Get 10% off your first blood test. Use code AUSHEALTH10 at checkout

Order Tests

Privacy Policy

Last updated: April 2026

1. Introduction and Our Commitment

MediTests Pty Ltd ACN 686 814 951 (MediTests, we, us, our) is committed to protecting the privacy of every person who uses our platform located at www.meditests.com.au (Platform). This Privacy Policy explains how we collect, hold, use, disclose, and protect your personal information, including sensitive health information, in connection with our services.

We operate in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. Health and medical information is treated as sensitive information under the Privacy Act and is afforded the highest level of protection.

By using the Platform or providing us with any personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, you must not use the Platform or our services.

We may revise this Privacy Policy from time to time. The current version will always be available at meditests.com.au/privacy-policy. We will notify you of material changes where reasonably practicable. Your continued use of the Platform after any update constitutes acceptance of the revised policy.

2. About Our Service and How It Affects Your Privacy

MediTests is a referral facilitation platform. We do not provide healthcare, medical advice, diagnoses, or treatment. Our service is limited to:

  • Enabling you to select and order pathology tests;
  • Preparing and issuing a pathology referral form (Referral) authorising you to attend an approved Collection Centre;
  • Receiving basic test results from independent, NATA-accredited laboratories (Laboratory Partners); and
  • Providing those results to you along with a standard reference range indicator.

Because our service involves the collection, processing, and transmission of health information — which is sensitive information under the Privacy Act — we take our obligations seriously and apply strict controls to how your information is handled at every stage.

3. What Personal Information We Collect

3.1 Personal Information

When you use the Platform or place an order, we may collect the following categories of personal information:

Identity & Contact: Full name, date of birth, sex/gender, residential address, email address, phone number

Order Information: Tests ordered, Order reference numbers, order history, Referral details

Payment Information: Credit/debit card details or other payment method information (processed securely by our third-party payment provider — we do not store full card numbers)

Health Information: Pathology test results received from Laboratory Partners; any health information you voluntarily provide when placing an order or contacting us

Communications: Enquiries, complaints, feedback, and support correspondence

Technical Data: IP address, browser type, device information, cookies and usage data collected automatically when you use the Platform

3.2 Sensitive Information

Health and medical information — including your pathology test results — constitutes sensitive information under the Privacy Act. We will only collect sensitive information:

  • With your consent (which you provide by placing an order and accepting this Privacy Policy);
  • Where it is directly necessary to provide the service you have requested; or
  • Where required or authorised by Australian law.

We will not collect sensitive information that is not necessary for the provision of our services.

3.3 Information You Are Not Required to Provide

You are not obliged to provide personal information to us. However, if you do not provide the information we require to process your Order and issue a Referral, we will be unable to provide our services to you.

3.4 Third-Party Information

In limited circumstances, you may provide us with personal information about a third party (for example, if placing an order on behalf of a family member). If you do so, you must ensure that person is aware of this Privacy Policy and has consented to their information being provided to us.

Our services are intended for individuals aged 18 and over. If you are providing information on behalf of a minor under your guardianship, you represent that you are their legal parent or guardian and consent to this Privacy Policy on their behalf.

4. How We Collect Personal Information

4.1 Direct Collection

We collect personal information directly from you when you:

  • Place an order on the Platform;
  • Complete any forms or fields on the Platform;
  • Contact us by email, phone, or through the Platform’s contact form;
  • Subscribe to marketing communications; or
  • Respond to surveys or provide feedback.

4.2 Collection from Third Parties

We also receive personal information from third parties in the course of providing our services, specifically:

  • Laboratory Partners: When your sample has been processed, the relevant Laboratory Partner transmits your test results to us for delivery to you. This occurs as a necessary part of fulfilling your Order.
  • Payment providers: Our third-party payment processor may provide us with transaction confirmation data.

4.3 Automated Collection (Cookies and Analytics)

When you use the Platform, we may automatically collect technical data through cookies and analytics tools.

Cookies

A cookie is a small data file placed on your device that helps us identify your browser session and improve your experience on the Platform. Cookies do not personally identify you but may identify your internet service provider and general browsing behaviour on our Platform.

You may configure your browser to refuse cookies, though this may limit your ability to use some features of the Platform. Our cookies are used for:

  • Session management and authentication;
  • Remembering your preferences;
  • Understanding how users navigate the Platform; and
  • Security and fraud prevention.

Google Analytics

We use Google Analytics to analyse how users engage with the Platform. Google Analytics uses cookies to collect non-personally identifiable data including your device type, browser, approximate geographic location, and pages visited. This information helps us improve the Platform.

Google may store and process this data on servers outside Australia. The IP address transmitted by your browser is not associated with any other data held by Google. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Facebook Pixel

Our Platform uses the Facebook Pixel, a tool provided by Meta Platforms Inc., which may collect data about your activity on our Platform to help us measure the effectiveness of our advertising and serve relevant ads on Facebook and Instagram. This data is transmitted to Meta and subject to Meta’s own privacy policy. You can manage your ad preferences through your Facebook account settings.

