Ocean Care – Privacy Policy

Dated 15 August 2019

OceanCare operates as a collaborative community-based care planning solution and a clinical information repository that can be accessed by Healthcare Providers, Healthcare Provider Employees and Healthcare Consumers via the internet. OceanCare facilitates information sharing, messaging between Users, customisable problem templates, clinical summaries and referral features. OceanCare comprises our LinkedEHR Platform and the TopBar LinkedEHR App.

At Ocean Health Systems, we respect your privacy and seek to collect and process your personal information in an open, secure and transparent way. As a healthcare software provider, we are committed to handling your personal information in accordance with our privacy obligations under all applicable data protection laws, such as the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Health Privacy Principles contained in Schedule 1 to the Health Records and Information Privacy Act 2002 (NSW) (“HRAIPA”) (collectively, “applicable laws”). As a User of OceanCare, it is your responsibility to comply with your obligations under all applicable laws when using OceanCare.

Users can collect, upload, access and share a wide variety of personal information on OceanCare including sensitive health information. Personal information held in OceanCare may be collected from Healthcare Providers, Healthcare Consumers and a number of third party systems as described in this Privacy Policy (such as the My Health Records system) (collectively, “Third Party Systems”).

Personal information held in OceanCare is stored on computer servers in data centres located in Australia. You may at any time restrict access to your personal information held in OceanCare to specific Healthcare Providers or withdraw your consent for any collection, disclosure and/or use of your personal information and health information via OceanCare.

Healthcare Providers may only register Healthcare Consumers on OceanCare and process Healthcare Consumer personal information and health information via OceanCare with the consent of the relevant Healthcare Consumers. Healthcare Consumers can restrict the Healthcare Providers who can access their personal information and health information on OceanCare by logging into their account and restricting access using the OceanCare provider access settings.


Terms used in this document that start with a capital letter have the meaning given to them in our Terms of Use located at www.oceancare.com.au/terms/TermsOfUse.htm (“Terms of Use”). We strongly recommend that you read our Terms of Use.

About this Privacy Policy

This Privacy Policy describes how we collect, hold, transfer, disclose and otherwise process personal information and the steps that we take to secure the personal information that we hold. In this Privacy Policy, “we“, “our” and “us” are all references to Ocean Informatics Pty Ltd (ABN 14 081 649 470) of 50 Grenfell Street, Level 5 West, Adelaide, South Australia 5000 and “you” and “your” refers to any registered user of OceanCare, including general practitioners and allied health professionals (“Healthcare Providers”) and their non-clinical employees (“Healthcare Provider Employees”), as well as healthcare consumers registered on OceanCare (“Healthcare Consumers”) (collectively, “Users”).

This Privacy Policy applies to all Users, and applies to all forms of information, physical and digital, whether collected or stored electronically or in hard copy. Our Privacy Policy may change from time to time. If we decide to change this Privacy Policy, we will post the updated version on this webpage and will indicate on this page the policy’s new effective date so that you will always know what personal information we gather, how we might use that information, and whether we will disclose it to anyone. Continued use of OceanCare implies that you agree to the changes and if you do not agree with the changes, you should discontinue and opt out of your use of OceanCare.

This Privacy Policy does not provide a detailed description of the functionality provided by OceanCare. For a detailed description, please see the following URL: www.oceancare.com.au

Key terms – personal information and sensitive information

The Privacy Act defines “personal information” as information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not. Additionally under the Privacy Act, “sensitive information” means (a) information or an opinion about an individual’s racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual orientation or practices; or criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d)  biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e)  biometric templates.

Types of personal information that we collect

We collect the following types of personal information:

  • Healthcare Providers’ and their Healthcare Provider Employees’ Information: Healthcare Providers provide their names, business names, ABN, Registered Office Address, Service Address, HPI-O and their authorised employees’ names, job positions, email addresses, mobile phone number and any other information they choose to provide when registering on OceanCare. This information is then stored within our User database for User login, User account settings and e-commerce requirements. All passwords are hashed and stored on a secure server. User contact details and registration information may also be stored in our CRM and Issue Management System for sales purposes and IT support, to log technical support requests etc.
  • Healthcare Consumer Registration Information: We collect gender, date of birth, names, email addresses, telephone numbers, emergency contact details, personal preferences, notification and message content through OceanCare messaging features, notification and communication preferences, information contained in comments and feedback, ethnic background and contact details. We will process this personal information in order to answer questions from Healthcare Consumers about OceanCare and to provide and manage our services, and to otherwise enforce our rights and comply with our obligations.
  • Healthcare Consumer Health and Other Sensitive Information: We collect any submitted, uploaded or transmitted content and/or material and/or communications entered into OceanCare by any User, including information, records and opinions about: (i) the health, including an illness, disability or injury, (at any time) about Healthcare Consumers; (ii)  health records and medical histories of Healthcare Consumers including details of any clinical treatments undertaken, Healthcare Consumer family medical histories, psychologist and social worker and other allied health professional visitation details; (iii) medications and immunisations prescribed, consumed, rejected and considered by Healthcare Consumers; (iv) allergies, clinical referral letters and medical conditions of Healthcare Consumers;  and Healthcare Consumers’ expressed wishes about the future provision of health services to them; (v)  health services provided, or to be provided, to Healthcare Consumers along with any diagnostic or pathology, scans, imaging or prescription results; (vi) Medicare numbers, healthcare identifiers, health care card numbers, Veterans’ Affairs number; (vii) care plans, treatment reactions and other personal information collected to provide, or in providing, a health service to Healthcare Consumers; (viii) other personal information collected in connection with the donation, or intended donation, by Healthcare Consumers of body parts, organs or body substances; and (ix) medical or professional opinions about an individual. We will process such personal information as reasonably required for us to operate and administer OceanCare.
  • Transactional and Financial Information: We collect transactional details about payments to and from customers and suppliers (including any cheques or transfers), receipts, business records, invoices, details of our products and services that Healthcare Providers licence, purchase, subscribe to or use, and any other financial records that we are required to retain under the Corporations Act 2001 (Cth) or any other applicable law concerning any services that we provide to a User.
  • IT Support Services and Technical Information: When providing our technical support services, we may monitor or access our customers’ accounts on OceanCare. In the course of doing so, we may collect and process information about those accounts and any information processed by OceanCare that is necessary for us to collect and process in order to provide the technical support services. This information includes IP addresses, business registered addresses and email addresses, application names, user access logs, usernames, technical support log tickets and error messages.
  • Usage Information: Subject to applicable laws, we may carry out electronic surveillance of our employees and contractors when they use our computer equipment, smartphone devices and networks to monitor compliance with company policies. We also collect information about how employees and contractors use our software, websites and services. This surveillance includes tracking and monitoring, reviewing and logging emails sent and received, websites visited, content viewed and files uploaded/downloaded. It also includes IP addresses, server names, database names, usage patterns, network names, serial numbers of equipment used, WiFi passwords, computer names, application names, browser types, versions, browser plug in types and versions, operating systems and platforms, browser history, user access logs, usernames, passwords, technical support log tickets, bandwidth used, error messages, social media handles, FTP server addresses, usernames and passwords, hostnames, subnet masks, router names, server addresses, and hosting account usernames and passwords.
  • Website Analytics Information: We collect and process personal information known as analytics data for analytical purposes, designed to measure and monitor how our websites are being used and to highlight any areas for improvement, optimisation and enhancement of our websites, including user location,  IP addresses, cookie data,  information about devices accessing our websites (IP address, the type of device used to access our websites and the operating system), the amount of time a user spent on our website and in which parts of it, and the path they navigated through it. We will process this personal information in order to monitor and detect unauthorised use of our websites, and to establish how our websites are used and to highlight areas for potential improvement of our websites. We often aggregate this information with other information. However, where the aggregated information is classified as personal information we treat it in accordance with this Privacy Policy.
  • Cookies and Other Tracking Technologies: We use cookies and other tracking technologies (such as traffic analytics) on our websites for website functionality, performance and advertising purposes. We will not place such tracking technologies on your computer, smartphone or electronic device without your consent, unless they are required in order for us to provide the functionality supplied by our websites. If they are not installed, features of our websites may be unavailable and your experience may be impaired as a result. Cookies are pieces of information that a website transfers to a computer’s hard disk for record-keeping purposes. We may use session cookies, which are only stored for a limited amount of time and persistent cookies that remain indefinitely until they are deleted. Such cookies may be installed by us or by our third contractors. Cookies enable us to remember and recognise you to better facilitate your user satisfaction when you visit our websites by helping us tailor and improve the information we present to you. The use of cookies is common in the Internet industry, and many major websites use them to understand your usage of websites, to customise websites for you, for statistical purposes and to provide useful relevant features, products, advertisements and services. A cookie may be used to tell when your computer or device has contacted our websites and extracts information such as your IP address, browsing pattern, content that you have viewed and browser type.

