collect further personal and health information.

Personal information may also be collected from a patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.

    • Collection of unsolicited personal information (APP 4)

This is information that the Company has not asked for. In the case of receiving unsolicited information, staff will contact the person who sent the unsolicited information as soon as possible and arrange to either, return it, destroy (if lawful and reasonable to do so) or de‐identify it.

    • Notification of the collection of personal information (APP 5)

When collecting personal information from you, the Company will make you aware of the following:

      • the purpose of collecting your personal information (see 4.6);
      • if we have received information from someone other than you eg: referring doctors (see 4.3);
      • the consequences for you if we do not collect some or all of the personal information (see 4.1);
      • if we will disclose this information to any other entities outside of the Company (see 4.6 & 4.8);
      • the process for correction, accessing and complaints handling of your personal information (see 4.12 & 4.13)
    • Use or disclosure of personal information (APP 6)

Personal and health information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to.

The Company will ensure that personal information will only be used for the purpose it was collected, or purposes that you would reasonably expect when providing the information.

Some disclosure may occur to third parties engaged by the Company for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.

Your personal information will be used for the following:

      • To assist the Company with any calls from you;
      • To assist the Company with the payment and collection process;
      • For the Company’s internal administrative requirements;
      • Provide information to other medical, nursing and professionals who provide necessary follow up treatment and ongoing care;
      • To provide data in both identified and de‐identified forms to Government departments in compliance with legislation;
      • Specialist Sub Contractors and Consultants bound by the Privacy Principles who assist us in the

management of our facility e.g. Information Technology support.

      • Research and development as consented by you.

In the event the Company transfers or closes the business or is requested by you to transfer health information to another health service provider, the Company will follow the legislation set out in the Health Records Act 2001.

    • Direct marketing (APP 7)

The use of personal information for direct marketing may be undertaken for the purpose of research and development activities. The Company will provide you with the choice to opt out of receiving any direct marketing contact.

    • Cross‐border disclosure of personal information (APP 8)

Where information is disclosed to an overseas recipient for the purposes of providing our service to you, they will first be screened to ensure no breach of the Australian Privacy Principles and you will be informed and asked for your consent.

    • Adoption, use or disclosure of Government related identifiers (APP 9)

The Company will only use government related identifiers e.g. Medicare numbers, WorkCover claim numbers and TAC claim numbers, to verify your identity. We will not use government related identifiers as the means of identifying you.

    • Quality of personal information (APP 10)

The Company will take reasonable steps to ensure that personal information kept, used or disclosed is accurate, complete, and as up to date as practicable.

You will be asked to confirm and update your personal details when appointments are scheduled and when you check in for consultations and procedures.

To ensure we can maintain this level of accuracy and completeness, we recommend that you:

      • inform us of any errors in your personal information as soon as possible; and
      • update us with any changes to your personal information as soon as possible.
    • Security of personal information (APP 11)

The Company will take reasonable steps to protect the personal and health information it holds from misuse, loss and unauthorised access, modification or disclosure.

Your personal details and health information is contained in electronic format. When hard copies of documents are received, they will be scanned into electronic format and then the hard copies destroyed in a confidential and safe manner.

Access to records is restricted by:

      • electronic password protection where passwords are changed regularly;
      • restricted access is given to staff and visitors;
      • regular backups are taken and stored;
      • all staff and contractors signing confidentiality agreements.

Your personal and health information will stay on the database indefinitely until all of the below are fulfilled;

      • you advise the Company you would like it removed or transferred to another provider;
      • we no longer need the information for the purpose it was originally collected;
      • it is not contained in a Commonwealth record;
      • the Company is not required by legislation to retain this information.

The Company has an obligation to notify you if your personal information is involved in a data breach that is likely to result in serious harm. The notification will include recommendations about the steps you should take in response to the breach.

The Company will be prepared to conduct a quick assessment of a suspected data breach to determine whether it is likely to result in serious harm, and as a result require notification to the OAIC Commissioner.

    • Access to Personal Information (APP 12)

You have the right to access your personal information, subject to certain exceptions allowed by law. We ask that you provide your request for access in writing (for security reasons) and we will provide you with access to that personal information. We will request that you identify, as clearly as possible, the type(s) of information requested.

