Skip to content
NexAge Health
Home About
How It Works Education Store FAQ Compliance
Book Consultation
(08) 6328 1099

Legal

Privacy Policy

Last updated: 19 March 2026

NexAge Health Pty Ltd ("we", "us", "our") is committed to protecting your privacy and handling your personal information with care, transparency, and respect. This policy explains how we collect, use, store, and disclose your personal information, including your health information, in connection with our telehealth services.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained within it. The APPs set out how organisations like ours must manage personal information. You can read the full APPs on the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

This policy was last updated on 19 March 2026. We may update it from time to time. The current version is always available on our website.

1. What Information We Collect

We collect two categories of information about you: personal information and health information.

Personal information includes details that identify you as an individual, such as:

  • Full name
  • Date of birth
  • Contact details: email address, phone number, postal address
  • Payment information (processed securely through third-party payment processors)
  • Communication records: emails, messages, and consultation notes

Health information is a subset of sensitive information under the Privacy Act. We collect health information because it is essential to delivering safe, personalised clinical care. This may include:

  • Medical history and current health conditions
  • Pathology results and laboratory data
  • Consultation notes and clinical assessments
  • Medications, supplements, and treatment history
  • Responses to our online health intake forms
  • Any other health details you share with us during your program

2. How We Collect Your Information

We collect your information in the following ways:

  • Directly from you: via our website, online intake forms, telehealth consultations, phone calls, and email
  • From referring practitioners or other treating healthcare providers, with your knowledge
  • From pathology laboratories we refer you to for testing
  • From our telehealth platform and related digital tools

Where we collect information from a third party, we take reasonable steps to make you aware that we have received it and how it will be used.

We collect your information for the primary purpose of delivering clinical care and telehealth services to you. We will always tell you why we are collecting information and how we intend to use it, at or before the time of collection.

3. Why We Use Your Information

We use your personal and health information to:

  • Assess your suitability for our programs and deliver clinical care
  • Conduct and document telehealth consultations
  • Order and review pathology and diagnostic results
  • Build and monitor your personalised health program
  • Communicate with you about your care and appointments
  • Process payments and manage your account
  • Comply with our legal and regulatory obligations as a healthcare provider
  • Send you service-related updates and, where you have consented, health education or program information

We may also use your information for purposes directly related to the above, where you would reasonably expect us to do so. We will not use your information for unrelated purposes without your consent.

You may unsubscribe from marketing or educational communications at any time by contacting us in writing or using the unsubscribe link in any email we send you.

4. Health Information: Consent and Additional Protections

Health information is classified as sensitive information under Schedule 3 of the Privacy Act (APP 3). It receives a higher level of protection than general personal information. We will only collect your health information with your express consent, or where another exception under APP 3 applies (for example, where collection is required or authorised by law, or is necessary to prevent a serious threat to life, health, or safety).

By completing our health intake forms and engaging our clinical services, you provide express consent for us to collect, use, and disclose your health information for the purposes described in this policy. You may withdraw consent at any time by contacting us in writing. Withdrawing consent may mean we are unable to continue providing clinical services to you.

We will only use or disclose your health information:

  • For the primary purpose for which it was collected: delivering clinical care to you
  • For a directly related secondary purpose that you would reasonably expect
  • With your express consent
  • Where required or authorised by Australian law

We do not use your health information for commercial or marketing purposes without your explicit consent.

5. Who We Share Your Information With

We may share your personal and health information with the following parties, where necessary to deliver your care or meet our legal obligations:

  • Pathology laboratories: to arrange and receive blood tests and diagnostic results
  • Compounding pharmacies and dispensing services: to fulfil prescriptions issued by your doctor
  • Referring or treating practitioners: where clinically relevant and with your knowledge
  • Telehealth platform providers: who host and facilitate our video consultations and clinical records
  • Payment processors: to securely process payments (they do not retain your health information)
  • IT and cloud service providers: who support our systems and are bound by confidentiality obligations
  • Regulatory or government bodies: where required by law, including AHPRA, Medicare, or a court order

We do not sell your personal information to third parties. We do not share your health information for advertising purposes.

Where we engage third-party service providers who may access your information, we take reasonable steps to ensure they handle it in accordance with the Privacy Act and the APPs.

Some service providers may store data on servers located outside Australia. Under APP 8, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles your information in a way that is consistent with the APPs. This includes contractual obligations that bind the recipient to equivalent privacy protections. We aim to store health records on servers located within Australia wherever practicable.

6. Telehealth Platforms, Cookies, and Digital Tools

We deliver consultations and manage clinical records through third-party telehealth platforms. These platforms are used because they provide secure, encrypted environments designed for healthcare. Their own privacy policies govern how they handle data on their systems. We encourage you to review the privacy policy of any platform you use as part of your care.

Our website uses cookies and analytics tools (such as Google Analytics) to improve your experience and understand how our site is used. Cookies are small text files stored on your device. They help us recognise returning visitors, track page usage, and improve site performance. No health information is collected via cookies. Cookie data is collected separately from your clinical records.

You may disable cookies through your browser settings. Doing so may affect some website functionality. It will not affect your ability to access our clinical services.

7. How We Protect Your Information

We take the security of your information seriously. We use reasonable technical and organisational measures to protect your personal and health information against:

  • Unauthorised access, use, or disclosure
  • Loss, theft, or accidental destruction
  • Misuse or modification

These measures include:

  • Encrypted storage and transmission of data
  • Access controls: only authorised clinical and administrative staff can access your records
  • Secure telehealth platforms designed for healthcare settings
  • Staff training on privacy obligations and data handling

No system can guarantee absolute security. If you have concerns about the security of your information, please contact us.

8. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we experience a data breach that is likely to result in serious harm to any individual whose information is involved, we will:

  • Notify the affected individual(s) as soon as practicable
  • Notify the OAIC as required by law
  • Take immediate steps to contain and remediate the breach

9. How Long We Keep Your Information

We retain health records for a minimum of seven years from the date of the last consultation entry, in accordance with Australian healthcare record-keeping requirements. If you were a minor when care was provided, we retain your records until you turn 25 years of age, or for seven years from the last entry, whichever is later.

Once your information is no longer needed, we take reasonable steps to securely destroy or permanently de-identify it.

10. Your Right to Access Your Information

You have the right to request access to the personal and health information we hold about you. To make an access request, please contact us in writing using the details at the end of this policy.

We will respond to your request within a reasonable timeframe. We will not charge a fee to lodge an access request, but we may charge a reasonable administrative fee to cover the cost of retrieving and providing copies of your records.

To protect your privacy, we may ask you to verify your identity before releasing any information.

In limited circumstances, we may decline an access request, for example where providing access would pose a serious threat to someone's health or safety, or where the law requires or permits us to withhold it. If we decline your request, we will tell you why and explain what options are available to you.

11. Your Right to Correct Your Information

If you believe the personal or health information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us and we will take reasonable steps to correct it.

Keeping your information current helps us deliver safe and appropriate clinical care. Please notify us promptly if your contact details, health conditions, or medications change.

12. Privacy Complaints

If you believe we have not handled your personal information in accordance with this policy or the Privacy Act, we encourage you to contact us first so we can resolve the matter directly.

We will acknowledge your complaint promptly and aim to resolve it within 30 days. If we need more time, we will let you know.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

13. Contact Us

For any privacy-related questions, access requests, correction requests, or complaints, please contact us at:

For privacy-specific enquiries, you may also contact our compliance team directly at [email protected].