1.Introduction

(a) Mulch Healthcare Pty Ltd (trading as Alike Specialist Medical Healthcare Hub) (‘Alike’) respects the privacy of all our customers and clients and organisations with whom we interact. We are committed to complying with all applicable privacy laws, including (without limitation) the Privacy Act 1988 (Cth), Australian Privacy Principles, and National Disability Insurance Scheme Act 2013 (Cth)p. Our policy is to respect and protect the privacy of all people connected with our services, including the National Disability Insurance Scheme (NDIS) inclusive of participants (clients); , providers, employees and contractors.

(b) The Privacy Act 1988 (Cth) authorises the collection of personal information where this is required to facilitate access to services, including health services and provided under the NDIS and perform the other functions required for service provision. The National Disability Insurance Scheme Act 2013 (Cth) sets the provisions for confidentiality and secrecy which limit how Alike collect and use personal information and when and to whom this information can be disclosed.

2.What information we collect and store

(a) Alike will collect information which is considered reasonably necessary to carry out our role as health service providers. The kinds of information we collect and store includes, but is not limited to, personal information (as defined under the Privacy Act 1988 (Cth)) about the participants and other users of our services, and about our employees, contractors and providers:

(i) identity information, such as your full name and date of birth;

(ii) contact details, such as your email and phone number;

(iii) government identifiers, such as your Medicare number and participant number under the National Disability Insurance Scheme (NDIS) if applicable;

(iv) the relevant NDIS Plan information when provided;

(v) if you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system;

(vi) to liaise with your health fund, government and regulatory bodies such as Medicare and the Department of Veteran’s Affairs;

(vii) any information or documents which you upload to Alike;

(viii) information about your interactions with us;

(ix) information you provide us;

(x) your occupation;

(xi) your preferences;

(xii) your relationship to other users of Alike;

(xiii) information about you, which is held by third parties, where you have provided your separate consent to such collection, such as information that is or was held by the National Disability Insurance Agency;

(xiv) other personal information that may be required in order to facilitate your dealings with us;

(xv) financial information, such as your bank account details or credit card information, when necessary for processing payments or reimbursements;

(xvi) depending on your relationship with us, the types of sensitive health information that we may collect from you includes details about your medical conditions, treatment, and care. We may also collect information on your cultural background when this is relevant to your care (e.g. to ensure culturally appropriate practices, and to identify cultural-specific programs that may be available to you). Other sensitive information we may collect, where relevant, include your psychosocial situation, and sexual orientation.

(b) Alike may also collect ‘health information’ as defined under the Privacy Act 1998 (Cth), such as information about your health or disability, doctors or other health professionals you have seen or health services you have received.

3.Sensitive information

(a) Sensitive information is defined under the Privacy Act 1988 (Cth) as “Information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a

(b) political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record; or health information”.

(c) Without your consent, we will not collect information sensitive information. Sensitive information will only be collected if it is specifically required for operational purposes. This is subject to certain exceptions such as when collection is required by law, or when the information is necessary for the establishment, exercise or defence of a legal claim.

(d) Prior to collecting any sensitive information, we will obtain your explicit consent through a clear, specific written consent form that:

(i) identifies each category of sensitive information to be collected;

(ii) explains the specific purpose(s) for collection; and

(iii) provides you with distinct opt-in choices for each proposed us.

(e) You may withdraw your consent at any time by submitting a written request, upon which we will cease processing the relevant sensitive information except where required by law.

4.Purposes of information collection and storage

(a) Where an individual has provided us with consent, Alike may use and disclose the personal information we collect to:

(i) provide and improve our services to our clients and their family members;

(ii) process donations and communicate with our donors and supporters, including sending them information (which may be by phone, email or other electronic means);

(iii) communicating with our clients and their family members, supporters, and volunteers (including responding to queries and complaints) and distributing our publications, conducting events and raising awareness about our services; and

(iv) our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.