The right to access your personal information is not absolute and in certain circumstances, privacy laws dictate that we are not required to grant access, for example if:

      • access would pose a serious threat to the life, safety or health of any individual or to public health or public safety;
      • access would have an unreasonable impact on the privacy of other individuals;
      • the request is frivolous or vexatious;
      • denying access is required or authorised by a law or a court or tribunal order;
      • access would be unlawful;
      • access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or seriousmisconduct.

The Company will deal with the request to provide access to personal information within 30 days. If charges are applicable in providing access to you, we will disclose these charges to you prior to providing you with the information eg: photocopying and postage costs.

Health information remains the property of the Company and its healthcare practitioners. You will only have immediate access to documents where you are copied in by the practitioner or permission is granted by the practitioner.

    • Correction of personal information (APP 13)

You may ask the Company to update or correct your personal information at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to your personal information.

The Company will take reasonable steps to correct the personal information we hold if we are satisfied that it is inaccurate, out‐of‐date, incomplete, irrelevant or misleading for the purpose for which it is held.

Questions and Complaints

If you have any questions in relation to the information handling procedures of the Company or any complaint regarding the treatment of your privacy, you can contact the Practice Manager in writing and send to:

Practice Manager 

Dr Neels du Toit 

Monash House

Ground Floor, 271 Clayton Road Clayton Vic 3168

The Company may need more information about any concerns. If the concern is bona‐fide, we will investigate the issue and endeavor to provide you with a written response within 30 days of receipt of your written query. Sometimes we might not be able to provide a written response within the timeframe specified. If this is the case, we will contact you and explain the reason for the delay and provide a new timeframe for a written response.

If you are not satisfied with our response, you should notify the Business Support Administrator in writing. We will escalate the matter and review the response given. You may also direct your issue to the Office of the Australian Information Commissioner’s website at:‐complaints/

You are entitled to make an anonymous complaint or enquiry in relation to this Privacy Policy or your privacy rights. However, the Company may require you to identify yourself if required by law or if it is impractical for the Company to deal with your matter otherwise.


Collection Statement, electronic patient records, staff and contractor’s Confidentiality Agreements, patient’s written request for access to personal information and patient’s written complaints.


This policy should next be reviewed and updated as required 

Privacy Collection Statement

Dr Neels du Toit and its associated entities (the Company) is committed to protecting the rights and obligations of our patients, staff and all other stakeholders in relation to their personal and health information. We have developed a policy to protect patient and other stakeholder privacy in compliance with privacy legislation. The Privacy Act 1988 and the associated Australian Privacy Principles (APPs) as well as the Health Records Act 2001 (Vic) provide a privacy protection framework that supports the rights and obligations of our patients, staff and other stakeholders.

The Company collects personal information (such as name, contact details, date of birth, Medicare number, WorkCover and TAC details) directly from you when you book a consultation or procedure with the clinic. Health information will be collected by our practitioners and clinical staff during your consultations/procedures.

We collect your personal and health information for the purposes of communicating with you to manage your ongoing medical condition, responding to your requests / enquiries, improving our services and the collection of payments and fees. If we do not collect this information as described, we may not be able to offer you services or provide you with information to assist you with the treatment and ongoing management of your medical condition.

Some disclosure may occur to third parties engaged by the Company to ensure you are provided with appropriate medical care (for example, where a medical device is needed for your treatment, the company supplying the device may need some of this information to appropriately program the device), or for our business purposes (e.g. accreditation and provision of information technology services).

In addition, we may use this information for the purpose of research, where you have provided your consent for us to do so. All information utilised for research purposes will be de‐identified before the research is published and/or disclosed to any third parties. We may use your personal information to contact you with newsletters, marketing or promotional materials and any other information that may be of interest to you. You may opt out of receiving any, or all, of these communications by following the unsubscribe link or instructions provided in any email we send. Health information will be collected from our healthcare practitioners during your consultations/procedures

Our Privacy Policy contains information about how you may access your personal information and the correction of this information. This policy also contains information about how you may make a complaint about a breach of the Australian Privacy Principles and how we will deal with such a complaint.

You can contact us at or by phone on (03) 9595 6118