Effective Date: 4 September 2025
DESA Consulting Pty Ltd (“we”, “us”, “our”) is committed to safeguarding the privacy of individuals engaging with our health and allied services, including NDIS support, consultations, weight-loss programs, mental health counselling, and allied health treatments. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal and sensitive information in compliance with the Privacy Act 1988 (Cth), including modifications made by the Privacy and Other Legislation Amendment Act 2024.
We collect the following types of information:
Personal details: name, date of birth, contact information (e.g. phone, email, address).
Health & sensitive information: medical history, treatment plans, pathology results, mental health assessments, NDIS details, dietary and fitness data.
Billing information: Medicare details, health care card or veteran (DVA) card, payment history.
Device and online usage data: IP address, browsing behaviour when using our website or online booking systems.
Communications: records of emails, phone calls, or messages exchanged with our staff.
Directly from you: when you register, book appointments, complete health forms, or communicate with us.
From other entities: with your consent, such as referrals from health professionals or NDIS providers.
Automatically: via cookies or similar technologies when you visit our website or use the booking platform.
We use your information to:
Provide and manage healthcare and allied health services, including diagnostics, consultations, therapy, and wellness programs.
Facilitate bookings, billing, and payment processing, including Medicare and bulk billing eligibility.
Communicate appointment reminders and follow-up care.
Comply with legal obligations, healthcare compliance, NDIS reporting, or public health initiatives.
Improve our services via feedback and analytics.
Secure our systems and manage administrative needs.
In Australia, we base our data processing on:
Consent: your agreement to collect and use data.
Contractual necessity: to deliver healthcare and administrative services.
Legal obligations: under health records legislation, NDIS requirements, and anti-fraud regulations.
Legitimate interests: e.g. quality improvement, safety, and operational needs.
We may share your information with:
Healthcare professionals and allied providers involved in your care.
NDIS bodies or insurers when relevant.
Medical laboratories or imaging services for diagnostics.
Third-party service providers (e.g. booking platforms, payment processors).
Government agencies, courts, or regulatory authorities when required by law.
All third parties are obligated to protect your data per Australian privacy laws.
We deploy reasonable safeguards—like secure storage and limited staff access—to protect your personal and health information. While we strive for security, no system is fully immune to risks; you can help by safeguarding your login credentials.
We retain personal records for as long as necessary for your care or as required by law (e.g. healthcare record retention periods). After this, data is securely destroyed or de-identified.
You may request access to or correction of your personal data. Contact us via the “Contact Us” section, and we’ll respond as soon as possible (usually within 30 days).
If you have concerns about our handling of your personal information, please reach out to us directly. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
This Privacy Policy may be updated to reflect legal or operational changes. We’ll indicate the “Effective Date” and encourage you to revisit it periodically.
DESA Consulting Pty Ltd
9 Fleetwood Drive, Narre Warren VIC 3805, Australia
Phone: (03) 8725 9983
Email: info@desaconsulting.com.au