Who we collect personal information about

We collect personal information about:

  • any person who contacts us with enquiries about our services, whether by email, through contact forms on our website, face to face or by telephone;
  • any Healthcare Consumer, Healthcare Providers and Healthcare Provider Employees who utilise OceanCare;
  • our officers, agents, employees and subcontractors;
  • other parties to a transaction or dispute that we have entered into or are considering entering into or negotiating, and their representatives;
  • employees, potential employees, subcontractors, potential subcontractors and work experience applicants;

As a general principle, an individual under the age of 18 has capacity to consent when they have sufficient understanding and maturity to understand what is being proposed. As it is not practicable or reasonable for us to assess the capacity of individuals under the age of 18 on a case-by-case basis, we presume that an individual aged 15 or over has capacity to consent to becoming a User of OceanCare, unless the circumstances suggests otherwise. As such, a Healthcare Provider should not register Healthcare Consumers who are below the age of 15 as Users. We do not knowingly collect personal information from individuals below the age of 15 through OceanCare and such individuals are not permitted to be Users of OceanCare.  

How we collect personal information

We collect personal information in the following ways:

  • when Users and/or potential Users fill out forms on OceanCare with their personal information;
  • when Healthcare Providers register a Healthcare Consumer on OceanCare;
  • when Healthcare Providers provide personal information and sensitive information about Healthcare Consumers to us by entering the information into OceanCare;
  • when we take notes during meetings, interviews, telephone calls, conferences and events;
  • through emails, letters and other correspondence and documents that we receive from Users, potential Healthcare Providers and others;
  • when we are contacted by or communicate with any person online, through social media, email, communication tools, blogs and the contact forms on our websites;
  • when we are provided with completed surveys or questionnaires that we may distribute;
  • when we trade business cards with any person;
  • when it is sent to us by Healthcare Providers and other Users in the course of their use of OceanCare;
  • when it is included in contracts that we enter into;
  • through websites, public registers and directories such as telephone directories and business name and company searches;
  • in the course of operating OceanCare; and
  • where any User and/or third parties and/or Third Party Systems transmit personal information to us via OceanCare.

 Purposes for collecting personal information

We use, disclose and hold personal information and/or sensitive information for the following purposes where reasonably necessary for one or more of our businesses’ functions or activities:

  • in order to verify a person’s identity when we are contacted to ensure that we know who we are communicating with;
  • to communicate with potential Users, Third Party Systems, other healthcare software providers, employees, third party software (such as Topbar), subcontractors, and colleagues, in order for OceanCare to operate in the intended manner;
  • to provide Users with OceanCare functionality and to administer, maintain and answer questions and troubleshooting about OceanCare and our services;
  • where a permitted health situation exists under the Privacy Act 1988 (Cth) for the purposes permitted by that legislation;
  • in order to send newsletters and other communications to our Users concerning our services, events and business opportunities;
  • to send marketing material to Healthcare Providers in our newsletter database who we believe may be interested in the content of our marketing material;
  • to enforce our rights and comply with our contractual and other legal obligations;
  • to issue invoices to Healthcare Providers, and to enforce the payment obligations of Healthcare Providers to pay our fees;
  • to handle complaints;
  • in order to process an application by a Healthcare Provider to subscribe to OceanCare (or license any software from us);
  • in order to process a subscription for our services;
  • to identify Healthcare Providers and other Users when we are contacted with questions or concerns regarding the products and services we provide;
  • in order to configure a new service for Healthcare Providers in OceanCare;
  • when conducting research and development of our products and services;
  • in order to conduct checks for credit worthiness; and
  • where necessary for our software development, quality assurance and IT support as well as where required to comply with any applicable laws and/or lawful written requests from authorities.

