Legal
Privacy Policy
Last updated: February 2026
Clinic Admin (“we”, “us”, “our”) is the allied health arm of Yoonet. We help Australian practices bring on a full time team member, employed and managed through Yoonet in the Philippines. We are committed to protecting the privacy of our clients and their patients in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
1. Information we collect
We collect information necessary to support Australian allied health practices and the people who work in them. This includes:
From practice owners and staff
- Contact information (name, email, phone number)
- Business information (practice name, ABN, address)
- Billing and payment information
- Communication preferences
Through service delivery
- Practice management system access credentials (stored securely)
- Task instructions and preferences
- Communication records related to service delivery
From your patients (on your behalf): When your team member is working in your practice, they may access patient information within your practice management system as directed by you. We act as your agent and handle this information according to your instructions and applicable privacy laws.
2. How we use your information
We use collected information to:
- Provide and improve our services
- Communicate with you about your account and services
- Process payments and maintain billing records
- Train your team member on your specific practice requirements
- Comply with legal obligations
- Respond to enquiries and support requests
We do not use your information or your patients' information for marketing purposes unrelated to our services, and we never sell personal information to third parties.
3. Patient data handling
Your patients' data remains your responsibility. Your team member accesses patient information only as your authorised agent, to perform the administrative tasks you direct.
Our commitments regarding patient data
- We access only the information necessary for assigned tasks
- Team members complete Australian Privacy Principles training
- We follow your practice's privacy policies and procedures
- We do not retain patient data outside your practice systems
- We report any suspected breaches immediately
Your responsibilities
- Ensuring appropriate consent and privacy notices for your patients
- Providing us with lawful instructions regarding data handling
- Maintaining appropriate access controls in your systems
- Complying with your obligations under the Privacy Act 1988
4. Data security
We implement robust security measures to protect information:
Technical measures
- Encrypted connections for all system access
- Secure, managed workstations for team members
- Multi factor authentication where supported
- Regular security training and assessments
- No local storage of patient data
Operational measures
- Background checks for all team members
- Confidentiality agreements and training
- Access limited to assigned practices only
- A supervised work environment in our Balanga office
- Incident response procedures
We treat zero security incidents as our standard, not our goal.
5. Information sharing and disclosure
We may share information in limited circumstances:
With your consent: When you direct us to share information with third parties.
Service delivery: Your team member in the Philippines accesses information to provide services. All team members are bound by confidentiality obligations and trained in Australian privacy requirements.
Legal requirements: When required by Australian or Philippine law, or to respond to valid legal process.
Business operations: With service providers who assist our operations (for example, payment processors), under appropriate confidentiality agreements.
We do not sell, rent, or trade personal information.
6. Australian Privacy Principles
We are committed to compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Key commitments include:
APP 1 — Open and transparent management: This policy explains our practices.
APP 6 — Use and disclosure: We use information only for the purposes for which it was collected, or related purposes you would reasonably expect.
APP 11 — Security: We take reasonable steps to protect information from misuse, interference, loss, and unauthorised access.
APP 12 — Access: You may request access to personal information we hold about you.
APP 13 — Correction: You may request correction of inaccurate information.
For patient data, you remain the primary entity responsible for APP compliance. We support your compliance through our training and procedures.
7. Your rights
You have the right to:
- Access personal information we hold about you
- Correct inaccurate or outdated information
- Request deletion of information (subject to legal retention requirements)
- Withdraw consent for optional data processing
- Complain to us or the Office of the Australian Information Commissioner
To exercise these rights, contact us using the details below. We will respond within 30 days.
Note: for patient data, patients should direct requests to your practice. We will assist you in responding to such requests.
8. Data retention
We retain information for as long as necessary to provide services and comply with legal obligations:
- Account information: duration of our service relationship plus 7 years
- Billing records: 7 years as required by Australian tax law
- Communication records: 2 years after service ends
- Patient data: we do not retain patient data outside your systems
When information is no longer needed, we securely delete or de-identify it.
9. International data transfers
Our team is based in the Philippines. By using our services, you consent to your information being accessed from the Philippines.
We ensure appropriate protections for international transfers:
- Confidentiality and data protection training for all team members
- Contractual obligations regarding data handling
- Security measures meeting Australian standards
- Compliance with both Australian and Philippine privacy laws
The Philippines has data protection legislation (Data Privacy Act of 2012) that provides comparable protections to Australian law.
10. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Email to your registered address
- Notice on our website
Continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
11. Contact us
For privacy related enquiries, requests, or complaints:
Email: privacy@clinicadmin.com.au
Mail: Clinic Admin (Yoonet Pty Ltd), Suite 2, Level 1, 1024 Ann Street, Fortitude Valley QLD 4006, Australia
We aim to respond to all enquiries within 30 days.
Office of the Australian Information Commissioner: If you are not satisfied with our response, you may complain to the OAIC at www.oaic.gov.au.
