Privacy Policy

Privacy Policy

Gippsland Women’s Health (GWH) is committed to protecting your privacy of the personal information you disclose to us or which we acquire about you. We recognise and value your trust in us to maintain your personal information and to only use and disclose the information for the purposes for which we collected the information and otherwise in accordance with applicable legislation.

This policy explains:

  • how we collect personal information from individuals;
  • the steps we take to protect the privacy of personal information we collect, use and disclose;
  • how we may use such information and to whom information may be disclosed; and
  • how individuals can request to access and correct the information we hold, lodge complaints with us in relation to alleged breaches of privacy or to make a query related to privacy.

Personal information may be collected from any individual with whom we may have contact. This includes women contacting us seeking a referral to a service provider, a service provider that has submitted information for inclusion in our database, job applicants, representatives from current and prospective suppliers and information sourced from our research activities.

Types of information we collect and hold

For the purposes of this policy, ‘personal information’ is information or opinion that identifies an individual or which could reasonably identify an individual. It may include (but not necessarily be limited to) an individual’s name, contact details and records of the individual’s dealings with us or with our staff.

We may collect a range of personal information about you, including your name, address, telephone number, email address, age and date and place of birth.

We may also collect personal information in other situations and in other circumstances. For example, we may collect personal information from an individual in the course of completing our research activities. Information may be provided to us when an individual submits a job application to us or when an individual contacts us for the purpose of providing goods and/or services to us.

We may also collect information about you when you visit our website. We may use third party tools to track visits to our website and to provide analytical services concerning those visits. The information we collect from visits to our website is generally de-identified, unless you specifically complete and submit a form that we make available online via our website. We generally do not use such information to identify specific individuals.

However, due to the Internet’s nature, such information may contain details which could identify a particular individual. Such information includes the IP address of the computer accessing our website, the Internet service provider used to access the Internet and our website, the web-page directing the individual to our website and the individual’s activity on our website.

How we collect personal information

We collect personal information using lawful and fair means and generally only when relevant to our operations and activities.

We may collect personal information about an individual from a variety of sources using a variety of means, including:

  • a form (either physical or online) or other document that is used in a contract or transaction between us and you that is completed and submitted to us;
  • through feedback provided to us in relation to the services provided;
  • a telephone, email or in-person inquiry or discussion about us and/or the services we provide;
  • mail correspondence, emails and other electronic means;
  • through publicly available sources of information;
  • through interactions with our social media channels that we offer or monitor;
  • from job applicants and staff members;
  • direct contact in the course of us providing services (including the administration of accounts established with us);
  • in the course of conducting research; and
  • from current and prospective suppliers of goods and/or services to us.

Subject to the foregoing, we generally collect personal information about an individual directly from that individual and only collect their personal information with the individual’s consent, unless it is unreasonable or impracticable for us to do so. Additionally, we generally only collect personal information when we specifically request that information.

From time to time, we may receive unsolicited personal information about an individual. In accordance with our statutory obligations, we will determine whether or not we could lawfully have collected such information had we solicited the information. If we determine that we could not lawfully have collected the information then we will take steps to destroy or de-identify that information, except to the extent we are required or authorised to keep the information by law or court order.

Dealing with us anonymously or on a pseudonymous basis

Subject to the following, you may interact and deal with us on an anonymous or pseudonymous basis in relation to a particular matter.

However, if you choose to interact and to deal with us in this fashion, or you do not provide us with personal information when requested, then we may be unable to provide you with all the services and information that you seek from us or otherwise handle the particular matter to your satisfaction.

Further, we may need to verify your identity as part of our response to a request to access and/or correct personal information that we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous manner, then we may be unable to satisfy your request.

How we use the personal information we collect

As a general principle, and in accordance with our statutory obligations, personal information is only used for the primary purpose(s) for which the information was collected or any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use the collected information (and to the extent the information in question comprises sensitive information, including health information, directly related to the primary purpose for which the information was collected), or as otherwise permitted or required by law.

We will take reasonable steps to make you aware of the purpose(s) for which the personal information collected may be used at or before the time of collection.

We may use personal information collected about an individual for one or more of the following purposes:

  • to provide our services to the individual;
  • to process transactions and administer accounts;
  • to address queries and to resolve complaints;
  • to make a referral to a health practitioner or service provider;
  • to send information updates, marketing materials and newsletters to current and prospective customers and other individuals associated with us who have consented (either expressly or impliedly) to receive such information and materials, provided that they have not opted out from receiving such information;
  • to improve our services, our website, our other means of communicating with our current and prospective supporters, users of our services, and with people who have participated in our research activities.

We may also use personal information collected about an individual to assist us in complying with our regulatory and statutory obligations in relation to the research we undertake and the services we provide.

We may use the information we collect to mark, on a publicly accessible map online, the locations of service providers and health practitioners who have agreed to provide their address details to us.

To whom we may disclose your personal information

We may disclose personal information we collect from and about individuals to third parties but only on an as-needs basis and in order to help fulfil the purpose(s) for which we collected the personal information, or any secondary purpose related to the primary purpose for which we may be permitted or required to disclose such information by law.