Who we disclose your personal information to

We will only disclose personal information that we collect to third parties as follows:

  • To Users and Third Party Systems that are linked to OceanCare – such as general practitioners, pharmacies, hospitals, practice nurses, practice managers, primary health networks, allied health providers, specialists, non-government organisations, and acute care providers;
  • To Australian hosting providers who host our websites and content – where necessary or practical to do so for the purposes of providing services to our Users or for the purposes of operating our business, we hold our Healthcare Consumer’s content on third party computer servers in the data centres of our hosting providers.
  • So that we can obtain assistance from our subcontractors and corporate group with the provision of our services – in which case we may disclose your personal information to our subcontractors as well as to members of our corporate group who we may subcontract the provision of all or part of our services to. For example, we may use printing providers who print documents on our behalf which contain personal information, couriers who deliver documents on our behalf which contain personal information, and share computers and computer servers which contain personal information with our related bodies corporate;
  • Handling claims, legal disputes and complaints – in which case we may disclose your personal information to our insurers, lawyers, accountants and other professional advisors;
  • Sending out a newsletter – in which case we may disclose your personal information to our email and newsletter service providers;
  • In order to identify Users – when we are contacted with questions or concerns regarding the products and services that we provide;
  • In order to record billing details and process payments from Healthcare Providersin which case we will provide bank account, cheques and credit card details of Healthcare Providers to our bank and merchant facility providers;
  • For professional advice – when providing information to our legal, accounting or financial advisors/representatives or debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
  • If we sell the whole or part of our business or merge with another entity – in which case we will provide to the purchaser or other entity the information that is the subject of the sale or merger;
  • Where a person provides written consent to the disclosure of his or her personal information or health information; and
  • Where required by law.

We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:

  • to obtain or maintain insurance;
  • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
  • to protect or enforce our rights or defend claims;
  • enforcement of our claims against you or third parties;
  • the enforcement of laws relating to the confiscation of the proceeds of crime;
  • the protection of the public revenue;
  • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
  • the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of the court or tribunal; and
  • where disclosure is required to protect the safety or vital interests of employees, Users or property.

 Health Privacy Principles – NSW Health Records and Information Privacy Act (HRAIPA)


Health Privacy Principles

How we comply with the HRAIPA


An agency or organisation can only collect your health information for a lawful purpose. It must also be directly related to the agency or organisation’s activities and necessary for that purpose.

We only collect your personal information for the lawful purpose of managing health information to assist Healthcare Providers provide improved Healthcare Consumer care. Our policy is to minimise the amount of personal information we collect and otherwise process. Accordingly, we only collect personal information that is adequate, relevant and limited to what is necessary for the purpose for which it is to be processed and only where we are entitled by law to collect it. We may also use collected personal information for other related, directly related or compatible lawful purposes (if and where permitted by applicable law).


An agency or organisation must ensure that your health information is relevant, accurate, up-to-date and not excessive. The collection should not unreasonably intrude into your personal affairs.

Personal information collected on OceanCare and linked to other portals may include clinical history and other personal, health and sensitive information. We only collect that information to the extent it is entered into OceanCare by Healthcare Providers and Healthcare Consumers and only so that we can operate and administer OceanCare.


An agency or organisation must collect your health information directly from you, unless it is unreasonable or impracticable to do so.

Personal information uploaded onto OceanCare may be collected directly from Healthcare Consumers and also from Healthcare Provider Users and third party databases linked to OceanCare (such as My Health Record).


An agency or organisation must inform you of why your health information is being collected, what will be done with it and who else might access it. You must also be told how you can access and correct your health information, and any consequences if you decide not to provide it.

In this Privacy Policy, we have addressed why your health information is being collected, what will be done with it and who else might access it. In this Privacy Policy, we also describe how you can access and correct your health information, and any consequences if you decide not to provide it.