Other Tracking Technologies

We may also use similar tracking technologies such as web beacons or pixel tags for analytics and marketing purposes. These operate in a similar manner to cookies and are subject to the same opt-out options where available.

5. Why We Collect and Use Your Personal Information

5.1 Primary Purposes

We collect and use your personal information primarily to:

  • Process your Order and issue your Referral;
  • Transmit the information required by the Collection Centre and Laboratory Partner to facilitate your testing;
  • Receive your test results from the Laboratory and deliver them to you;
  • Communicate with you about your Order, including confirmation, results delivery, and support;
  • Process your payment; and
  • Comply with our legal obligations, including public health reporting requirements.

5.2 Secondary Purposes

We may also use your personal information for the following secondary purposes that you would reasonably expect:

  • Responding to your enquiries, feedback, or complaints;
  • Improving the Platform and our services;
  • Internal record-keeping, administration, and financial accounting;
  • Marketing our services to you (subject to clause 6 and your ability to opt out); and
  • Enforcing our Terms and Conditions and Refund Policy.

5.3 Sensitive Information — Restricted Use

Your sensitive health information (including test results) will only be used for:

  • The primary purpose for which it was collected (i.e. facilitating and delivering your pathology testing);
  • A directly related secondary purpose you would reasonably expect; or
  • A purpose to which you have expressly consented.

We will not use your health information for direct marketing without your express consent.

6. Direct Marketing

We may use your name and contact details to send you information about new tests, promotions, health content, and other services offered by MediTests that we believe may be of interest to you. We will only do so where:

  • You have consented to receiving marketing communications; or
  • We have collected your contact details in the course of a sale and the marketing relates to our own similar products or services, and you have not opted out.

We will never use your health or sensitive information for direct marketing without your express consent.

You may opt out of receiving marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email we send you; or
  • Contacting us at info@meditests.com.au with your request to unsubscribe.

We will process opt-out requests promptly and within a reasonable timeframe. Opting out of marketing communications will not affect your ability to receive transactional communications related to your Orders.

7. Disclosure of Personal Information to Third Parties

7.1 Laboratory Partners and Collection Centres

To fulfil your Order, we are required to share necessary personal and health information with our independent Laboratory Partners and their associated Collection Centres. This includes your name, date of birth, sex, and the specific tests ordered. These entities receive your information solely for the purpose of processing your test and returning results to us.

Laboratory Partners and Collection Centres are independent entities with their own privacy obligations under Australian law. MediTests is not responsible for how these parties handle your information beyond our contractual requirements.

7.2 Payment Processors

Payment information is processed by our third-party payment provider. This provider operates independently and is subject to its own privacy policy and security standards. MediTests does not store your full payment card details.

7.3 Technology and Platform Service Providers

We may share limited personal information with third-party technology providers who assist us in operating the Platform, including:

  • Website hosting and infrastructure providers;
  • Email delivery and communication services;
  • Customer support tools;
  • Analytics platforms (including Google Analytics and Meta); and
  • Cybersecurity and fraud prevention services.

These providers are engaged under contracts that require them to handle personal information only for the purposes we specify and in compliance with Australian privacy law. We do not authorise them to use or disclose your information for their own purposes.

7.4 Legal and Regulatory Disclosure

We may disclose personal information without your consent where required or authorised by law, including:

  • In response to a court order, subpoena, or legal process;
  • To comply with a mandatory reporting obligation, including notifiable disease reporting under applicable state or territory public health legislation;
  • To prevent or lessen a serious and imminent threat to the life, health, or safety of any person; or
  • To a law enforcement agency in connection with a lawful investigation.

7.5 Notifiable Disease Reporting

If your test results indicate a condition that is notifiable under Australian state or territory public health legislation (such as certain sexually transmitted infections), the Laboratory Partner is legally required to report the result to the relevant public health authority. This obligation rests with the Laboratory and is imposed by law — it does not require your consent and is not within MediTests’ control.

You may subsequently be contacted directly by a public health unit for follow-up. MediTests is not responsible for the content or timing of any communications from public health authorities.

7.6 Business Transfers

If MediTests undergoes a merger, acquisition, restructure, or sale of all or part of its business or assets, your personal information may be transferred to a successor entity. Any such transfer will be subject to confidentiality obligations, and we will take reasonable steps to ensure the receiving entity maintains equivalent privacy protections. We will notify you of any such transfer where required by law.

7.7 What We Do Not Do

MediTests does not sell, rent, or trade your personal information — including your health information — to any third party for their own commercial purposes. We do not share your information with advertisers or data brokers.

8. Overseas Disclosure

Some of our third-party service providers (including cloud hosting, analytics, and communication platforms) may store or process data on servers located outside Australia. Countries where data may be processed include, but may not be limited to, the United States and other countries where our technology providers operate.

Before disclosing personal information to any overseas recipient, we take reasonable steps to ensure that the recipient handles information in a manner consistent with the APPs, including through contractual data protection obligations.

