Skip to content
AHPRA-registered clinicians · Australian-dispensed medications · Encrypted patient portal · Consultations with actual time · Personalised to your goals · Same clinician every visit · AHPRA-registered clinicians · Australian-dispensed medications · Encrypted patient portal · Consultations with actual time · Personalised to your goals · Same clinician every visit
Legal

Your privacy, protected.

How we collect, use, store and protect your personal and health information at Elevate For Her.

Last updated: 5 May 2026

1. Who we are

Rowe Healthcare Group Pty Ltd (ABN 16 695 432 298), trading as Elevate For Her, is a women's telehealth clinic providing personalised clinical consultations to women across Australia. We are registered as an APP entity under the Privacy Act 1988 (Cth).

Throughout this Privacy Policy, "we", "us" and "our" refer to Rowe Healthcare Group Pty Ltd. "You" and "your" refer to you, the individual whose personal information we collect and hold.

We handle your information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), the My Health Records Act 2012 (Cth) where applicable, and relevant state and territory health records legislation.

You can obtain a copy of the Australian Privacy Principles from the Office of the Australian Information Commissioner at oaic.gov.au.

2. What information we collect

To provide you with safe, appropriate clinical care, we may collect the following types of personal and health information:

  • Identity details: name, date of birth, residential address, email address and phone number.
  • Health information: clinical diagnoses, medical history, current and past medications, allergies, symptoms, lifestyle and clinical health factors, pathology and imaging results, and any other health information relevant to your care.
  • Clinical records: consultation session notes, treatment records, clinical care plans, prescriptions issued, and medication history.
  • Referral information: referral letters to or from your general practitioner, other treating practitioners, or allied health professionals.
  • Consultation metadata: date, time, duration and mode (video or phone) of each telehealth consultation.
  • Medicare and health fund details: Medicare number, Individual Reference Number (IRN), expiry date, and private health insurance details where relevant to billing or rebates.
  • Payment information: billing details processed through our secure payment provider. Full card numbers are not stored on our servers.
  • Technical information: IP address, browser type, device information, and website interaction data collected through standard analytics tools.

3. How we collect your information

We collect information directly from you through:

  • The online assessment and intake forms you complete before your consultation
  • Your telehealth consultations (video or phone)
  • The patient portal and secure messaging
  • Correspondence you send to our care team by email, phone, or online form

Where clinically relevant and with your consent, we may also receive information from third parties, including:

  • Your regular general practitioner or other treating practitioners
  • Pathology providers and imaging services
  • Our partner dispensing pharmacy (regarding prescription fulfilment and dispensing records)
  • Other healthcare providers involved in your care

4. Why we collect your information

We collect and use your information for the following purposes:

  • To assess your clinical suitability for treatment
  • To provide, review and adjust your clinical care plan
  • To prescribe medications and arrange dispensing through our partner pharmacy
  • To communicate with you about your care, appointments and treatment plan
  • To coordinate your care with other treating practitioners (with your consent)
  • To process payments, issue invoices and manage billing
  • To meet our legal, regulatory and professional obligations, including those under AHPRA, the TGA, the Health Practitioner Regulation National Law, and Australian Consumer Law
  • To improve our services, using de-identified or aggregated data where appropriate
  • To communicate with you about service updates or changes that may affect your care

We only send marketing communications with your explicit consent, and you can unsubscribe at any time using the link in the email or by contacting us.

5. Anonymity and pseudonymity (APP 2)

Under Australian Privacy Principle 2, you have the right to deal with us anonymously or under a pseudonym where it is practicable.

Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.

If you are making a general enquiry about our services (for example, asking about suitability, fees, or how our consultations work), you can do so without identifying yourself. You may contact us using a pseudonym or without providing your name when making these types of enquiries.

6. Unsolicited personal information (APP 4)

If we receive personal information about you that we did not ask for (unsolicited information), we will assess whether we could have collected it under the APPs had we asked for it.

If the information is reasonably necessary for providing your clinical care, we will keep it as part of your clinical record and handle it in accordance with this Privacy Policy.

If the information is not reasonably necessary and is not contained in a Commonwealth record, we will destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so.

7. Sensitive and health information

Health information is treated as sensitive information under the Privacy Act. We only collect, use or disclose your health information with your consent, or where we are permitted or required to do so by law (for example, mandatory reporting obligations, or where necessary to lessen or prevent a serious threat to life, health or safety).

Your clinical records are accessed only by members of your care team who need them to provide or coordinate your care.

8. How we store and protect your information

We take the security of your personal and health information seriously. Your information is stored on secure servers located in Australia and is protected using:

  • Encryption in transit (TLS/SSL) and at rest
  • Role-based access controls, so only authorised personnel can access identifiable information
  • Access logging and audit trails
  • Regular security reviews and vulnerability assessments
  • Secure backup procedures

We require all third-party service providers who handle your information to maintain equivalent security standards and to comply with their obligations under the Privacy Act.

