Privacy Policy

How Legends Dental collects, holds, uses, discloses and protects your personal and health information.

Version: 1.0   |   Effective: 1 December 2025   |   Next review: 1 December 2026

1. About this policy

This Privacy Policy explains how Legends Dental (Legends Dental Clinic Trust, ABN 18 572 638 078) (“the Practice”, “we”, “us”, “our”) handles your personal information, including your health information. We are committed to protecting your privacy and to handling your information openly, securely and lawfully.

As a private-sector health service provider in New South Wales, we are bound by two sets of privacy laws and comply with both:

  • the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs); and
  • the Health Records and Information Privacy Act 2002 (NSW) (the “HRIP Act”) and the 15 Health Privacy Principles (HPPs).

These laws apply to us regardless of our annual turnover because we provide a health service and handle health information. Where there is any difference between the two, we apply the standard that gives your information the greater protection.

2. What information we collect

Your health information is “sensitive information” and receives a higher level of protection under both Acts. The kinds of information we collect and hold include:

CategoryExamples
Identity & contactFull name, date of birth, residential address, phone number, email address, emergency contact, and (where relevant) next of kin, parent or guardian details.
Health & clinicalDental and medical history, current medications and allergies, clinical notes, treatment plans, diagnoses, dental charts, periodontal records, photographs, X-rays and imaging (including CBCT scans), referrals and correspondence from other practitioners.
Billing & fundingMedicare number, Child Dental Benefits Schedule (CDBS) eligibility, Department of Veterans’ Affairs (DVA) details, private health fund/membership details, concession card details, and payment information processed through our payment terminals.
InteractionsAppointment history, communications with us (including phone, email, SMS and online enquiries), feedback and reviews, and information you provide through our website or online booking system.
Anonymity and pseudonymity. Where it is lawful and practicable, you may deal with us anonymously or by using a pseudonym — for example, when making a general enquiry. However, we generally cannot provide safe dental care without knowing your identity and relevant health history.

3. How we collect your information

Wherever reasonable and practicable, we collect personal information directly from you — when you make an appointment, complete a new-patient or medical-history form, attend the Practice, or contact us by phone, email, SMS or through our website. We may also collect information:

  • from a parent, guardian or authorised representative (for example, for a child or a person who is unable to act for themselves);
  • from other healthcare providers, such as a referring dentist, specialist, general practitioner or radiology provider;
  • from your private health fund, Medicare, the CDBS or the DVA in connection with claims and eligibility; and
  • from third parties you have authorised, where you have consented or where the law permits.

If we receive information about you that we did not ask for, we will deal with it in accordance with our obligations under the Privacy Act and the HRIP Act.

4. Why we collect, hold, use and disclose your information

We only collect health information that is reasonably necessary for, and directly related to, providing you with dental care and running our practice. The primary purposes for which we use your information are to:

  • provide, plan and manage your dental treatment and ongoing care;
  • maintain accurate and complete clinical records;
  • communicate with you about appointments, including sending reminders, recalls and results;
  • process payments and claims (Medicare, CDBS, DVA, private health funds and HICAPS/terminal claiming);
  • liaise with other practitioners involved in your care, including specialists and dental laboratories;
  • manage feedback, enquiries and complaints; and
  • meet our legal, professional, accreditation and insurance obligations.

Use and disclosure for other purposes. We will only use or disclose your health information for a secondary purpose where you would reasonably expect it and it is directly related to your care, where you have consented, or where we are otherwise permitted or required by law — for example, where disclosure is necessary to lessen or prevent a serious threat to a person’s life, health or safety, or is required by a court, regulator or other law.

