Order Tests

Privacy Policy

1. Introduction and Our Commitment

MediTests Pty Ltd ACN 686 814 951 (MediTests, we, us, our) is committed to protecting the privacy of every person who uses our platform located at www.meditests.com.au (Platform). This Privacy Policy explains how we collect, hold, use, disclose, and protect your personal information, including sensitive health information, in connection with our services.

We operate in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. Health and medical information is treated as sensitive information under the Privacy Act and is afforded the highest level of protection.

By using the Platform or providing us with any personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, you must not use the Platform or our services.

We may revise this Privacy Policy from time to time. The current version will always be available at meditests.com.au/privacy-policy. We will notify you of material changes where reasonably practicable. Your continued use of the Platform after any update constitutes acceptance of the revised policy.

2. About Our Service and How It Affects Your Privacy

MediTests is a referral facilitation platform. We do not provide healthcare, medical advice, diagnoses, or treatment. Our service is limited to:

  1. Enabling you to select and order pathology tests;
  2. Preparing and issuing a pathology referral form (Referral) authorising you to attend an approved Collection Centre;
  3. Receiving basic test results from independent, NATA-accredited laboratories (Laboratory Partners); and
  4. Providing those results to you along with a standard reference range indicator.

Because our service involves the collection, processing, and transmission of health information — which is sensitive information under the Privacy Act — we take our obligations seriously and apply strict controls to how your information is handled at every stage.

3. What Personal Information We Collect

3.1 Personal Information

When you use the Platform or place an order, we may collect the following categories of personal information:

Identity & Contact
Full name, date of birth, sex/gender, residential address, email address, phone number

Order Information
Tests ordered, Order reference numbers, order history, Referral details

Payment Information
Credit/debit card details or other payment method information (processed securely by our third-party payment provider — we do not store full card numbers)

Health Information
Pathology test results received from Laboratory Partners; any health information you voluntarily provide when placing an order or contacting us

Communications
Enquiries, complaints, feedback, and support correspondence

Technical Data
IP address, browser type, device information, cookies and usage data collected automatically when you use the Platform.

3.2 Sensitive Information

Health and medical information — including your pathology test results — constitutes sensitive information under the Privacy Act. We will only collect sensitive information:

  1. With your consent (which you provide by placing an order and accepting this Privacy Policy);
  2. Where it is directly necessary to provide the service you have requested; or
  3. Where required or authorised by Australian law.

We will not collect sensitive information that is not necessary for the provision of our services.

3.3 Information You Are Not Required to Provide

You are not obliged to provide personal information to us. However, if you do not provide the information we require to process your Order and issue a Referral, we will be unable to provide our services to you.

3.4 Third-Party Information

In limited circumstances, you may provide us with personal information about a third party (for example, if placing an order on behalf of a family member). If you do so, you must ensure that person is aware of this Privacy Policy and has consented to their information being provided to us.

Our services are intended for individuals aged 18 and over. If you are providing information on behalf of a minor under your guardianship, you represent that you are their legal parent or guardian and consent to this Privacy Policy on their behalf.

4. How We Collect Personal Information

4.1 Direct Collection

We collect personal information directly from you when you:

  1. Place an order on the Platform;
  2. Complete any forms or fields on the Platform;
  3. Contact us by email, phone, or through the Platform’s contact form;
  4. Subscribe to marketing communications; or
  5. Respond to surveys or provide feedback.

4.2 Collection from Third Parties

We also receive personal information from third parties in the course of providing our services, specifically:

  1. Laboratory Partners: When your sample has been processed, the relevant Laboratory Partner transmits your test results to us for delivery to you. This occurs as a necessary part of fulfilling your Order.
  2. Payment providers: Our third-party payment processor may provide us with transaction confirmation data.

4.3 Automated Collection (Cookies and Analytics)

When you use the Platform, we may automatically collect technical data through cookies and analytics tools.