9. Cross-border data transfers (APP 8)

We take reasonable steps to ensure your personal and health information remains in Australia. Our primary clinical and patient management systems store data on servers located within Australia.

Some of our third-party service providers (for example, cloud infrastructure, email delivery, or analytics tools) may process or store data on servers located overseas, including in the United States. Where this occurs, we take reasonable steps to ensure those providers are bound by obligations that provide a comparable level of protection to the APPs, including through contractual arrangements.

Under APP 8, we remain accountable for any breach of the APPs by an overseas recipient to whom we have disclosed your personal information.

10. Who we share your information with

We do not sell your personal or health information. We may disclose your information only in the following circumstances:

  • To your treating clinician and our clinical care team, for the purpose of providing and coordinating your care
  • To our partner pharmacy, for the purpose of dispensing prescribed medications
  • To pathology or imaging providers, for the purpose of arranging or receiving test results
  • To payment processors, for the purpose of completing transactions
  • To secure IT and cloud service providers that help us operate our systems (all bound by strict confidentiality and data protection obligations)
  • To your GP or other treating practitioners, but only with your explicit consent
  • Where disclosure is required or authorised by law (for example, mandatory reporting, court orders, or AHPRA notifications)
  • Where disclosure is necessary to lessen or prevent a serious threat to life, health or safety of any individual, or to public health or safety

11. Your rights

Under the Privacy Act and the APPs, you have the right to:

  • Access: Request access to the personal and health information we hold about you (APP 12). We will provide access within 30 days unless an exception under the Act applies (for example, where access would pose a serious threat to health or safety).
  • Correction: Request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13). If we decline a correction request, we will provide you with a written explanation and you may request that a statement of the correction sought be associated with the information.
  • Usage information: Ask how your information has been used or disclosed.
  • Withdraw consent: Withdraw your consent for non-essential uses of your information (such as marketing) at any time. Withdrawing consent for clinical uses may affect our ability to continue providing your care.
  • Complain: Make a complaint if you believe we have breached the Privacy Act or the APPs.

To exercise any of these rights, contact us using the details at the bottom of this page. We may need to verify your identity before releasing or amending information.

12. Notifiable Data Breaches

Under Part IIIC of the Privacy Act 1988 (Cth), we are required to notify you and the Office of the Australian Information Commissioner (OAIC) if we become aware of an eligible data breach that is likely to result in serious harm to you.

An eligible data breach occurs when personal information we hold is subject to unauthorised access, disclosure, or loss, and we have not been able to prevent the likely risk of serious harm through remedial action.

If an eligible data breach occurs, we will:

  • Notify the OAIC as soon as practicable
  • Notify you directly (or publish a statement if direct notification is not practicable) about the breach, the type of information involved, and the steps you can take to protect yourself
  • Take all reasonable steps to contain the breach and minimise harm

13. Clinical records retention

We retain clinical records for the minimum periods required by law. Under applicable state and territory legislation, this generally means:

  • Adults: A minimum of seven (7) years from the date of the last entry in the clinical record.
  • Minors (if applicable): Until the patient turns 25, or seven (7) years from the date of last entry, whichever is later.

Relevant legislation includes the Health Records and Information Privacy Act 2002 (NSW), the Health Records Act 2001 (Vic), and equivalent legislation in other states and territories. Where multiple retention periods apply, we retain records for the longest required period.

When clinical records are no longer required to be retained by law, we take reasonable steps to securely destroy or permanently de-identify the information.

14. Cookies and analytics

Our website uses cookies and similar technologies to remember your preferences, measure how our pages are used, and improve your experience. You can control cookies through your browser settings. Disabling cookies may affect how the site functions.

We use analytics tools that may include Google Analytics and Meta Pixel. These tools collect information such as pages visited, time on page, and how you arrived at our site. Where possible, this data is de-identified or aggregated. These tools may process data on servers located outside Australia (see Section 9 above).

15. Children

Our services are for women aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us and we will take steps to delete it.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or the law. The updated version is always available on this page, with the "Last updated" date revised.

Where changes are material (for example, changes to how we use or disclose your health information), we will notify you through the patient portal or by email before the changes take effect.

17. Complaints

If you have a concern or complaint about how we handle your personal or health information, please contact our Privacy Officer using the details below. We will acknowledge your complaint within five (5) business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the following external bodies:

  • Office of the Australian Information Commissioner (OAIC): oaic.gov.au/privacy/privacy-complaints or call 1300 363 992
  • Australian Health Practitioner Regulation Agency (AHPRA): ahpra.gov.au or call 1300 419 495
  • Health Care Complaints Commission (HCCC), NSW: hccc.nsw.gov.au or call 1800 043 159
  • Your state or territory health complaints commissioner: If you are located outside NSW, you can lodge a complaint with the health complaints body in your state or territory.

18. Contact

If you have any questions about this Privacy Policy, or you would like to make an access or correction request, please contact our Privacy Officer: