Privacy Policy

1 About This Policy

Serene Family Dental (ABN 71 670 301 372), located at Unit G4/80C Ropes Crossing Blvd, Ropes Crossing NSW 2760 ("we", "us", "our", "the Practice") is committed to protecting the privacy of our patients, website visitors, and all individuals whose personal information we handle.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information — including sensitive health information — in connection with the dental services we provide and the operation of our website at serenefamilydental.com.au.

We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) contained in that Act, as well as the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act) in respect of health information we hold about NSW residents.

By engaging our services or providing us with your personal information, you consent to the collection, use, and disclosure of that information in accordance with this policy. If you do not agree with this policy, please advise us and we will discuss alternative arrangements where possible.

We may update this policy from time to time. The current version will always be published on our website. We encourage you to review this page periodically.

2 Personal Information We Collect

We collect personal information that is reasonably necessary to provide dental care, manage our practice, communicate with you, and meet our legal obligations. The types of personal information we may collect include:

Identity & Contact Information

• Full name, preferred name, date of birth, and gender
• Residential address, email address, and phone number(s)
• Emergency contact name and phone number
• Next of kin details (where relevant)

Financial & Insurance Information

• Medicare card number and Individual Reference Number (IRN)
• Private health fund name, membership number, and fund card details
• Payment details (credit/debit card information processed via our payment terminals — we do not store full card numbers)
• Details of any Child Dental Benefits Schedule (CDBS) eligibility

Referral & Administrative Information

• Name and contact details of your referring dentist, GP, or specialist (if applicable)
• Appointment history, booking preferences, and recall dates
• Correspondence and communications with the practice

3 Health Information

Health information is a subcategory of sensitive information under the Privacy Act and is given the highest level of protection. We collect health information that is necessary to assess, plan, and provide safe and appropriate dental treatment. This includes:

• General medical history, including past surgeries, hospitalisations, and chronic conditions
• Current medications (prescribed, over-the-counter, and supplements)
• Known allergies and adverse drug reactions
• Dental and oral health history, including previous treatments, restorations, and extractions
• Clinical examination findings, charting, and treatment plans
• Dental X-rays (OPG, periapical, bitewing), intraoral photographs, and digital scan data
• Specialist referral letters and reports received from other healthcare providers
• Information about lifestyle factors that may affect your oral or general health (e.g. smoking, alcohol use, diet)
• Pregnancy status, where clinically relevant

We collect health information only with your knowledge and, where required by law or where the information is particularly sensitive, with your express consent. You have the right to withhold information; however, doing so may limit our ability to provide appropriate care or could pose a risk to your health and safety.

4 How We Collect Your Information

We collect personal and health information in the following ways:

• Directly from you — through new patient registration forms (completed in the practice or online), verbal communications at reception or during clinical consultations, and written correspondence including email and SMS
• Online booking — when you book an appointment via our website or through a third-party booking directory (such as HotDoc, HealthEngine, or HealthShare), the relevant platform collects your contact details and passes them to us through our practice management system, Praktika
• From other healthcare providers — we may receive clinical information, referral letters, or imaging results from your GP, a specialist, a hospital, or a previously treating dentist with your authorisation
• From Medicare and health funds — eligibility and claim processing information may be returned to us electronically via HICAPS or Medicare Online
• From your representative — where a parent, guardian, or carer books or attends on your behalf
• Automatically via our website — through cookies, Google Analytics, and Google Ads tracking technologies when you visit serenefamilydental.com.au (see Section 7 for details)

5 How We Use Your Information

Primary Purposes

We use your personal and health information primarily to:

• Provide, coordinate, and manage your dental care, including assessment, diagnosis, treatment planning, and ongoing monitoring
• Maintain accurate and up-to-date clinical and administrative records
• Send appointment reminders, recalls, and follow-up communications via SMS and email through Praktika
• Process payments and submit health fund and Medicare claims via HICAPS and Medicare Online
• Communicate with other healthcare providers involved in your care (e.g. referring dentists, specialists, or GPs)
• Comply with our legal, regulatory, and professional obligations under dental registration standards, infection control requirements, and applicable privacy legislation
• Manage and respond to any complaints or feedback

Secondary Purposes

We may also use your information for the following secondary purposes, where you would reasonably expect this or where we have your consent:

• Quality assurance, clinical auditing, and practice accreditation activities (de-identified wherever possible)
• Staff education, supervision, and training (de-identified wherever possible)
• Sending you practice newsletters, oral health tips, or information about new services — you may opt out of these at any time by replying STOP to any SMS, clicking unsubscribe in any email, or contacting us directly
• Aggregate, de-identified analysis of patient data for practice improvement purposes

We will never use your personal information for direct marketing by unrelated third parties, and we do not sell your information to any third party for commercial purposes.

