Our Commitment

The purpose of this Privacy Policy is to communicate to you how Bulgarr Ngaru Medical Aboriginal Corporation (BNMAC) manages, collects, deals with, protects and allows access to personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (the APPs). We understand the importance placed on the privacy of your personal information. We will endeavour to make you aware of the contents of this Privacy Policy before or as soon as reasonably practicable after collecting any personal information about you.

This Privacy Policy is available at our website at www.bnmac.com.au

We may be contacted Monday to Friday 08.30am to 12.30 pm and 1.30pm to 4.30pm on: 02 6644 3500.


This Privacy Policy applies to our management of the personal information of our clients, customers, suppliers and prospective employees. This Privacy Policy does not apply to our acts and practices which relate directly to the employee records of our current and former employees.

Why do we collect, hold, use and disclose personal information?

We collect, hold, use and disclose personal information for the following purposes:

• For the provision of primary healthcare activities; and

• as is reasonably necessary and convenient for our business’ functions and activities.

Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent.

Do you have a right to remain Anonymous or use a Pseudonym when accessing services?

If you would like to access any of our services on an anonymous basis or by using a pseudonym, please tell us. However, we will require you to identify yourself if:

• we are required by law to deal with individuals who have identified themselves; or

• it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.

Please be aware that your request to be anonymous or to use a pseudonym may affect our ability to provide you with the requested services.

What kind of personal information do we collect and use?

The nature and extent of personal information that we collect varies depending on your particular interaction with us and the nature of our functions and activities.

Personal information that we commonly collect, hold, use and disclose could include your name, position, date of birth, current address, facsimile numbers, email address, telephone numbers, next of kin, tax file number, education details, Australian Business Number, bank details, business references, financial details, details about your business, drivers licence number and preferred means of contact, professional credentials, hobbies and interests.

How do we collect and hold personal information?

Where possible, we will collect personal information directly from you. We collect information through various means, including interviews, appointments, forms and questionnaires (whether in hardcopy or electronic format, including information submitted via our website or other electronic means). If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us.

In some situations we may also obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.

If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will within a reasonable period, destroy or de-identify such information received.

Our internet service provider may record details of visits to our site and when visiting our site your visit may be logged and the following information collected:

• the visitor’s server address, domain name and browser type;

• the date and time of the visit to the site;

• the pages accessed and the documents downloaded;

• the previous website visited;

• the user’s operating system; and

• the links followed from other sites to get to the current site.

The information listed above will only be used by us internally for statistical and research purposes.

When do we use and disclose your personal information?

We will only use and disclose your personal information:

• if we get your consent; or

• for purposes which are related to the purposes for which the information was collected,

• for the purpose advised to the Client at the time of collection of the information,

• as required for delivery of the health service to the Client.

• Disclosure to others involved in your healthcare, including treating doctors, pathology services, radiology services and other specialists outside this medical practice. This may occur through referral to other doctors or for medical tests and in the results returned to us following these referrals

• Disclosure to enable recording on medical registers. For example: the Diabetes Register or the Pap Test Register

• as required for the ordinary operation of our services (i.e. to refer the Client to a medical specialist or other health service provider),

• as required under compulsion of law, or

• where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety.

• for quality assurance, training, billing, liaising with government offices regarding Medicare entitlements and payments and as may be required by the Medical Centre’s insurers.

• in accordance with this Privacy Policy and the Privacy Act.

For the purposes referred to in this Privacy Policy, we may disclose your personal information to other parties including:

• your referees;

• your former employers;

• credit agencies;

• our professional advisors, including our accountants, auditors and lawyers;

• our Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth)); and

• our contractors and suppliers.

Health specific personal information

BNMAC recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the highest privacy compliance standards relevant to BNMAC to ensure personal information is protected.

For administrative and billing purposes, and to enable the clients to be attended to by other medical practitioners at BNMAC, client information is shared between the medical practitioners and other health providers at the medical centre. BNMAC and the medical practitioners may collect personal information regarding clients (including health information) for the purpose of providing medical services and treatment.

Personal information collected will generally include:

• the client’s name, address, telephone number and Medicare number,

• current drugs or treatments used by the client,

• previous/current medical history, including, where clinically relevant, a family medical history, and

• the name of any health service provider or medical specialist to whom the client is referred, copies of any letters of referrals and copies of any reports back.

BNMAC may access information:

• provided directly by the client,

• provided on the client’s behalf with the client’s consent,

• from a health service provider who refers the client to medical practitioners providing services at or from BNMAC, or from health service providers to whom clients are referred.

Using your information for Direct Marketing Purposes

Direct marketing involves a business attempting to locate, contact, off and make incentive-based information available to clients. Direct marketing is just what it sounds like – directly reaching a market (customers and potential customers) on a personal (phone calls, private mailings) basis, or mass-media basis (infomercials, magazine ads, etc.).

We will only use or disclose your personal information for the purposes of direct marketing if:

• we collected the information from you;

• it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;

• we provided you with a simple means to “opt-out” of direct marketing communications from us; and

• you have not elected to “opt-out” from receiving such direct marketing communications from us

Legal Reasons Why We Collect Personal Information

Some information we collect is in order to comply with our legal obligations for public interest reasons. For example: mandatory reporting of communicable diseases.

Do we send information overseas?

It is unlikely that we will disclose personal information to overseas recipients we will].

