REGEN INSTITUTE PTY LTD (ACN 687 814 848)

1. Introduction

Regen Institute Pty Ltd (“Regen Institute”, “we”, “our”, “us”) is committed to protecting the privacy, confidentiality, and security of personal and health information.

This Privacy Policy explains how we collect, use, disclose, and manage your information in accordance with:

• Privacy Act 1988 (Cth)

• Australian Privacy Principles (APPs)

• Health Records Act (Victoria)

• applicable healthcare and regulatory standards

By engaging with our services, you consent to the handling of your information as described in this Policy.

2. What Information We Collect

We collect personal and health information necessary to provide safe and effective medical care.

This may include:

• identifying information (name, date of birth, contact details)

• Medicare details (where provided)

• medical history, medications, allergies, and investigations

• presenting complaints and clinical assessments

• pathology and diagnostic results

• patient-reported measures and treatment outcomes

• billing and payment information

Information is collected through:

• intake forms and referrals

• consultations (in-person and telehealth)

• correspondence with healthcare providers

• diagnostic and pathology providers

• My Health Record (with your consent)

3. Why We Collect Your Information

We collect and use your information to:

• provide safe, personalised medical care

• assess eligibility for consultation and treatment

• support clinical decision-making and prescribing

• coordinate care with your healthcare providers

• monitor treatment outcomes and safety

• manage appointments, billing, and administration

• meet legal and regulatory obligations

We may also use de-identified information for:

• quality improvement

• clinical audit

• service development

4. Disclosure of Information

We may disclose your information to:

• your general practitioner and treating healthcare providers

• pharmacies involved in dispensing medications

• pathology and diagnostic providers

• allied health professionals involved in your care

• regulatory bodies (where required by law)

• emergency services where necessary to prevent serious harm

We only disclose information:

• with your consent, or

• where required or permitted by law

5. Consent

We obtain your consent to:

• collect and use your health information

• share information with your treating team

• access My Health Record (where applicable)

• use your data for monitoring and quality improvement

Consent is:

• informed

• voluntary

• documented

You may withdraw consent at any time, subject to legal or clinical limitations.

6. Data Security

We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Security measures include:

• secure electronic medical record systems

• role-based access controls

• encrypted data storage and transmission

• audit logs and monitoring

• staff training in privacy and confidentiality

7. Use of Artificial Intelligence

Regen Institute may use AI-assisted tools for administrative purposes, including documentation support.

AI is not used for:

• clinical decision-making

• diagnosis or treatment planning

• storage or processing of identifiable patient data outside approved systems

All clinical decisions are made by registered medical practitioners.

8. Access and Correction

You may request:

• access to your health information

• correction of inaccurate or incomplete information

Requests should be made in writing and will be processed in accordance with applicable legislation.

Access may be declined in limited circumstances permitted by law.

9. Retention of Information

We retain your health records in accordance with legal requirements, generally for a minimum of:

• 7 years from the date of last contact

Records are securely destroyed when no longer required.

10. Data Breaches

If a data breach occurs, we will:

• investigate and contain the breach

• assess the risk

• notify affected individuals where required

• notify the Office of the Australian Information Commissioner (OAIC) where applicable

11. Overseas Disclosure

We do not routinely disclose personal information overseas.

If overseas disclosure occurs (e.g. via technology providers), reasonable steps are taken to ensure compliance with Australian privacy laws.

12. Complaints

If you have concerns about how your information is handled, you may contact us.

We will:

• investigate your complaint

• respond within a reasonable timeframe

If you are not satisfied, you may contact:

• Office of the Australian Information Commissioner (OAIC)

13. Contact Details

Regen Institute Pty Ltd

Email: support@regeninstitute.com.au

Address: Consult Rooms, First Floor, 56 Commercial Rd, Prahran, VIC, 3181

14. Changes to This Policy

We may update this Privacy Policy from time to time.

The latest version will be available on our website.