Skip to content

Privacy Policy

Last updated: 14 May 2026

About This Policy

This privacy policy explains how Aspyr Healthcare Pty Ltd (ABN 35 694 164 728), trading as Keevo, collects, holds, uses, and discloses your personal and health information. We are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and applicable state and territory health records legislation.

The Australian Privacy Principles are published by the Office of the Australian Information Commissioner at www.oaic.gov.au.

Our details:

  • Entity: Aspyr Healthcare Pty Ltd (ABN 35 694 164 728)
  • Trading as: Keevo
  • Address: Level 5, 155 King Street, Sydney NSW 2000
  • Email: [email protected]
  • Phone: 0433 971 616

Anonymity and Pseudonymity

Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.

Where you are making a general enquiry unrelated to clinical services, you may choose not to identify yourself. However, for all clinical consultations, referrals, prescriptions, and related health services, we require accurate personal identification.

What Information We Collect and Why (Collection Notice)

We collect personal information and sensitive information (including health information) that is reasonably necessary for providing our telehealth and clinical services. The types of information we may collect include:

  • Identity information: full name, date of birth, gender, address, email address, phone number, and Medicare or health insurance details.
  • Health information: medical history, current symptoms, medications, allergies, pathology results, specialist reports, treatment records, and clinical notes generated during your consultation.
  • Financial information: payment card details (processed securely by our third-party payment provider; we do not store full card numbers).
  • Technical information: IP address, browser type, device information, and website usage data collected through cookies and analytics tools.
  • Communication records: records of correspondence between you and our team, including emails, phone calls, and in-app messages.

Why we collect this information:

  • To deliver clinical telehealth consultations and issue prescriptions, referrals, or care plans where clinically appropriate.
  • To maintain accurate and complete medical records as required by Australian health legislation.
  • To communicate with you about your appointments, care, and follow-up.
  • To process payments for our services.
  • To comply with our legal and regulatory obligations, including AHPRA, TGA, and state health records requirements.
  • To improve our services and website functionality.
  • For marketing communications (with your consent, and you may opt out at any time).

Collection is required by law or professional obligation: we are required to maintain clinical records under applicable health records legislation and professional standards. Failure to provide accurate personal and health information may affect our ability to provide you with safe and appropriate clinical care. In some cases, we may be unable to proceed with a consultation without sufficient identifying and health information.

How We Collect Your Information

We collect your personal and health information primarily from you, through:

  • Our website (health assessment questionnaires, booking forms, contact forms).
  • Telehealth video consultations with our practitioners.
  • Email, phone, or other direct communication with our team.

We may also collect information about you from third parties, including:

  • Other healthcare providers (with your consent or where required for continuity of care).
  • Pathology laboratories and diagnostic providers.
  • Pharmacies involved in dispensing your prescriptions.
  • Your nominated emergency contact or authorised representative.

When we receive information from a third party, we will take reasonable steps to notify you of the collection.

Unsolicited Information

From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If it is not, and the information is not contained in a Commonwealth record, we will destroy or de-identify the information as soon as practicable, provided it is lawful to do so.

Sensitive Information

Health information is classified as sensitive information under the Privacy Act 1988. As a healthcare provider, we routinely collect health information as part of delivering our clinical services. We will only collect and use sensitive information:

  • For the primary purpose of providing clinical care and related services.
  • For a secondary purpose that is directly related to the primary purpose, where you would reasonably expect this.
  • With your consent.
  • Where required or authorised by law.

Disclosure of Your Information

We may disclose your personal and health information to the following types of third parties, where necessary for providing our services or where required by law:

  • Pharmacies: licensed compounding pharmacies and dispensing pharmacies involved in fulfilling your prescriptions.
  • Pathology and diagnostic providers: where your practitioner has requested tests or investigations.
  • Other healthcare providers: where a referral has been made or where information sharing is necessary for continuity of care (with your consent).
  • Cloud hosting and IT service providers: who store and process data on our behalf (see Overseas Disclosure below).
  • Payment processors: for the purpose of processing consultation payments.
  • Email and communication platforms: for sending appointment confirmations, reminders, and follow-up communications.
  • Regulatory bodies: where required by law, including AHPRA, the TGA, Medicare, and state health complaints bodies.
  • Legal authorities: where required or authorised by law, including in response to a court order or subpoena.

We will not disclose your personal or health information to any third party for marketing purposes without your explicit consent.

Overseas Disclosure

Some of the third-party services we use to deliver our platform may store or process data in locations outside Australia. These may include:

  • Cloud hosting providers (whose servers may be located in the United States, Europe, or the Asia-Pacific region).
  • Email delivery platforms.
  • Analytics and website performance tools.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the Australian Privacy Principles or is subject to a substantially similar privacy framework. Where this is not possible, we will seek your consent or rely on an applicable exception under the Privacy Act.

Data Security

We take reasonable steps to protect your personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

  • Encryption of data in transit and at rest.
  • Access controls limiting information to authorised personnel involved in your care.
  • Secure telehealth consultation platforms.
  • Regular review of our security practices.

No method of electronic storage or transmission is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Notifiable Data Breaches

We are committed to handling personal and health information in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).

If we have reasonable grounds to believe that an eligible data breach has occurred, that is, unauthorised access to, unauthorised disclosure of, or loss of personal information we hold, and it is likely to result in serious harm to any individual whose information is involved, we will:

  • Contain the breach and assess it promptly to determine the information involved and the individuals likely to be affected.
  • Notify the affected individuals as soon as practicable, including the nature of the breach, the information involved, and the steps they can take in response.
  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the scheme.
  • Review the cause of the breach and take steps to prevent a recurrence.

Where it is not practicable to notify each affected individual directly, we will publish a notification and take reasonable steps to bring it to the attention of those affected.

Data Retention

Health records are retained for a minimum of seven years from the date of last entry, or in the case of minors, until the patient turns 25, in accordance with applicable state and territory health records legislation. We do not destroy health records before the applicable statutory retention period has expired.

Personal information that is not part of a health record (for example, marketing preferences, website analytics data) will be destroyed or de-identified when it is no longer required for the purpose for which it was collected, unless we are required by law to retain it.

Accessing and Correcting Your Information

You have the right to request access to the personal and health information we hold about you, and to request corrections if you believe the information is inaccurate, incomplete, or out of date. To request access or correction, please contact us in writing at [email protected].

We will respond to your request within 30 days. We may require proof of identity before releasing information to protect your privacy. In certain circumstances, we may refuse access or correction in accordance with the Privacy Act (for example, where providing access would pose a serious threat to health or safety, or where the request is frivolous or vexatious). If we refuse a request, we will provide you with written reasons and information about how to make a complaint.

Aspyr Healthcare Pty Ltd does not charge a fee for making an access or correction request, but may charge a reasonable administrative fee for providing copies of your information.

Cookies and Website Analytics

Our website uses cookies and analytics tools to improve functionality and user experience. Cookies are small text files stored on your device. They help us understand how visitors use our website. You can manage cookie preferences through your browser settings.

Analytics data is collected in aggregate form and does not identify you personally. We use this data to improve our website and services.

Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may make a complaint by contacting us at:

  • Email: [email protected]
  • Post: Privacy Officer, Level 5, 155 King Street, Sydney NSW 2000

We will acknowledge your complaint within five business days and aim to resolve it within 30 days. We will investigate your complaint and provide you with a written response, including any actions we intend to take.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. The current version is always available on our website. We encourage you to review this policy periodically. Material changes will be communicated where appropriate.

Contact Us

If you have any questions about this privacy policy or the way we handle your information, please contact us at: