top of page

Privacy Policy

1. Introduction

www.altuva.com.au (the “Site”) is owned and operated by Altuva, a registered business name of Clearleaf Consulting Pty Ltd (ABN: 11 651 622 972) (“Altuva”, “we”, “us”, “our”).

 

Altuva is committed to protecting the privacy and security of personal and health information collected in connection with our telehealth services and digital platforms.

 

We manage personal information in accordance with:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

  • the My Health Records Act 2012 (Cth)

  • applicable state and territory health records legislation

  • the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth)

  • the Therapeutic Goods Administration (TGA) requirements relevant to medicinal cannabis prescribing

 

This Privacy Policy explains how we collect, use, store, share and protect your personal and health information, your rights in relation to that information, and how to contact us if you have concerns.

 

By using our Site or providing information to us, you agree to the handling of your personal information in line with this Policy and applicable Australian privacy law.

 

2. When This Policy Applies

This Policy applies to all individuals who interact with Altuva digitally or through our services, including:

  • people making general enquiries through our Site or contact channels

  • prospective or current patients completing intake, eligibility, or clinical forms

  • healthcare professionals or pharmacies contacting us about services

  • anyone who receives marketing or informational communications from us

 

Note on clinical records: If you receive clinical services through Altuva, your clinical records are held by Altuva within our secure practice management system. Prescribers engaged by Altuva as contractors access your records through accounts assigned to them within that system; they do not hold your records independently. Our administrative staff also have role-based access to records as necessary to support your care. Altuva is the entity responsible for your clinical records. All access and correction requests should be directed to us using the contact details in Section 13.

 

3. Geographic Scope of Our Services

Altuva provides telehealth services to patients located in all Australian states and territories, subject to applicable prescribing laws in each jurisdiction. Our services are currently available in:

  • New South Wales

  • Victoria

  • Queensland

  • Western Australia

  • South Australia

  • Tasmania

  • Australian Capital Territory

  • Northern Territory

 

All prescribing decisions are made by AHPRA-registered practitioners in accordance with the laws of the jurisdiction in which the patient is located at the time of consultation. We do not provide services outside Australia.

 

4. Key Terms

Personal Information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act 1988 (Cth).

Health Information

A subset of Personal Information relating to an individual’s health, disability, health services received, or information collected in the course of providing health services.

Protected Health Information (PHI)

Health Information subject to specific legal protections, including under the My Health Records Act 2012 (Cth) and applicable state health records legislation.

Services

The telehealth support and related services provided by Altuva as described on our Site and in our terms of service.

Site / Platforms

Any website, online form, portal, or digital service operated or controlled by Altuva.

Staff

Our employees and contractors who assist in delivering our Services.

 

5. Information We Collect

5.1 Data Collected Automatically

When you visit and use our Site, we may automatically collect and store the following information:

  • IP address

  • Location

  • Hardware and software details

  • Clicked links

  • Content viewed

 

This information is collected for analytics and to improve Site performance. It is used in aggregated or de-identified form where possible.

5.2 Data Collected Through Forms

We collect the following information when you complete our Intake Form or Eligibility Assessment:

  • First and last name

  • Age and date of birth

  • Sex

  • Email address

  • Phone number

  • Residential address

  • Medical history and health information

 

We ask that sensitive clinical details be provided only through our secure, purpose-built intake forms rather than through general contact channels such as email or phone.

5.3 Information from Third Parties

Where permitted by law or with your consent, we may receive Personal Information from prescribers, pharmacies, or other health providers involved in your care, and from payment or booking platforms used to support our Services.

 

6. How We Use Your Information

We use your personal information to:

  • respond to enquiries and provide requested information

  • assess eligibility for our Services through our intake and screening process

  • provide prescribing practitioners with relevant medical history to determine treatment suitability

  • communicate about appointments, reminders, prescriptions, and administrative matters

  • support prescribers and pharmacies in delivering care, where relevant

  • maintain internal records and administer our business

  • comply with legal, regulatory, and reporting obligations

  • send relevant updates, service information, or resources, where permitted by law and consistent with your preferences (you may opt out at any time)

 

7. How We Obtain Your Consent

Before we collect health or sensitive information from you, we will:

  • clearly explain why we are collecting the information and how it will be used

  • obtain your express consent through our intake or eligibility form consent declaration, or another clear opt-in mechanism

  • give you the opportunity to ask questions before providing information

 

By using our Site, you consent to the conditions set out in this Privacy Policy and the collection, use, and retention of data as described herein.

 

You may withdraw your consent to the collection or use of your information at any time by contacting us using the details in Section 13. Withdrawal of consent may limit our ability to provide some Services.

 

8. Who We Share Personal Data With

8.1 Within Our Organisation

We may disclose personal information to Staff who reasonably need access to perform their role and to achieve the purposes set out in this Privacy Policy.

8.2 Service Providers (Third Parties)

We use trusted third-party providers to operate our Site and Services. These may include providers of specialised medical practice management software, secure document storage, communication tools, IT support, analytics, and payment processing. We require these providers to handle Personal Information in accordance with applicable privacy and security standards. To the best of our knowledge, all third-party providers engaged by Altuva store and process data on servers located within Australia. We take reasonable steps to verify this when engaging new providers and require providers to notify us of any material changes to their data storage arrangements. In the event that overseas processing becomes necessary, we will update this Policy accordingly and ensure appropriate contractual protections are in place consistent with Australian privacy law.