(b) We will not share any of your personal information with third parties without your consent except:

(i) if we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including other service providers or insurers) or court order;

(ii) the disclosure of the information will prevent or lessen a serious and imminent threat to somebody’s life or health;

(iii) to our contractors, service providers and volunteers only to the extent necessary for them to perform their duties to us;

(iv) in the event of a merger, acquisition, or sale of all or a portion of our assets, in which case personal information held by us about our customers will be among the assets transferred to the new owner;

(v) where disclosure is made to third-party service providers or partners, subject to clear and binding contractual obligations requiring them to maintain the confidentiality of personal information, implement appropriate security measures, limit data use to specified purposes, and promptly notify us of any data breaches or unauthorised access.

(c) We are obliged to report to the Australian government as required by law and from time to time to other bodies on the services they fund us to provide. Reports cover demographic and service use information only.

5. Processes for collecting and storing information

(a) Alike has systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:

(i) access to personal information is on a need-to-know basis, by authorised personnel;

(ii) storage and data systems are regularly updated and audited;

(iii) limited paper-based records, which are held securely;

(iv) use of encryption technologies to protect personal information during transmission and storage;

(v) implementation of multi-factor authentication, regular security assessments, and documented incident response procedures for all systems containing personal information.

(b) When no longer required, personal information is either archived or destroyed in accordance with the law.

(c) Personal information will be retained for 7 (seven) years from the last service date, after which, subject to law, it will be securely destroyed through certified document shredding for physical records and permanent digital erasure for electronic data.

6. Accessing and correcting your personal information

(a) Alike aims to ensure that all personal information held about a person is accurate, up to date, complete and relevant before acting on it. If a person learns that the personal information that Alike holds about them is inaccurate, outdated, incomplete, irrelevant or misleading that person can contact Alike through the methods detailed in Section 9 so that the information can be updated accordingly.

(b) Where a person requests Alike to correct the personal information we hold about them, we will action this request promptly. A person can request that we notify this change to any other agencies or organisations that we have previously disclosed the personal information too.

(c) If we do not agree to correct our records as requested, we will give written notice of the decision, setting out our reasons for refusing this request and how the person can lodge a complaint about our decision.

(d) We will respond to your request to access or correct your personal information within 30 days of receiving your request. If we require more time to respond, we will notify you and explain the reasons for the delay.

7. Links to third party websites

Our website https://www.aestheticsatalike.com.au contains external links and widgets operated by certain third parties such as Facebook, Instagram and Google. These third parties may not be subject to the Privacy Act 1988 (Cth). is not responsible for the privacy practices of these third parties, or the accuracy, content and security of their websites. You should review the Privacy Policies of these individual websites and use your discretion regarding the use of their site.

8. Making a complaint

(a) You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting Alike in writing, by email, mail or fax to the contact information set out at the end of this privacy policy.

(b) Alike will aim to resolve your complaint within seven (7) days from when your request was made. If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner at the details set out below.

(c) If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling 1300 363 992.

(d) Upon receiving your complaint, we will:

(i) acknowledge receipt within one (1) working day;

(ii) investigate the matter thoroughly;

(iii) consult relevant staff members;

(iv) implement any necessary corrective measures; and

(v) provide you with a detailed written response outlining the investigation findings and actions taken within fourteen (14) days of the initial acknowledgment.

9.Our contact information

(a) If you would like to leave feedback or complain about the service you have received from us or you feel that we have breached your privacy obligations, please contact us through any of the following methods.

Phone: (02) 4086 5563

Email: hello@alikehealth.com.au

Postal Address: Level 1 199 Corlette Street, The Junction, New South Wales, 2291

(b) If you want to obtain additional information on your privacy rights and how you can enforce them, you can visit the website of the Office of the Australian Information Commissioner at http://www.privacy.gov.au or http://www.oaic.gov.au/

Reviewed February 2025