5. Who we may disclose your information to

Depending on your circumstances, we may disclose your information to:

  • other treating practitioners and specialists involved in your care, and dental laboratories that manufacture your dental work;
  • Medicare, the CDBS, the DVA and your private health fund for claiming and eligibility;
  • our service providers who help us run the Practice — including our practice-management and patient-records software (Dental4Windows), appointment and SMS-reminder providers, secure payment providers, imaging and pathology providers, IT and data-storage providers, and accounting or debt-recovery providers — each of whom is required to protect your information;
  • a person responsible for you (such as a parent, guardian or carer) where permitted by law;
  • our professional indemnity insurer and legal advisers where reasonably necessary; and
  • regulators and government bodies (such as AHPRA or the Dental Board of Australia) and other parties where required or authorised by law.

We do not sell your personal information, and we do not use it for purposes unrelated to your care or our practice without your consent or as permitted by law.

6. Communications and direct marketing

We may contact you by phone, SMS, email or mail to confirm appointments, send recall and reminder notices, and provide information about your care. From time to time we may also send you information about our services, oral-health tips or offers.

You can opt out of marketing communications at any time — by using the unsubscribe option in the message, or by contacting us using the details in section 13. Opting out of marketing will not affect appointment reminders or communications about your care. We do not use sensitive health information for marketing without your consent.

7. Our website and online services

When you use our website (legendsdental.com.au) or our online booking tools, we may collect information you submit through forms or the booking system, and limited technical information through cookies and analytics (such as your device type, IP address and pages visited) to operate and improve the site. You can manage cookies through your browser settings. Our website may link to third-party sites and tools that have their own privacy policies, which we do not control.

8. Disclosure outside Australia

We keep your information in Australia. We do not disclose your personal or health information overseas, and our patient records, email and backups are held on servers located in Australia. If this position changes in future, we will update this policy and take reasonable steps to ensure any overseas recipient handles your information consistently with Australian privacy law.

9. How we keep your information secure

We take reasonable steps to protect your information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • secure, access-controlled electronic records and password protection;
  • physical security of the premises and any paper records;
  • staff confidentiality obligations and privacy training;
  • secure backups and IT safeguards; and
  • secure destruction or de-identification of records when they are no longer needed and we are permitted to dispose of them.

Data breaches. If a data breach occurs that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

10. How long we keep your records

We retain health records for as long as required by law and for as long as they are needed for your care. As a general guide, and consistent with NSW health-records requirements:

  • Adults: at least 7 years from the date of your last entry or contact; and
  • Patients under 18: until the patient turns 25 years of age.

Some records may be kept for longer where this is necessary or required by law. When records are no longer required, we destroy or de-identify them securely.

11. Accessing your information

You have the right to request access to the personal and health information we hold about you. To make a request, contact us using the details in section 13. We may ask you to verify your identity (or your authority to act on someone’s behalf) before we provide access.

We will respond within a reasonable time. There may be a reasonable fee to cover the cost of providing access (for example, copying and staff time). In limited situations permitted by law we may decline access — for example, where providing access would pose a serious threat to the life, health or safety of any person, or unreasonably affect another person’s privacy. If we decline, we will explain why and how you can seek a review.

12. Correcting your information

If you believe information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us and we will take reasonable steps to correct it. Where we are unable to agree to a change to a clinical record, you may ask us to attach a note to the record recording your view, and we will do so.

13. Complaints and how to contact us

If you have a question, would like to access or correct your information, or wish to make a privacy complaint, please contact our Privacy Officer:

Privacy Officer — Legends Dental
Attention: The Practice Manager
Suite 4/15A, 1 Gregory Hills Drive, Gledswood Hills NSW 2557
Phone: (02) 4656 4663  ·  Email: info@legendsdental.com.au

We take privacy complaints seriously. We will acknowledge your complaint, investigate it, and aim to respond to you in writing within 30 days. If you are not satisfied with our response, you may escalate your complaint to:

  • Office of the Australian Information Commissioner (OAIC) — 1300 363 992 or oaic.gov.au; and/or
  • Information and Privacy Commission NSW (IPC) — 1800 472 679 or ipc.nsw.gov.au (for health information under the HRIP Act).

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The current version is available at our reception and on our website. Material changes take effect when the updated policy is published.

This policy was last updated on 1 December 2025.