By using the Platform, you acknowledge and consent to your personal information being processed in countries outside Australia as described in this clause, subject to the safeguards we have in place.

Where it is not practicable to ensure an overseas recipient complies with the APPs, we will seek your consent before making the disclosure, or only disclose where an exception under APP 8.2 applies.

9. Storage and Security of Personal Information

9.1 Security Measures

MediTests takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • Password protection and access controls for internal systems;
  • Encryption of data in transit using industry-standard protocols (e.g. HTTPS/TLS);
  • Restricted access to personal information on a need-to-know basis;
  • Contractual security obligations imposed on third-party service providers; and
  • Procedures for identifying and responding to data security incidents.

No system of data storage or transmission over the internet can be guaranteed to be 100% secure. While we implement reasonable safeguards, we cannot guarantee the absolute security of your information. You acknowledge this inherent risk.

9.2 Data Retention

We retain personal information for a minimum of 7 years from the date of collection, or such longer period as may be required by applicable law. This period is consistent with standard medical record retention requirements under Australian health records legislation and our general legal and tax obligations. Retention periods are also guided by:

  • The nature of the information (health records are subject to longer retention requirements);
  • Applicable legislation including health records laws in relevant states and territories;
  • The period necessary to resolve any disputes or enforce our agreements; and
  • Our reasonable business and tax record-keeping requirements.

When personal information is no longer required and our retention obligations have been satisfied, we take reasonable steps to destroy it securely or permanently de-identify it. If you submit a request for deletion of your personal information, we will assess that request against our applicable retention obligations and advise you of the outcome. Where a legal or regulatory obligation requires us to retain your information, we will explain this at the time.

9.3 Notifiable Data Breaches

MediTests complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach — that is, where there has been unauthorised access to, or disclosure of, personal information that is likely to result in serious harm — we will:

  • Contain the breach and assess it within 30 days to determine whether it constitutes an eligible data breach under the Privacy Act;
  • Notify affected individuals as soon as practicable following a confirmed eligible breach, including a description of the nature of the breach, the categories of information involved, and recommended steps they should take to protect themselves; and
  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the NDB scheme.

Given that MediTests handles sensitive health information, we treat any suspected data security incident with the highest priority. If you become aware of or suspect any unauthorised access to your account or personal information, please notify us immediately at info@meditests.com.au.

10. Your Privacy Rights

10.1 Right to Access

You have the right to request access to the personal information we hold about you. To make an access request, please contact us using the details in clause 12. We will respond within a reasonable timeframe and will provide access in the manner requested where it is reasonable and practicable to do so.

We will not charge you a fee for making an access request. However, we may charge a reasonable fee to cover the cost of providing access where significant work is involved (for example, locating, retrieving, and preparing information). We will advise you of any fee before proceeding.

In some circumstances we may decline an access request, including where access would be unlawful, where it would unreasonably impact the privacy of another individual, or where another exception under APP 12 applies. In such cases, we will provide written reasons for the refusal.

10.2 Right to Correction

If you believe that personal information we hold about you is inaccurate, incomplete, out of date, irrelevant, or misleading, you have the right to request correction. We will take reasonable steps to correct the information promptly. If we decline to correct information, we will provide written reasons and advise you of how to make a complaint.

10.3 Right to Complain

If you believe we have mishandled your personal information or breached our obligations under the Privacy Act, you have the right to lodge a complaint with us (see clause 12). We will investigate and respond within a reasonable timeframe.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

10.4 Opting Out of Marketing

You may opt out of receiving direct marketing communications from us at any time, as described in clause 6.

10.5 Right to Request Deletion

You may contact us at any time to request that we delete or de-identify personal information we hold about you. We will assess your request against our retention obligations under applicable law (including health records legislation and tax requirements) and advise you of the outcome within a reasonable timeframe.

Where we are required by law to retain your information for a specified period (such as the 7-year minimum retention period described in clause 9.2), we will be unable to action a deletion request until that obligation has been satisfied. We will advise you of the relevant retention period and the earliest date on which deletion can occur. Where deletion is not possible, we will take reasonable steps to restrict active use of the information during the remaining retention period.

11. Children and Minors

Our services are intended for individuals aged 18 years and over. We do not knowingly collect personal information from persons under 18 without the involvement and consent of a parent or legal guardian.

If you are a parent or legal guardian providing information on behalf of a minor, you represent that you have authority to consent to this Privacy Policy on their behalf and accept its terms.

If we become aware that we have inadvertently collected personal information from a person under 18 without appropriate parental or guardian consent, we will take reasonable steps to delete that information.

12. How to Contact Us or Make a Complaint

For any questions about this Privacy Policy, to request access to or correction of your personal information, or to make a privacy complaint, please contact our Privacy Officer:

  • Email: info@meditests.com.au
  • Address: Unit 1, 28 Walters Drive, Osborne Park WA 6017
  • Website: www.meditests.com.au

We will acknowledge receipt of your complaint or request as soon as practicable and will aim to resolve it within 30 days. Where a matter is complex or requires investigation, we will keep you informed of progress.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001