8.3 Healthcare Providers and Pharmacies

Where relevant and lawful, we may share information with prescribers involved in your care or pharmacies dispensing prescriptions. This occurs with your knowledge as part of using our Services.

8.4 Legal, Regulatory and Safety Reasons

We may disclose Personal Information where required or authorised by law (e.g. court order, subpoena, or regulatory notice), to respond to complaints or regulatory enquiries, or where we reasonably believe disclosure is necessary to prevent or lessen a serious threat to life, health, or safety.

8.5 Business Transfers

In the event that we seek to sell the company or a substantial part of its business, Personal Information may be disclosed to buyers or potential buyers as part of that process. Any such disclosure will be subject to confidentiality obligations and applicable privacy law.

 

We will not sell or otherwise share your data with third parties for marketing or commercial purposes beyond what is described in this Policy.

 

9. How We Store and Protect Your Information

Your privacy and security are our top priorities. Altuva uses specialised third-party medical software designed to securely manage sensitive health information. Our security measures include:

  • Secure Socket Layer (SSL) / TLS encryption for all data transmitted through our Site, intake forms, and patient transaction systems. All patient health data, billing information, and transaction records are processed exclusively over encrypted SSL/TLS connections.

  • HTTPS protocol enforced across all Altuva web properties

  • Encrypted storage through platforms specifically built for medical use

  • Access limited to authorised medical and administrative staff through role-based account controls

  • Multi-factor authentication (MFA) on key systems where supported

  • Regular review and audit of our information-handling practices

 

While we take all reasonable precautions to safeguard your data, including using strong encryption and trusted infrastructure, no system can be guaranteed 100% secure. As with any online service, there remains a minimal residual risk associated with transmitting information over the internet.

 

When Personal Information is no longer required for the purposes for which it was collected, and we are not required by law to retain it, we will take reasonable steps to securely destroy or de-identify it. User data will be stored until the purpose for which it was collected has been achieved, unless a longer retention period is required by law, in which case you will be notified.

 

10. Data Breach Notification

Altuva complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the event of an eligible data breach that is likely to result in serious harm to any individual whose information is involved, we will:

  1. Contain the breach and assess the risk as quickly as possible

  2. Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable

  3. Notify affected individuals directly (or, where not practicable, via a public statement on our Site)

  4. Take remedial steps to prevent or mitigate further harm

 

We maintain an internal data breach response procedure and conduct periodic testing of our security controls to minimise the risk of a breach occurring.

 

11. Cookie Policy

A cookie is a small file stored on a user’s device by a website. Its purpose is to collect data relating to the user’s browsing habits and preferences. You can choose to be notified each time a cookie is transmitted, or to disable cookies entirely in your internet browser, although this may affect the quality of your experience on our Site.

 

We use the following types of cookies on our Site:

Functional Cookies

Used to remember the selections you make on our Site so that your preferences are saved for your next visit.

Analytical Cookies

Allow us to improve the design and functionality of our Site by collecting data on how you access and use it, such as the content you view and how long you spend on the Site.

 

12. Your Rights – Access, Correction, and Consent

12.1 Access and Correction

You may request access to the Personal Information we hold about you, or ask us to correct information that is inaccurate, incomplete, or out of date. Please contact us using the details in Section 14. We may need to verify your identity before providing access or making changes. In some cases, we may lawfully decline access and will explain why if that occurs.

 

For access to or correction of your clinical records, please contact our Privacy Officer using the details in Section 14. As Altuva holds all clinical records within our own practice management system, we are the appropriate point of contact for all such requests.

12.2 Deletion

You may request deletion of your Personal Information where we are no longer required by law to retain it and where deletion would not conflict with our regulatory or clinical obligations. Contact us using the details in Section 14 to make a deletion request.

12.3 Withdrawing Consent

Where we rely on your consent, you may withdraw it at any time by contacting us or using the unsubscribe option in our communications. Withdrawal of consent may limit our ability to provide certain Services.

 

13. Complaints

If you have concerns about how we have handled your Personal Information, please contact our Privacy Officer (details below). We will:

  1. Acknowledge your complaint promptly

  2. Investigate the issues raised

  3. Respond with our findings and any actions we will take within 30 days

 

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

 

14. Contact Details

For questions about this Policy, to request access or correction of your information, or to make a privacy complaint, please contact:

 

Privacy Officer

Altuva Clinic (Clearleaf Consulting Pty Ltd)

Email: hello@altuva.com.au

Phone: 1300 082 556

Response time: We aim to respond to all privacy enquiries within 5 business days.

 

15. Changes to This Policy

This Privacy Policy may be amended from time to time to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Policy we will update the Effective Date at the top of this document. We recommend that users periodically review this Policy to stay informed of any updates. Where changes are material, we will take reasonable steps to notify affected users by email or via a notice on our Site.

 

Previous versions of this Policy are available upon request from our Privacy Officer.

bottom of page