Privacy Collection Notice

Alfi Health Pty Ltd (ABN 75 671 170 595) (“we”, “our”, “us”, “Alfi Health”) is an Australian Mental Health & Wellbeing Provider. Alfi Health respects your privacy and is committed to protecting your personal and sensitive information in accordance with: 

• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) 
• State and Territory health records laws where applicable: 

1. Health Records and Information Privacy Act 2002 (NSW) 
2. Health Records Act 2001 (Vic) 
3. Health Records (Privacy and Access) Act 1997 (ACT) 

• Health Practitioner Regulation National Law and AHPRA professional obligations 
• Mental Health and Wellbeing Act 2022 (Vic), Mental Health Act 2007 (NSW) and Mental Health Act 2015 (ACT) 
• Relevant contractual, ethical, and professional codes of conduct for our practitioners.

This Notice explains how we collect, use, disclose, store, and protect your personal and health information when providing our services. 

Please refer to our Privacy Policy for more details on: 

• Our lawful basis for processing your personal information 
• How we collect and hold your personal information 
• The purpose of collection of your personal information 
• Storage and disposal of your personal information 
• Your individual rights

We collect, hold, use, and disclose personal and sensitive information to: 

• Deliver safe, effective and personalised services (including counselling, coaching, assessments, advisory and wellbeing support) 
• Assess, diagnose, and/or recommend strategies relevant to your health, wellbeing, and goals 
• Coordinate care and communicate with other treating practitioners or service providers with your consent or as authorised by law 
• Meet our legal, regulatory, professional, and contractual obligations (including AHPRA standards and insurer/government requirements) where collecting your personal information 
• Manage appointments, billing, and administration 
• Improve our services, conduct quality assurance, and train our practitioners 
• Respond to complaints, incidents, or legal claims
• Support the transition of patients between service or care levels 
• Where appropriate, through engagement and inclusion, supporting family, carers and supporters of the person to fulfil their role in relation to the person 
• Respond to an emergency, including investigating a potential data breach 
• Conduct surveys

We will not collect your sensitive information unless:

• You consent to the collection of the information; or 
• One of the following applies: 

1. The collection of the information is required or authorised by or under an Australian law or a court/tribunal order 
2. A permitted general situation exists in relation to the collection of the information 
3. A permitted health situation exists in relation to the collection of the information

We may collect the following: 

• Identifying information: Name, date of birth, gender, contact details, emergency contact 
• Health information: Mental and physical health history, presenting concerns, assessments, clinical notes, treatment plans, diagnostic information, medications, referrals 
• Sensitive information: Cultural background, sexual orientation, disability status, lived experiences relevant to care 
• Administrative information: Payment details, Medicare/Private Health details, insurance claim data, employer or organisational contact details 
• Service-related information: Session attendance, feedback, and service utilisation data 
• Other: Any information you voluntarily share that is relevant to the service provided

We may collect your personal information: 

• Directly from you (in person, via phone, email, online forms, telehealth, or written correspondence) 
• From authorised representatives (e.g., GP, family member, employer, insurer) with your consent Alfi Health Pty Ltd ABN 75 671 170 595 - Privacy Collection Notice - last reviewed August 2025 3 
• From third parties where required or permitted by law (e.g., in emergencies, under court order) 
• Through referrals from healthcare professionals, insurers, government agencies, or other organisations 

Where lawful and practical, we will collect information directly from you and with your consent

Your personal and sensitive information will be used or disclosed: 

• For the primary purpose of providing our services to you 
• For a secondary purpose where: 

1. You have consented; 
2. You would reasonably expect us to use or disclose the information for that purpose; or 
3. The use/disclosure is otherwise authorised or required by law 

This may involve sharing your information with: 

• Other treating practitioners or allied health providers involved in your care 
• Referring doctors, insurers, or funding agencies (e.g., NDIS, EAP providers, workers compensation bodies) 
• Employers or organisational clients where contracted, subject to consent and privacy requirements 
• Regulatory bodies (e.g., AHPRA) if required 
• Other third parties where legally required, including but not limited to:

1. The Mental Health and Wellbeing Commission 
2. The Victorian Collaborative Centre for Mental Health 
3. Youth Mental Health and Wellbeing Victoria 
4. An Information Sharing Entity as defined in the Mental Health Act 2007 (NSW) 

• Our contracted service providers (e.g., secure cloud storage, practice management software), bound by strict privacy and confidentiality obligations 
• Overseas recipients where necessary for service delivery (see Section 6) 

We will never sell your personal information.

We store your information securely in electronic and/or physical form. We use industry-standard security measures and comply with applicable laws to prevent unauthorised access, modification, disclosure, loss, or misuse. 

Health records are retained for the minimum periods required under relevant laws, which may include: 

• Adults: At least 7 years from the last entry 
• Children: Until the child turns 25 years of age 

Service providers may hold personal information on our behalf. Where a service provider holds any personal information, we require them to be compliant with the APPs and the Privacy Act to ensure no mishandling of any personal information you have provided us.

In some cases, we may use service providers located overseas (e.g., for secure data storage, telehealth platforms, or administrative support). These providers may be located in countries including, but not limited to, the United States, the United Kingdom, and New Zealand. 

By providing your personal information and sensitive information to us, you consent to the disclosure of your information outside of Australia and acknowledge that, while we will take reasonable steps to ensure those providers comply with Australian privacy laws or equivalent safeguards, we are not required to ensure that overseas recipients handle personal information in compliance with Australian Privacy Law. 

Where this occurs, we will take reasonable steps to ensure those providers comply with Australian privacy laws or equivalent safeguards.

You have the right to: 

• Access your personal and health information (subject to legal exceptions) 
• Request correction of your information if it is inaccurate, incomplete, or out of date 
• Withdraw consent for certain uses and disclosures (where lawful) 
• Make a complaint if you believe your privacy has been breached 

We will respond to access and correction requests within the timeframes set out in the Privacy Act and relevant State/Territory health records laws.

We collect information from you on a voluntary basis. You are not under any obligation to provide information to us. If you do not provide requested information, we may be unable to provide you with the services you seek or the quality and safety of those services may be compromised.

Privacy Officer - Alfi Health Pty Ltd - Click here  

We will handle privacy enquiries and complaints in accordance with our Privacy Policy and legal obligations. You may also contact the Office of the Australian Information Commissioner (OAIC) or relevant State/Territory Health Complaints Commissioner if your concerns are not resolved.

Version: 1.2 

Date: 20 August 2025