Privacy Policy

Kim Gatenby Acupuncture
Last Updated: June 2026

1. Our Commitment to Privacy
Kim Gatenby Acupuncture (“we”, “us”, “our”) is committed to protecting your privacy and managing your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable health records legislation.
This Privacy Policy explains how we collect, use, disclose, store and protect your personal information, including your health information.

2. Contact Details
Kim Gatenby Acupuncture
Website: www.kimgatenby.com
Email: contact@kimgatenby.com
Phone: +61 2 6583 5635
Postal Address: 39 Cameron Street, Wauchope NSW 2446 AUSTRALIA
If you have any questions about this Privacy Policy or your personal information, please contact us using the details above.

3. What Personal Information We Collect
We may collect personal information including:
Identification and Contact Information
Name
Date of birth
Postal address
Email address
Telephone number
Emergency contact details

Health Information
As a healthcare provider, we collect health information relevant to your treatment, including:
Medical history
Current health conditions
Symptoms and diagnoses
Medications and supplements
Pathology and imaging results
Lifestyle information
Pregnancy and fertility history
Treatment notes
Referrals and correspondence from other healthcare providers

Financial Information
Appointment and billing records
Medicare or private health fund information (where applicable)
Payment transaction records
Health information is considered sensitive information under Australian privacy law.

4. How We Collect Personal Information
We generally collect personal information directly from you when you:
Complete intake or consent forms
Book an appointment
Attend consultations
Contact us by phone, email, website, or social media
Subscribe to newsletters or educational resources
We may also collect information from:
Referring healthcare practitioners
Specialists and allied health providers
Pathology and diagnostic services
Family members or carers (with your consent or where permitted by law)

5. Why We Collect Your Information
We collect, use and hold personal information to:
Provide acupuncture and Chinese medicine services
Assess, diagnose and treat health conditions
Maintain accurate clinical records
Communicate with you about appointments and treatment
Process payments
Manage our business operations
Meet legal and professional obligations
Respond to enquiries and complaints
Provide educational materials or updates you have requested
If you choose not to provide requested information, we may be unable to provide appropriate healthcare services.

6. How We Store and Protect Information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Your information may be stored:
In secure electronic patient records within Cliniko.
In secure email systems.
Within appointment booking and practice administration systems.
In limited paper records where necessary.
We use a range of security measures to protect personal information, including:
Password-protected access to patient records with 2FA.
Two-factor authentication (2FA) on email accounts.
Password-protected computers and devices used to access patient information.
Restricted access to patient records.
Secure cloud-based storage through Cliniko.
Secure storage of patient documents and files within Cliniko.
Regular software updates and security controls.
We retain health records for the period required by applicable laws, professional standards and health records legislation.
We use third-party service providers including Cliniko and MailerLite. These providers may store or process information using cloud infrastructure that may be located outside Australia. We take reasonable steps to ensure that service providers handling personal information have appropriate privacy and security safeguards in place.

7. Use of Cliniko
We use Cliniko as our practice management software to manage appointments, clinical notes, patient records, treatment history, invoicing and practice administration.
Information stored in Cliniko may include:
Contact details
Health history and medical information
Consultation notes
Treatment records
Appointment history
Invoices and payment records
Documents uploaded to your patient file
Cliniko is also used to send appointment reminders and practice communications by email and SMS.
Cliniko employs security measures designed to protect patient information and assists us in maintaining secure electronic health records.

8. Website Information and Analytics
When you visit our website, certain technical information may be collected automatically, including:
IP address
Browser type
Device information
Pages visited
Date and time of visits
Website usage statistics
We use Google Analytics to help us understand how visitors use our website and to improve the performance and user experience of our website.
Google Analytics collects information in an aggregated and generally anonymous form. Information collected may include pages viewed, time spent on the website, traffic sources and general geographic location.
You can learn more about how Google collects and processes data through its privacy information available on the Google website.
Our website may also use cookies and similar technologies to improve website functionality and user experience.

9. Marketing Communications
If you subscribe to our newsletter, download resources, enrol in educational programs, or otherwise provide consent, we may use your contact details to send you:
Practice news and updates
Health and wellness information
Fertility and reproductive health education
Promotional offers and events
We use MailerLite to manage our email marketing communications and subscriber lists.
When you subscribe to our mailing list, your name, email address and any information you choose to provide may be stored securely within MailerLite for the purpose of sending communications you have requested.
You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us directly.
We will not use your clinical health information for marketing purposes without your consent.

10. Disclosure of Personal Information
We will only disclose personal information where necessary for your care, where you have consented, or where required or authorised by law.
This may include disclosure to:
Other healthcare practitioners involved in your care
Referring practitioners
Specialists and allied health providers
Pathology and diagnostic services
Medicare, private health funds or insurers
Professional advisers
Government authorities where legally required
We do not sell personal information to third parties.

11. Overseas Disclosure
Some service providers used by our practice, including cloud-based software providers, may store or process information using systems located outside Australia.
Where personal information is disclosed overseas, we take reasonable steps to ensure appropriate privacy protections are in place.
As technology providers may change their infrastructure from time to time, the countries in which information may be processed or stored may vary.

12. Accessing and Correcting Your Information
You may request access to personal information we hold about you.
You may also request correction of information that is inaccurate, incomplete or out of date.
Requests should be made in writing using the contact details above.
In some circumstances, access may be limited where permitted by law.

13. Making a Privacy Complaint
If you believe we have breached your privacy or mishandled your personal information, please contact us in writing.
We will:
Acknowledge your complaint.
Investigate the matter.
Respond within a reasonable timeframe.
Explain the outcome and any actions taken.
If you are not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
OAIC Privacy Complaints
Phone: 1300 363 992

14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations or information handling practices.
The current version will always be available on our website.