6 Third-Party Service Providers

To operate our practice effectively, we engage a number of trusted third-party service providers who may access, process, or store personal information on our behalf. We take reasonable steps to ensure each provider handles your information securely and in accordance with applicable privacy laws.

Praktika — Practice Management Software

We use Praktika as our practice management system. Praktika handles patient registration and profiles, appointment scheduling, clinical record-keeping (notes, charting, treatment plans, X-rays), billing and invoicing, health fund claiming, and automated SMS and email communications including appointment reminders, recalls, and post-visit follow-ups.

Patient data stored in Praktika is held on secure Australian cloud infrastructure. Praktika is bound by the Australian Privacy Principles and their own Privacy Policy. For more information, visit www.praktika.com.au.

HICAPS — Health Fund & Medicare Claiming

We use HICAPS (Health Industry Claims and Payments Service) to process private health fund claims and Medicare benefits electronically at the time of your appointment. When you present your health fund card, relevant claim information (including item codes, fees, and your fund membership details) is transmitted to your health fund via the HICAPS terminal. HICAPS is operated by NAB and is subject to its own privacy policy and the requirements of your health fund.

HotDoc, HealthEngine & HealthShare — Online Booking Directories

We are listed on HotDoc, HealthEngine, and HealthShare. If you book through one of these platforms, they will collect your name, contact details, and appointment preference before passing that information to Praktika. Each platform operates under its own privacy policy, which we encourage you to review.

Dental Laboratories

When fabricating custom dental appliances such as crowns, bridges, veneers, dentures, mouthguards, or clear aligners, we share relevant clinical information (impressions, photographs, prescription details, and your first name or patient reference number) with our laboratory partners. Laboratories are engaged under confidentiality obligations and are not permitted to use this information for any other purpose.

Specialist Referral Networks

Where we refer you to a specialist (e.g. an oral surgeon, periodontist, or orthodontist), we will share a clinical referral letter containing relevant personal and health information with the receiving practitioner, with your knowledge and consent.

IT & Hosting Providers

We use reputable IT service providers to support the day-to-day operation of our systems. These providers may have incidental access to personal information during the course of providing technical support and are bound by confidentiality obligations.

Legal, Regulatory, & Government Bodies

We may be required to disclose personal information to government agencies, law enforcement, regulatory bodies (including AHPRA and the Dental Board of Australia), or courts where required or authorised by law. We will only disclose the minimum information necessary in these circumstances.

7 Digital Tools, Cookies & Online Advertising

Our website (serenefamilydental.com.au) uses several digital tools that may collect information about how you use our site. This information is used to improve user experience, measure marketing effectiveness, and help new patients find us.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics collects anonymised data about how visitors interact with our website — including pages visited, time spent on each page, the device and browser used, and how you arrived at the site (e.g. via a search engine, direct link, or social media). This data is aggregated and does not identify you personally. It is stored on Google's servers, which may be located outside Australia (see Section 12). You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Google Ads

We run advertising campaigns through Google Ads. To measure the effectiveness of these campaigns, a Google Ads conversion tracking tag is placed on our website. This tag uses cookies to record when a visitor arrives at our site after clicking one of our advertisements, and may track actions such as completing a booking form or clicking to call. This helps us understand which ads are performing well and allocate our marketing budget effectively. The information collected is aggregated and does not personally identify you. Google may also use this data in accordance with its own privacy policy.

You can manage your Google ad personalisation preferences at adssettings.google.com.

Cookies

Our website uses cookies — small text files stored on your device — to support the functionality of the above tools and to improve your browsing experience. The types of cookies we use include:

• Essential cookies — required for the website to function, such as session management and security. These cannot be disabled without affecting site functionality.
• Analytics cookies — placed by Google Analytics to collect anonymised usage data (as described above)
• Advertising cookies — placed by Google Ads for conversion tracking and ad performance measurement (as described above)

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the performance of some parts of our website. Most browsers allow you to view, manage, block, or delete cookies via Settings → Privacy or Tools → Internet Options.

Third-Party Links

Our website contains links to third-party websites, including booking platforms, review sites, and social media profiles. We are not responsible for the privacy practices of those websites and encourage you to review their individual privacy policies before providing any personal information.

8 SMS & Email Communications

We use Praktika's built-in communications platform to send you automated and manual messages. These may include:

• Appointment confirmation messages sent via SMS and/or email at the time of booking
• Appointment reminder messages sent 48–72 hours before your scheduled visit
• Recall notifications reminding you when your next check-up or hygiene appointment is due
• Post-appointment follow-up messages
• Practice updates and oral health information (where you have consented to receive these)

These communications are sent to the mobile number and/or email address you have provided to the practice. It is your responsibility to keep your contact details up to date.

