Privacy Policy

Privacy Policy

Citadel Medical is committed to providing quality services and this policy outlines our ongoing obligations in respect of how we manage Personal and Sensitive Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of Personal and Sensitive Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at


In this policy, we describe what kinds of Personal and Sensitive Information we collect, why we collect this information, and how we use, disclose and protect the information that we hold, including:

  • When we deliver health services to clients in person or via video call solutions; and
  • In our corporate functions, such as when we engage with contractors, representatives of service providers and stakeholders, job applicants and other people.

In this policy when we use 'you' or 'your' we are referring to the individual reader of this Policy, and/or the consumer of the services and information that has been described above.

We must comply with Commonwealth privacy laws and for some services, State and/or Territory privacy laws as well. We also endeavour to adopt careful and ethical data practices and to embed privacy considerations in the design of our services.

Terms and Definitions

Citadel Medical

Citadel Medical Pty Ltd and all related companies.

Personal information

Personal Information refers to information or an opinion about an identified individual or an individual who is reasonably identifiable.

Sensitive information

Sensitive Information is a subset of personal information, the most common types of sensitive information that we collect about you, may include:

  • racial or ethnic origin
  • sexual orientation
  • health information
  • details relating to your pregnancy or child (such as your estimated due date, child's name and birthdate)
  • genetic information

Collecting Personal Information


We may collect your personal information through your interactions with us, including:

  • when you attend our clinic or screening facility, contact us through telephone or video call solutions or through our website;
  • when you deal with us as part of managing our day-to-day business activities;
  • as part of procuring goods and services from you, or in the provision of your providing such services on our behalf;
  • when you are a current, former, or potential employee or contractor; or
  • when you make an enquiry or complaint to us.

Wherever possible, we will collect personal information directly from you. Where it is impracticable or unreasonable to do so we may collect your personal information from a third party with your consent or where authorised under an Australian law. For example, there are times when it is necessary to collect personal information from another person, such as where a patient permits or has authorised another person to conduct their affairs (such as a spouse or guardian), is unconscious, incapacitated or is a minor.

Collecting Personal Information for Health Services

If you use our health services, we may collect:

  • Your name;
  • Age;
  • Gender;
  • Date of birth; or
  • Contact details (such as your address, email address and phonen umber).

With your consent, we may also collect sensitive information about your illnesses, symptoms you have experienced, any existing disabilities, or other health services you are receiving or are to be provided in the future. If it is clinically relevant, we may also request your consent to collect sensitive information about your ethnic background, sexual practice, or details relating to your pregnancy (such as your estimated due date, child's name and birth date). You always have the choice not to provide this consent to collect this information, but if you choose not to provide your consent, we may not be able to provide you with our services.

Collecting Personal Information In Our Corporate Functions

We rely on and engage with people every day to operate and deliver our services. In doing so, we collect personal information about people including contractors, representatives of service providers and stakeholder organisations, job applicants and others.

The personal information we collect may include:

  • Name;
  • Job title; and
  • Contact details (phone number, email address and office address).

We collect this information primarily to communicate with you or your organisation.

If you have applied for a job with Citadel Medical, we may also collect information included in your cover letter and resume and/or provided through background checks. This may include opinions from referees and criminal background checks which are obtained with consent. Some of this information may be sensitive information.

Using and Disclosing Personal Information


These are the main ways in which we use and disclose personal information (including health information and other types of sensitive information you provide):

  • To provide healthcare services.
  • To send a recipient of healthcare services information about the services they have received or topics they may be interested in or have requested.
  • To seek feedback on a person's satisfaction with the services they have received.
  • To improve our services. For example, we may use audio recordings of telehealth consultations for audit and training purposes to help ensure that it meets the highest standards of safety and quality in health care.
  • To engage with a person's representative, for example, where a patient permits or has authorised another person to conduct their affairs (such as a spouse or guardian), is unconscious, incapacitated or a minor. We will deal with the person responsible for their welfare and this will include disclosing personal information about the patient to that person.
  • For health research purposes, including data linkage projects.
  • In dealing with individuals (including employees and contractors) as part of the day-to-day running of Citadel Medical, including where we may be dealing with current, former, and future employees.
  • In dealing with people who supply goods and services to us, or to you on our behalf.
  • To deal with complaints and enquiries made about our services or information.

Occasional Disclosures

At times, Citadel Medical discloses personal information to Commonwealth, State or Territory health services to assist them in providing health services to an individual or to address issues you may raise with them.

Citadel Medical may also use and disclose your personal information to third parties and services providers that are partnering with us to deliver our services and information, including to also ensure standards of safety and quality of our services. Where information is disclosed to any third party, we ensure that your personal information is in secured storage which conforms to Australian privacy requirements.
Citadel Medical may also use and disclose personal information (but not sensitive information such as health information) where:

  • it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety and it is unreasonable or impracticable to obtain the individual’s consent to the use or disclosure. For example, Citadel Medical may share relevant personal information with health services and/or Government bodies in the event of a national, State or Territory health disaster so that an appropriate health response can be provided;
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and the use or disclosure is necessary for us to take appropriate action in relation to the matter;
  • we believe that use or disclosure is reasonably necessary to assist with locating a missing person;
  • it is necessary for the establishment, exercise or defence of a legal or equitable claim;
  • it is necessary for the purposes of a confidential alternative dispute resolution process; or
  • we transition our services to another provider, in which case personal information may be transferred to them for continuity.

Reporting Using De-Identified Information

Citadel Medical works with partner providers and is on occasion required to share service delivery data with its partners. We may also share de-identified information with other organisations for research and statistical purposes.

When we share or report this data, it is de-identified, which means we have taken steps to remove personal information so that it does not reveal information about any one individual.

Security of Personal Information

Your Personal and Sensitive Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

Depending on which State or Territory the service was delivered to you in, we are obliged under health records legislation to retain records of your health or digital service delivery for up to 15 years from the last occasion on which health services were provided to you.

In the case of patients under the age of 18, your records must be kept until you are at least 25 years of age, and in some States or Territories, 28 years of age.

We retain records of non-clinical advice and services we provide for shorter periods, of time, depending on the service type.
After these periods, if the information is no longer required by us for any purpose for which it was collected, and is no longer required by law to be retained by us, we will securely destroy or de-identify it.

How to Access or Correct Your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Citadel Medical will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

How To Contact Us


Postal Address

PO Box 132, Belmont WA 6984


Citadel Medical reserves the right to vary this policy from time to time.


Last updated 1/7/2022

Partner with us to build a healthier, happier and safer workplace

Get in touch to find out more about our services. We’ll get to know your organisational needs and help to provide a tailored solution.