Cookies
A cookie is a small data file placed on your device that helps us identify your browser session and improve your experience on the Platform. Cookies do not personally identify you but may identify your internet service provider and general browsing behaviour on our Platform.

You may configure your browser to refuse cookies, though this may limit your ability to use some features of the Platform. Our cookies are used for:

  1. Session management and authentication;
  2. Remembering your preferences;
  3. Understanding how users navigate the Platform; and
  4. Security and fraud prevention.

Google Analytics
We use Google Analytics to analyse how users engage with the Platform. Google Analytics uses cookies to collect non-personally identifiable data including your device type, browser, approximate geographic location, and pages visited. This information helps us improve the Platform.

Google may store and process this data on servers outside Australia. The IP address transmitted by your browser is not associated with any other data held by Google. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Facebook Pixel
Our Platform uses the Facebook Pixel, a tool provided by Meta Platforms Inc., which may collect data about your activity on our Platform to help us measure the effectiveness of our advertising and serve relevant ads on Facebook and Instagram. This data is transmitted to Meta and subject to Meta’s own privacy policy. You can manage your ad preferences through your Facebook account settings.

Other Tracking Technologies
We may also use similar tracking technologies such as web beacons or pixel tags for analytics and marketing purposes. These operate in a similar manner to cookies and are subject to the same opt-out options where available.

5. Why We Collect and Use Your Personal Information

5.1 Primary Purposes

We collect and use your personal information primarily to:

  1. Process your Order and issue your Referral;
  2. Transmit the information required by the Collection Centre and Laboratory Partner to facilitate your testing;
  3. Receive your test results from the Laboratory and deliver them to you;
  4. Communicate with you about your Order, including confirmation, results delivery, and support;
  5. Process your payment; and
  6. Comply with our legal obligations, including public health reporting requirements.

5.2 Secondary Purposes

We may also use your personal information for the following secondary purposes that you would reasonably expect:

  1. Responding to your enquiries, feedback, or complaints;
  2. Improving the Platform and our services;
  3. Internal record-keeping, administration, and financial accounting;
  4. Marketing our services to you (subject to clause 6 and your ability to opt out); and
  5. Enforcing our Terms and Conditions and Refund Policy.

5.3 Sensitive Information — Restricted Use

Your sensitive health information (including test results) will only be used for:

  1. The primary purpose for which it was collected (i.e. facilitating and delivering your pathology testing);
  2. A directly related secondary purpose you would reasonably expect; or
  3. A purpose to which you have expressly consented.

We will not use your health information for direct marketing without your express consent.

6. Direct Marketing

We may use your name and contact details to send you information about new tests, promotions, health content, and other services offered by MediTests that we believe may be of interest to you. We will only do so where:

  1. You have consented to receiving marketing communications; or
  2. We have collected your contact details in the course of a sale and the marketing relates to our own similar products or services, and you have not opted out.

We will never use your health or sensitive information for direct marketing without your express consent.

You may opt out of receiving marketing communications at any time by:

  1. Clicking the unsubscribe link in any marketing email we send you; or
  2. Contacting us at info@meditests.com.au with your request to unsubscribe.

We will process opt-out requests promptly and within a reasonable timeframe. Opting out of marketing communications will not affect your ability to receive transactional communications related to your Orders.

7. Disclosure of Personal Information to Third Parties

7.1 Laboratory Partners and Collection Centres

To fulfil your Order, we are required to share necessary personal and health information with our independent Laboratory Partners and their associated Collection Centres. This includes your name, date of birth, sex, and the specific tests ordered. These entities receive your information solely for the purpose of processing your test and returning results to us.

Laboratory Partners and Collection Centres are independent entities with their own privacy obligations under Australian law. MediTests is not responsible for how these parties handle your information beyond our contractual requirements.

7.2 Payment Processors

Payment information is processed by our third-party payment provider. This provider operates independently and is subject to its own privacy policy and security standards. MediTests does not store your full payment card details.