Opting out: You may opt out of non-essential communications (such as newsletters and marketing messages) at any time by replying STOP to any SMS, clicking the unsubscribe link in any email, or contacting our reception team. Please note that opting out of appointment reminders and recall notices is possible but may result in you missing scheduled care. Opting out of a particular communication type will not affect your clinical care in any way.

9 Storage & Security

We take reasonable steps to protect the personal and health information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Secure, cloud-hosted practice management software (Praktika) with role-based access controls — staff can only access the records necessary for their role
• Strong password policies and multi-factor authentication where available
• SSL/TLS encryption on our website and any online forms or booking tools
• Physical security measures at our practice premises, including restricted access to clinical areas and locked storage for any paper-based records
• Regular software updates and security patching
• Staff training on privacy obligations, data handling procedures, and breach response

In the event of a data breach that is likely to result in serious harm to any individual whose information is affected, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches (NDB) scheme.

10 Retention of Records

We retain patient records for the minimum periods required by law and applicable professional standards:

• Adult patients — clinical records are retained for a minimum of 7 years from the date of the last entry
• Patients who were minors — records are retained until the patient turns 25 years of age, or for 7 years from the date of the last entry — whichever is longer
• Deceased patients — records may be retained for longer periods where required by law, court order, or professional obligations

Financial and tax records are retained for a minimum of 5 years as required by Australian taxation law.

When records are no longer required to be retained, we will destroy or de-identify them securely. Physical records are shredded; electronic records are permanently deleted from our systems in accordance with Praktika's data deletion procedures.

11 Your Rights — Access & Correction

Under the Privacy Act and the HRIP Act, you have the right to:

• Request access to the personal and health information we hold about you
• Request correction of information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading
• Opt out of direct marketing communications at any time
• Make a complaint about how we have handled your information (see Section 14)

To request access or correction, please contact our Privacy Officer in writing at reception@serenefamilydental.com.au. We will acknowledge your request promptly and respond within 30 days.

We may ask you to verify your identity before providing access. There is generally no charge for access requests, though we may charge a reasonable fee to cover administrative costs associated with locating, compiling, and copying large volumes of records.

In limited circumstances we may decline an access request — for example, where providing access would pose a serious threat to another person's health or safety, where the request is frivolous or vexatious, or where we are required by law to refuse. We will provide written reasons for any refusal and advise you of the avenues available to you to seek a review of our decision.

12 Overseas Disclosure

Some of the third-party service providers we use may store or process data on servers located outside Australia. In particular:

• Google Analytics and Google Ads — data is processed by Google LLC, which operates servers globally, including in the United States. Google participates in the EU-US Data Privacy Framework and maintains comprehensive security certifications.
• Praktika — data is hosted on Australian cloud infrastructure; however, their platform providers or subprocessors may be located overseas in certain circumstances.

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with the Australian Privacy Principles. By consenting to this policy, you acknowledge that we may disclose information to overseas recipients in these circumstances and that we may not always be in a position to ensure foreign entities comply fully with Australian privacy law.

13 Children's Privacy

We provide dental care to patients of all ages, including children. Where a patient is under 18 years of age, their parent or legal guardian is generally responsible for providing consent to treatment and for the collection and use of their personal and health information.

We collect and handle information about child patients in the same manner as described throughout this policy. Clinical records for minors are retained until the patient turns 25 years of age (or 7 years from the date of the last entry, whichever is longer).

As children mature and develop capacity to make their own health decisions, we will progressively seek their direct consent in accordance with the applicable legal and ethical standards for adolescent patient autonomy.

14 Privacy Complaints

If you believe that we have handled your personal information in a way that does not comply with this policy or with the Australian Privacy Principles, we encourage you to raise the matter with us directly in the first instance so that we can investigate and attempt to resolve your concern promptly.

Please direct your complaint in writing to our Privacy Officer at reception@serenefamilydental.com.au. We will acknowledge your complaint within 5 business days and provide a substantive response within 30 days. If we need more time to investigate, we will let you know.

If you are not satisfied with our response, or if you would prefer to raise the matter directly with a regulatory body, you may contact:

• Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au | Phone: 1300 363 992 | GPO Box 5218, Sydney NSW 2001
• NSW Information and Privacy Commission (for matters under the HRIP Act) — www.ipc.nsw.gov.au | Phone: 1800 472 679

15 Contact Our Privacy Officer

For all privacy-related enquiries, access or correction requests, opt-out requests, or complaints, please contact our Privacy Officer:

This Privacy Policy was last updated in March 2026. We review this policy periodically to reflect changes to our operations, technology, or applicable laws. The current version will always be available on our website at serenefamilydental.com.au/privacy.html.