Effective date: 11 May 2026

C E Surgeons Pty Ltd (“we”, “us”, “our”) is committed to protecting the privacy and confidentiality of personal and health information collected through our website, cityeyesurgeons.com.au, and in the course of providing ophthalmic care.

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information. It applies to all visitors to our website and to patients and other individuals who interact with our practice.

We handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and other applicable laws.

1. What personal information we collect

The information we collect depends on how you interact with us. It may include:

• Identification and contact details — name, date of birth, address, phone number, email address, Medicare number, DVA number, private health fund details and emergency contact.
• Health information — medical history, current medications, allergies, ocular and general health conditions, clinical examination findings, diagnostic imaging and test results, treatment plans, surgical records, referral correspondence and progress notes.
• Appointment and billing information — appointment requests submitted through our website, consultation history, fees paid, invoices and rebate information.
• Website and technical information — IP address, browser type, device information, pages visited, referring website and other analytics data collected through cookies and similar technologies (see Section 7).
• Communications — records of correspondence with you by phone, email, online forms or in person.

2. How we collect your information

Wherever practical, we collect personal information directly from you. This may occur when you:

• Book or request an appointment through our website, by phone or in person.
• Complete patient registration, consent or health questionnaire forms.
• Attend a consultation, procedure or follow-up visit.
• Contact us by email, phone or through our online enquiry forms.
• Subscribe to our newsletter or other marketing communications.
• Browse our website (technical and analytics information — see Section 7).

In some circumstances we may also collect information about you from third parties, including:

• Your referring general practitioner, optometrist or other treating health practitioner.
• Other specialists involved in your care.
• Hospitals, day surgery facilities, pathology providers and imaging services.
• Medicare, the Department of Veterans’ Affairs, your private health fund or workers’ compensation insurer (where relevant to your treatment or billing).
• A parent, guardian or authorised representative where you are unable to provide information yourself.

3. Why we collect, hold and use your information

We collect and use your personal information for purposes connected with our role as a specialist ophthalmology practice, including to:

• Provide assessment, diagnosis, surgical and ongoing eye care.
• Schedule, confirm and manage appointments and procedures.
• Communicate with you about your care, results and follow-up.
• Liaise with your referring practitioner and other treating clinicians.
• Process billing, payments, Medicare and health fund claims.
• Meet our legal, regulatory and professional obligations.
• Support quality improvement, clinical audit, training, accreditation and risk management within the practice.
• Send you appointment reminders and, where you have opted in, newsletters or information about our services.
• Maintain and improve our website, including through analytics.

4. Disclosure of your information

We treat your personal and health information as confidential. We only disclose it where reasonably necessary for your care or where required or permitted by law. Recipients may include:

• Your referring GP, optometrist, other specialists and allied health providers involved in your care.
• Hospitals, day surgery centres, anaesthetists, pathology and imaging providers used during your treatment.
• Medicare, the Department of Veterans’ Affairs, your private health fund, workers’ compensation insurer or the Transport Accident Commission, where relevant to your care or billing.
• Our staff, contractors and IT service providers who require access to perform their role, all of whom are bound by confidentiality obligations.
• Regulators, courts, tribunals or law enforcement, where disclosure is required or authorised by law.
• Anyone you have authorised us to share information with, such as a family member, carer or interpreter.

We do not sell your personal information, and we do not disclose your health information to third parties for their own marketing purposes.

5. Overseas disclosure

We do not routinely disclose your personal information to recipients located overseas for clinical or marketing purposes.

Some of the IT and software services we use (for example, secure email, cloud-based booking, analytics and customer communication platforms) may store or process information on servers located outside Australia. Where this occurs, we take reasonable steps to ensure that those providers handle your information consistently with the Australian Privacy Principles.

6. Online bookings and enquiry forms

Our website offers online appointment requests and enquiry forms. When you submit a form, the information you provide is transmitted to us so that we can respond to your request. This information is treated in accordance with this Privacy Policy.

Please do not include detailed sensitive health information in online forms or general emails. If detailed clinical information is needed, our team will contact you through a secure channel.

7. Cookies, analytics and tracking technologies

Our website uses cookies and similar technologies to operate effectively, understand how visitors use the site and improve our services. The technologies we use may include:

• Essential cookies — required for the website and online forms to function correctly.
• Google Analytics — to collect aggregated information about how visitors use the website, such as pages viewed, time spent, device type and approximate location. This helps us improve site content and performance.
• Social media pixels (including Meta/Facebook) — to measure the effectiveness of our advertising, understand visitor interactions and deliver more relevant information to people who may be interested in our services.

These tools may collect technical information such as your IP address, browser, device and pages visited. Where this information can identify you, we treat it as personal information under this Policy.

You can control or disable cookies through your browser settings. Disabling cookies may affect how parts of our website function. You can also opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on, and manage advertising preferences through the settings provided by Meta and other advertising platforms.

8. Marketing communications

From time to time we may send you newsletters, practice updates or information about our services by email. We will only do this where you have provided your details for this purpose or where it is otherwise permitted by law.

Every marketing email will include a clear option to unsubscribe. You can also opt out at any time by contacting us using the details in Section 13.

We do not send marketing communications containing sensitive health information about you without your consent.

9. How we store and protect your information

We store personal information in a combination of secure electronic systems (including our clinical software and practice management systems) and, where applicable, physical records held at our rooms.

We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include:

• Access controls, passwords and user authentication for clinical and administrative systems.
• Staff training on privacy, confidentiality and information handling.
• Secure backups and use of reputable IT and cloud service providers.
• Physical security at our premises, including controlled access to records.
• Confidentiality obligations on staff, contractors and service providers.

If we become aware of a data breach that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner where required.

10. How long we keep your information

We retain health records for at least the minimum periods required under Australian and Victorian law. In general, adult health records must be kept for at least seven years from the date of the last entry, and records for patients under 18 must be kept until the patient reaches 25 years of age. Some records may be kept for longer where there is an ongoing clinical, legal or insurance reason to do so.

When information is no longer required and we are not legally obliged to retain it, we take reasonable steps to destroy or de-identify it securely.

11. Accessing and correcting your information

You have the right to request access to the personal information we hold about you and to ask us to correct it if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details in Section 13. We may need to verify your identity before providing access. In some circumstances we may be permitted by law to refuse access or correction; if so, we will explain the reasons in writing.

We do not generally charge a fee for making a request, but we may charge a reasonable cost for providing copies of records, such as for printing or postage. Any such cost will be advised in advance.

12. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact us first using the details in Section 13. We take privacy concerns seriously and will aim to acknowledge your complaint promptly and respond within a reasonable time.

If you are not satisfied with our response, you may contact:

• Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au, phone 1300 363 992.
• Health Complaints Commissioner (Victoria) — hcc.vic.gov.au, phone 1300 582 113.

13. Contact us

If you have any questions about this Privacy Policy, or you would like to access or correct your information or make a complaint, please contact our Privacy Officer:

City Eye Surgeons

Address: G11–12, 566 St Kilda Road, Melbourne VIC 3004

Phone: (03) 9070 0955

Fax: (03) 9978 9426

Email: info@cityeyesurgeons.com.au

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practice, technology or the law. The current version will always be available on our website, and the effective date at the top of this page will be updated when changes are made. Significant changes will be communicated where appropriate.