Creston Health Concierge Privacy Policy

Creston Health Concierge is committed to the utmost privacy of your personal information.

This Privacy Policy applies to all Creston Health Concierge operations. It explains how we collect, use and disclose your personal information and our reasons for doing so, as well as your privacy rights.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy.

This Privacy Policy was last updated on 4th June 2025. We may update it from time to time and will post any revised policy on this web page.

It is important to us that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Information Officer

Creston Health Concierge
Level 50, 108 St Georges Terrace, Perth WA
(08) 9332 0066
[email protected]

1. Who we are

In this Privacy Policy, ‘us’, ‘we’, ‘our’ and ‘Creston Health Concierge’ are used to refer to Creston Concierge Pty Ltd (ACN 685 227 552).

2. What personal information do we collect?

We only collect personal information for purposes which are directly related to our services and activities, such as adding you to our newsletter database (with your consent) and providing you with details about our services that may interest you.

We may collect the following types of personal information:

contact details, including name, mailing and street address, email address and telephone numbers;

financial details, including your bank account details (if we need to pay you) or payment card details or bank transfer receipt (if you need to pay us);

identification information, including age, date of birth, social media account handles, Medicare number, identification documents (including photo) and the results of identification verification checks;

details of the services that you have enquired about, including any additional information about you necessary to respond to your enquiries and give effect to those services;

details about the medical specialist, GP or other healthcare provider who has introduced you to us;

your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the Website, ad data, IP address and standard web log information;

information relating to you that you provide to us through our website or to our representatives, such as your marketing and communication preferences, and information about service preferences;

with your consent, your health or sensitive information, such as your medical history, family medical history, referral details, healthcare identifier, appointment details, and medical results (including reports and images); and

any other personal information that may be required in order to facilitate your dealings with us.

3. When do we collect personal information?

We may collect these types of personal information directly from you when you:

complete an enquiry form on or contact us through our website;
subscribe to receive news about Creston Health Concierge;
express an interest in providing your medical services to our patients or express an interest in you or your patient being referring to our medical specialists;
ask us to send you information, including about our services or about our medical specialists;
communicate with us through any form of correspondence, chats, email, our website or when you share information with us from social media platforms, applications, or websites;
interact with our website, services, content and advertising; or
apply for a job or position with us.
We may collect these types of personal information from third parties, such as:
a person or organisation who facilitates an introduction from us to you, such as your GP or other healthcare provider;
your guardian or responsible person;
your insurers and institutions;
health funds and government agencies including Medicare, the Department of Veterans Affairs, the Insurance Commission of WA;
in emergency situations where we are unable to obtain your consent, from your relatives or other sources;
a recruitment consultant, previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract; or
our related entities, business service providers, contractors and agents, including our patient onboarding administrator, our marketing contractor, Google Analytics, Campaign Monitor, Mailchimp, Twilio and Stripe.

4. Why do we collect personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

to add you to our database to receive news about Creston Health Concierge (with your consent);
to register you as a new medical specialist or patient;
to engage with you where you are a current or potential referring GP or other healthcare provider, medical specialist or patient;
to manage and develop our relationship with you, including sending you information requested by you;
communicating with you and your healthcare providers or clinicians personally involved with your relevant care (e.g. your referring GP or other healthcare provider and/or our medical specialists) in relation to the health service being provided to you;
passing on your results to our medical specialists to provide an opinion, or for comparison/correlation with subsequent results, based on your consent and/or the consent of your referring GP or other healthcare provider, or clinicians personally involved with your relevant care;
referring you to a hospital for treatment and/or advice based on your consent and/or the consent of our medical specialists, your referring GP or healthcare provider, or clinicians personally involved with your current care;
obtaining test results from diagnostic and pathology laboratories;
having your personal information available for future reference to show trends or significant changes;
complying with our legal obligations, such as producing records to court, producing records to Medicare for audit purposes or the notification of diagnosis of certain communicable diseases, resolving any disputes that we may have with any of our patients or medical specialists, and enforcing our agreements with third parties;
complying with other obligations of notification such as our insurers;
preventing or lessening a serious threat to an individual’s life, health or safety;
conducting internal administration processes including account keeping, billing, payments and recovery of monies, as well as operating, protecting, improving and optimising our practice, services, website and our users’ and patients’ experiences, such as to perform analytics, conduct research, quality assurance, complaint handling and for advertising and marketing;
sending you reminders, updates, security alerts, and information requested by you;
to operate, protect and optimise our business, website and social media accounts (including troubleshooting, data analysis, users’ experience, testing, system maintenance, supporter, reporting);
to comply with our legal and regulatory obligations, including to resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
to consider your employment application.

