Biologics Express Privacy Policy (Aperio Pty Ltd

1. Introduction

Biologics Express (Aperio Pty Ltd) (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal and health information responsibly.

This Privacy Policy explains how we collect, use, store, and disclose your information when you use our website, telehealth services, online forms, and related platforms.

We handle your information in accordance with:

- the Privacy Act 1988 (Cth)

- the Australian Privacy Principles (APPs)

- relevant health privacy laws

Health information is considered sensitive information under Australian privacy law and is subject to a higher level of protection.

By using our services, you acknowledge and agree to the collection, use, and disclosure of your information as described in this policy.

2. What information we collect

We may collect the following types of information:

Personal information

- name

- date of birth

- address

- email address

- phone number

- Medicare details (where relevant for identification or coordination of care)

- GP and treating clinician details

Health information (sensitive information)

- diagnosis and medical history

- current and previous treatments

- symptoms and patient-reported outcomes

- uploaded photos and images

- pathology and blood test results

- medication history

- side effects and adverse events

Technical information

- IP address

- browser and device information

- website usage data

3. How we collect your information

We may collect your information:

- directly from you via website forms, intake forms, check-ins, and uploads

- during telehealth consultations

- from your GP or other treating clinicians (with your consent)

- from pathology or imaging providers where relevant

- through cookies and analytics tools on our website

4. Why we collect and use your information

We collect and use your information with your consent and where necessary to provide healthcare services and meet our legal obligations.

To provide healthcare services

- assess your eligibility for telehealth review

- conduct specialist reviews

- provide prescriptions where clinically appropriate

- coordinate pathology and follow-up

To support continuity of care

- communicate with your GP or treating team (with your consent)

- provide treatment plans and follow-up reminders

To improve our services

- improve patient experience

- improve workflows and quality of care

Legal and safety obligations

- comply with medical and legal obligations

- maintain accurate records

- manage complaints and incidents

5. Use of digital and automated systems

We may use secure digital tools, including automated documentation and data processing systems, to assist in providing healthcare services.

These systems are used to support, not replace, clinical decision-making.

6. Telehealth and online review limitations

Telehealth has limitations compared with in-person assessment.

To provide safe care, we may:

- request further information

- request clearer images or blood tests

- recommend phone or video consultation

- recommend in-person review

Prescriptions are not guaranteed and depend on clinical appropriateness and patient safety.

7. How we store and protect your information

We take reasonable steps to protect your information, including:

- secure electronic systems

- encrypted storage where possible

- restricted access controls

- audit logging

- secure backups

Access to your information is limited to clinicians and authorised personnel directly involved in your care or service delivery.

8. Sharing your information

We may share your information in the following circumstances:

For your care

- with treating clinicians

- with your GP (with your consent)

- with pharmacies or pathology providers where necessary

With service providers

We may use secure third-party service providers for:

- website hosting

- form collection

- secure storage

- payment processing

These providers are required to protect your information appropriately.

Legal requirements

We may disclose information where required or authorised by law.

9. De-identified data, research and service improvement

To improve healthcare services and treatment outcomes, we may use health information in a de-identified form (where you cannot reasonably be identified) for:

- service improvement

- analytics

- quality assurance

- research

- aggregated reporting

We may also share de-identified and aggregated data with:

- healthcare partners

- research organisations

- pharmaceutical companies

for purposes such as:

- improving treatment pathways

- understanding patient outcomes

- supporting medical research

- developing and improving digital health tools, including clinical decision support systems and machine learning models

While data is de-identified, there is a small risk that re-identification may be possible in certain circumstances. We take reasonable steps to minimise this risk.

10. Consent for de-identified secondary use

By using our services, you consent to us using your de-identified information for service improvement, analytics, and research as described above.

Where required, we may request separate consent for specific research uses.

11. Cookies and website analytics

Our website may use cookies and analytics tools to:

- understand website usage

- improve functionality

- improve user experience

You can disable cookies in your browser settings, but some features may not function properly.

12. Accessing and correcting your information

You may request access to:

- your personal information

- your health information

You may also request corrections if information is inaccurate.

To request access or correction, please contact us using the details below.

13. Withdrawing consent

You may:

- stop using our services

- request that we stop sending reminders

- request limitations on secondary use where appropriate

Please note that we may still need to retain certain information for legal, medical, and record-keeping obligations.

14. Data retention

We retain health information for the period required by Australian law and medical record-keeping obligations (generally at least 7 years, and longer for minors).

After this period, information will be securely deleted or de-identified where appropriate.

15. Overseas disclosure

Where possible, we aim to store information securely within Australia.

Some of our service providers may store or process data outside Australia. Where this occurs, we take reasonable steps to ensure they comply with Australian privacy standards.

By using our services, you acknowledge that overseas recipients may be subject to different privacy laws.

16. Data breaches

In the event of a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme.

This includes notifying affected individuals and the Office of the Australian Information Commissioner where required.

17. Minors

Our services are intended for individuals aged 18 years and over.

If services are provided to a minor, this will only occur with appropriate consent from a parent or legal guardian.

18. Complaints

If you have concerns about how we handle your information, please contact us.

We will take reasonable steps to investigate and respond.

You may also make a complaint to the Office of the Australian Information Commissioner (OAIC).

19. Contact us

For privacy questions, access requests, or complaints, please contact:

Biologics Express / Aperio Continuum (Aperio Pty Ltd)

Email: contact@biologicsexpress.com.au