7.3 Technology and Platform Service Providers

We may share limited personal information with third-party technology providers who assist us in operating the Platform, including:

  1. Website hosting and infrastructure providers;
  2. Email delivery and communication services;
  3. Customer support tools;
  4. Analytics platforms (including Google Analytics and Meta);
  5. Cybersecurity and fraud prevention services.

These providers are engaged under contracts that require them to handle personal information only for the purposes we specify and in compliance with Australian privacy law. We do not authorise them to use or disclose your information for their own purposes.

7.4 Legal and Regulatory Disclosure

We may disclose personal information without your consent where required or authorised by law, including:

  1. In response to a court order, subpoena, or legal process;
  2. To comply with a mandatory reporting obligation, including notifiable disease reporting under applicable state or territory public health legislation;
  3. To prevent or lessen a serious and imminent threat to the life, health, or safety of any person;
  4. To a law enforcement agency in connection with a lawful investigation.

7.5 Notifiable Disease Reporting

If your test results indicate a condition that is notifiable under Australian state or territory public health legislation (such as certain sexually transmitted infections), the Laboratory Partner is legally required to report the result to the relevant public health authority. This obligation rests with the Laboratory and is imposed by law — it does not require your consent and is not within MediTests’ control.

You may subsequently be contacted directly by a public health unit for follow-up. MediTests is not responsible for the content or timing of any communications from public health authorities.

7.6 Business Transfers

If MediTests undergoes a merger, acquisition, restructure, or sale of all or part of its business or assets, your personal information may be transferred to a successor entity. Any such transfer will be subject to confidentiality obligations, and we will take reasonable steps to ensure the receiving entity maintains equivalent privacy protections. We will notify you of any such transfer where required by law.

7.7 What We Do Not Do

MediTests does not sell, rent, or trade your personal information — including your health information — to any third party for their own commercial purposes. We do not share your information with advertisers or data brokers.

8. Overseas Disclosure

Some of our third-party service providers (including cloud hosting, analytics, and communication platforms) may store or process data on servers located outside Australia. Countries where data may be processed include, but may not be limited to, the United States and other countries where our technology providers operate.

Before disclosing personal information to any overseas recipient, we take reasonable steps to ensure that the recipient handles information in a manner consistent with the APPs, including through contractual data protection obligations.

By using the Platform, you acknowledge and consent to your personal information being processed in countries outside Australia as described in this clause, subject to the safeguards we have in place.

Where it is not practicable to ensure an overseas recipient complies with the APPs, we will seek your consent before making the disclosure, or only disclose where an exception under APP 8.2 applies.

9. Storage and Security of Personal Information

9.1 Security Measures

MediTests takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  1. Password protection and access controls for internal systems;
  2. Encryption of data in transit using industry-standard protocols (e.g. HTTPS/TLS);
  3. Restricted access to personal information on a need-to-know basis;
  4. Contractual security obligations imposed on third-party service providers;
  5. Procedures for identifying and responding to data security incidents.

No system of data storage or transmission over the internet can be guaranteed to be 100% secure. While we implement reasonable safeguards, we cannot guarantee the absolute security of your information. You acknowledge this inherent risk.

9.2 Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, and to meet our legal, regulatory, and contractual obligations.

9.3 Notifiable Data Breaches

MediTests complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act.

10. Your Privacy Rights

10.1 Right to Access

You have the right to request access to the personal information we hold about you.

10.2 Right to Correction

If you believe information is incorrect, you may request correction.

10.3 Right to Complain

You may lodge a complaint with us or with the OAIC.

10.4 Opting Out of Marketing

You may opt out at any time.

11. Children and Minors

Our services are intended for individuals aged 18 years and over.

12. How to Contact Us or Make a Complaint

Email: info@meditests.com.au

Address: Unit 1, 28 Walters Drive, Osborne Park WA 6017

Website: www.meditests.com.au

Disclaimer: This Privacy Policy has been prepared for informational purposes and does not constitute legal advice. MediTests recommends seeking independent legal advice to ensure this policy satisfies all obligations applicable to your specific circumstances before publication.