5. Do we use your personal information for direct marketing?

Making you aware of carefully selected information about Creston Health Concierge and our services is an integral part of our business. We may send you direct marketing communications in the form of emails, SMS, mail or other forms of communication.

You may opt-out of receiving such communications from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).

6. To whom do we disclose your personal information?

We do not transfer your personal information to organisations who wish to use it for their own marketing promotions or other purposes.

We may disclose your personal information for the purposes described in this Privacy Policy to:

your healthcare providers or clinicians personally involved with your relevant care (e.g. GP or other healthcare provider and our medical specialists);
other healthcare providers where your referring GP or other healthcare provider, or our medical specialists, request that your medical results are made available to another doctor, based on your consent or the consent of your referring GP or other healthcare provider and our medical specialists personally involved with your relevant care;
Medicare and/or your health fund, including but not limited to personal information such as your Medicare number and government identifiers;
our related entities and third party suppliers and service providers, including our patient onboarding administrator, our marketing contractor, IT consultants and IT systems and cloud storage providers, marketing providers, email marketing providers, our banks, payment system operators and insurance providers;
our employees;
anyone to whom our assets or businesses (or any part of them) are transferred;
other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Where we do disclose your personal information, it will be on the basis that these individuals and organisations are required to keep the information confidential and secure, and they will only use the information to carry out the instructed services.

7. Disclosure of personal information outside Australia

We may disclose personal information outside of Australia to the individuals and organisations described above, including third party suppliers and service providers located in the United States.

When you provide your personal information to us, you consent to the disclosure of your information outside of Australia. While we are not required to ensure that overseas recipients handle that personal information in compliance with Australian privacy law, we will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles and this Privacy Policy.

8. How long will we keep your personal information?

We will retain your personal information for as long as we consider necessary to provide the relevant services and to maintain business records for tax, legal and regulatory reasons.

9. Using our website and cookies

We may collect personal information about you when you use and access our website. While we do not use browsing information to identify you personally, we make use of cookies and other similar tracking devices to store information relating to your visit such as a unique identifier, or a value to indicate where you have seen a webpage. You can disable cookies through your internet browser but our website may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

10. Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information, including:

holding your electronic information on an encrypted database;
holding your hard copy information in a secure environment only accessible by authorised persons;
using SSL technology and firewalls on our website;
all results which are delivered electronically to you or your GP, healthcare provider or our medical specialists personally involved with your relevant care using an encrypted connection;
all requests by your GP or other health care provider or our medical specialists personally involved with your relevant care to release your results to other healthcare providers are logged;
our staff and contractors sign confidentiality agreements; and
our business has document retention and destruction policies.

Notwithstanding these efforts, we cannot guarantee the security of your personal information held in our systems, nor that that information you supply through the internet or any computer network is entirely safe from unauthorised intrusion, access or manipulation during transmission. Any transmission is at your own risk and we will not be liable for any resulting misuse of your personal data.

Our emails and website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.

11. Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the contact details below. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected. You can also request us to complete information if you believe it is incomplete.

12. Making a complaint

If you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

You may raise a complaint with the Information Commissioner’s Office (ICO) or your local regulator if you consider that we have infringed applicable data privacy laws when processing your personal data. However, we would appreciate the chance to deal with your concerns before you approach the ICO or your local regulator, so please contact us in the first instance.

13. Contact Us