1. Purpose of this Policy

This privacy notice tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

Aspen Medical is committed to complying with the Privacy Act 1988 (the Act) and other applicable privacy and data protection legislation, including the European Union’s General Data Protection Regulation (GDPR).


The Act is an Australian law which regulates the handling of personal information about individuals. The 13 Australian Privacy Principles (APP) are contained in Schedule 3 of the Act. The APPs provide guidance on how personal information is to be managed by organisations such as Aspen Medical.

The GDPR is the European regulations governing the handling of personal information about individuals. This will be applicable for individuals within the European Union. Aspen Medical complies with the Act and the GDPR in its dealings with the personal information of individuals. Aspen Medical collects personal information from individuals using fair and lawful means in the course of its business and in the care of patients. It collects this information so that it can conduct its business and provide the best possible
care to patients.

2. Who are we?

We are Aspen Medical Pty Ltd. An Australian registered business with our head office located at 2 King Street, Deakin ACT 2600. You can contact us by post at the above address, by email at [email protected] or by telephone on +61 2 6203 9500 

We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.

3. How do we use your information?

  • When you use our website
  • When you submit an enquiry via our website
  • When you are a patient
  • When you apply for a position on our website
  • Your rights as a data subject
  • Your right to complain
  • Updates to this privacy policy.

4. When you use our website

When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better.

Some of the cookies we use are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. These cookies are shown below.

4.1 Strictly necessary cookies

These cookies are essential to enable you to navigate around our website and use its core features. Without these cookies, services such as remembering your login details or ensuring what you see looks correct on the device you are using would not be possible. These cookies do not gather information about you that could be used for marketing and do not track your internet usage. 

4.2 Preference cookies

These cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

4.3 Statistical and performance cookies 

These cookies help us understand how you interact with our website by collecting and reporting information about your journey on our website. For example, they help us understand which pages you go to most often, how much time you spend on which pages, which links you choose to click and the journey you took during the website session.

5. When you submit your enquiry to our website

When you submit an enquiry via our website, we ask you for your name and email address. This information is collected directly from you.

We use this information to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your query to your satisfaction. We will do this based on our legitimate interest in providing accurate information.

Your enquiry is stored and processed as an email which is hosted by Microsoft in the region you have selected. We do not use the information you provide to make any automated decisions that might
affect you. Enquiry emails will be back up on the Aspen Medical Archive Manager. You can request
Aspen Medical to delete any enquiry emails.

6. When you are a patient

Where you are a patient and we are providing you with medical treatment, we will collect personal information including demographic information (such as name, date of birth and address), health history, family history, ethnic background and current lifestyle. We will collect this information directly from you. We may collect personal information about patients from other sources, but only where required and permitted by law, for example in a medical emergency.

We use this information to diagnose and treat your condition. If you fail to provide this information, we may not be able to provide appropriate healthcare. We may also use this information for the purposes of quality assurance, accreditation and audit activities, risk and claims management, patient satisfaction surveys and staff training and education. Where possible, we will de-identify this personal information where we use
it for these purposes.

We will only disclose the personal information of patients to third parties with the consent of the patient, or as otherwise permitted by law in limited circumstances. We do not send the personal information of patients overseas to third parties.

The personal information of patients is stored securely using physical means such as locks and restricted premises and by electronic methods including passwords and secure servers located in Australia. We take reasonable steps to prevent loss, theft, misuse and interference of personal information, and we have policies and procedures in place to protect this information.

7. When you apply for a position via our website

When you apply for a position via our website, we ask you for your name, email address, phone, email and resume with other relevant information, including employment history and qualifications. We will generally collect this information from you, but we may also collect it from other sources, including previous employers, public domain and social media websites.

We use this information to process your application. Our Culture and Performance team may also email or phone you several times after your enquiry to follow up on your interest and ensure that we have answered you to your satisfaction. We will do this based on our legitimate interest in providing accurate information. If you fail to provide this information, we may not be able to process your application.

We will only disclose the personal information of job applicants overseas with the applicant’s consent. Where an applicant has completed paperwork for an overseas work permit or other authorisation, we deem this to be consent to release the paperwork to the overseas recipient named in the paperwork.

Your enquiry is stored and processed as an email which is hosted by Microsoft in Australia. Your details will also be stored on our CRM which is managed on an Aspen Medical server within Australia.

We do not use the information you provide to make any automated decisions that might affect you. We keep applicant details for 7 years, after which they are deleted off the CRM. CRM records are kept for 7 years after the last contact with you.

7.1 Your rights as a data subject Australian Privacy Act

In accordance with the Act, you may request access to, and correction of, personal information held by us. We will respond to such a request in a reasonable time and may charge a reasonable fee for provision of information. We will provide access to records and correct information unless there is a reason under the Act or other relevant law. If we do not agree to provide you with access or to correct a record, we will provide you reasons for this decision. Please email [email protected] for any enquiries.

European Union GDPR

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time. You may withdraw your consent by contacting us by email at [email protected] or by telephone on +61 2 6203 9500.

Where you have withdrawn your consent to our processing of your personal data, we will cease to process that information, though your withdrawal of consent does not affect the lawfulness of our actions before you withdraw your consent. Additionally, where our processing is based on the performance of our obligations under a contract, for example your employment contract, then we may continue processing in accordance with those obligations.

If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling To submit a request regarding your personal data by email, post or telephone, either under the Australian Privacy Act or the European Union GDPR, please use the contact information provided above in the Who Are We section of this policy.

8. Your right to complain

If you have a complaint about our use of your information, we would prefer you to raise in with us in the first instance at [email protected] to give us the opportunity to put it right. We will review all complaints received and our Chief of Staff will respond to you as soon as is practicable.

If you are not satisfied with our response, you can also contact the following government organisations: 

The European Data protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Email: [email protected]
Website: www.edps.europa.eu

Office of the Australian Information Commissioner
Postal address: GPO Box 5218 Sydney NSW 2001
Office address: Level 3, 175 Pitt Street Sydney NSW 2000
Telephone : 1300 363 992 or + 61 2 9284 9749
Email: [email protected]
Website: https://www.oaic.gov.au

9. Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. We will update the version number and date of this document each time it is changed.

Website privacy questions
Contact us if you believe there has been a breach of privacy.

Get in touch

We operate across Australia, the UK and Europe, the Middle East, North America, Africa, Asia and the Indo-Pacific region, and employ a workforce of dedicated, experienced and highly trained professionals.

Want to know more? Contact us by making an enquiry here.

Enquire here