Without limiting the foregoing, we may disclose personal information (including sensitive information) to any of the following third parties in any of the following situations:

  • where we have been requested to make a referral of an individual with a service provider, we may disclose personal information about the individual to the service provider;
  • personal information about service provider may be shared with a woman requesting a referral from us;
  • personal information may be disclosed to our agents or contractors (including, for example but without limitation, our agents and contractors in order to enable them to provide products and/or services to us under contract which may directly or indirectly benefit the individual from whom the information was collected);
  • personal information may be disclosed to our professional advisers (including our legal advisers, accountants and auditors) to facilitate their provision of advice to us; and
  • personal information may be disclosed to government, statutory and regulatory departments, agencies and authorities, for the purpose of our compliance with our statutory obligations or obligations we owe to a department or other agency under a funding or other agreement.

We may also disclose personal information (including sensitive information) to a third party in the following situations:

  • where you have consented to the disclosure;
  • where we are required to disclose by law or court order, or other governmental order or process to disclose, where we believe in good faith that the law compels us to disclose the information;
  • as a result of any obligations we owe under any contract;
  • if it is reasonably necessary to do so in order to identify, contact or bring legal action against someone whom we suspect or know is causing harm;
  • in the event there are discussions or negotiations concerning a merger of us with another organisation

Where we engage third parties to provide products and/or services to us or to users of our services on our behalf, those third parties may have access to personal information (including sensitive information) that we hold about individuals. We generally do not authorise those third parties to use any personal information we may disclose or allow the third parties to access to use or disclose such personal information for any purpose other than to facilitate the completion of their obligations they owe to us.

In addition, we may disclose de-identified statistics regarding the users of our services to reputable third parties and to the Government primarily for the purpose of assisting us to improve our service offering and to meet our contractual obligations owed to the Government.

Except as contemplated under this privacy policy, and unless otherwise permitted or required by law, we will always attempt to ensure that our disclosure of personal information to other parties is carried out in a manner that does not personally identify individuals, to the extent that it is practicable and lawful to do so.

Direct marketing

We will comply with our statutory obligations regarding the use of your personal information for the purpose of direct marketing. We may directly market ourselves and our services to you if we collected information directly from you in circumstances where you would reasonably expect us to use your information to market ourselves or our services to you.

Where we collect your personal information from a third party, we will not use that information to directly market to you unless you consent to receive such communications from us.

All direct marketing communications which we send will include an easy opt-out procedure if at any time you wish for us to stop sending you marketing communications.


We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.

We regularly review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over the Internet or over mobile data and communications services can be guaranteed to be totally secure.

In addition, our employees and contractors who provide services related to our information systems and who have access to personal information we collect and hold are required, as a condition of their employment or engagement, to respect the confidentiality and privacy of any personal information we hold.

Quality of the personal information we hold

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of the information we hold largely depends on the accuracy of the information supplied to us or which we collect. If at any time you discover that any information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us to correct the information.

Accessing and correcting personal information we hold

Where we hold personal information about an individual, that individual is entitled at any time (upon request) to access the personal information we hold about that individual.

Where we receive a request to access the personal information we hold about an individual, we will respond within a reasonable period of time. Unless it is unlawful or impracticable for us to do so, we will generally provide access to the requested information in the manner requested.

Please note that we are entitled, under the relevant law, to charge a reasonable administrative fee to cover our costs incurred in providing access to the personal information we hold about an individual.

Please also note that we reserve the right to verify the identity of the person making an access request, to ensure that we are not inadvertently disclosing personal information to an individual not entitled to access such information.

Further, we reserve the right to redact the information we make available in response to an access request, to protect the privacy of other individuals.

We may from time to time refuse to provide access to the information we hold about an individual, in accordance with the relevant law. Where we refuse access, we will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.

As noted above, we take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information. If we refuse the correction requestion, we will provide written reasons and information about the complaint process should you not be satisfied with our reasons.

Where information about you is incorrect and the information has previously been disclosed to third parties, we will take reasonable steps to notify third parties of the correction.

Lodging a complaint

If you wish to complain about an alleged breach of the privacy of your personal information, the complaint should be made in writing to us and addressed to the attention of our privacy officer. The details of our privacy officer are set out below.

We will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable period of time following receipt of your complaint (generally within 30 days of receipt).

Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.

We will verify your identity and seek (where appropriate) further information from you in connection with your complaint.

Where required by law, we will provide our determination on your complaint to you in writing.

Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider your complaint to be vexatious or frivolous.

If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of our decision. Such internal review will be completed by an officer not previously involved in your complaint.

If you still remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the Office of the Australian Information Commissioner.

Contact Details

In relation to any query, concern or complaint about how we comply with our privacy obligations, please direct such communications to the following:

Privacy Officer
Gippsland Women’s Health
E:  admin@gwhealth.asn.au
T:  +61 3 5143 1600

GWH kindly acknowledge this policy has been sourced and adapted from Women’s Health Victoria.