An agency or organisation must store your personal information securely, keep it no longer than necessary and dispose of it appropriately. It should also be protected from unauthorised access, use or disclosure.

Please see the section on “Security” for an overview of the organisational and security measures that we put in place in this Privacy Policy.


An agency or organisation must provide you with details regarding the health information they are storing, why they are storing it, and what rights you have to access it.

Please see “Your rights under applicable law” for more information.


An agency or organisation must allow you to access your health information without unreasonable delay or expense.

All Healthcare Consumers can access their health information via OceanCare unless the Healthcare Provider has deactivated the Healthcare Consumer’s registration on the request of the Healthcare Consumer or the Healthcare Provider deactivates the Healthcare Consumer when the Healthcare Provider ceases to use OceanCare. A copy of a Healthcare Consumer’s personal information may still be obtained from us by the Healthcare Consumer. Please see “Accessing and correcting your personal information” below.


Allow a person to update, correct or amend their personal information where necessary.

All Healthcare Consumers may sign in to OceanCare to view their person information and may restrict access to their personal information to other Users at any time. Changes to Users’ personal information in OceanCare can be made by authorised Healthcare Providers or by contacting OceanCare support.


Ensure that the health information is relevant and accurate before being used.

Healthcare Consumers may access their own health information and correct, delete and add health information via their Healthcare Providers.


Limited Use
An agency or organisation can only use your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 10 applies). Otherwise separate consent is required.

Once the personal information and health information of a Healthcare Consumer is collected, we will use it to operate and administer OceanCare. In the course of doing so, we will disclose the personal information and health information to their Healthcare Providers and their Healthcare Provider Employees. In certain circumstances, we may also disclose personal information and health information where required to comply with applicable law, including where a permitted health situation exists under the Privacy Act 1988 (Cth) but only for the purposes permitted by that legislation. Please see “Purposes for collecting personal information” for more information.


Limited Disclosure
An agency or organisation can only disclose your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 11 applies). Otherwise separate consent is required.

We only disclose Users’ health information for the purpose of operating OceanCare. Please see “Purposes for collecting personal information” for more information. In certain circumstances, we may also disclose personal information and health information where required to comply with applicable law, including where a permitted health situation exists under the Privacy Act 1988 (Cth) but only for the purposes permitted by that legislation. Please see “Purposes for collecting personal information” for more information.


Not identified
An agency or organisation can only give you an identification number if it is reasonably necessary to carry out their functions efficiently.

We issue identification numbers to identify individual users of OceanCare. This identification number is reasonably required by us to operate OceanCare.


Give the person the option of receiving services from you anonymously, where this is lawful and practicable.

It is not practicable for Users to operate OceanCare anonymously.


Only transfer health information outside New South Wales in accordance with HPP 14.

All information will be stored within Australia. If you are a User of OceanCare you consent to us storing your health information in any data centre in Australia at which we locate our computer servers.


Only use health records linkage systems if the person has provided or expressed their consent or such use or disclosure is reasonably necessary for research in the public interest.

If you are a User of OceanCare you consent to us using health records linkage systems – including Pen CS Pty Ltd’s TopBar LinkedEHR App software, My Health Record and other Third Party Systems described on our website at www.oceacare.com.au.


Notifiable data breaches

Since 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner (“OAIC”), except where limited exceptions apply.

Third party websites and platforms

Our websites may include links to third party websites and platforms. Our linking to those websites and platforms does not mean that we endorse or recommend them. We do not warrant or represent that any third party website or platform operators comply with applicable data protection laws. You should consider the privacy policies of any relevant third party websites and platforms prior to sending your personal information to them.

OceanCare may access your personal information from Third Party Systems such as the My Health Records system.


We take reasonable steps to protect personal information that we hold from unauthorised access, modification and disclosure and implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed, as follows: 

  • We perform security testing, and maintain other electronic (e-security) measures for the purposes of securing personal information, such as passwords, anti-virus management, and firewalls;
  • We maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and alarms;
  • We require all of our employees and contractors to comply with privacy and confidentiality terms and conditions in their employment contracts and subcontractor agreements that we enter into with them;
  • We carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible;
  • We implement passwords and access control procedures into our computer systems;
  • We have a Data Breach Response Plan in place;
  • We have data backup, archiving and disaster recovery processes in place;
  • We have anti-virus and security controls for email and other applicable computer software and systems in place.

