MedexWA Cosmetic & Dr Tattov Privacy Policy: Patient Consent to Collect and Disclose Information

This practice will endeavour to handle your personal information in accordance with our Privacy Policy and the Australian Privacy Principles. This Privacy Policy summarises how we handle your personal information. We require your consent to collect, use and disclose personal information about you. Please read this information carefully This medical practice collects information from you for the primary purpose of providing quality health care, to properly advise and treat you. Such information may include: · full medical history · family medical history · ethnicity · personal contact details Both our practice staff and medical practitioners may participate in the collection of this information. With your consent, we may use the information you provide in the following ways:

• Administrative purposes in running our medical practice

• Account keeping and billing purposes Disclosure to others involved in your health care including treating doctors and specialists outside this practice, including other health care providers and insurance companies. This may occur through referral to other doctors, or for medical tests and in the reports or results returned to us following these referrals. Where legally required, such as producing records to court, mandatory reporting or the notification of certain communicable diseases I understand photographs and video may be required both before and after treatment to help provide a record and may be shown to other patients to help them understand the procedure. The photographs will not include distinguishing features unless this is unavoidable. They will not be published in any media, other than medical journals and the practice's website/social media sites without separate written consent. Verbal consent will be obtained from you prior to any photography and you have the choice to decline. Access to your personal information: We will upon your written request and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify as clearly as possible, the type/s of information requested. We will deal with your request to access your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information. Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:

• access would pose a serious threat to the life, safety or health of any individual or to public health or public safety

• access would have an unreasonable impact on the privacy of other individuals

• the request is frivolous or vexatious

• denying access is required or authorised by a law or a court or tribunal order

• access would be unlawful, or access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct

• if we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal. Where is your personal information stored: We take all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite. Any hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements. Complaints: If you have any queries or would like to make a complaint relating to our Privacy Policy or the manner in which we handle your personal information, please email reception@medexwa.au. If you are not satisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au) This policy was last updated 2nd December 2022.