Last updated: May 2025
Privacy Policy
MedZo Pty Ltd ('MedZo', 'we', 'us') is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This policy explains what personal information we collect, why we collect it, how we protect it, and your rights as a client or website visitor.
1. Who We Are
MedZo provides end-to-end medical practice management services, including billing, scheduling, and operational support, for healthcare practices across Australia. We are a service provider to your practice; we are not a healthcare provider and do not offer clinical services.
2. Information We Collect
We collect personal information necessary to deliver our services: the names, contact details, and billing information of practice owners and administrators; usage data generated when you interact with our platform (log data, device information, feature usage); and correspondence you send us. We do not collect, access, or store patient health records, clinical notes, or Medicare data; that information remains on your practice's own systems at all times.
3. How We Use Your Information
We use your information to set up and manage your MedZo account; deliver, operate, and improve our services; send service notifications and support communications; process invoices and payments; and comply with our legal obligations under Australian law. We do not use your information for third-party marketing and will not sell your data under any circumstances.
4. Disclosure to Third Parties
We may disclose your information to trusted third-party service providers (such as cloud hosting and payment processors) who assist us in operating our platform, under strict confidentiality obligations. We may also disclose information where required by law, court order, or a government or regulatory authority. Outside of these circumstances, your information is not shared.
5. Data Storage and Security
All data is stored on servers located within Australia. We protect your information using industry-standard encryption in transit and at rest, role-based access controls, and regular security reviews. In the event of a data breach likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme.
6. Data Retention
We retain your personal information for as long as your account is active and for seven years following termination of services, as required under Australian financial and record-keeping obligations. Upon a verified request, we will delete or de-identify information that is no longer required, subject to any outstanding legal obligations.
7. Cookies and Analytics
Our website uses cookies and analytics tools to understand how visitors interact with our site and to improve the user experience. No personally identifiable information is collected through cookies without your consent. You may disable cookies through your browser settings, though some site functionality may be affected.
8. Your Rights
Under the Privacy Act 1988 (Cth) and the APPs, you have the right to request access to the personal information we hold about you; request corrections to inaccurate or incomplete information; request deletion of your information where we have no legal obligation to retain it; and lodge a complaint if you believe we have handled your information in breach of the APPs.
9. Contact and Complaints
To exercise any of the above rights, or for any privacy-related enquiry, contact our Privacy Officer at privacy@medzo.com.au. We will acknowledge your request within 2 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the OAIC at www.oaic.gov.au or by calling 1300 363 992.
10. Changes to This Policy
We may update this policy from time to time to reflect changes in our services or legal requirements. The current version is always available at medzo.com.au/privacy. We will notify active clients of material changes by email.