We use SSL encryption to store and transfer personal information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each User that provides information to us via the internet does so at their own risk.

Spam and direct marketing email

We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact Healthcare Providers. These transaction-based e-mails are automatically generated. Anytime a Healthcare Provider or other User receives e-mail it does not want from us they can request that we not send further e-mail by contacting us via email at: support@oceancare.com.au or using any ‘unsubscribe’ tool contained in any communication we send. Upon receipt of any such request, we will ensure that they cease to receive automated emails from us.

Information transfers to overseas recipients

We may transfer your personal information entered into our websites to our contractors and service providers, who assist us with providing our products and services to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.

Our contractors and service providers are currently located in Australia.

Retention and de-identification of personal information

It is our policy to retain personal information in a form which permits identification of any person only as long as is necessary for the purposes for which the personal information was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal information that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal information to you (except where we also need to retain the information in order to comply with our legal obligations, or to retain the information to protect your or any other person’s vital interests). Where you require personal information to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal information in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal information in which case we will only use such retained information for the purposes of complying with those applicable laws.

Instead of destroying the personal information we may take such steps as are reasonable in the circumstances to de-identify the personal information that we hold about an individual where we no longer need it for any purpose for which it may be used in accordance with this Privacy Policy if the information is not contained in a Commonwealth record and we are not required by Australian law (or a court or tribunal order) to retain it.

Your rights under applicable law

If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our websites without providing us with personal information, such as the pages that generally describe the services that we make available, and our Contact Us page. However, if you are a Healthcare Provider and you submit a form on our website, or otherwise enter into a business relationship with us, we need to collect personal information from you in order to identify who you are, so that we can provide you with services, and for the other purposes described in this Privacy Policy. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our services, but not if you wish to actually use OceanCare (directly or by authorising your Healthcare Provider(s) to process your personal information or health information if you are a Healthcare Consumer). It is not practical for us to provide you with all features of OceanCare if you refuse to provide us with personal information.

 Access Control

If you are a Healthcare Consumer User of OceanCare, you can restrict access to your health information held in OceanCare by accessing the relevant functionality.

Accessing and correcting your personal information

We strive to ensure that we hold accurate, up to date, complete and relevant information unless that information has been removed or access restricted. If you are a Healthcare Provider and/or a Healthcare Provider Employee, we invite you to contact us using the details set out at the end of this Privacy Policy and inform us if any of your personal details we hold change or if any of the personal information held by us is otherwise incorrect or erroneous.

Due to the sensitivity of the personal information that is held on OceanCare, both we and/or your Healthcare Provider will require verification of your identity when handling all such access and correction requests. We and/or your Healthcare Provider will provide such access in accordance with our legal obligations.

Should you require a copy of your personal information, you can request for us to provide you with a copy of the personal information that OceanCare holds about you. We may charge a reasonable fee when providing you with access to your information. You may also obtain a copy of this Privacy Policy free of charge.

Our contact details – complaints and enquiries

If you wish to contact us for any reason regarding our privacy practices or the personal information that we hold about you or if you suspect any misuse or loss of, or unauthorised access to your personal information, please contact us at the following address:

Privacy Officer

50 Grenfell Street, Level 5 West
Adelaide, SA, 5000

If you have a complaint about our handling of their personal information, you should address your complaint in writing to the contact details above. We will use our best endeavours to resolve any privacy complaint within ten (10) business days following receipt of your complaint. If there is a dispute regarding personal information, both parties must first attempt to resolve the issue directly between each other. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.

If you are not satisfied with the outcome of a complaint or you with to make a complaint about a breach of the Australian Privacy Principles or Health Privacy Principles, you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:

Call: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218, Sydney NSW 2001

Complaints can also be made to the NSW Privacy Commissioner, or other relevant state or territory Privacy Commissioner. Details about the NSW Privacy Commissioner’s complaints process can be accessed at the following link: https://www.ipc.nsw.gov.au/how-do-i-make-complaint