If we disclose personal information to overseas recipients, we will take reasonable steps to ensure that such recipients do not breach the Privacy Act and the APPs unless:

• we believe that the overseas recipient is subject to a law that has the same effect of protecting personal information in a way that, overall, is at least substantially similar to the way in which the Privacy Act and the APPs protect personal information and there are mechanisms available for you to access to take action to enforce that protection of law; or

• we obtain your express consent to the disclosure of personal information to overseas recipients.

Access to your personal information

You have a right to access your personal information.

We are not obliged to allow access to your personal information if:

• we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;

• giving access would have an unreasonable impact on the privacy of other individuals;

• the request for access is frivolous or vexatious;

• the information relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;

• giving access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;

• giving access would be unlawful;

• denying access is required or authorised by or under an Australian law or a court/tribunal order;

• we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;

• giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

• giving access would reveal internal evaluative information in connection with a commercially sensitive decision-making process.

Correction to your personal information

We will also take reasonable steps to correct personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading if:

• we are satisfied the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to a purpose for which it is held; or

• you request us to correct the information.

If you make a request for access to or correction of personal information, we will:

• respond to your request within a reasonable period; and

• if reasonable and practicable, give access to or correct the information in the manner requested.

If we refuse to give access to the personal information because of an exception or in the manner requested by you, we will give you a written notice that sets out at a minimum:

• our reasons for the refusal (to the extent it is reasonable to do so); and

• the mechanisms available to complain about the refusal.

If we refuse a request to correct personal information, we will:

• give you a written notice setting out the reasons for the refusal and how you may make a complaint; and

• take reasonable steps to associate a statement with personal information it refuses to correct;

We reserve the right to charge you reasonable expenses for providing access or making a correction to personal information, for example, a fee for photocopying any information requested by you. If we charge you for giving access or making a correction to your personal information, such charges must:

• not be excessive; and

• not apply to the making of the request for access or correction to personal information.

Nothing in this Privacy Policy replaces other informal or legal procedures by which an individual can be provided with access to or to correct personal information.

Integrity of your personal information

We will take reasonable steps to:

• ensure that the personal information that we collect is accurate, up to date and complete;

• ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and

• secure your personal information.

We will take \reasonable steps to protect personal information from:

• misuse, interference and loss; and

• unauthorised access, modification or disclosure.

We will take reasonable steps to destroy or de-identify personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information.

Website privacy

BNMAC’s website contains links to other sites. Please be aware that BNMAC is not responsible for the privacy practices of any linked sites. We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit. All links to external sites are provided for your convenience. The information, products and advertisements contained in the linked sites are neither approved nor endorsed by BNMAC, and BNMAC is not responsible for such information, products or advertisements.

Your privacy is important to us and we want you to feel comfortable visiting our website. Any personal information that Clients give to us, including e-mail addresses, will be used only in the following ways:

• personal data given to us by you will be securely stored,

• we will not provide your personal data to any third party without your permission,

• we do not automatically collect your personal e-mail address simply because you visit our site,

• if we join with a third party to provide services and you sign up for those services, we will share your name and other contact information necessary for our partner to provide the services to you,

• if you view specific pages or download information from specific pages on our website, we will track and add the number of your visits to the aggregate number of visits by all users in order to better design our website,

• we may share aggregate demographic information with our affiliates. This is not linked to any personal information that can identify you or any other visitor to our web site.

By using BNMAC’s website, you consent to the collection and use of your personal information as detailed in this Privacy Policy. We will post any changes to this Privacy Policy on our website so that you are kept up to date with the type of information we collect and the ways in which we use it.

Can I transfer my medical records to a new medical practitioner?

Clients have the right to attend a medical practitioner of their choice and are free to leave a practice and attend another if they wish.

How do I arrange this?

There is a professional obligation for a medical practitioner to provide a new treating medical practitioner with all of the information that they need to take over a Client’s care.

This is usually done by the Client arranging for their new medical practitioner to send a request to BNMAC for transfer of medical records which has been signed by the client.

When a Client requests that their health records be transferred to a medical practitioner outside BNMAC, the BNMAC medical practitioner has an obligation to provide a copy or summary of the Client health record in a timely manner to facilitate care of the Client.

For medico-legal reasons, BNMAC retains the original record and provides the new medical practitioner with a summary or a copy. If a summary of the Client’s health record is provided to the new medical practitioner, a copy of the summary should be kept on file for record purposes.

What Happens If You Choose Not To Provide your Personal Information to BNMAC?

You are not obliged to give us your personal information. However, if you choose not to provide BNMAC with the personal details required for assessment of your health, we may not be able to provide you with the full range of our services necessary for your health management.

Changes to the Privacy Policy

BNMAC has the right to change the Privacy Policy at any time. If there are updates to BNMAC’s Privacy Policy, we will address the changes promptly and update the revision date of this document.


If you would like to make a complaint about the way we collect, use, disclose, store or administer your personal information, or otherwise consider there may be a breach of the Privacy Act or the APPs, you may lodge a complaint under our Complaints Policy.

If you have any complaints about our privacy practices or wish to make a complaint about how your personal information is managed please contact the Practice Manager. All complaints will be dealt with fairly and as quickly as possible.

A privacy complaint relates to any concern or dispute that you have with our privacy practices as it relates to your personal information. This could include matters such as how personal information is collected, stored, used, disclosed or how access is provided. We prefer that your complaint is in writing.

Information on how to lodge a complaint can be found on the Client Information Brochure at each of the clinics or on our website http://www.bnmac.com.au/

All complaints will be treated seriously and dealt with promptly. The Complaints Policy is our way of ensuring your privacy concerns are raised and addressed promptly.